11

I can get the secret from azure key vault in rest api if I already know the version number using this endpoint:

https://my-key-vault-dev.vault.azure.net/secrets/MyTestSecret/13f8347b8518483f8236670197497c93?api-version=2016-10-01

But what if I don't know what the latest version number is?

I guess I could get the latest version number query list first:

GET {vaultBaseUrl}/secrets/{secret-name}/versions?api-version=2016-10-01

Is it possible to do it all in one query? For example, something like this would be great:

https://my-key-vault-dev.vault.azure.net/secrets/MyTestSecret/?api-version=2016-10-01
Harish
  • 789
  • 1
  • 7
  • 21
Bill Software Engineer
  • 7,362
  • 23
  • 91
  • 174

2 Answers2

14

Microsoft.Azure.KeyVault library passes String.Empty as version to the call when there is no specific version requested, so your suggestion should work.

In my case it is just https://mykeyvault.vault.azure.net/secrets/testSecret/

Community
  • 1
  • 1
Wojciech Sroczyński
  • 191
  • 1
  • 4
  • Yeah, but Microsoft has built a hidden bug in their software. If you rotate the secret, the version change in keyvault, but then this url used in Azure functions magically still refers to the previous version. I just cannot imagine what kind of programmer will agree to do that kind of hidden caching. This comment is for those like me coming here to check how to work around the Microsoft bug – SijuMathew Sep 27 '21 at 10:04
4

Now we can easily get the current version secrets by without mentioning version parameter

https://learn.microsoft.com/en-us/rest/api/keyvault/secrets/get-secret/get-secret

enter image description here

LoHer
  • 172
  • 1
  • 13
vijay
  • 701
  • 2
  • 12
  • 26