Skip to content

Commit b16bcfb

Browse files
isra-felisra-fel
authored
add SAW scenario to keyvault example (#13620)
1 parent 4b21b49 commit b16bcfb

File tree

1 file changed

+11
-4
lines changed

1 file changed

+11
-4
lines changed

src/KeyVault/KeyVault/help/Get-AzKeyVaultSecret.md

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -176,20 +176,27 @@ This command gets a specific version of the secret named secret1 in the key vaul
176176
### Example 5: Get the plain text value of the current version of a specific secret
177177
```powershell
178178
PS C:\> $secret = Get-AzKeyVaultSecret -VaultName 'Contoso' -Name 'ITSecret'
179+
180+
# Method 1: requires PowerShell >= 7.0
181+
PS C:\> $secretInPlainText = $secret.SecretValue | ConvertFrom-SecureString -AsPlainText
182+
183+
# Method 2: works on older PowerShell versions
179184
PS C:\> $secretValueText = '';
180185
PS C:\> $ssPtr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secret.SecretValue)
181186
PS C:\> try {
182-
$secretValueText = [System.Runtime.InteropServices.Marshal]::PtrToStringBSTR($ssPtr)
187+
$secretInPlainText = [System.Runtime.InteropServices.Marshal]::PtrToStringBSTR($ssPtr)
183188
} finally {
184189
[System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($ssPtr)
185190
}
186-
PS C:\> Write-Host "Secret Value is:" $secretValueText
187191
188-
Secret Value is: P@ssw0rd
192+
# Method 3: works in ConstrainedLanguage mode
193+
$secretInPlainText = [pscredential]::new("DoesntMatter", $secret.SecretValue).GetNetworkCredential().Password
189194
```
190195

191196
These commands get the current version of a secret named ITSecret, and then displays the plain text value of that secret.
192197

198+
(Note: use method 3 if you are working in PowerShell [ConstrainedLanguage mode](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_language_modes?view=powershell-7.1#constrained-language-constrained-language), for example, on secure/privileged access workstations.)
199+
193200
### Example 6: Get all the secrets that have been deleted but not purged for this key vault.
194201
```powershell
195202
PS C:\> Get-AzKeyVaultSecret -VaultName 'Contoso' -InRemovedState
@@ -217,7 +224,7 @@ Expires :
217224
Not Before :
218225
Created : 4/6/2018 8:39:15 PM
219226
Updated : 4/6/2018 10:11:24 PM
220-
Content Type :
227+
Content Type :
221228
Tags :
222229
```
223230

0 commit comments

Comments
 (0)