Is there a way to restore or promote an older version of a secret?

Question

I know you can restore deleted secrets, however, I want to delete the current version and restore an older version.

Answer 1

Copy the old secret value then create a new version with it.

Answer 2

I do not think this is possible. However, you can try PowerShell to get the old version of the secret using the cmdlet Get-AzureKeyVaultSecret with -Version parameter, store the returned secret in a variable, say $oldsecret and then use the Set-AzureKeyVaultSecret cmdlet to update the existing secret in Key Vault with the $oldsecret.

Answer 3

there is no way to do this. All I can do is create a new secret, which I don't need. the value didn't change, just the tags. So I had to update our code to use the new version. at least the old version was still enabled so nothing broke during the changes.

Answer 4

One hack is to download the specific version that you want to be the current version and then set it in the KV using the az cli.

az keyvault secret download --vault-name <vault-name> --name <secret-name> --version <secret-version> --file <output-file>

az keyvault secret set --vault-name <vault-name> --name <secret-name> --file <output-file>

Answer 5

No, It's not possible. An alternative is to take following steps using PowerShell:

1. Make sure Az module is installed on your local computer, if not run

   Install-Module Az

2. Get your secret:

   Get-AzKeyVaultSecret -VaultName 'vaultnumber' -Name 'secretname' -Version 'versionnumber' -AsPlainText | Out-File -FilePath .\Process.txt

3. edit your saved file, save and close it and read the file:

   $text = Get-Content -Path 'path' -Raw

4. Write it to the key vault

   $newSecret= ConvertTo-SecureString $text -AsPlainText -Force

   Set-AzKeyVaultSecret -VaultName vaultnumber -Name secretname -SecretValue $newSecret