Export-Hgs Key Protection State

Exports Key Protection Service configuration and certificates.

Syntax

Export-HgsKeyProtectionState
      [-Path <String>]
      -Password <SecureString>
      [-Force]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]

Description

The Export-HgsKeyProtectionState cmdlet exports configuration of Key Protection Service to a file referenced by the path parameter. If the path parameter is not provided, the cmdlet outputs the configuration state as XML. If the configuration contains certificates that were added to the service with pfx (containing private key), then the exported configuration also contains those private keys. The password parameter is used to protect the private keys that are part of the configuration. If the configuration contains certificates with private keys in Hardware Security Module (HSM), then the configuration only contains the public certificate.

Examples

Example 1: Export Key Protection Service state to a file

PS C:\> Export-HgsKeyProtectionState -Path "C:\example\kps.config" -Password $Password

This command exports configuration state of Key Protection Service. All certificates that were added as a pfx are included in the output which is written to the file referenced by the path parameter. The private keys are protected with the password specified in the $Password secure string.

Example 2: Export Key Protection Service state to Xml

PS C:\> Export-HgsKeyProtectionState  -Password $Password

This command exports configuration state of Key Protection Service as output that can be stored in a variable. All certificates that were added as a pfx are included in the output. The private keys are protected with the password specified in the $Password secure string.

Required Parameters

-Password

Specifies the password which protects private keys contained within the exported configuration.

Type: SecureString
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

Optional Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type: SwitchParameter
Aliases: cf
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-Force

Forces the command to run without asking for user confirmation.

Type: SwitchParameter
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Path

Specifies the path of the file to which the configuration state is written.

Type: String
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type: SwitchParameter
Aliases: wi
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

Inputs

None

You cannot pipe input to this cmdlet.

Outputs

None

This cmdlet outputs XmlDocument that contains Key Protection Service state if Path parameter is not specified.