> ## Documentation Index
> Fetch the complete documentation index at: https://specterops-bp-2735-release-notes.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# AZGetSecrets

> The ability to read secrets from key vaults.

<img noZoom src="https://mintcdn.com/specterops-bp-2735-release-notes/2djt2Sp9UeFPjBFr/assets/enterprise-AND-community-edition-pill-tag.svg?fit=max&auto=format&n=2djt2Sp9UeFPjBFr&q=85&s=a791748158fde5ff3b3b82b51497ab39" alt="Applies to BloodHound Enterprise and CE" width="482" height="45" data-path="assets/enterprise-AND-community-edition-pill-tag.svg" />

## Abuse Info

Use PowerShell or PowerZure to fetch the certificate from the key vault.

Via PowerZure:

* Get-AzureKeyVaultContent
* Export-AzureKeyVaultcontent

## Opsec Considerations

Azure will create a new log event for the key vault whenever a secret is accessed.

## References

* [https://blog.netspi.com/azure-automation-accounts-key-stores/](https://blog.netspi.com/azure-automation-accounts-key-stores/)
* [https://powerzure.readthedocs.io/en/latest/Functions/operational.html#get-azurekeyvaultcontent](https://powerzure.readthedocs.io/en/latest/Functions/operational.html#get-azurekeyvaultcontent)
* [https://specterops.io/blog/2022/08/03/introducing-bloodhound-4-2-the-azure-refactor/](https://specterops.io/blog/2022/08/03/introducing-bloodhound-4-2-the-azure-refactor/)
