Package version:
Creates an instance of the KeyVaultAccessControlClient.
Example usage:
import { KeyVaultAccessControlClient } from "@azure/keyvault-admin";
import { DefaultAzureCredential } from "@azure/identity";
let vaultUrl = `https://<MY KEY VAULT HERE>.vault.azure.net`;
let credentials = new DefaultAzureCredential();
let client = new KeyVaultAccessControlClient(vaultUrl, credentials);
the URL of the Key Vault. It should have this shape: https://${your-key-vault-name}.vault.azure.net. You should validate that this URL references a valid Key Vault or Managed HSM resource. See https://aka.ms/azsdk/blog/vault-uri for details.
An object that implements the TokenCredential interface used to authenticate requests to the service. Use the @azure/identity package to create a credential that suits your needs.
Options used to configure Key Vault API requests. Omit this parameter to use the default configuration.
Readonly vaultThe base URL to the vault
Creates a role assignment in an Azure Key Vault.
Example usage:
const client = new KeyVaultAccessControlClient(url, credentials);
const roleDefinition = await client.listRoleDefinitions("/").next();
const principalId = "4871f6a6-374f-4b6b-8b0c-f5d84db823f6";
const result = await client.createRoleAssignment("/", "295c179b-9ad3-4117-99cd-b1aa66cf4517", roleDefinition, principalId);
Creates a new role assignment.
The scope of the role assignment.
The name of the role assignment. Must be a UUID.
The role definition ID used in the role assignment.
The principal ID assigned to the role. This maps to the ID inside the Active Directory. It can point to a user, service principal, or security group.
The optional parameters.
Deletes role assignments previously created in an Azure Key Vault.
Example usage:
const client = new KeyVaultAccessControlClient(url, credentials);
const roleAssignment = await client.createRoleAssignment("/", "295c179b-9ad3-4117-99cd-b1aa66cf4517");
await client.deleteRoleAssignment(roleAssignment.properties.roleScope, roleAssignment.name);
Deletes an existing role assignment.
The scope of the role assignment.
The name of the role assignment.
The optional parameters.
Deletes a custom role definition previously created in an Azure Key Vault.
Example usage:
const client = new KeyVaultAccessControlClient(url, credentials);
const roleDefinition = await client.setRoleDefinition("/", "23b8bb1a-39c0-4c89-a85b-dd3c99273a8a", []);
await client.deleteRoleDefinition("/", roleDefinition.name);
The scope of the role definition.
The name of the role definition to delete.
The optional parameters.
Gets a role assignments previously created in an Azure Key Vault.
Example usage:
const client = new KeyVaultAccessControlClient(url, credentials);
let roleAssignment = await client.createRoleAssignment("/", "295c179b-9ad3-4117-99cd-b1aa66cf4517");
roleAssignment = const await client.getRoleAssignment(roleAssignment.properties.roleScope, roleAssignment.name);
console.log(roleAssignment);
Gets an existing role assignment.
The scope of the role assignment.
The name of the role assignment.
The optional parameters.
Gets a role definition from Azure Key Vault.
Example usage:
const client = new KeyVaultAccessControlClient(url, credentials);
const roleDefinition = await client.getRoleDefinition("/", "b86a8fe4-44ce-4948-aee5-eccb2c155cd7");
console.log(roleDefinition);
The scope of the role definition.
The name of the role definition.
The optional parameters.
Iterates over all of the available role assignments in an Azure Key Vault.
Example usage:
let client = new KeyVaultAccessControlClient(url, credentials);
for await (const roleAssignment of client.listRoleAssignments("/")) {
console.log("Role assignment: ", roleAssignment);
}
Lists all of the role assignments in a given scope.
The scope of the role assignments.
The optional parameters.
Iterates over all of the available role definitions in an Azure Key Vault.
Example usage:
let client = new KeyVaultAccessControlClient(url, credentials);
for await (const roleDefinitions of client.listRoleDefinitions("/")) {
console.log("Role definition: ", roleDefinitions);
}
Lists all of the role definition in a given scope.
The scope of the role definition.
The optional parameters.
Creates or updates a role definition in an Azure Key Vault.
Example usage:
const client = new KeyVaultAccessControlClient(url, credentials);
const permissions = [{ dataActions: [KnownKeyVaultDataAction.BackupHsmKeys] }];
const roleDefinitionName = "23b8bb1a-39c0-4c89-a85b-dd3c99273a8a";
const roleDefinition = await client.setRoleDefinition(KnownKeyVaultRoleScope.Global, { permissions, roleDefinitionName });
console.log(roleDefinition);
The scope of the role definition.
The optional parameters.
Generated using TypeDoc
The KeyVaultAccessControlClient provides methods to manage access control and role assignments in any given Azure Key Vault instance. The client supports creating, retrieving and deleting roles.