Edit

Get-Secret

Finds and returns a secret by name from registered vaults.

Syntax

NameParameterSet (Default)

Get-Secret
    [-Name] <String>
    [[-Vault] <String>]
    [-AsPlainText]
    [<CommonParameters>]

InfoParameterSet

Get-Secret
    [-InputObject] <SecretInformation>
    [-AsPlainText]
    [<CommonParameters>]

Description

Important

The PowerShell team has decided that Secret modules are is feature complete and will no longer be actively developed. The modules will continue to be supported for security and critical bug fixes. The code repository will be archived.

The latest versions published are:

The nature of secrets has fundamentally changed since this project was designed. Passwordless authentication methods such as passkeys, single sign-on, and federated credential systems such as Microsoft Entra ID, biometrics, and hardware security keys are the future.

This cmdlet finds and returns the first secret that matches the provided name. If a vault name is specified, only that vault is searched. Otherwise, it searches all vaults and returns the first matching result. If the vault registry has a default vault, the cmdlet searches that vault before any other registered vault. Secrets that are String or SecureString types are returned as SecureString objects by default.

Examples

Example 1

Get-Secret -Name Secret1 -Vault CredMan
Get-Secret -Name Secret1 -Vault CredMan -AsPlainText
System.Security.SecureString
PlainTextSecretString

This example searches for a secret with the name Secret1, which is a String type secret. The first command returns the secret as a SecureString object. The second command uses the AsPlainText parameter to return the secret as a String object instead, displaying in the console as plain text.

Example 2

Get-SecretInfo -Name Secret2 -Vault SecretStore |
    Get-Secret -AsPlainText

This example retrieves secret information for the secret named Secret2 in the vault named SecretStore. It then sends the result through the pipeline to Get-Secret, which searches for the secret and returns it as plain text.

Parameters

-AsPlainText

Specifies that a secret whose type is String or SecureString should be returned as a String (in plain text) instead of a SecureString. If the secret being retrieved isn't a String or SecureString, this parameter has no effect.

Caution

To ensure security, you should avoid using plaintext strings whenever possible.

Parameter properties

Type:SwitchParameter
Default value:False
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-InputObject

Specifies a SecretInformation object representing a vault secret instead of specifying the Name and Vault parameters. You can get a SecretInformation object with the Get-SecretInfo cmdlet.

Parameter properties

Type:Microsoft.PowerShell.SecretManagement.SecretInformation
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

InfoParameterSet
Position:0
Mandatory:True
Value from pipeline:True
Value from pipeline by property name:False
Value from remaining arguments:False

-Name

Specifies the name of the secret to retrieve. Wildcard characters aren't permitted.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

NameParameterSet
Position:0
Mandatory:True
Value from pipeline:True
Value from pipeline by property name:False
Value from remaining arguments:False

-Vault

Specifies the name of the registered vault to retrieve the secret from. If no vault name is specified, then all registered vaults are searched. If the vault registry has a default vault and this parameter isn't specified, then the default vault is searched before the other registered vaults.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

NameParameterSet
Position:1
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Inputs

String

Microsoft.PowerShell.SecretManagement.SecretInformation

Outputs

Object