Package version
Creates an instance of CertificateClient.
the base URL to the vault.
An object that implements the TokenCredential interface used to authenticate requests to the service. Use the @azure/identity package to create a credential that suits your needs.
Requests that a backup of the specified certificate be downloaded to the client. All versions of the certificate will be downloaded. This operation requires the certificates/backup permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.createCertificate("MyCertificate", {
issuerName: "Self",
subjectName: "cn=MyCert"
});
const backup = await client.backupCertificate("MyCertificate");The name of the certificate
Updates a certificate creation operation that is already in progress. This operation requires the certificates/update permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.createCertificate("MyCertificate", {
issuerName: "Self",
subjectName: "cn=MyCert"
});
await client.cancelCertificateOperation("MyCertificate");The name of the certificate
Creates a new certificate. If this is the first version, the certificate resource is created. This operation requires the certificates/create permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.createCertificate("MyCertificate", {
issuerName: "Self",
subjectName: "cn=MyCert"
});The name of the certificate
The certificate's policy
The DELETE operation applies to any certificate stored in Azure Key Vault. DELETE cannot be applied to an individual version of a certificate. This operation requires the certificates/delete permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.createCertificate("MyCertificate", {
issuerName: "Self",
subjectName: "cn=MyCert"
});
await client.deleteCertificate("MyCertificate");The name of the certificate.
Deletes the creation operation for a specified certificate that is in the process of being created. The certificate is no longer created. This operation requires the certificates/update permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.createCertificate("MyCertificate", {
issuerName: "Self",
subjectName: "cn=MyCert"
});
await client.deleteCertificateOperation("MyCertificate");
await client.getCertificateOperation("MyCertificate"); // Throws error: Pending certificate not found: "MyCertificate"The name of the certificate
Deletes all of the certificate contacts. This operation requires the certificates/managecontacts permission.
Example usage:
let client = new CertificateClient(url, credentials);
await client.setContacts([{
emailAddress: "b@b.com",
name: "b",
phone: "222222222222"
}]);
await client.deleteContacts();The deleteIssuer operation permanently removes the specified certificate issuer from the vault. This operation requires the certificates/manageissuers/deleteissuers permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.setIssuer("IssuerName", "Provider");
await client.deleteIssuer("IssuerName");The name of the issuer.
Gets the latest information available from a specific certificate, including the certificate's policy. This operation requires the certificates/get permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.createCertificate("MyCertificate", {
issuerName: "Self",
subjectName: "cn=MyCert"
});
const certificate = await client.getCertificate("MyCertificate");
console.log(certificate);The name of the certificate
Gets the creation operation associated with a specified certificate. This operation requires the certificates/get permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.createCertificate("MyCertificate", {
issuerName: "Self",
subjectName: "cn=MyCert"
});
const operation = await client.getCertificateOperation("MyCertificate");
console.log(operation);The name of the certificate
The getCertificatePolicy operation returns the specified certificate policy resources in the specified key vault. This operation requires the certificates/get permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.createCertificate("MyCertificate", {
issuerName: "Self",
subjectName: "cn=MyCert"
});
const policy = await client.getCertificatePolicy("MyCertificate");
console.log(policy);The name of the certificate
Gets information about a specific certificate on a specific version. It won't return the certificate's policy. This operation requires the certificates/get permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.createCertificate("MyCertificate", {
issuerName: "Self",
subjectName: "cn=MyCert"
});
const certificateWithPolicy = await client.getCertificate("MyCertificate");
const certificate = await client.getCertificateVersion("MyCertificate", certificateWithPolicy.properties.version!);
console.log(certificate);The name of the certificate
The specific version of the certificate
The optional parameters
Returns the set of certificate contact resources in the specified key vault. This operation requires the certificates/managecontacts permission.
Example usage:
let client = new CertificateClient(url, credentials);
await client.setContacts([{
emailAddress: "b@b.com",
name: "b",
phone: "222222222222"
}]);
const getResponse = await client.getContacts();
console.log(getResponse.contactList!);retrieves the deleted certificate information plus its attributes, such as retention interval, scheduled permanent deletion and the current deletion recovery level. This operation requires the certificates/get permission.
Example usage:
const client = new CertificateClient(url, credentials);
client.getDeletedCertificate("MyDeletedCertificate");The name of the certificate
The getIssuer operation returns the specified certificate issuer resources in the specified key vault. This operation requires the certificates/manageissuers/getissuers permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.setIssuer("IssuerName", "Provider");
const certificateIssuer = await client.getIssuer("IssuerName");
console.log(certificateIssuer);The name of the issuer.
Imports an existing valid certificate, containing a private key, into Azure Key Vault. The certificate to be imported can be in either PFX or PEM format. If the certificate is in PEM format the PEM file must contain the key as well as x509 certificates. This operation requires the certificates/import permission.
Example usage:
const client = new CertificateClient(url, credentials);
const certificateSecret = await secretClient.getSecret("MyCertificate");
const base64EncodedCertificate = certificateSecret.value!;
await client.importCertificate("MyCertificate", base64EncodedCertificate);The name of the certificate
The base64 encoded certificate to import
Returns the versions of a certificate in the specified key vault. This operation requires the certificates/list permission.
Example usage:
const client = new CertificateClient(url, credentials);
for await (const item of client.listCertificateVersions("MyCertificate")) {
console.log(item.properties.version!);
}The name of the certificate.
Iterates the latest version of all certificates in the vault. The full certificate identifier and attributes are provided in the response. No values are returned for the certificates. This operations requires the certificates/list permission.
Example usage:
const client = new CertificateClient(url, credentials);
// All in one call
for await (const certificate of client.listCertificates()) {
console.log(certificate);
}
// By pages
for await (const page of client.listCertificates().byPage()) {
for (const certificate of page) {
console.log(certificate);
}
}Retrieves the certificates in the current vault which are in a deleted state and ready for recovery or purging. This operation includes deletion-specific information. This operation requires the certificates/get/list permission. This operation can only be enabled on soft-delete enabled vaults.
Example usage:
const client = new CertificateClient(url, credentials);
for await (const certificate of client.listDeletedCertificates()) {
console.log(certificate);
}
for await (const page of client.listDeletedCertificates().byPage()) {
for (const certificate of page) {
console.log(certificate);
}
}Returns the set of certificate issuer resources in the specified key vault. This operation requires the certificates/manageissuers/getissuers permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.setIssuer("IssuerName", "Provider");
// All in one call
for await (const issuer of client.listIssuers()) {
console.log(issuer);
}
// By pages
for await (const page of client.listIssuers().byPage()) {
for (const issuer of page) {
console.log(issuer);
}
}Performs the merging of a certificate or certificate chain with a key pair currently available in the service. This operation requires the certificates/create permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.createCertificate("MyCertificate", {
issuerName: "Unknown",
subjectName: "cn=MyCert"
});
const { csr } = await client.getCertificateOperation(certificateName);
const base64Csr = Buffer.from(csr!).toString("base64");
const wrappedCsr = ["-----BEGIN CERTIFICATE REQUEST-----", base64Csr, "-----END CERTIFICATE REQUEST-----"].join("\n");
fs.writeFileSync("test.csr", wrappedCsr);
// Certificate available locally made using:
// openssl genrsa -out ca.key 2048
// openssl req -new -x509 -key ca.key -out ca.crt
// You can read more about how to create a fake certificate authority here: https://gist.github.com/Soarez/9688998
childProcess.execSync("openssl x509 -req -in test.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out test.crt");
const base64Crt = fs.readFileSync("test.crt").toString().split("\n").slice(1, -1).join("");
await client.mergeCertificate(certificateName, [Buffer.from(base64Crt)]);The name of the certificate
The certificate(s) to merge
Performs an irreversible deletion of the specified certificate, without possibility for recovery. The operation is not available if the recovery level does not specify 'Purgeable'. This operation requires the certificate/purge permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.deleteCertificate("MyCertificate");
// Deleting a certificate takes time, make sure to wait before purging it
client.purgeDeletedCertificate("MyCertificate");The name of the deleted certificate to purge
Recovers the deleted certificate in the specified vault. This operation can only be performed on a soft-delete enabled vault. This operation requires the certificate/recover permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.deleteCertificate("MyCertificate");
// Deleting a certificate takes time, make sure to wait before recovering it
await client.recoverDeletedCertificate("MyCertificate");The name of the deleted certificate
Restores a backed up certificate, and all its versions, to a vault. This operation requires the certificates/restore permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.createCertificate("MyCertificate", {
issuerName: "Self",
subjectName: "cn=MyCert"
});
const backup = await client.backupCertificate("MyCertificate");
await client.deleteCertificate("MyCertificate");
// Some time is required before we're able to restore the certificate
await client.restoreCertificateBackup(backup.value!);The back-up certificate to restore from
Sets the certificate contacts for the key vault. This operation requires the certificates/managecontacts permission.
Example usage:
let client = new CertificateClient(url, credentials);
await client.setContacts([{
emailAddress: "b@b.com",
name: "b",
phone: "222222222222"
}]);The contacts to use
The setIssuer operation adds or updates the specified certificate issuer. This operation requires the certificates/setissuers permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.setIssuer("IssuerName", "Provider");The name of the issuer.
The issuer provider.
Applies the specified update on the given certificate; the only elements updated are the certificate's attributes. This operation requires the certificates/update permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.createCertificate("MyCertificate", {
issuerName: "Self",
subjectName: "cn=MyCert"
});
await client.updateCertificate("MyCertificate", "", {
tags: {
customTag: "value"
}
});The name of the ceritificate
The version of the certificate to update
The options, including what to update
Set specified members in the certificate policy. Leave others as null. This operation requires the certificates/update permission.
The name of the certificate
The certificate policy
The updateIssuer operation performs an update on the specified certificate issuer entity. This operation requires the certificates/setissuers permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.setIssuer("IssuerName", "Provider");
await client.updateIssuer("IssuerName", {
provider: "Provider2"
});The name of the issuer.
Generated using TypeDoc
The client to interact with the KeyVault certificates functionality