public final class SecretClient extends Object
secrets
in the Azure Key Vault. The client
supports creating, retrieving, updating, deleting, purging, backing up, restoring, and listing the secrets
. The client also supports listing deleted secrets
for a soft-delete enabled Azure Key
Vault.
Construct the sync client
SecretClient secretClient = new SecretClientBuilder() .credential(new DefaultAzureCredentialBuilder().build()) .vaultUrl("https://myvault.vault.azure.net/") .httpLogOptions(new HttpLogOptions().setLogLevel(HttpLogDetailLevel.BODY_AND_HEADERS)) .buildClient();
SecretClientBuilder
,
PagedIterable
Modifier and Type | Method and Description |
---|---|
byte[] |
backupSecret(String name)
Requests a backup of the secret be downloaded to the client.
|
com.azure.core.http.rest.Response<byte[]> |
backupSecretWithResponse(String name,
com.azure.core.util.Context context)
Requests a backup of the secret be downloaded to the client.
|
com.azure.core.util.polling.SyncPoller<DeletedSecret,Void> |
beginDeleteSecret(String name)
Deletes a secret from the key vault.
|
com.azure.core.util.polling.SyncPoller<KeyVaultSecret,Void> |
beginRecoverDeletedSecret(String name)
Recovers the deleted secret in the key vault to its latest version.
|
DeletedSecret |
getDeletedSecret(String name)
Gets a secret that has been deleted for a soft-delete enabled key vault.
|
com.azure.core.http.rest.Response<DeletedSecret> |
getDeletedSecretWithResponse(String name,
com.azure.core.util.Context context)
Gets a secret that has been deleted for a soft-delete enabled key vault.
|
KeyVaultSecret |
getSecret(String name)
Gets the latest version of the specified secret from the key vault.
|
KeyVaultSecret |
getSecret(String name,
String version)
Gets the specified secret with specified version from the key vault.
|
com.azure.core.http.rest.Response<KeyVaultSecret> |
getSecretWithResponse(String name,
String version,
com.azure.core.util.Context context)
Gets the specified secret with specified version from the key vault.
|
String |
getVaultUrl()
Gets the vault endpoint url to which service requests are sent to.
|
com.azure.core.http.rest.PagedIterable<DeletedSecret> |
listDeletedSecrets()
Lists
deleted secrets of the key vault if it has enabled soft-delete. |
com.azure.core.http.rest.PagedIterable<DeletedSecret> |
listDeletedSecrets(com.azure.core.util.Context context)
Lists
deleted secrets of the key vault if it has enabled soft-delete. |
com.azure.core.http.rest.PagedIterable<SecretProperties> |
listPropertiesOfSecrets()
Lists secrets in the key vault.
|
com.azure.core.http.rest.PagedIterable<SecretProperties> |
listPropertiesOfSecrets(com.azure.core.util.Context context)
Lists secrets in the key vault.
|
com.azure.core.http.rest.PagedIterable<SecretProperties> |
listPropertiesOfSecretVersions(String name)
Lists all versions of the specified secret.
|
com.azure.core.http.rest.PagedIterable<SecretProperties> |
listPropertiesOfSecretVersions(String name,
com.azure.core.util.Context context)
Lists all versions of the specified secret.
|
void |
purgeDeletedSecret(String name)
Permanently removes a deleted secret, without the possibility of recovery.
|
com.azure.core.http.rest.Response<Void> |
purgeDeletedSecretWithResponse(String name,
com.azure.core.util.Context context)
Permanently removes a deleted secret, without the possibility of recovery.
|
KeyVaultSecret |
restoreSecretBackup(byte[] backup)
Restores a backed up secret, and all its versions, to a vault.
|
com.azure.core.http.rest.Response<KeyVaultSecret> |
restoreSecretBackupWithResponse(byte[] backup,
com.azure.core.util.Context context)
Restores a backed up secret, and all its versions, to a vault.
|
KeyVaultSecret |
setSecret(KeyVaultSecret secret)
Adds a secret to the key vault if it does not exist.
|
KeyVaultSecret |
setSecret(String name,
String value)
Adds a secret to the key vault if it does not exist.
|
com.azure.core.http.rest.Response<KeyVaultSecret> |
setSecretWithResponse(KeyVaultSecret secret,
com.azure.core.util.Context context)
Adds a secret to the key vault if it does not exist.
|
SecretProperties |
updateSecretProperties(SecretProperties secretProperties)
Updates the attributes associated with the secret.
|
com.azure.core.http.rest.Response<SecretProperties> |
updateSecretPropertiesWithResponse(SecretProperties secretProperties,
com.azure.core.util.Context context)
Updates the attributes associated with the secret.
|
public String getVaultUrl()
public KeyVaultSecret setSecret(KeyVaultSecret secret)
secrets/set
permission.
The expires
, contentType
,
and notBefore
values in secret
are optional.
If not specified, enabled
is set to true by key vault.
Code sample
Creates a new secret in the key vault. Prints out the details of the newly created secret returned in the response.
KeyVaultSecret newSecret = new KeyVaultSecret("secretName", "secretValue") .setProperties(new SecretProperties().setExpiresOn(OffsetDateTime.now().plusDays(60))); KeyVaultSecret returnedSecret = secretClient.setSecret(newSecret); System.out.printf("Secret is created with name %s and value %s%n", returnedSecret.getName(), returnedSecret.getValue());
secret
- The Secret object containing information about the secret and its properties. The properties
secret.name
and secret.value
cannot be
null.created secret
.NullPointerException
- if secret
is null
.com.azure.core.exception.ResourceModifiedException
- if secret
is malformed.com.azure.core.exception.HttpResponseException
- if name
or value
is an empty string.public KeyVaultSecret setSecret(String name, String value)
secrets/set
permission.
Code sample
Creates a new secret in the key vault. Prints out the details of the newly created secret returned in the response.
KeyVaultSecret secret = secretClient.setSecret("secretName", "secretValue"); System.out.printf("Secret is created with name %s and value %s%n", secret.getName(), secret.getValue());
name
- The name of the secret. It is required and cannot be null.value
- The value of the secret. It is required and cannot be null.created secret
.com.azure.core.exception.ResourceModifiedException
- if invalid name
or value
is specified.com.azure.core.exception.HttpResponseException
- if name
or value
is empty string.public com.azure.core.http.rest.Response<KeyVaultSecret> setSecretWithResponse(KeyVaultSecret secret, com.azure.core.util.Context context)
secrets/set
permission.
Code sample
Creates a new secret in the key vault. Prints out the details of the newly created secret returned in the response.
KeyVaultSecret newSecret = new KeyVaultSecret("secretName", "secretValue") .setProperties(new SecretProperties().setExpiresOn(OffsetDateTime.now().plusDays(60))); KeyVaultSecret secret = secretClient.setSecretWithResponse(newSecret, new Context(key1, value1)).getValue(); System.out.printf("Secret is created with name %s and value %s%n", secret.getName(), secret.getValue());
secret
- The Secret object containing information about the secret and its properties. The properties
secret.name and secret.value must be non null.context
- Additional context that is passed through the HTTP pipeline during the service call.Response
whose value
contains the created secret
.com.azure.core.exception.ResourceModifiedException
- if invalid name
or value
is specified.com.azure.core.exception.HttpResponseException
- if name
or value
is empty string.public KeyVaultSecret getSecret(String name, String version)
secrets/get
permission.
Code sample
Gets a specific version of the secret in the key vault. Prints out the details of the returned secret.
String secretVersion = "6A385B124DEF4096AF1361A85B16C204"; KeyVaultSecret secretWithVersion = secretClient.getSecret("secretName", secretVersion); System.out.printf("Secret is returned with name %s and value %s%n", secretWithVersion.getName(), secretWithVersion.getValue());
name
- The name of the secret, cannot be null.version
- The version of the secret to retrieve. If this is an empty string or null, this call is
equivalent to calling SecretClient.getSecret(String)
, with the latest version being retrieved.secret
.com.azure.core.exception.ResourceNotFoundException
- when a secret with name
and version
doesn't exist in the
key vault.com.azure.core.exception.HttpResponseException
- if name
or version
is empty string.public KeyVaultSecret getSecret(String name)
secrets/get
permission.
Code sample
Gets the latest version of the secret in the key vault. Prints out the details of the returned secret.
KeyVaultSecret secretWithoutVersion = secretClient.getSecret("secretName", secretVersion); System.out.printf("Secret is returned with name %s and value %s%n", secretWithoutVersion.getName(), secretWithoutVersion.getValue());
name
- The name of the secret.KeyVaultSecret
.com.azure.core.exception.ResourceNotFoundException
- when a secret with name
doesn't exist in the key vault.com.azure.core.exception.HttpResponseException
- if name
is empty string.public com.azure.core.http.rest.Response<KeyVaultSecret> getSecretWithResponse(String name, String version, com.azure.core.util.Context context)
secrets/get
permission.
Code sample
Gets a specific version of the secret in the key vault. Prints out the details of the returned secret.
String secretVersion = "6A385B124DEF4096AF1361A85B16C204"; KeyVaultSecret secretWithVersion = secretClient.getSecretWithResponse("secretName", secretVersion, new Context(key2, value2)).getValue(); System.out.printf("Secret is returned with name %s and value %s%n", secretWithVersion.getName(), secretWithVersion.getValue());
name
- The name of the secret, cannot be nullversion
- The version of the secret to retrieve. If this is an empty string or null, this call is equivalent
to calling SecretClient.getSecret(String)
, with the latest version being retrieved.context
- Additional context that is passed through the HTTP pipeline during the service call.Response
whose value
contains the requested KeyVaultSecret
.com.azure.core.exception.ResourceNotFoundException
- when a secret with name
and version
doesn't exist in the key
vault.com.azure.core.exception.HttpResponseException
- if name
or version
is empty string.public com.azure.core.http.rest.Response<SecretProperties> updateSecretPropertiesWithResponse(SecretProperties secretProperties, com.azure.core.util.Context context)
secretProperties
are changed. Attributes not specified in the request are
not changed. This operation requires the secrets/set
permission.
The secret
is required and its fields name
and
version
cannot be null.
Code sample
Gets the latest version of the secret, changes its expiry time, and the updates the secret in the key vault.
SecretProperties secretProperties = secretClient.getSecret("secretName").getProperties(); secretProperties.setExpiresOn(OffsetDateTime.now().plusDays(60)); SecretProperties updatedSecretBase = secretClient.updateSecretPropertiesWithResponse(secretProperties, new Context(key2, value2)).getValue(); KeyVaultSecret updatedSecret = secretClient.getSecret(updatedSecretBase.getName()); System.out.printf("Updated Secret is returned with name %s, value %s and expires %s%n", updatedSecret.getName(), updatedSecret.getValue(), updatedSecret.getProperties().getExpiresOn());
secretProperties
- The secret properties
object with updated properties.context
- Additional context that is passed through the HTTP pipeline during the service call.Response
whose value
contains the updated secret
.NullPointerException
- if secret
is null
.com.azure.core.exception.ResourceNotFoundException
- when a secret with name
and version
doesn't exist in the key vault.com.azure.core.exception.HttpResponseException
- if name
or
version
is an empty string.public SecretProperties updateSecretProperties(SecretProperties secretProperties)
secretProperties
are changed. Attributes not specified in the request are
not changed. This operation requires the secrets/set
permission.
The secret
is required and its fields name
and
version
cannot be null.
Code sample
Gets the latest version of the secret, changes its expiry time, and the updates the secret in the key vault.
SecretProperties secretProperties = secretClient.getSecret("secretName").getProperties(); secretProperties.setExpiresOn(OffsetDateTime.now().plusDays(60)); SecretProperties updatedSecretProperties = secretClient.updateSecretProperties(secretProperties); KeyVaultSecret updatedSecret = secretClient.getSecret(updatedSecretProperties.getName()); System.out.printf("Updated Secret is returned with name %s, value %s and expires %s%n", updatedSecret.getName(), updatedSecret.getValue(), updatedSecret.getProperties().getExpiresOn());
secretProperties
- The secret properties
object with updated properties.updated secret
.NullPointerException
- if secret
is null
.com.azure.core.exception.ResourceNotFoundException
- when a secret with name
and version
doesn't exist in the key vault.com.azure.core.exception.HttpResponseException
- if name
or version
is
empty string.public com.azure.core.util.polling.SyncPoller<DeletedSecret,Void> beginDeleteSecret(String name)
secrets/delete
permission.
Code sample
Deletes the secret from a soft-delete enabled key vault. Prints out the recovery id of the deleted secret returned in the response.
SyncPoller<DeletedSecret, Void> deletedSecretPoller = secretClient.beginDeleteSecret("secretName"); // Deleted Secret is accessible as soon as polling begins. PollResponse<DeletedSecret> deletedSecretPollResponse = deletedSecretPoller.poll(); // Deletion date only works for a SoftDelete-enabled Key Vault. System.out.println("Deleted Date %s" + deletedSecretPollResponse.getValue() .getDeletedOn().toString()); System.out.printf("Deleted Secret's Recovery Id %s", deletedSecretPollResponse.getValue() .getRecoveryId()); // Secret is being deleted on server. deletedSecretPoller.waitForCompletion();
name
- The name of the secret to be deleted.SyncPoller
to poll on and retrieve the deleted secret
.com.azure.core.exception.ResourceNotFoundException
- when a secret with name
doesn't exist in the key vault.com.azure.core.exception.HttpResponseException
- when a secret with name
is empty string.public DeletedSecret getDeletedSecret(String name)
secrets/list
permission.
Code sample
Gets the deleted secret from the key vault enabled for soft-delete. Prints out the details of the deleted secret returned in the response.
DeletedSecret deletedSecret = secretClient.getDeletedSecret("secretName"); System.out.printf("Deleted Secret's Recovery Id %s", deletedSecret.getRecoveryId());
name
- The name of the deleted secret.deleted secret
.com.azure.core.exception.ResourceNotFoundException
- when a secret with name
doesn't exist in the key vault.com.azure.core.exception.HttpResponseException
- when a secret with name
is empty string.public com.azure.core.http.rest.Response<DeletedSecret> getDeletedSecretWithResponse(String name, com.azure.core.util.Context context)
secrets/list
permission.
Code sample
Gets the deleted secret from the key vault enabled for soft-delete. Prints out the details of the deleted secret returned in the response.
DeletedSecret deletedSecret = secretClient.getDeletedSecretWithResponse("secretName", new Context(key2, value2)).getValue(); System.out.printf("Deleted Secret's Recovery Id %s", deletedSecret.getRecoveryId());
name
- The name of the deleted secret.context
- Additional context that is passed through the HTTP pipeline during the service call.Response
whose value
contains the deleted
secret
.com.azure.core.exception.ResourceNotFoundException
- when a secret with name
doesn't exist in the key vault.com.azure.core.exception.HttpResponseException
- when a secret with name
is empty string.public void purgeDeletedSecret(String name)
secrets/purge
permission.
Code sample
Purges the deleted secret from the key vault enabled for soft-delete. Prints out the status code from the server response.
secretClient.purgeDeletedSecret("secretName");
name
- The name of the secret.com.azure.core.exception.ResourceNotFoundException
- when a secret with name
doesn't exist in the key vault.com.azure.core.exception.HttpResponseException
- when a secret with name
is empty string.public com.azure.core.http.rest.Response<Void> purgeDeletedSecretWithResponse(String name, com.azure.core.util.Context context)
secrets/purge
permission.
Code sample
Purges the deleted secret from the key vault enabled for soft-delete. Prints out the status code from the server response.
Response<Void> purgeResponse = secretClient.purgeDeletedSecretWithResponse("secretName", new Context(key1, value1)); System.out.printf("Purge Status Code: %d", purgeResponse.getStatusCode());
name
- The name of the secret.context
- Additional context that is passed through the HTTP pipeline during the service call.com.azure.core.exception.ResourceNotFoundException
- when a secret with name
doesn't exist in the key vault.com.azure.core.exception.HttpResponseException
- when a secret with name
is empty string.public com.azure.core.util.polling.SyncPoller<KeyVaultSecret,Void> beginRecoverDeletedSecret(String name)
secrets/recover
permission.
Code sample
Recovers the deleted secret from the key vault enabled for soft-delete. Prints out the details of the recovered secret returned in the response.
SyncPoller<KeyVaultSecret, Void> recoverSecretPoller = secretClient.beginRecoverDeletedSecret("deletedSecretName"); // Deleted Secret can be accessed as soon as polling is in progress. PollResponse<KeyVaultSecret> recoveredSecretPollResponse = recoverSecretPoller.poll(); System.out.println("Recovered Key Name %s" + recoveredSecretPollResponse.getValue().getName()); System.out.printf("Recovered Key's Id %s", recoveredSecretPollResponse.getValue().getId()); // Key is being recovered on server. recoverSecretPoller.waitForCompletion();
name
- The name of the deleted secret to be recovered.SyncPoller
to poll on and retrieve the recovered secret
.com.azure.core.exception.ResourceNotFoundException
- when a secret with name
doesn't exist in the key vault.com.azure.core.exception.HttpResponseException
- when a secret with name
is empty string.public byte[] backupSecret(String name)
secrets/backup
permission.
Code sample
Backs up the secret from the key vault and prints out the length of the secret's backup byte array returned in the response
byte[] secretBackup = secretClient.backupSecret("secretName"); System.out.printf("Secret's Backup Byte array's length %s", secretBackup.length);
name
- The name of the secret.Response
whose value
contains the backed up secret blob.com.azure.core.exception.ResourceNotFoundException
- when a secret with name
doesn't exist in the key vault.com.azure.core.exception.HttpResponseException
- when a secret with name
is empty string.public com.azure.core.http.rest.Response<byte[]> backupSecretWithResponse(String name, com.azure.core.util.Context context)
secrets/backup
permission.
Code sample
Backs up the secret from the key vault and prints out the length of the secret's backup byte array returned in the response
byte[] secretBackup = secretClient.backupSecretWithResponse("secretName", new Context(key1, value1)).getValue(); System.out.printf("Secret's Backup Byte array's length %s", secretBackup.length);
name
- The name of the secret.context
- Additional context that is passed through the HTTP pipeline during the service call.Response
whose value
contains the backed up secret blob.com.azure.core.exception.ResourceNotFoundException
- when a secret with name
doesn't exist in the key vault.com.azure.core.exception.HttpResponseException
- when a secret with name
is empty string.public KeyVaultSecret restoreSecretBackup(byte[] backup)
secrets/restore
permission.
Code sample
Restores the secret in the key vault from its backup byte array. Prints out the details of the restored secret returned in the response.
// Pass the secret backup byte array of the secret to be restored. byte[] secretBackupByteArray = {}; KeyVaultSecret restoredSecret = secretClient.restoreSecretBackup(secretBackupByteArray); System.out .printf("Restored Secret with name %s and value %s", restoredSecret.getName(), restoredSecret.getValue());
backup
- The backup blob associated with the secret.Response
whose value
contains the restored secret
.com.azure.core.exception.ResourceModifiedException
- when backup
blob is malformed.public com.azure.core.http.rest.Response<KeyVaultSecret> restoreSecretBackupWithResponse(byte[] backup, com.azure.core.util.Context context)
secrets/restore
permission.
Code sample
Restores the secret in the key vault from its backup byte array. Prints out the details of the restored secret returned in the response.
// Pass the secret backup byte array of the secret to be restored. byte[] secretBackupByteArray = {}; KeyVaultSecret restoredSecret = secretClient.restoreSecretBackupWithResponse(secretBackupByteArray, new Context(key2, value2)).getValue(); System.out .printf("Restored Secret with name %s and value %s", restoredSecret.getName(), restoredSecret.getValue());
backup
- The backup blob associated with the secret.context
- Additional context that is passed through the HTTP pipeline during the service call.Response
whose value
contains the restored secret
.com.azure.core.exception.ResourceModifiedException
- when backup
blob is malformed.public com.azure.core.http.rest.PagedIterable<SecretProperties> listPropertiesOfSecrets()
secret
returned only has its identifier and
attributes populated. The secret values and their versions are not listed in the response.
This operation requires the secrets/list
permission.
Iterate through secrets and fetch their latest value
The snippet below loops over each secret
and calls
getSecret(String, String)
. This gets the secret
and the
value of its latest version.
for (SecretProperties secret : secretClient.listPropertiesOfSecrets()) { KeyVaultSecret secretWithValue = secretClient.getSecret(secret.getName(), secret.getVersion()); System.out.printf("Received secret with name %s and value %s", secretWithValue.getName(), secretWithValue.getValue()); }
Iterate over secrets by page
The snippet below loops over each secret
by page and calls
getSecret(String, String)
. This gets the secret
and the
value of its latest version.
secretClient.listPropertiesOfSecrets().iterableByPage().forEach(resp -> { System.out.printf("Response headers are %s. Url %s and status code %d %n", resp.getHeaders(), resp.getRequest().getUrl(), resp.getStatusCode()); resp.getItems().forEach(value -> { KeyVaultSecret secretWithValue = secretClient.getSecret(value.getName(), value.getVersion()); System.out.printf("Received secret with name %s and value %s", secretWithValue.getName(), secretWithValue.getValue()); }); });
PagedIterable
of SecretProperties
of all the secrets in the vault. The
SecretProperties
contains all the information about the secret, except its value.public com.azure.core.http.rest.PagedIterable<SecretProperties> listPropertiesOfSecrets(com.azure.core.util.Context context)
secret
returned only has its identifier and
attributes populated. The secret values and their versions are not listed in the response.
This operation requires the secrets/list
permission.
Iterate over secrets and fetch their latest value
The snippet below loops over each secret
and calls
getSecret(String, String)
. This gets the secret
and the
value of its latest version.
for (SecretProperties secret : secretClient.listPropertiesOfSecrets(new Context(key1, value2))) { KeyVaultSecret secretWithValue = secretClient.getSecret(secret.getName(), secret.getVersion()); System.out.printf("Received secret with name %s and value %s", secretWithValue.getName(), secretWithValue.getValue()); }
context
- Additional context that is passed through the HTTP pipeline during the service call.PagedIterable
of SecretProperties
of all the secrets in the vault. SecretProperties
contains all the information about the secret, except its value.public com.azure.core.http.rest.PagedIterable<DeletedSecret> listDeletedSecrets(com.azure.core.util.Context context)
deleted secrets
of the key vault if it has enabled soft-delete. This operation
requires the secrets/list
permission.
Code sample
Lists the deleted secrets in the key vault and for each deleted secret prints out its recovery id.
for (DeletedSecret deletedSecret : secretClient.listDeletedSecrets(new Context(key1, value2))) { System.out.printf("Deleted secret's recovery Id %s", deletedSecret.getRecoveryId()); }
context
- Additional context that is passed through the HTTP pipeline during the service call.PagedIterable
of all of the deleted secrets
in the vault.public com.azure.core.http.rest.PagedIterable<DeletedSecret> listDeletedSecrets()
deleted secrets
of the key vault if it has enabled soft-delete. This operation
requires the secrets/list
permission.
Iterate over secrets
Lists the deleted secrets in the key vault and for each deleted secret prints out its recovery id.
for (DeletedSecret deletedSecret : secretClient.listDeletedSecrets()) { System.out.printf("Deleted secret's recovery Id %s", deletedSecret.getRecoveryId()); }
Iterate over secrets by page
Iterate over Lists the deleted secrets by page in the key vault and for each deleted secret prints out its recovery id.
secretClient.listDeletedSecrets().iterableByPage().forEach(resp -> { System.out.printf("Got response headers . Url: %s, Status code: %d %n", resp.getRequest().getUrl(), resp.getStatusCode()); resp.getItems().forEach(value -> { System.out.printf("Deleted secret's recovery Id %s", value.getRecoveryId()); }); });
PagedIterable
of all of the deleted secrets
in the vault.public com.azure.core.http.rest.PagedIterable<SecretProperties> listPropertiesOfSecretVersions(String name)
secret
returned only has its identifier
and attributes populated. The secret values and secret versions are not listed in the response.
This operation requires the secrets/list
permission.
Code sample
The sample below fetches all versions of the given secret. For each secret version retrieved, makes a call
to getSecret(String, String)
to get the version's value, and then prints it out.
for (SecretProperties secret : secretClient.listPropertiesOfSecretVersions("secretName")) { KeyVaultSecret secretWithValue = secretClient.getSecret(secret.getName(), secret.getVersion()); System.out.printf("Received secret's version with name %s and value %s", secretWithValue.getName(), secretWithValue.getValue()); }
name
- The name of the secret.PagedIterable
of SecretProperties
of all the versions of the specified secret in the vault.
List is empty if secret with name
does not exist in key vaultcom.azure.core.exception.ResourceNotFoundException
- when a secret with name
doesn't exist in the key vault.com.azure.core.exception.HttpResponseException
- when a secret with name
is empty string.public com.azure.core.http.rest.PagedIterable<SecretProperties> listPropertiesOfSecretVersions(String name, com.azure.core.util.Context context)
secret
returned only has its identifier
and attributes populated. The secret values and secret versions are not listed in the response.
This operation requires the secrets/list
permission.
Code sample
The sample below fetches all versions of the given secret. For each secret version retrieved, makes a call
to getSecret(String, String)
to get the version's value, and then prints it out.
for (SecretProperties secret : secretClient .listPropertiesOfSecretVersions("secretName", new Context(key1, value2))) { KeyVaultSecret secretWithValue = secretClient.getSecret(secret.getName(), secret.getVersion()); System.out.printf("Received secret's version with name %s and value %s", secretWithValue.getName(), secretWithValue.getValue()); }
Iterate over secret versions by page
The sample below iterates over each secret
by each page and calls
SecretClient.getSecret(String, String)
. This will return the secret
with the
corresponding version's value.
secretClient.listPropertiesOfSecretVersions("secretName", new Context(key1, value2)) .iterableByPage().forEach(resp -> { System.out.printf("Got response headers . Url: %s, Status code: %d %n", resp.getRequest().getUrl(), resp.getStatusCode()); resp.getItems().forEach(value -> { KeyVaultSecret secretWithValue = secretClient.getSecret(value.getName(), value.getVersion()); System.out.printf("Received secret's version with name %s and value %s", secretWithValue.getName(), secretWithValue.getValue()); }); });
name
- The name of the secret.context
- Additional context that is passed through the HTTP pipeline during the service call.PagedIterable
of SecretProperties
of all the versions of the specified secret in the vault.
List is empty if secret with name
does not exist in key vaultcom.azure.core.exception.ResourceNotFoundException
- when a secret with name
doesn't exist in the key vault.com.azure.core.exception.HttpResponseException
- when a secret with name
is empty string.Copyright © 2020 Microsoft Corporation. All rights reserved.