- Updated Azure.Core to 1.28.0.
- Fixed certificate export parameter issue in
Add-AzKeyVaultKey
[#19623] - Fixed CertificateString decoding issue in
Import-AzKeyVaultCertificate
- Shifted the location of key CVM release policy to GitHub [#19984]
- Added fallback logic (reading default CVM policy from a local copy) if fetching default CVM Policy from GitHub failed.
- Bumped API version to 2022-07-01
- Added
Undo-AzKeyVaultManagedHsm
to recover deleted managed HSM
- Fixed the exception content swallowed issue when exception.Response is null [#19531]
- Added the existing parameters
Exportable
,Immutable
,UseDefaultCVMPolicy
, andReleasePolicyPath
to the parameter setsInteractiveCreate
,InputObjectCreate
, andResourceIdCreate
.
- Fixed parameter validation logic of
-UseDefaultCVMPolicy
- Added parameter
ContentType
inImport-AzKeyVaultCertificate
to support importing pem via certificate string - Allowed
DnsName
inNew-AzKeyVaultCertificatePolicy
to accept an empty list [#18954]
- Removed the warning messages for MSGraph migration [#18856]
- Supported importing pem certificate by
Import-AzKeyVaultCertificate
[#18494] - Supported accepting rotation policy in a JSON file
- [Breaking Change] Changed parameter
ExpiresIn
inSet-AzKeyVaultKeyRotationPolicy
from TimeSpan? to string. It must be an ISO 8601 duration like "P30D" for 30 days. - [Breaking Change] Changed output properties
ExpiresIn
,TimeAfterCreate
andTimeBeforeExpiry
ofSet-AzKeyVaultKeyRotationPolicy
andGet-AzKeyVaultKeyRotationPolicy
from TimeSpan? to string. - Supported creating/updating key with release policy in a Managed HSM
- Removed default value for
EnabledForDeployment
,EnabledForTemplateDeployment
,EnabledForDiskEncryption
andEnableRbacAuthorization
during the process of key vault creation - Changed default access policies for Key Vault secret, certificate and storage as
All
- Added
Rotate
into the list of permissions to keys [#17970]
- Supported getting random number from managed HSM by
Get-AzKeyVaultRandomNumber
- Skipped subscription connection status validation for Az.KeyVault.Extension [#17712]
- Enabled public network access setting
- Fixed a bug to continue visiting
NextPageLink
when listing key vaults from ARM API
New-AzKeyVaultManagedHsm
: supported specifying how long a deleted managed hsm is retained bySoftDeleteRetentionInDays
and enabling purge protection byEnablePurgeProtection
Update-AzKeyVaultManagedHsm
: supported enabling purge protection byEnablePurgeProtection
Get-AzKeyVaultManagedHsm
: Supported getting or listing deleted managed HSM(s)Remove-AzKeyVaultManagedHsm
: Supported purging a specified deleted managed HSM
- Improved the error message of Az.KeyVault.Extension [#16798]
- Added default access policies for Key Vault key as "All but purge"
- Absorbed KeyOps from parameter when importing key from certificate on managed HSM [#16773]
- Fixed a bug when updating key operations on managed HSM [#16774]
- Fixed the issue when importing no-password certificate [#16742]
- Added cmdlets:
Invoke-AzKeyVaultKeyRotation
,Get-AzKeyVaultKeyRotationPolicy
andSet-AzKeyVaultKeyRotationPolicy
- [Breaking Change] Renamed properties of
PSKeyVaultPermission
type to follow the pattern of Azure RBAC. - Migrated AAD Graph API to MSGraph API.
- Added a message to
Set-AzKeyVaultAccessPolicy
stating that for the Permissions parameters, using the 'All' option will not include the 'Purge' permission.
- Added warning message of upcoming breaking change to
New-AzKeyVaultRoleDefinition
andGet-AzKeyVaultRoleDefinition
.- To comply with the syntax of
New-AzRoleDefinition
andGet-AzRoleDefinition
we are going to rename some of the properties ofPSKeyVaultPermission
model, which might affect these two cmdlets.
- To comply with the syntax of
- Added warnings of upcoming breaking change of migrating to Microsoft Graph.
- Supported custom role definitions on managed HSM:
- Create via
New-AzKeyVaultRoleDefinition
, - Delete via
Remove-AzKeyVaultRoleDefinition
, - Filter all custom roles via
Get-AzKeyVaultRoleDefinition -Custom
.
- Create via
- Supported Encrypt/Decrypt/Wrap/Unwrap using keys [#15679]
- Enabled managing resources in other subscriptions without switching the context by adding
-Subscription <String>
.
- Supported adding EC keys in key vault [#15699]
- Removed duplicate list item in
Get-AzKeyVault
[#15164] - Added
SecretManagement
tag toAz.KeyVault
module [#15173]
- Provided key size for RSA key [#14819]
- Fixed a bug for
Get-AzKeyVaultSecret -IncludeVersions
when current version is disabled [#14740] - Displayed error code and message when updating purged secret [#14800]
- Fixed a bug for
Get-AzKeyVaultSecret -AsPlainText
if the secret is not found [#14645]
- Supported upcoming new API design for
Export-AzKeyVaultSecurityDomain
- Fixed several typos in cmdlet messages [#14341]
- Supported specifying key type and curve name when importing keys via a BYOK file
- Fixed an issue in Secret Management module
- Added a new parameter
-AsPlainText
toGet-AzKeyVaultSecret
to directly return the secret in plain text [#13630] - Supported selective restore a key from a managed HSM full backup [#13526]
- Fixed some minor issues [#13583] [#13584]
- Added missing return objects of
Get-Secret
in SecretManagement module - Fixed an issue that may cause vault to be created without default access policy [#13687]
- Supported "all" as an option when setting key vault access policies
- Supported new version of SecretManagement module [#13366]
- Supported ByteArray, String, PSCredential and Hashtable for
SecretValue
in SecretManagementModule [#12190] - [Breaking change] redesigned the API surface of cmdlets related to managed HSM.
- Supported updating key vault tag
- [Breaking Change] Deprecated parameter DisableSoftDelete in
New-AzKeyVault
and EnableSoftDelete inUpdate-AzKeyVault
- [Breaking Change] Removed attribute SecretValueText to avoid displaying SecretValue directly [#12266]
- Supported new resource type: managed HSM
- CRUD of managed HSM and cmdlets to operate keys on managed HSM
- Full HSM backup/restore, AES key creation, security domain backup/restore, RBAC
- Provided the detailed date of removing property SecretValueText
- Added support for RBAC authorization [#10557]
- Enhanced error handling in
Set-AzKeyVaultAccessPolicy
[#4007]
- Added warning messages for planning to disable soft delete
- Added warning messages for planning to remove attribute SecretValueText
- Removed two aliases:
New-AzKeyVaultCertificateAdministratorDetails
andNew-AzKeyVaultCertificateOrganizationDetails
- Enabled soft delete by default when creating a key vault
- Network rules can be set to govern the accessibility from specific network locations when creating a key vault
- Added support to bring your own key (BYOK)
Add-AzKeyVaultKey
supports generating a key exchange keyGet-AzKeyVaultKey
supports downloading a public key in PEM format
- Updated the "KeyOps" part of the help document of
Add-AzKeyVaultKey
- Added a new cmdlet
Update-AzKeyVault
that can enable soft delete and purge protection on a vault - Added support to Microsoft.PowerShell.SecretManagement [#11178]
- Fixed error in the examples of
Remove-AzKeyVaultManagedStorageSasDefinition
[#11479] - Added support to private endpoint
- Added breaking change attributes to
New-AzKeyVault
- Fixed duplicated text for Add-AzKeyVaultKey.md
- Add Name alias to VaultName attribute to make Remove-AzureKeyVault consistent with New-AzureKeyVault.
- Update references in .psd1 to use relative path
- Fixed error accessing value that is potentially not set
- Elliptic Curve Cryptography Certificate Management
- Added support to specify the Curve for Certificate Policies
- Fixed miscellaneous typos across module
- Added support to specify the KeySize for Certificate Policies
- Updated cmdlets with plural nouns to singular, and deprecated plural names.
- Fix documentation for wildcards
- Added wildcard support to KeyVault cmdlets
- Fix tagging on Set-AzKeyVaultSecret
- Update incorrect online help URLs
- General availability of
Az.KeyVault
module - Remove deprecated PurgeDisabled property from PS models