Class SecretClient

java.lang.Object
com.azure.security.keyvault.secrets.SecretClient
public final class SecretClient extends Object
The SecretClient provides synchronous methods to manage secrets in the Azure Key Vault. The client supports creating, retrieving, updating, deleting, purging, backing up, restoring, and listing the secrets. The client also supports listing deleted secrets for a soft-delete enabled key vault.

Getting Started

In order to interact with the Azure Key Vault service, you will need to create an instance of the SecretClient class, a vault url and a credential object.

The examples shown in this document use a credential object named DefaultAzureCredential for authentication, which is appropriate for most scenarios, including local development and production environments. Additionally, we recommend using a managed identity for authentication in production environments. You can find more information on different ways of authenticating and their corresponding credential types in the Azure Identity documentation".

Sample: Construct Synchronous Secret client

SecretClient secretClient = new SecretClientBuilder()
    .credential(new DefaultAzureCredentialBuilder().build())
    .vaultUrl("<your-key-vault-url>")
    .buildClient();

Create a Secret

The SecretClient can be used to create a secret in the key vault.

Code Sample:

The following code sample demonstrates how to synchronously create and store a secret in the key vault, using the setSecret(String, String) API.

KeyVaultSecret secret = secretClient.setSecret("secretName", "secretValue");
System.out.printf("Secret is created with name %s and value %s%n", secret.getName(), secret.getValue());

Note: For the asynchronous sample, refer to SecretAsyncClient.


Get a Secret

The SecretClient can be used to retrieve a secret from the key vault.

Code Sample:

The following code sample demonstrates how to synchronously retrieve a previously stored secret from the Azure KeyVault, using the getSecret(String) API.

KeyVaultSecret secret = secretClient.getSecret("secretName");
System.out.printf("Secret is returned with name %s and value %s%n",
    secret.getName(), secret.getValue());

Note: For the asynchronous sample, refer to SecretAsyncClient.


Delete a Secret

The SecretClient can be used to delete a secret from the key vault.

Code Sample:

The following code sample demonstrates how to delete a secret from the key vault, using the beginDeleteSecret(String) API.

SyncPoller<DeletedSecret, Void> deleteSecretPoller = secretClient.beginDeleteSecret("secretName");

// Deleted Secret is accessible as soon as polling begins.
PollResponse<DeletedSecret> deleteSecretPollResponse = deleteSecretPoller.poll();

// Deletion date only works for a SoftDelete-enabled Key Vault.
System.out.println("Deleted Date  %s" + deleteSecretPollResponse.getValue()
    .getDeletedOn().toString());
System.out.printf("Deleted Secret's Recovery Id %s", deleteSecretPollResponse.getValue()
    .getRecoveryId());

// Secret is being deleted on server.
deleteSecretPoller.waitForCompletion();

Note: For the asynchronous sample, refer to SecretAsyncClient.

See Also:

  • Method Details

    • getVaultUrl

      public String getVaultUrl()
      Gets the vault endpoint url to which service requests are sent to.
      Returns:
      the vault endpoint url.

    • setSecret

      public KeyVaultSecret setSecret(KeyVaultSecret secret)
      Adds a secret to the key vault if it does not exist. If the named secret exists, a new version of the secret is created. This operation requires the secrets/set permission.

      The expires, contentType, and notBefore values in secret are optional. If not specified, enabled is set to true by key vault.

      Code sample

      Creates a new secret in the key vault. Prints out the details of the newly created secret returned in the response.

      KeyVaultSecret newSecret = new KeyVaultSecret("secretName", "secretValue")
    .setProperties(new SecretProperties().setExpiresOn(OffsetDateTime.now().plusDays(60)));
KeyVaultSecret returnedSecret = secretClient.setSecret(newSecret);
System.out.printf("Secret is created with name %s and value %s%n", returnedSecret.getName(),
    returnedSecret.getValue());
      Parameters:
      secret - The Secret object containing information about the secret and its properties. The properties secret.name and secret.value cannot be null.
      Returns:
      The created secret.
      Throws:
      NullPointerException - if secret is null.
      com.azure.core.exception.ResourceModifiedException - if secret is malformed.
      com.azure.core.exception.HttpResponseException - if name or value is an empty string.

    • setSecret

      public KeyVaultSecret setSecret(String name, String value)
      Adds a secret to the key vault if it does not exist. If the named secret exists, a new version of the secret is created. This operation requires the secrets/set permission.

      Code sample

      Creates a new secret in the key vault. Prints out the details of the newly created secret returned in the response.

      KeyVaultSecret secret = secretClient.setSecret("secretName", "secretValue");
System.out.printf("Secret is created with name %s and value %s%n", secret.getName(), secret.getValue());
      Parameters:
      name - The name of the secret. It is required and cannot be null.
      value - The value of the secret. It is required and cannot be null.
      Returns:
      The created secret.
      Throws:
      com.azure.core.exception.ResourceModifiedException - if invalid name or value is specified.
      com.azure.core.exception.HttpResponseException - if name or value is empty string.

    • setSecretWithResponse

      public com.azure.core.http.rest.Response<KeyVaultSecret> setSecretWithResponse(KeyVaultSecret secret, com.azure.core.util.Context context)
      Adds a secret to the key vault if it does not exist. If the named secret exists, a new version of the secret is created. This operation requires the secrets/set permission.

      Code sample

      Creates a new secret in the key vault. Prints out the details of the newly created secret returned in the response.

      KeyVaultSecret newSecret = new KeyVaultSecret("secretName", "secretValue")
    .setProperties(new SecretProperties().setExpiresOn(OffsetDateTime.now().plusDays(60)));
KeyVaultSecret secret = secretClient.setSecretWithResponse(newSecret, new Context(key1, value1)).getValue();
System.out.printf("Secret is created with name %s and value %s%n", secret.getName(), secret.getValue());
      Parameters:
      secret - The Secret object containing information about the secret and its properties. The properties secret.name and secret.value must be non null.
      context - Additional context that is passed through the HTTP pipeline during the service call.
      Returns:
      A Response whose value contains the created secret.
      Throws:
      com.azure.core.exception.ResourceModifiedException - if invalid name or value is specified.
      com.azure.core.exception.HttpResponseException - if name or value is empty string.

    • getSecret

      public KeyVaultSecret getSecret(String name)
      Gets the latest version of the specified secret from the key vault. This operation requires the secrets/get permission.

      Code sample

      Gets the latest version of the secret in the key vault. Prints out the details of the returned secret.

      KeyVaultSecret secret = secretClient.getSecret("secretName");
System.out.printf("Secret is returned with name %s and value %s%n",
    secret.getName(), secret.getValue());
      Parameters:
      name - The name of the secret.
      Returns:
      The requested KeyVaultSecret.
      Throws:
      com.azure.core.exception.ResourceNotFoundException - When a secret with the given name doesn't exist in the vault.
      IllegalArgumentException - If name is either null or empty.
      com.azure.core.exception.HttpResponseException - If the server reports an error when executing the request.

    • getSecret

      public KeyVaultSecret getSecret(String name, String version)
      Gets the specified secret with specified version from the key vault. This operation requires the secrets/get permission.

      Code sample

      Gets a specific version of the secret in the key vault. Prints out the details of the returned secret.

      String secretVersion = "6A385B124DEF4096AF1361A85B16C204";
KeyVaultSecret secretWithVersion = secretClient.getSecret("secretName", secretVersion);
System.out.printf("Secret is returned with name %s and value %s%n",
    secretWithVersion.getName(), secretWithVersion.getValue());
      Parameters:
      name - The name of the secret, cannot be null.
      version - The version of the secret to retrieve. If this is an empty string or null, this call is equivalent to calling getSecret(String), with the latest version being retrieved.
      Returns:
      The requested secret.
      Throws:
      com.azure.core.exception.ResourceNotFoundException - When a secret with the given name and version doesn't exist in the vault.
      IllegalArgumentException - If name is either null or empty.
      com.azure.core.exception.HttpResponseException - If the server reports an error when executing the request.

    • getSecretWithResponse

      public com.azure.core.http.rest.Response<KeyVaultSecret> getSecretWithResponse(String name, String version, com.azure.core.util.Context context)
      Gets the specified secret with specified version from the key vault. This operation requires the secrets/get permission.

      Code sample

      Gets a specific version of the secret in the key vault. Prints out the details of the returned secret.

      String secretVersion = "6A385B124DEF4096AF1361A85B16C204";
KeyVaultSecret secretWithVersion = secretClient.getSecretWithResponse("secretName", secretVersion,
    new Context(key2, value2)).getValue();
System.out.printf("Secret is returned with name %s and value %s%n",
    secretWithVersion.getName(), secretWithVersion.getValue());
      Parameters:
      name - The name of the secret, cannot be null
      version - The version of the secret to retrieve. If this is an empty string or null, this call is equivalent to calling getSecret(String), with the latest version being retrieved.
      context - Additional context that is passed through the HTTP pipeline during the service call.
      Returns:
      A Response whose value contains the requested KeyVaultSecret.
      Throws:
      com.azure.core.exception.ResourceNotFoundException - When a secret with the given name and version doesn't exist in the vault.
      IllegalArgumentException - If name is either null or empty.

    • updateSecretProperties

      public SecretProperties updateSecretProperties(SecretProperties secretProperties)
      Updates the attributes associated with the secret. The value of the secret in the key vault cannot be changed. Only attributes populated in secretProperties are changed. Attributes not specified in the request are not changed. This operation requires the secrets/set permission.

      The secret is required and its fields name and version cannot be null.

      Code sample

      Gets the latest version of the secret, changes its expiry time, and the updates the secret in the key vault.

      SecretProperties secretProperties = secretClient.getSecret("secretName").getProperties();
secretProperties.setExpiresOn(OffsetDateTime.now().plusDays(60));
SecretProperties updatedSecretProperties = secretClient.updateSecretProperties(secretProperties);
KeyVaultSecret updatedSecret = secretClient.getSecret(updatedSecretProperties.getName());
System.out.printf("Updated Secret is returned with name %s, value %s and expires %s%n",
    updatedSecret.getName(), updatedSecret.getValue(), updatedSecret.getProperties().getExpiresOn());
      Parameters:
      secretProperties - The secret properties object with updated properties.
      Returns:
      The updated secret.
      Throws:
      NullPointerException - if secret is null.
      com.azure.core.exception.ResourceNotFoundException - when a secret with name and version doesn't exist in the key vault.
      com.azure.core.exception.HttpResponseException - if name or version is empty string.

    • updateSecretPropertiesWithResponse

      public com.azure.core.http.rest.Response<SecretProperties> updateSecretPropertiesWithResponse(SecretProperties secretProperties, com.azure.core.util.Context context)
      Updates the attributes associated with the secret. The value of the secret in the key vault cannot be changed. Only attributes populated in secretProperties are changed. Attributes not specified in the request are not changed. This operation requires the secrets/set permission.

      The secret is required and its fields name and version cannot be null.

      Code sample

      Gets the latest version of the secret, changes its expiry time, and the updates the secret in the key vault. 

      SecretProperties secretProperties = secretClient.getSecret("secretName").getProperties();
secretProperties.setExpiresOn(OffsetDateTime.now().plusDays(60));
SecretProperties updatedSecretBase = secretClient.updateSecretPropertiesWithResponse(secretProperties,
    new Context(key2, value2)).getValue();
KeyVaultSecret updatedSecret = secretClient.getSecret(updatedSecretBase.getName());
System.out.printf("Updated Secret is returned with name %s, value %s and expires %s%n",
    updatedSecret.getName(), updatedSecret.getValue(), updatedSecret.getProperties().getExpiresOn());
      Parameters:
      secretProperties - The secret properties object with updated properties.
      context - Additional context that is passed through the HTTP pipeline during the service call.
      Returns:
      A Response whose value contains the updated secret.
      Throws:
      NullPointerException - if secret is null.
      com.azure.core.exception.ResourceNotFoundException - when a secret with name and version doesn't exist in the key vault.
      com.azure.core.exception.HttpResponseException - if name or version is an empty string.

    • beginDeleteSecret

      public com.azure.core.util.polling.SyncPoller<DeletedSecret, Void> beginDeleteSecret(String name)
      Deletes a secret from the key vault. If soft-delete is enabled on the key vault then the secret is placed in the deleted state and for permanent deletion, needs to be purged. Otherwise, the secret is permanently deleted. All versions of a secret are deleted. This cannot be applied to individual versions of a secret. This operation requires the secrets/delete permission.

      Code sample

      Deletes the secret from a soft-delete enabled key vault. Prints out the recovery id of the deleted secret returned in the response.

      SyncPoller<DeletedSecret, Void> deleteSecretPoller = secretClient.beginDeleteSecret("secretName");

// Deleted Secret is accessible as soon as polling begins.
PollResponse<DeletedSecret> deleteSecretPollResponse = deleteSecretPoller.poll();

// Deletion date only works for a SoftDelete-enabled Key Vault.
System.out.println("Deleted Date  %s" + deleteSecretPollResponse.getValue()
    .getDeletedOn().toString());
System.out.printf("Deleted Secret's Recovery Id %s", deleteSecretPollResponse.getValue()
    .getRecoveryId());

// Secret is being deleted on server.
deleteSecretPoller.waitForCompletion();
      Parameters:
      name - The name of the secret to be deleted.
      Returns:
      A SyncPoller to poll on and retrieve the deleted secret.
      Throws:
      com.azure.core.exception.ResourceNotFoundException - when a secret with name doesn't exist in the key vault.
      com.azure.core.exception.HttpResponseException - when a secret with name is empty string.

    • getDeletedSecret

      public DeletedSecret getDeletedSecret(String name)
      Gets a secret that has been deleted for a soft-delete enabled key vault. This operation requires the secrets/list permission.

      Code sample

      Gets the deleted secret from the key vault enabled for soft-delete. Prints out the details of the deleted secret returned in the response.

      DeletedSecret deletedSecret = secretClient.getDeletedSecret("secretName");
System.out.printf("Deleted Secret's Recovery Id %s", deletedSecret.getRecoveryId());
      Parameters:
      name - The name of the deleted secret.
      Returns:
      The deleted secret.
      Throws:
      com.azure.core.exception.ResourceNotFoundException - when a secret with name doesn't exist in the key vault.
      com.azure.core.exception.HttpResponseException - when a secret with name is empty string.

    • getDeletedSecretWithResponse

      public com.azure.core.http.rest.Response<DeletedSecret> getDeletedSecretWithResponse(String name, com.azure.core.util.Context context)
      Gets a secret that has been deleted for a soft-delete enabled key vault. This operation requires the secrets/list permission.

      Code sample

      Gets the deleted secret from the key vault enabled for soft-delete. Prints out the details of the deleted secret returned in the response.

      DeletedSecret deletedSecret = secretClient.getDeletedSecretWithResponse("secretName",
    new Context(key2, value2)).getValue();
System.out.printf("Deleted Secret's Recovery Id %s", deletedSecret.getRecoveryId());
      Parameters:
      name - The name of the deleted secret.
      context - Additional context that is passed through the HTTP pipeline during the service call.
      Returns:
      A Response whose value contains the deleted secret.
      Throws:
      com.azure.core.exception.ResourceNotFoundException - when a secret with name doesn't exist in the key vault.
      com.azure.core.exception.HttpResponseException - when a secret with name is empty string.

    • purgeDeletedSecret

      public void purgeDeletedSecret(String name)
      Permanently removes a deleted secret, without the possibility of recovery. This operation can only be performed on a soft-delete enabled vault. This operation requires the secrets/purge permission.

      Code sample

      Purges the deleted secret from the key vault enabled for soft-delete. Prints out the status code from the server response.

      secretClient.purgeDeletedSecret("secretName");
      Parameters:
      name - The name of the secret.
      Throws:
      com.azure.core.exception.ResourceNotFoundException - when a secret with name doesn't exist in the key vault.
      com.azure.core.exception.HttpResponseException - when a secret with name is empty string.

    • purgeDeletedSecretWithResponse

      public com.azure.core.http.rest.Response<Void> purgeDeletedSecretWithResponse(String name, com.azure.core.util.Context context)
      Permanently removes a deleted secret, without the possibility of recovery. This operation can only be performed on a soft-delete enabled vault. This operation requires the secrets/purge permission.

      Code sample

      Purges the deleted secret from the key vault enabled for soft-delete. Prints out the status code from the server response.

      Response<Void> purgeResponse = secretClient.purgeDeletedSecretWithResponse("secretName",
    new Context(key1, value1));
System.out.printf("Purge Status Code: %d", purgeResponse.getStatusCode());
      Parameters:
      name - The name of the secret.
      context - Additional context that is passed through the HTTP pipeline during the service call.
      Returns:
      A response containing status code and HTTP headers.
      Throws:
      com.azure.core.exception.ResourceNotFoundException - when a secret with name doesn't exist in the key vault.
      com.azure.core.exception.HttpResponseException - when a secret with name is empty string.

    • beginRecoverDeletedSecret

      public com.azure.core.util.polling.SyncPoller<KeyVaultSecret, Void> beginRecoverDeletedSecret(String name)
      Recovers the deleted secret in the key vault to its latest version. Can only be performed on a soft-delete enabled vault. This operation requires the secrets/recover permission.

      Code sample

      Recovers the deleted secret from the key vault enabled for soft-delete. Prints out the details of the recovered secret returned in the response.

      SyncPoller<KeyVaultSecret, Void> recoverSecretPoller =
    secretClient.beginRecoverDeletedSecret("deletedSecretName");

// Deleted Secret can be accessed as soon as polling is in progress.
PollResponse<KeyVaultSecret> recoveredSecretPollResponse = recoverSecretPoller.poll();
System.out.println("Recovered Key Name %s" + recoveredSecretPollResponse.getValue().getName());
System.out.printf("Recovered Key's Id %s", recoveredSecretPollResponse.getValue().getId());

// Key is being recovered on server.
recoverSecretPoller.waitForCompletion();
      Parameters:
      name - The name of the deleted secret to be recovered.
      Returns:
      A SyncPoller to poll on and retrieve the recovered secret.
      Throws:
      com.azure.core.exception.ResourceNotFoundException - when a secret with name doesn't exist in the key vault.
      com.azure.core.exception.HttpResponseException - when a secret with name is empty string.

    • backupSecret

      public byte[] backupSecret(String name)
      Requests a backup of the secret be downloaded to the client. All versions of the secret will be downloaded. This operation requires the secrets/backup permission.

      Code sample

      Backs up the secret from the key vault and prints out the length of the secret's backup byte array returned in the response

      byte[] secretBackup = secretClient.backupSecret("secretName");
System.out.printf("Secret's Backup Byte array's length %s", secretBackup.length);
      Parameters:
      name - The name of the secret.
      Returns:
      A Response whose value contains the backed up secret blob.
      Throws:
      com.azure.core.exception.ResourceNotFoundException - when a secret with name doesn't exist in the key vault.
      com.azure.core.exception.HttpResponseException - when a secret with name is empty string.

    • backupSecretWithResponse

      public com.azure.core.http.rest.Response<byte[]> backupSecretWithResponse(String name, com.azure.core.util.Context context)
      Requests a backup of the secret be downloaded to the client. All versions of the secret will be downloaded. This operation requires the secrets/backup permission.

      Code sample

      Backs up the secret from the key vault and prints out the length of the secret's backup byte array returned in the response

      byte[] secretBackup = secretClient.backupSecretWithResponse("secretName",
    new Context(key1, value1)).getValue();
System.out.printf("Secret's Backup Byte array's length %s", secretBackup.length);
      Parameters:
      name - The name of the secret.
      context - Additional context that is passed through the HTTP pipeline during the service call.
      Returns:
      A Response whose value contains the backed up secret blob.
      Throws:
      com.azure.core.exception.ResourceNotFoundException - when a secret with name doesn't exist in the key vault.
      com.azure.core.exception.HttpResponseException - when a secret with name is empty string.

    • restoreSecretBackup

      public KeyVaultSecret restoreSecretBackup(byte[] backup)
      Restores a backed up secret, and all its versions, to a vault. This operation requires the secrets/restore permission.

      Code sample

      Restores the secret in the key vault from its backup byte array. Prints out the details of the restored secret returned in the response.

      // Pass the secret backup byte array of the secret to be restored.
byte[] secretBackupByteArray = {};
KeyVaultSecret restoredSecret = secretClient.restoreSecretBackup(secretBackupByteArray);
System.out
    .printf("Restored Secret with name %s and value %s", restoredSecret.getName(), restoredSecret.getValue());
      Parameters:
      backup - The backup blob associated with the secret.
      Returns:
      A Response whose value contains the restored secret.
      Throws:
      com.azure.core.exception.ResourceModifiedException - when backup blob is malformed.

    • restoreSecretBackupWithResponse

      public com.azure.core.http.rest.Response<KeyVaultSecret> restoreSecretBackupWithResponse(byte[] backup, com.azure.core.util.Context context)
      Restores a backed up secret, and all its versions, to a vault. This operation requires the secrets/restore permission.

      Code sample

      Restores the secret in the key vault from its backup byte array. Prints out the details of the restored secret returned in the response.

      // Pass the secret backup byte array of the secret to be restored.
byte[] secretBackupByteArray = {};
KeyVaultSecret restoredSecret = secretClient.restoreSecretBackupWithResponse(secretBackupByteArray,
    new Context(key2, value2)).getValue();
System.out
    .printf("Restored Secret with name %s and value %s", restoredSecret.getName(), restoredSecret.getValue());
      Parameters:
      backup - The backup blob associated with the secret.
      context - Additional context that is passed through the HTTP pipeline during the service call.
      Returns:
      A Response whose value contains the restored secret.
      Throws:
      com.azure.core.exception.ResourceModifiedException - when backup blob is malformed.

    • listPropertiesOfSecrets

      public com.azure.core.http.rest.PagedIterable<SecretProperties> listPropertiesOfSecrets()
      Lists secrets in the key vault. Each secret returned only has its identifier and attributes populated. The secret values and their versions are not listed in the response. This operation requires the secrets/list permission.

      Iterate through secrets and fetch their latest value

      The snippet below loops over each secret and calls getSecret(String, String). This gets the secret and the value of its latest version.

      for (SecretProperties secret : secretClient.listPropertiesOfSecrets()) {
    KeyVaultSecret secretWithValue = secretClient.getSecret(secret.getName(), secret.getVersion());
    System.out.printf("Received secret with name %s and value %s",
        secretWithValue.getName(), secretWithValue.getValue());
}

      Iterate over secrets by page

      The snippet below loops over each secret by page and calls getSecret(String, String). This gets the secret and the value of its latest version.

      secretClient.listPropertiesOfSecrets().iterableByPage().forEach(resp -> {
    System.out.printf("Response headers are %s. Url %s  and status code %d %n", resp.getHeaders(),
        resp.getRequest().getUrl(), resp.getStatusCode());
    resp.getItems().forEach(value -> {
        KeyVaultSecret secretWithValue = secretClient.getSecret(value.getName(), value.getVersion());
        System.out.printf("Received secret with name %s and value %s",
            secretWithValue.getName(), secretWithValue.getValue());
    });
});
      Returns:
      PagedIterable of SecretProperties of all the secrets in the vault. The SecretProperties contains all the information about the secret, except its value.

    • listPropertiesOfSecrets

      public com.azure.core.http.rest.PagedIterable<SecretProperties> listPropertiesOfSecrets(com.azure.core.util.Context context)
      Lists secrets in the key vault. Each secret returned only has its identifier and attributes populated. The secret values and their versions are not listed in the response. This operation requires the secrets/list permission.

      Iterate over secrets and fetch their latest value

      The snippet below loops over each secret and calls getSecret(String, String). This gets the secret and the value of its latest version.

      for (SecretProperties secret : secretClient.listPropertiesOfSecrets(new Context(key1, value2))) {
    KeyVaultSecret secretWithValue = secretClient.getSecret(secret.getName(), secret.getVersion());
    System.out.printf("Received secret with name %s and value %s",
        secretWithValue.getName(), secretWithValue.getValue());
}
      Parameters:
      context - Additional context that is passed through the HTTP pipeline during the service call.
      Returns:
      PagedIterable of SecretProperties of all the secrets in the vault. SecretProperties contains all the information about the secret, except its value.

    • listDeletedSecrets

      public com.azure.core.http.rest.PagedIterable<DeletedSecret> listDeletedSecrets()
      Lists deleted secrets of the key vault if it has enabled soft-delete. This operation requires the secrets/list permission.

      Iterate over secrets

      Lists the deleted secrets in the key vault and for each deleted secret prints out its recovery id.

      for (DeletedSecret deletedSecret : secretClient.listDeletedSecrets()) {
    System.out.printf("Deleted secret's recovery Id %s", deletedSecret.getRecoveryId());
}

      Iterate over secrets by page

      Iterate over Lists the deleted secrets by page in the key vault and for each deleted secret prints out its recovery id.

      secretClient.listDeletedSecrets().iterableByPage().forEach(resp -> {
    System.out.printf("Got response headers . Url: %s, Status code: %d %n",
        resp.getRequest().getUrl(), resp.getStatusCode());
    resp.getItems().forEach(value -> {
        System.out.printf("Deleted secret's recovery Id %s", value.getRecoveryId());
    });
});
      Returns:
      PagedIterable of all of the deleted secrets in the vault.

    • listDeletedSecrets

      public com.azure.core.http.rest.PagedIterable<DeletedSecret> listDeletedSecrets(com.azure.core.util.Context context)
      Lists deleted secrets of the key vault if it has enabled soft-delete. This operation requires the secrets/list permission.

      Code sample

      Lists the deleted secrets in the key vault and for each deleted secret prints out its recovery id.

      for (DeletedSecret deletedSecret : secretClient.listDeletedSecrets(new Context(key1, value2))) {
    System.out.printf("Deleted secret's recovery Id %s", deletedSecret.getRecoveryId());
}
      Parameters:
      context - Additional context that is passed through the HTTP pipeline during the service call.
      Returns:
      PagedIterable of all of the deleted secrets in the vault.

    • listPropertiesOfSecretVersions

      public com.azure.core.http.rest.PagedIterable<SecretProperties> listPropertiesOfSecretVersions(String name)
      Lists all versions of the specified secret. Each secret returned only has its identifier and attributes populated. The secret values and secret versions are not listed in the response. This operation requires the secrets/list permission.

      Code sample

      The sample below fetches all versions of the given secret. For each secret version retrieved, makes a call to getSecret(String, String) to get the version's value, and then prints it out.

      for (SecretProperties secret : secretClient.listPropertiesOfSecretVersions("secretName")) {
    KeyVaultSecret secretWithValue = secretClient.getSecret(secret.getName(), secret.getVersion());
    System.out.printf("Received secret's version with name %s and value %s",
        secretWithValue.getName(), secretWithValue.getValue());
}
      Parameters:
      name - The name of the secret.
      Returns:
      PagedIterable of SecretProperties of all the versions of the specified secret in the vault. List is empty if secret with name does not exist in key vault
      Throws:
      com.azure.core.exception.ResourceNotFoundException - when a secret with name doesn't exist in the key vault.
      com.azure.core.exception.HttpResponseException - when a secret with name is empty string.

    • listPropertiesOfSecretVersions

      public com.azure.core.http.rest.PagedIterable<SecretProperties> listPropertiesOfSecretVersions(String name, com.azure.core.util.Context context)
      Lists all versions of the specified secret. Each secret returned only has its identifier and attributes populated. The secret values and secret versions are not listed in the response. This operation requires the secrets/list permission.

      Code sample

      The sample below fetches all versions of the given secret. For each secret version retrieved, makes a call to getSecret(String, String) to get the version's value, and then prints it out.

      for (SecretProperties secret : secretClient
    .listPropertiesOfSecretVersions("secretName", new Context(key1, value2))) {
    KeyVaultSecret secretWithValue = secretClient.getSecret(secret.getName(), secret.getVersion());
    System.out.printf("Received secret's version with name %s and value %s",
        secretWithValue.getName(), secretWithValue.getValue());
}

      Iterate over secret versions by page

      The sample below iterates over each secret by each page and calls getSecret(String, String). This will return the secret with the corresponding version's value.

      secretClient.listPropertiesOfSecretVersions("secretName", new Context(key1, value2))
    .iterableByPage().forEach(resp -> {
        System.out.printf("Got response headers . Url: %s, Status code: %d %n",
            resp.getRequest().getUrl(), resp.getStatusCode());
        resp.getItems().forEach(value -> {
            KeyVaultSecret secretWithValue = secretClient.getSecret(value.getName(), value.getVersion());
            System.out.printf("Received secret's version with name %s and value %s",
                secretWithValue.getName(), secretWithValue.getValue());
        });
    });
      Parameters:
      name - The name of the secret.
      context - Additional context that is passed through the HTTP pipeline during the service call.
      Returns:
      PagedIterable of SecretProperties of all the versions of the specified secret in the vault. List is empty if secret with name does not exist in key vault
      Throws:
      com.azure.core.exception.ResourceNotFoundException - when a secret with name doesn't exist in the key vault.
      com.azure.core.exception.HttpResponseException - when a secret with name is empty string.