Get-Secret
Finds and returns a secret by name from registered vaults.
Syntax
NameParameterSet (Default)
Get-Secret
[-Name] <String>
[[-Vault] <String>]
[-AsPlainText]
[<CommonParameters>]
InfoParameterSet
Get-Secret
[-InputObject] <SecretInformation>
[-AsPlainText]
[<CommonParameters>]
Description
Important
The PowerShell team has decided that Secret modules are is feature complete and will no longer be actively developed. The modules will continue to be supported for security and critical bug fixes. The code repository will be archived.
The latest versions published are:
The nature of secrets has fundamentally changed since this project was designed. Passwordless authentication methods such as passkeys, single sign-on, and federated credential systems such as Microsoft Entra ID, biometrics, and hardware security keys are the future.
This cmdlet finds and returns the first secret that matches the provided name. If a vault name is specified, only that vault is searched. Otherwise, it searches all vaults and returns the first matching result. If the vault registry has a default vault, the cmdlet searches that vault before any other registered vault. Secrets that are String or SecureString types are returned as SecureString objects by default.
Examples
Example 1
Get-Secret -Name Secret1 -Vault CredMan
Get-Secret -Name Secret1 -Vault CredMan -AsPlainText
System.Security.SecureString
PlainTextSecretString
This example searches for a secret with the name Secret1, which is a String type secret. The
first command returns the secret as a SecureString object. The second command uses the
AsPlainText parameter to return the secret as a String object instead, displaying in the
console as plain text.
Example 2
Get-SecretInfo -Name Secret2 -Vault SecretStore |
Get-Secret -AsPlainText
This example retrieves secret information for the secret named Secret2 in the vault named
SecretStore. It then sends the result through the pipeline to Get-Secret, which searches for the
secret and returns it as plain text.
Parameters
-AsPlainText
Specifies that a secret whose type is String or SecureString should be returned as a String (in plain text) instead of a SecureString. If the secret being retrieved isn't a String or SecureString, this parameter has no effect.
Caution
To ensure security, you should avoid using plaintext strings whenever possible.
Parameter properties
| Type: | SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-InputObject
Specifies a SecretInformation object representing a vault secret instead of specifying the
Name and Vault parameters. You can get a SecretInformation object with the
Get-SecretInfo cmdlet.
Parameter properties
| Type: | Microsoft.PowerShell.SecretManagement.SecretInformation |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
InfoParameterSet
| Position: | 0 |
| Mandatory: | True |
| Value from pipeline: | True |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Name
Specifies the name of the secret to retrieve. Wildcard characters aren't permitted.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
NameParameterSet
| Position: | 0 |
| Mandatory: | True |
| Value from pipeline: | True |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Vault
Specifies the name of the registered vault to retrieve the secret from. If no vault name is specified, then all registered vaults are searched. If the vault registry has a default vault and this parameter isn't specified, then the default vault is searched before the other registered vaults.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
NameParameterSet
| Position: | 1 |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.