Backup-AzKeyVaultCertificate
Backs up a certificate in a key vault.
Syntax
ByCertificateName (Default)
Backup-AzKeyVaultCertificate
[-VaultName] <String>
[-Name] <String>
[[-OutputFile] <String>]
[-Force]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
ByCertificate
Backup-AzKeyVaultCertificate
[-InputObject] <PSKeyVaultCertificateIdentityItem>
[[-OutputFile] <String>]
[-Force]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The Backup-AzKeyVaultCertificate cmdlet backs up a specified certificate in a key vault by downloading it and storing it in a file. If the certificate has multiple versions, all its versions will be included in the backup. Because the downloaded content is encrypted, it cannot be used outside of Azure Key Vault. You can restore a backed-up certificate to any key vault in the subscription that it was backed up from, as long as the vault is in the same Azure geography. Typical reasons to use this cmdlet are:
You want to retain an offline copy of the certificate in case you accidentally delete the original from the vault.
You created a certificate using Key Vault and now want to clone the object into a different Azure region, so that you can use it from all instances of your distributed application. Use the Backup-AzKeyVaultCertificate cmdlet to retrieve the certificate in encrypted format and then use the Restore-AzKeyVaultCertificate cmdlet and specify a key vault in the second region.
Examples
Example 1: Back up a certificate with an automatically generated file name
Backup-AzKeyVaultCertificate -VaultName 'mykeyvault' -Name 'mycert'
C:\Users\username\mykeyvault-mycert-1527029447.01191
This command retrieves the certificate named MyCert from the key vault named MyKeyVault and saves a backup of that certificate to a file that is automatically named for you, and displays the file name.
Example 2: Back up a certificate to a specified file name
Backup-AzKeyVaultCertificate -VaultName 'MyKeyVault' -Name 'MyCert' -OutputFile 'C:\Backup.blob'
C:\Backup.blob
This command retrieves the certificate named MyCert from the key vault named MyKeyVault and saves a backup of that certificate to a file named Backup.blob.
Example 3: Back up a previously retrieved certificate to a specified file name, overwriting the destination file without prompting.
$cert = Get-AzKeyVaultCertificate -VaultName 'MyKeyVault' -Name 'MyCert'
Backup-AzKeyVaultCertificate -Certificate $cert -OutputFile 'C:\Backup.blob' -Force
C:\Backup.blob
This command creates a backup of the certificate named $cert.Name in the vault named $cert.VaultName to a file named Backup.blob, silently overwriting the file if it exists already.
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | cf |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
Parameter properties
| Type: | IAzureContextContainer |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Force
Overwrite the given file if it exists
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-InputObject
Secret to be backed up, pipelined in from the output of a retrieval call.
Parameter properties
| Type: | PSKeyVaultCertificateIdentityItem |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | Certificate |
Parameter sets
ByCertificate
| Position: | 0 |
| Mandatory: | True |
| Value from pipeline: | True |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Name
Secret name. Cmdlet constructs the FQDN of a secret from vault name, currently selected environment and secret name.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | SecretName |
Parameter sets
ByCertificateName
| Position: | 1 |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-OutputFile
Output file. The output file to store the backup of the certificate. If not specified, a default filename will be generated.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | 2 |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-VaultName
Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
ByCertificateName
| Position: | 0 |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | wi |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
