Package com.azure.security.keyvault.secrets

Class SecretClient

  • public final class SecretClient
extends Object
    The SecretClient provides synchronous methods to manage secrets in the Azure Key Vault. The client supports creating, retrieving, updating, deleting, purging, backing up, restoring, and listing the secrets. The client also supports listing deleted secrets for a soft-delete enabled Azure Key Vault.

    Construct the sync client

     SecretClient secretClient = new SecretClientBuilder()
     .credential(new DefaultAzureCredentialBuilder().build())
     .vaultUrl("https://myvault.vault.azure.net/")
     .httpLogOptions(new HttpLogOptions().setLogLevel(HttpLogDetailLevel.BODY_AND_HEADERS))
     .buildClient();
    See Also:
    SecretClientBuilder, PagedIterable

    • Method Detail

      • getVaultUrl

        public String getVaultUrl()
        Gets the vault endpoint url to which service requests are sent to.
        Returns:
        the vault endpoint url.

      • setSecret

        public KeyVaultSecret setSecret​(KeyVaultSecret secret)
        Adds a secret to the key vault if it does not exist. If the named secret exists, a new version of the secret is created. This operation requires the secrets/set permission.

        The expires, contentType, and notBefore values in secret are optional. If not specified, enabled is set to true by key vault.

        Code sample

        Creates a new secret in the key vault. Prints out the details of the newly created secret returned in the response.

         KeyVaultSecret newSecret = new KeyVaultSecret("secretName", "secretValue")
     .setProperties(new SecretProperties().setExpiresOn(OffsetDateTime.now().plusDays(60)));
 KeyVaultSecret returnedSecret = secretClient.setSecret(newSecret);
 System.out.printf("Secret is created with name %s and value %s%n", returnedSecret.getName(),
     returnedSecret.getValue());
        Parameters:
        secret - The Secret object containing information about the secret and its properties. The properties secret.name and secret.value cannot be null.
        Returns:
        The created secret.
        Throws:
        NullPointerException - if secret is null.
        com.azure.core.exception.ResourceModifiedException - if secret is malformed.
        com.azure.core.exception.HttpResponseException - if name or value is an empty string.

      • setSecret

        public KeyVaultSecret setSecret​(String name,
                                String value)
        Adds a secret to the key vault if it does not exist. If the named secret exists, a new version of the secret is created. This operation requires the secrets/set permission.

        Code sample

        Creates a new secret in the key vault. Prints out the details of the newly created secret returned in the response.

         KeyVaultSecret secret = secretClient.setSecret("secretName", "secretValue");
 System.out.printf("Secret is created with name %s and value %s%n", secret.getName(), secret.getValue());
        Parameters:
        name - The name of the secret. It is required and cannot be null.
        value - The value of the secret. It is required and cannot be null.
        Returns:
        The created secret.
        Throws:
        com.azure.core.exception.ResourceModifiedException - if invalid name or value is specified.
        com.azure.core.exception.HttpResponseException - if name or value is empty string.

      • setSecretWithResponse

        public com.azure.core.http.rest.Response<KeyVaultSecret> setSecretWithResponse​(KeyVaultSecret secret,
                                                                               com.azure.core.util.Context context)
        Adds a secret to the key vault if it does not exist. If the named secret exists, a new version of the secret is created. This operation requires the secrets/set permission.

        Code sample

        Creates a new secret in the key vault. Prints out the details of the newly created secret returned in the response.

         KeyVaultSecret newSecret = new KeyVaultSecret("secretName", "secretValue")
          .setProperties(new SecretProperties().setExpiresOn(OffsetDateTime.now().plusDays(60)));
 KeyVaultSecret secret = secretClient.setSecretWithResponse(newSecret, new Context(key1, value1)).getValue();
 System.out.printf("Secret is created with name %s and value %s%n", secret.getName(), secret.getValue());
        Parameters:
        secret - The Secret object containing information about the secret and its properties. The properties secret.name and secret.value must be non null.
        context - Additional context that is passed through the HTTP pipeline during the service call.
        Returns:
        A Response whose value contains the created secret.
        Throws:
        com.azure.core.exception.ResourceModifiedException - if invalid name or value is specified.
        com.azure.core.exception.HttpResponseException - if name or value is empty string.

      • getSecret

        public KeyVaultSecret getSecret​(String name,
                                String version)
        Gets the specified secret with specified version from the key vault. This operation requires the secrets/get permission.

        Code sample

        Gets a specific version of the secret in the key vault. Prints out the details of the returned secret.

         String secretVersion = "6A385B124DEF4096AF1361A85B16C204";
 KeyVaultSecret secretWithVersion = secretClient.getSecret("secretName", secretVersion);
 System.out.printf("Secret is returned with name %s and value %s%n",
     secretWithVersion.getName(), secretWithVersion.getValue());
        Parameters:
        name - The name of the secret, cannot be null.
        version - The version of the secret to retrieve. If this is an empty string or null, this call is equivalent to calling getSecret(String), with the latest version being retrieved.
        Returns:
        The requested secret.
        Throws:
        com.azure.core.exception.ResourceNotFoundException - when a secret with name and version doesn't exist in the key vault.
        com.azure.core.exception.HttpResponseException - if name or version is empty string.

      • getSecret

        public KeyVaultSecret getSecret​(String name)
        Gets the latest version of the specified secret from the key vault. This operation requires the secrets/get permission.

        Code sample

        Gets the latest version of the secret in the key vault. Prints out the details of the returned secret.

         KeyVaultSecret secretWithoutVersion = secretClient.getSecret("secretName", secretVersion);
 System.out.printf("Secret is returned with name %s and value %s%n",
     secretWithoutVersion.getName(), secretWithoutVersion.getValue());
        Parameters:
        name - The name of the secret.
        Returns:
        The requested KeyVaultSecret.
        Throws:
        com.azure.core.exception.ResourceNotFoundException - when a secret with name doesn't exist in the key vault.
        com.azure.core.exception.HttpResponseException - if name is empty string.

      • getSecretWithResponse

        public com.azure.core.http.rest.Response<KeyVaultSecret> getSecretWithResponse​(String name,
                                                                               String version,
                                                                               com.azure.core.util.Context context)
        Gets the specified secret with specified version from the key vault. This operation requires the secrets/get permission.

        Code sample

        Gets a specific version of the secret in the key vault. Prints out the details of the returned secret.

         String secretVersion = "6A385B124DEF4096AF1361A85B16C204";
 KeyVaultSecret secretWithVersion = secretClient.getSecretWithResponse("secretName", secretVersion,
     new Context(key2, value2)).getValue();
 System.out.printf("Secret is returned with name %s and value %s%n",
     secretWithVersion.getName(), secretWithVersion.getValue());
        Parameters:
        name - The name of the secret, cannot be null
        version - The version of the secret to retrieve. If this is an empty string or null, this call is equivalent to calling getSecret(String), with the latest version being retrieved.
        context - Additional context that is passed through the HTTP pipeline during the service call.
        Returns:
        A Response whose value contains the requested KeyVaultSecret.
        Throws:
        com.azure.core.exception.ResourceNotFoundException - when a secret with name and version doesn't exist in the key vault.
        com.azure.core.exception.HttpResponseException - if name or version is empty string.

      • updateSecretPropertiesWithResponse

        public com.azure.core.http.rest.Response<SecretProperties> updateSecretPropertiesWithResponse​(SecretProperties secretProperties,
                                                                                              com.azure.core.util.Context context)
        Updates the attributes associated with the secret. The value of the secret in the key vault cannot be changed. Only attributes populated in secretProperties are changed. Attributes not specified in the request are not changed. This operation requires the secrets/set permission.

        The secret is required and its fields name and version cannot be null.

        Code sample

        Gets the latest version of the secret, changes its expiry time, and the updates the secret in the key vault. 

         SecretProperties secretProperties = secretClient.getSecret("secretName").getProperties();
 secretProperties.setExpiresOn(OffsetDateTime.now().plusDays(60));
 SecretProperties updatedSecretBase = secretClient.updateSecretPropertiesWithResponse(secretProperties,
     new Context(key2, value2)).getValue();
 KeyVaultSecret updatedSecret = secretClient.getSecret(updatedSecretBase.getName());
 System.out.printf("Updated Secret is returned with name %s, value %s and expires %s%n",
     updatedSecret.getName(), updatedSecret.getValue(), updatedSecret.getProperties().getExpiresOn());
        Parameters:
        secretProperties - The secret properties object with updated properties.
        context - Additional context that is passed through the HTTP pipeline during the service call.
        Returns:
        A Response whose value contains the updated secret.
        Throws:
        NullPointerException - if secret is null.
        com.azure.core.exception.ResourceNotFoundException - when a secret with name and version doesn't exist in the key vault.
        com.azure.core.exception.HttpResponseException - if name or version is an empty string.

      • updateSecretProperties

        public SecretProperties updateSecretProperties​(SecretProperties secretProperties)
        Updates the attributes associated with the secret. The value of the secret in the key vault cannot be changed. Only attributes populated in secretProperties are changed. Attributes not specified in the request are not changed. This operation requires the secrets/set permission.

        The secret is required and its fields name and version cannot be null.

        Code sample

        Gets the latest version of the secret, changes its expiry time, and the updates the secret in the key vault.

         SecretProperties secretProperties = secretClient.getSecret("secretName").getProperties();
 secretProperties.setExpiresOn(OffsetDateTime.now().plusDays(60));
 SecretProperties updatedSecretProperties = secretClient.updateSecretProperties(secretProperties);
 KeyVaultSecret updatedSecret = secretClient.getSecret(updatedSecretProperties.getName());
 System.out.printf("Updated Secret is returned with name %s, value %s and expires %s%n",
     updatedSecret.getName(), updatedSecret.getValue(), updatedSecret.getProperties().getExpiresOn());
        Parameters:
        secretProperties - The secret properties object with updated properties.
        Returns:
        The updated secret.
        Throws:
        NullPointerException - if secret is null.
        com.azure.core.exception.ResourceNotFoundException - when a secret with name and version doesn't exist in the key vault.
        com.azure.core.exception.HttpResponseException - if name or version is empty string.

      • beginDeleteSecret

        public com.azure.core.util.polling.SyncPoller<DeletedSecret,​Void> beginDeleteSecret​(String name)
        Deletes a secret from the key vault. If soft-delete is enabled on the key vault then the secret is placed in the deleted state and for permanent deletion, needs to be purged. Otherwise, the secret is permanently deleted. All versions of a secret are deleted. This cannot be applied to individual versions of a secret. This operation requires the secrets/delete permission.

        Code sample

        Deletes the secret from a soft-delete enabled key vault. Prints out the recovery id of the deleted secret returned in the response.

         SyncPoller<DeletedSecret, Void> deleteSecretPoller = secretClient.beginDeleteSecret("secretName");

 // Deleted Secret is accessible as soon as polling begins.
 PollResponse<DeletedSecret> deleteSecretPollResponse = deleteSecretPoller.poll();

 // Deletion date only works for a SoftDelete-enabled Key Vault.
 System.out.println("Deleted Date  %s" + deleteSecretPollResponse.getValue()
     .getDeletedOn().toString());
 System.out.printf("Deleted Secret's Recovery Id %s", deleteSecretPollResponse.getValue()
     .getRecoveryId());

 // Secret is being deleted on server.
 deleteSecretPoller.waitForCompletion();
        Parameters:
        name - The name of the secret to be deleted.
        Returns:
        A SyncPoller to poll on and retrieve the deleted secret.
        Throws:
        com.azure.core.exception.ResourceNotFoundException - when a secret with name doesn't exist in the key vault.
        com.azure.core.exception.HttpResponseException - when a secret with name is empty string.

      • getDeletedSecret

        public DeletedSecret getDeletedSecret​(String name)
        Gets a secret that has been deleted for a soft-delete enabled key vault. This operation requires the secrets/list permission.

        Code sample

        Gets the deleted secret from the key vault enabled for soft-delete. Prints out the details of the deleted secret returned in the response.

         DeletedSecret deletedSecret = secretClient.getDeletedSecret("secretName");
 System.out.printf("Deleted Secret's Recovery Id %s", deletedSecret.getRecoveryId());
        Parameters:
        name - The name of the deleted secret.
        Returns:
        The deleted secret.
        Throws:
        com.azure.core.exception.ResourceNotFoundException - when a secret with name doesn't exist in the key vault.
        com.azure.core.exception.HttpResponseException - when a secret with name is empty string.

      • getDeletedSecretWithResponse

        public com.azure.core.http.rest.Response<DeletedSecret> getDeletedSecretWithResponse​(String name,
                                                                                     com.azure.core.util.Context context)
        Gets a secret that has been deleted for a soft-delete enabled key vault. This operation requires the secrets/list permission.

        Code sample

        Gets the deleted secret from the key vault enabled for soft-delete. Prints out the details of the deleted secret returned in the response.

         DeletedSecret deletedSecret = secretClient.getDeletedSecretWithResponse("secretName",
     new Context(key2, value2)).getValue();
 System.out.printf("Deleted Secret's Recovery Id %s", deletedSecret.getRecoveryId());
        Parameters:
        name - The name of the deleted secret.
        context - Additional context that is passed through the HTTP pipeline during the service call.
        Returns:
        A Response whose value contains the deleted secret.
        Throws:
        com.azure.core.exception.ResourceNotFoundException - when a secret with name doesn't exist in the key vault.
        com.azure.core.exception.HttpResponseException - when a secret with name is empty string.

      • purgeDeletedSecret

        public void purgeDeletedSecret​(String name)
        Permanently removes a deleted secret, without the possibility of recovery. This operation can only be performed on a soft-delete enabled vault. This operation requires the secrets/purge permission.

        Code sample

        Purges the deleted secret from the key vault enabled for soft-delete. Prints out the status code from the server response.

         secretClient.purgeDeletedSecret("secretName");
        Parameters:
        name - The name of the secret.
        Throws:
        com.azure.core.exception.ResourceNotFoundException - when a secret with name doesn't exist in the key vault.
        com.azure.core.exception.HttpResponseException - when a secret with name is empty string.

      • purgeDeletedSecretWithResponse

        public com.azure.core.http.rest.Response<Void> purgeDeletedSecretWithResponse​(String name,
                                                                              com.azure.core.util.Context context)
        Permanently removes a deleted secret, without the possibility of recovery. This operation can only be performed on a soft-delete enabled vault. This operation requires the secrets/purge permission.

        Code sample

        Purges the deleted secret from the key vault enabled for soft-delete. Prints out the status code from the server response.

         Response<Void> purgeResponse = secretClient.purgeDeletedSecretWithResponse("secretName",
     new Context(key1, value1));
 System.out.printf("Purge Status Code: %d", purgeResponse.getStatusCode());
        Parameters:
        name - The name of the secret.
        context - Additional context that is passed through the HTTP pipeline during the service call.
        Returns:
        A response containing status code and HTTP headers.
        Throws:
        com.azure.core.exception.ResourceNotFoundException - when a secret with name doesn't exist in the key vault.
        com.azure.core.exception.HttpResponseException - when a secret with name is empty string.

      • beginRecoverDeletedSecret

        public com.azure.core.util.polling.SyncPoller<KeyVaultSecret,​Void> beginRecoverDeletedSecret​(String name)
        Recovers the deleted secret in the key vault to its latest version. Can only be performed on a soft-delete enabled vault. This operation requires the secrets/recover permission.

        Code sample

        Recovers the deleted secret from the key vault enabled for soft-delete. Prints out the details of the recovered secret returned in the response.

         SyncPoller<KeyVaultSecret, Void> recoverSecretPoller =
     secretClient.beginRecoverDeletedSecret("deletedSecretName");

 // Deleted Secret can be accessed as soon as polling is in progress.
 PollResponse<KeyVaultSecret> recoveredSecretPollResponse = recoverSecretPoller.poll();
 System.out.println("Recovered Key Name %s" + recoveredSecretPollResponse.getValue().getName());
 System.out.printf("Recovered Key's Id %s", recoveredSecretPollResponse.getValue().getId());

 // Key is being recovered on server.
 recoverSecretPoller.waitForCompletion();
        Parameters:
        name - The name of the deleted secret to be recovered.
        Returns:
        A SyncPoller to poll on and retrieve the recovered secret.
        Throws:
        com.azure.core.exception.ResourceNotFoundException - when a secret with name doesn't exist in the key vault.
        com.azure.core.exception.HttpResponseException - when a secret with name is empty string.

      • backupSecret

        public byte[] backupSecret​(String name)
        Requests a backup of the secret be downloaded to the client. All versions of the secret will be downloaded. This operation requires the secrets/backup permission.

        Code sample

        Backs up the secret from the key vault and prints out the length of the secret's backup byte array returned in the response

         byte[] secretBackup = secretClient.backupSecret("secretName");
 System.out.printf("Secret's Backup Byte array's length %s", secretBackup.length);
        Parameters:
        name - The name of the secret.
        Returns:
        A Response whose value contains the backed up secret blob.
        Throws:
        com.azure.core.exception.ResourceNotFoundException - when a secret with name doesn't exist in the key vault.
        com.azure.core.exception.HttpResponseException - when a secret with name is empty string.

      • backupSecretWithResponse

        public com.azure.core.http.rest.Response<byte[]> backupSecretWithResponse​(String name,
                                                                          com.azure.core.util.Context context)
        Requests a backup of the secret be downloaded to the client. All versions of the secret will be downloaded. This operation requires the secrets/backup permission.

        Code sample

        Backs up the secret from the key vault and prints out the length of the secret's backup byte array returned in the response

         byte[] secretBackup = secretClient.backupSecretWithResponse("secretName",
     new Context(key1, value1)).getValue();
 System.out.printf("Secret's Backup Byte array's length %s", secretBackup.length);
        Parameters:
        name - The name of the secret.
        context - Additional context that is passed through the HTTP pipeline during the service call.
        Returns:
        A Response whose value contains the backed up secret blob.
        Throws:
        com.azure.core.exception.ResourceNotFoundException - when a secret with name doesn't exist in the key vault.
        com.azure.core.exception.HttpResponseException - when a secret with name is empty string.

      • restoreSecretBackup

        public KeyVaultSecret restoreSecretBackup​(byte[] backup)
        Restores a backed up secret, and all its versions, to a vault. This operation requires the secrets/restore permission.

        Code sample

        Restores the secret in the key vault from its backup byte array. Prints out the details of the restored secret returned in the response.

         // Pass the secret backup byte array of the secret to be restored.
 byte[] secretBackupByteArray = {};
 KeyVaultSecret restoredSecret = secretClient.restoreSecretBackup(secretBackupByteArray);
 System.out
     .printf("Restored Secret with name %s and value %s", restoredSecret.getName(), restoredSecret.getValue());
        Parameters:
        backup - The backup blob associated with the secret.
        Returns:
        A Response whose value contains the restored secret.
        Throws:
        com.azure.core.exception.ResourceModifiedException - when backup blob is malformed.

      • restoreSecretBackupWithResponse

        public com.azure.core.http.rest.Response<KeyVaultSecret> restoreSecretBackupWithResponse​(byte[] backup,
                                                                                         com.azure.core.util.Context context)
        Restores a backed up secret, and all its versions, to a vault. This operation requires the secrets/restore permission.

        Code sample

        Restores the secret in the key vault from its backup byte array. Prints out the details of the restored secret returned in the response.

         // Pass the secret backup byte array of the secret to be restored.
 byte[] secretBackupByteArray = {};
 KeyVaultSecret restoredSecret = secretClient.restoreSecretBackupWithResponse(secretBackupByteArray,
     new Context(key2, value2)).getValue();
 System.out
     .printf("Restored Secret with name %s and value %s", restoredSecret.getName(), restoredSecret.getValue());
        Parameters:
        backup - The backup blob associated with the secret.
        context - Additional context that is passed through the HTTP pipeline during the service call.
        Returns:
        A Response whose value contains the restored secret.
        Throws:
        com.azure.core.exception.ResourceModifiedException - when backup blob is malformed.

      • listPropertiesOfSecrets

        public com.azure.core.http.rest.PagedIterable<SecretProperties> listPropertiesOfSecrets()
        Lists secrets in the key vault. Each secret returned only has its identifier and attributes populated. The secret values and their versions are not listed in the response. This operation requires the secrets/list permission.

        Iterate through secrets and fetch their latest value

        The snippet below loops over each secret and calls getSecret(String, String). This gets the secret and the value of its latest version.

         for (SecretProperties secret : secretClient.listPropertiesOfSecrets()) {
     KeyVaultSecret secretWithValue = secretClient.getSecret(secret.getName(), secret.getVersion());
     System.out.printf("Received secret with name %s and value %s",
         secretWithValue.getName(), secretWithValue.getValue());
 }

        Iterate over secrets by page

        The snippet below loops over each secret by page and calls getSecret(String, String). This gets the secret and the value of its latest version.

         secretClient.listPropertiesOfSecrets().iterableByPage().forEach(resp -> {
     System.out.printf("Response headers are %s. Url %s  and status code %d %n", resp.getHeaders(),
         resp.getRequest().getUrl(), resp.getStatusCode());
     resp.getItems().forEach(value -> {
         KeyVaultSecret secretWithValue = secretClient.getSecret(value.getName(), value.getVersion());
         System.out.printf("Received secret with name %s and value %s",
             secretWithValue.getName(), secretWithValue.getValue());
     });
 });
        Returns:
        PagedIterable of SecretProperties of all the secrets in the vault. The SecretProperties contains all the information about the secret, except its value.

      • listPropertiesOfSecrets

        public com.azure.core.http.rest.PagedIterable<SecretProperties> listPropertiesOfSecrets​(com.azure.core.util.Context context)
        Lists secrets in the key vault. Each secret returned only has its identifier and attributes populated. The secret values and their versions are not listed in the response. This operation requires the secrets/list permission.

        Iterate over secrets and fetch their latest value

        The snippet below loops over each secret and calls getSecret(String, String). This gets the secret and the value of its latest version.

         for (SecretProperties secret : secretClient.listPropertiesOfSecrets(new Context(key1, value2))) {
     KeyVaultSecret secretWithValue = secretClient.getSecret(secret.getName(), secret.getVersion());
     System.out.printf("Received secret with name %s and value %s",
         secretWithValue.getName(), secretWithValue.getValue());
 }
        Parameters:
        context - Additional context that is passed through the HTTP pipeline during the service call.
        Returns:
        PagedIterable of SecretProperties of all the secrets in the vault. SecretProperties contains all the information about the secret, except its value.

      • listDeletedSecrets

        public com.azure.core.http.rest.PagedIterable<DeletedSecret> listDeletedSecrets​(com.azure.core.util.Context context)
        Lists deleted secrets of the key vault if it has enabled soft-delete. This operation requires the secrets/list permission.

        Code sample

        Lists the deleted secrets in the key vault and for each deleted secret prints out its recovery id.

         for (DeletedSecret deletedSecret : secretClient.listDeletedSecrets(new Context(key1, value2))) {
     System.out.printf("Deleted secret's recovery Id %s", deletedSecret.getRecoveryId());
 }
        Parameters:
        context - Additional context that is passed through the HTTP pipeline during the service call.
        Returns:
        PagedIterable of all of the deleted secrets in the vault.

      • listDeletedSecrets

        public com.azure.core.http.rest.PagedIterable<DeletedSecret> listDeletedSecrets()
        Lists deleted secrets of the key vault if it has enabled soft-delete. This operation requires the secrets/list permission.

        Iterate over secrets

        Lists the deleted secrets in the key vault and for each deleted secret prints out its recovery id.

         for (DeletedSecret deletedSecret : secretClient.listDeletedSecrets()) {
     System.out.printf("Deleted secret's recovery Id %s", deletedSecret.getRecoveryId());
 }

        Iterate over secrets by page

        Iterate over Lists the deleted secrets by page in the key vault and for each deleted secret prints out its recovery id.

         secretClient.listDeletedSecrets().iterableByPage().forEach(resp -> {
     System.out.printf("Got response headers . Url: %s, Status code: %d %n",
         resp.getRequest().getUrl(), resp.getStatusCode());
     resp.getItems().forEach(value -> {
         System.out.printf("Deleted secret's recovery Id %s", value.getRecoveryId());
     });
 });
        Returns:
        PagedIterable of all of the deleted secrets in the vault.

      • listPropertiesOfSecretVersions

        public com.azure.core.http.rest.PagedIterable<SecretProperties> listPropertiesOfSecretVersions​(String name)
        Lists all versions of the specified secret. Each secret returned only has its identifier and attributes populated. The secret values and secret versions are not listed in the response. This operation requires the secrets/list permission.

        Code sample

        The sample below fetches all versions of the given secret. For each secret version retrieved, makes a call to getSecret(String, String) to get the version's value, and then prints it out.

         for (SecretProperties secret : secretClient.listPropertiesOfSecretVersions("secretName")) {
     KeyVaultSecret secretWithValue = secretClient.getSecret(secret.getName(), secret.getVersion());
     System.out.printf("Received secret's version with name %s and value %s",
         secretWithValue.getName(), secretWithValue.getValue());
 }
        Parameters:
        name - The name of the secret.
        Returns:
        PagedIterable of SecretProperties of all the versions of the specified secret in the vault. List is empty if secret with name does not exist in key vault
        Throws:
        com.azure.core.exception.ResourceNotFoundException - when a secret with name doesn't exist in the key vault.
        com.azure.core.exception.HttpResponseException - when a secret with name is empty string.

      • listPropertiesOfSecretVersions

        public com.azure.core.http.rest.PagedIterable<SecretProperties> listPropertiesOfSecretVersions​(String name,
                                                                                               com.azure.core.util.Context context)
        Lists all versions of the specified secret. Each secret returned only has its identifier and attributes populated. The secret values and secret versions are not listed in the response. This operation requires the secrets/list permission.

        Code sample

        The sample below fetches all versions of the given secret. For each secret version retrieved, makes a call to getSecret(String, String) to get the version's value, and then prints it out.

         for (SecretProperties secret : secretClient
     .listPropertiesOfSecretVersions("secretName", new Context(key1, value2))) {
     KeyVaultSecret secretWithValue = secretClient.getSecret(secret.getName(), secret.getVersion());
     System.out.printf("Received secret's version with name %s and value %s",
         secretWithValue.getName(), secretWithValue.getValue());
 }

        Iterate over secret versions by page

        The sample below iterates over each secret by each page and calls getSecret(String, String). This will return the secret with the corresponding version's value.

         secretClient.listPropertiesOfSecretVersions("secretName", new Context(key1, value2))
             .iterableByPage().forEach(resp -> {
                 System.out.printf("Got response headers . Url: %s, Status code: %d %n",
                     resp.getRequest().getUrl(), resp.getStatusCode());
                 resp.getItems().forEach(value -> {
                     KeyVaultSecret secretWithValue = secretClient.getSecret(value.getName(), value.getVersion());
                     System.out.printf("Received secret's version with name %s and value %s",
                         secretWithValue.getName(), secretWithValue.getValue());
                 });
             });
        Parameters:
        name - The name of the secret.
        context - Additional context that is passed through the HTTP pipeline during the service call.
        Returns:
        PagedIterable of SecretProperties of all the versions of the specified secret in the vault. List is empty if secret with name does not exist in key vault
        Throws:
        com.azure.core.exception.ResourceNotFoundException - when a secret with name doesn't exist in the key vault.
        com.azure.core.exception.HttpResponseException - when a secret with name is empty string.