It seems silly to have no way to retrieve disabled secrets. I understand that in the typical use case this makes sense, because it's disabled, but having no alternative way (that I can find via az) seems silly at best, and possibly dangerous if that secret ever gets re-enabled.
For example, if I want to find an exposed password or some value that's being rotated, heck even an email address, and I want to change or delete secrets containing that value, I have no way to do this if the secret is disabled without enabling it first, which most likely has negative repercussions (it was probably disabled for a reason). Re-enabling it might change how some app is working that uses the secret. The alternative would mean knowing ahead of time everywhere that value is used, which IME is rarely the case.
The system obviously knows the secret exists and I assume it knows the value of it, so it seems like supporting something like a "force" option makes sense when showing/retrieving the secret.
It seems silly to have no way to retrieve disabled secrets. I understand that in the typical use case this makes sense, because it's disabled, but having no alternative way (that I can find via
az) seems silly at best, and possibly dangerous if that secret ever gets re-enabled.For example, if I want to find an exposed password or some value that's being rotated, heck even an email address, and I want to change or delete secrets containing that value, I have no way to do this if the secret is disabled without enabling it first, which most likely has negative repercussions (it was probably disabled for a reason). Re-enabling it might change how some app is working that uses the secret. The alternative would mean knowing ahead of time everywhere that value is used, which IME is rarely the case.
The system obviously knows the secret exists and I assume it knows the value of it, so it seems like supporting something like a "force" option makes sense when showing/retrieving the secret.