Azure

How to Get or Update Azure Key Vault Secret Values Using REST API

Azure Key Vault REST API Guide

Azure Key Vault is a secure and convenient way to store secrets, keys, and certificates. In this guide, you will learn how to update and retrieve secrets from Azure Key Vault using the REST API.

Create an Azure Key Vault

If you don’t already have a Key Vault, create one from the Azure portal.

Create a Secret

Inside the Key Vault, click Generate/Import to create your first secret.

Create an Azure AD App Registration (Required)

To access Key Vault through the REST API, you must authenticate with an Azure AD application.

Assign API Permissions

Go to: API Permissions → Add Permission → Azure Key Vault → Application Permissions.

Select: user_impersonation

Then click Grant admin consent.

Create a Client Secret

In the App Registration:

  • Go to Certificates & Secrets

  • Click New client secret

  • Copy the generated secret value (you will need it in API calls)

  • Copy the Client ID and Tenant ID

From the Overview page of your App Registration, copy:

  • Client ID (Application ID)

  • Tenant ID (Directory ID)

Assign IAM Role on the Key Vault

To allow the App Registration to get or update secrets, assign it one of the following roles:

  • Key Vault Secrets Officer OR Key Vault Administrator

  • Path: Key Vault → Access control (IAM) → Add Role Assignment

  • Select the role and assign it to your App Registration.

Generate an Access Token

Before calling the Key Vault REST API, you must generate an OAuth 2.0 access token.

Method: POST

URL: https://login.microsoftonline.com/{TenantId}/oauth2/v2.0/token

Headers: Content-Type: application/x-www-form-urlencoded

Body: client_id={ClientId} &scope=https://vault.azure.net/.default

&client_secret={ClientSecret}&grant_type=client_credentials

This returns an access_token used in all Key Vault requests.

Get Secret Value from Azure Key Vault

Use this API to retrieve a secret.

  • Method: GET

  • URL: https://{Key_Vault_Name}.vault.azure.net/secrets/{Secret_Name}?api-version=2025-07-01

  • Headers: Authorization: Bearer {Access_Token}

Content-Type: application/json

Set or Update a Secret in Azure Key Vault

Use the PUT Request to create or update a secret.

  • Method: PUT

  • URL: https://{Key_Vault_Name}.vault.azure.net/secrets/{Secret_Name}?api-version=2025-07-01

  • Headers: Authorization: Bearer {Access_Token}

Content-Type: application/json

Body:

{
“value”: “{Value}”,
“tags”: {
“source”: “Postman”
},
“contentType”: “text/plain”
}

Conclusion

With these steps, you can easily authenticate through Azure AD, retrieve secrets, and update values in Azure Key Vault using REST API calls. This approach is beneficial for automation, CI/CD pipelines, and external integrations where SDKs are not preferred.
Membership not found