Package version
Creates an instance of the KeyVaultAccessControlClient.
Example usage:
import { KeyVaultAccessControlClient } from "@azure/keyvault-admin";
import { DefaultAzureCredential } from "@azure/identity";
let vaultUrl = `https://<MY KEY VAULT HERE>.vault.azure.net`;
let credentials = new DefaultAzureCredential();
let client = new KeyVaultAccessControlClient(vaultUrl, credentials);the URL of the Key Vault. It should have this shape: https://${your-key-vault-name}.vault.azure.net
An object that implements the TokenCredential interface used to authenticate requests to the service. Use the @azure/identity package to create a credential that suits your needs.
The base URL to the vault
Creates a role assignment in an Azure Key Vault.
Example usage:
const client = new KeyVaultAccessControlClient(url, credentials);
const roleDefinition = await client.listRoleDefinitions("/").next();
const principalId = "4871f6a6-374f-4b6b-8b0c-f5d84db823f6";
const result = await client.createRoleAssignment("/", "295c179b-9ad3-4117-99cd-b1aa66cf4517", roleDefinition, principalId);The scope of the role assignment.
The name of the role assignment. Must be a UUID.
The role definition ID used in the role assignment.
The principal ID assigned to the role. This maps to the ID inside the Active Directory. It can point to a user, service principal, or security group.
Deletes role assignments previously created in an Azure Key Vault.
Example usage:
const client = new KeyVaultAccessControlClient(url, credentials);
const roleAssignment = await client.createRoleAssignment("/", "295c179b-9ad3-4117-99cd-b1aa66cf4517");
const deletedRoleAssignment = const await client.deleteRoleAssignment(roleAssignment.properties.roleScope, roleAssignment.name);
console.log(deletedRoleAssignment);The scope of the role assignment.
The name of the role assignment.
Gets a role assignments previously created in an Azure Key Vault.
Example usage:
const client = new KeyVaultAccessControlClient(url, credentials);
let roleAssignment = await client.createRoleAssignment("/", "295c179b-9ad3-4117-99cd-b1aa66cf4517");
roleAssignment = const await client.getRoleAssignment(roleAssignment.properties.roleScope, roleAssignment.name);
console.log(roleAssignment);The scope of the role assignment.
The name of the role assignment.
Iterates over all of the available role assignments in an Azure Key Vault.
Example usage:
let client = new KeyVaultAccessControlClient(url, credentials);
for await (const roleAssignment of client.listRoleAssignments("/")) {
console.log("Role assignment: ", roleAssignment);
}The scope of the role assignments.
Iterates over all of the available role definitions in an Azure Key Vault.
Example usage:
let client = new KeyVaultAccessControlClient(url, credentials);
for await (const roleDefinitions of client.listRoleDefinitions("/")) {
console.log("Role definition: ", roleDefinitions);
}The scope of the role definition.
Generated using TypeDoc
The KeyVaultAccessControlClient provides methods to manage access control and role assignments in any given Azure Key Vault instance. The client supports creating, retrieving and deleting roles.