< Back
Backup-AzureKeyVaultKey
Post
NAME Backup-AzureKeyVaultKey
SYNOPSIS
Backs up a key in a key vault.
SYNTAX
Backup-AzureKeyVaultKey [-InputObject] <PSKeyVaultKeyIdentityItem> [[-OutputFile] <String>] [[-Force]] [-DefaultProfile <IAzureContextContainer>]
[-Confirm] [-WhatIf] [<CommonParameters>]
Backup-AzureKeyVaultKey [-VaultName] <String> [-Name] <String> [[-OutputFile] <String>] [[-Force]] [-DefaultProfile <IAzureContextContainer>]
[-Confirm] [-WhatIf] [<CommonParameters>]
DESCRIPTION
The Backup-AzureKeyVaultKey cmdlet backs up a specified key in a key vault by downloading it and storing it in a file. If there are multiple
versions of the key, all versions are included in the backup. Because the downloaded content is encrypted, it cannot be used outside of Azure Key
Vault. You can restore a backed-up key to any key vault in the subscription that it was backed up from.
Typical reasons to use this cmdlet are:
- You want to escrow a copy of your key, so that you have an offline copy in case you accidentally delete your key in your key vault.
- You created a key using Key Vault and now want to clone the key into a different Azure region, so that you can use it from all instances of your
distributed application. Use the Backup-AzureKeyVaultKey cmdlet to retrieve the key in encrypted format and then use the Restore-AzureKeyVaultKey
cmdlet and specify a key vault in the second region.
PARAMETERS
-DefaultProfile <IAzureContextContainer>
The credentials, account, tenant, and subscription used for communication with azure
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Force [<SwitchParameter>]
Overwrite the given file if it exists
Required? false
Position? 3
Default value False
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-InputObject <PSKeyVaultKeyIdentityItem>
Key bundle to back up, pipelined in from the output of a retrieval call.
Required? true
Position? 0
Default value None
Accept pipeline input? True (ByPropertyName, ByValue)
Accept wildcard characters? false
-Name <String>
Specifies the name of the key to back up.
Required? true
Position? 1
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-OutputFile <String>
Specifies the output file in which the backup blob is stored. If you do not specify this parameter, this cmdlet generates a file name for you.
If you specify the name of an existing output file, the operation will not complete and returns an error message that the backup file already
exists.
Required? false
Position? 2
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-VaultName <String>
Specifies the name of the key vault that contains the key to back up.
Required? true
Position? 0
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Prompts you for confirmation before running the cmdlet.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-WhatIf [<SwitchParameter>]
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
None
This cmdlet does not accept any input.
OUTPUTS
String
The cmdlet returns the path of the output file containing the backup of the key.
NOTES
Example 1: Back up a key with an automatically generated file name
PS C:\\>Backup-AzureKeyVaultKey -VaultName 'MyKeyVault' -Name 'MyKey'
This command retrieves the key named MyKey from the key vault named MyKeyVault and saves a backup of that key to a file that is automatically
named for you, and displays the file name.
Example 2: Back up a key to a specified file name
PS C:\\>Backup-AzureKeyVaultKey -VaultName 'MyKeyVault' -Name 'MyKey' -OutputFile 'C:\\Backup.blob'
This command retrieves the key named MyKey from the key vaultnamed MyKeyVault and saves a backup of that key to a file named Backup.blob.
Example 3: Back up a previously retrieved key to a specified file name, overwriting the destination file without prompting.
PS C:\\>$key = Get-AzureKeyVaultKey -VaultName 'MyKeyVault' -Name 'MyKey'
PS C:\\>Backup-AzureKeyVaultKey -Key $key -OutputFile 'C:\\Backup.blob' -Force
This command creates a backup of the key named $key.Name in the vault named $key.VaultName to a file named Backup.blob, silently overwriting the
file if it exists already.
RELATED LINKS
Online Version: https://docs.microsoft.com/en-us/powers ... eyvaultkey
Add-AzureKeyVaultKey
Get-AzureKeyVaultKey
Remove-AzureKeyVaultKey
Restore-AzureKeyVaultKey
SYNOPSIS
Backs up a key in a key vault.
SYNTAX
Backup-AzureKeyVaultKey [-InputObject] <PSKeyVaultKeyIdentityItem> [[-OutputFile] <String>] [[-Force]] [-DefaultProfile <IAzureContextContainer>]
[-Confirm] [-WhatIf] [<CommonParameters>]
Backup-AzureKeyVaultKey [-VaultName] <String> [-Name] <String> [[-OutputFile] <String>] [[-Force]] [-DefaultProfile <IAzureContextContainer>]
[-Confirm] [-WhatIf] [<CommonParameters>]
DESCRIPTION
The Backup-AzureKeyVaultKey cmdlet backs up a specified key in a key vault by downloading it and storing it in a file. If there are multiple
versions of the key, all versions are included in the backup. Because the downloaded content is encrypted, it cannot be used outside of Azure Key
Vault. You can restore a backed-up key to any key vault in the subscription that it was backed up from.
Typical reasons to use this cmdlet are:
- You want to escrow a copy of your key, so that you have an offline copy in case you accidentally delete your key in your key vault.
- You created a key using Key Vault and now want to clone the key into a different Azure region, so that you can use it from all instances of your
distributed application. Use the Backup-AzureKeyVaultKey cmdlet to retrieve the key in encrypted format and then use the Restore-AzureKeyVaultKey
cmdlet and specify a key vault in the second region.
PARAMETERS
-DefaultProfile <IAzureContextContainer>
The credentials, account, tenant, and subscription used for communication with azure
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Force [<SwitchParameter>]
Overwrite the given file if it exists
Required? false
Position? 3
Default value False
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-InputObject <PSKeyVaultKeyIdentityItem>
Key bundle to back up, pipelined in from the output of a retrieval call.
Required? true
Position? 0
Default value None
Accept pipeline input? True (ByPropertyName, ByValue)
Accept wildcard characters? false
-Name <String>
Specifies the name of the key to back up.
Required? true
Position? 1
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-OutputFile <String>
Specifies the output file in which the backup blob is stored. If you do not specify this parameter, this cmdlet generates a file name for you.
If you specify the name of an existing output file, the operation will not complete and returns an error message that the backup file already
exists.
Required? false
Position? 2
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-VaultName <String>
Specifies the name of the key vault that contains the key to back up.
Required? true
Position? 0
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Prompts you for confirmation before running the cmdlet.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-WhatIf [<SwitchParameter>]
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
None
This cmdlet does not accept any input.
OUTPUTS
String
The cmdlet returns the path of the output file containing the backup of the key.
NOTES
Example 1: Back up a key with an automatically generated file name
PS C:\\>Backup-AzureKeyVaultKey -VaultName 'MyKeyVault' -Name 'MyKey'
This command retrieves the key named MyKey from the key vault named MyKeyVault and saves a backup of that key to a file that is automatically
named for you, and displays the file name.
Example 2: Back up a key to a specified file name
PS C:\\>Backup-AzureKeyVaultKey -VaultName 'MyKeyVault' -Name 'MyKey' -OutputFile 'C:\\Backup.blob'
This command retrieves the key named MyKey from the key vaultnamed MyKeyVault and saves a backup of that key to a file named Backup.blob.
Example 3: Back up a previously retrieved key to a specified file name, overwriting the destination file without prompting.
PS C:\\>$key = Get-AzureKeyVaultKey -VaultName 'MyKeyVault' -Name 'MyKey'
PS C:\\>Backup-AzureKeyVaultKey -Key $key -OutputFile 'C:\\Backup.blob' -Force
This command creates a backup of the key named $key.Name in the vault named $key.VaultName to a file named Backup.blob, silently overwriting the
file if it exists already.
RELATED LINKS
Online Version: https://docs.microsoft.com/en-us/powers ... eyvaultkey
Add-AzureKeyVaultKey
Get-AzureKeyVaultKey
Remove-AzureKeyVaultKey
Restore-AzureKeyVaultKey