Creates an instance of CertificateClient.
the base URL to the vault.
An object that implements the TokenCredential
interface used to authenticate requests to the service. Use the @azure/identity package to create a credential that suits your needs.
The base URL to the vault
Requests that a backup of the specified certificate be downloaded to the client. All versions of the certificate will be downloaded. This operation requires the certificates/backup permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.beginCreateCertificate("MyCertificate", {
issuerName: "Self",
subject: "cn=MyCert"
});
const backup = await client.backupCertificate("MyCertificate");
The name of the certificate
Creates a new certificate. If this is the first version, the certificate resource is created. This function returns a Long Running Operation poller that allows you to wait indefinitely until the certificate is fully recovered.
Note: Sending Self
as the issuerName
of the certificate's policy will create a self-signed certificate.
This operation requires the certificates/create permission.
Example usage:
const client = new CertificateClient(url, credentials);
const certificatePolicy = {
issuerName: "Self",
subject: "cn=MyCert"
};
const createPoller = await client.beginCreateCertificate("MyCertificate", certificatePolicy);
// The pending certificate can be obtained by calling the following method:
const pendingCertificate = createPoller.getResult();
// Serializing the poller
const serialized = createPoller.toString();
// A new poller can be created with:
// const newPoller = await client.beginCreateCertificate("MyCertificate", certificatePolicy, { resumeFrom: serialized });
// Waiting until it's done
const certificate = await createPoller.pollUntilDone();
console.log(certificate);
The name of the certificate
The DELETE operation applies to any certificate stored in Azure Key Vault. DELETE cannot be applied to an individual version of a certificate. This function returns a Long Running Operation poller that allows you to wait indefinitely until the certificate is fully recovered.
This operation requires the certificates/delete permission.
Example usage:
const client = new CertificateClient(url, credentials);
const createPoller = await client.beginCreateCertificate("MyCertificate", {
issuerName: "Self",
subject: "cn=MyCert"
});
await createPoller.pollUntilDone();
const deletePoller = await client.beginDeleteCertificate("MyCertificate");
// Serializing the poller
const serialized = deletePoller.toString();
// A new poller can be created with:
// const newPoller = await client.beginDeleteCertificate("MyCertificate", { resumeFrom: serialized });
// Waiting until it's done
const deletedCertificate = await deletePoller.pollUntilDone();
console.log(deletedCertificate);
The name of the certificate.
Recovers the deleted certificate in the specified vault. This operation can only be performed on a soft-delete enabled vault. This operation This function returns a Long Running Operation poller that allows you to wait indefinitely until the certificate is fully recovered.
This operation requires the certificates/recover permission.
Example usage:
const client = new CertificateClient(url, credentials);
const deletePoller = await client.beginDeleteCertificate("MyCertificate");
await deletePoller.pollUntilDone();
const recoverPoller = await client.beginRecoverDeletedCertificate("MyCertificate");
// Serializing the poller
const serialized = deletePoller.toString();
// A new poller can be created with:
// const newPoller = await client.beginRecoverDeletedCertificate("MyCertificate", { resumeFrom: serialized });
// Waiting until it's done
const certificate = await recoverPoller.pollUntilDone();
console.log(certificate);
The name of the deleted certificate
The createIssuer operation adds or updates the specified certificate issuer. This operation requires the certificates/setissuers permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.createIssuer("IssuerName", "Test");
The name of the issuer.
The issuer provider.
Deletes the creation operation for a specified certificate that is in the process of being created. The certificate is no longer created. This operation requires the certificates/update permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.beginCreateCertificate("MyCertificate", {
issuerName: "Self",
subject: "cn=MyCert"
});
await client.deleteCertificateOperation("MyCertificate");
await client.getCertificateOperation("MyCertificate"); // Throws error: Pending certificate not found: "MyCertificate"
The name of the certificate
Deletes all of the certificate contacts. This operation requires the certificates/managecontacts permission.
Example usage:
let client = new CertificateClient(url, credentials);
await client.setContacts([{
email: "b@b.com",
name: "b",
phone: "222222222222"
}]);
await client.deleteContacts();
The deleteIssuer operation permanently removes the specified certificate issuer from the vault. This operation requires the certificates/manageissuers/deleteissuers permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.createIssuer("IssuerName", "Provider");
await client.deleteIssuer("IssuerName");
The name of the issuer.
Gets the latest information available from a specific certificate, including the certificate's policy. This operation requires the certificates/get permission.
Example usage:
const client = new CertificateClient(url, credentials);
const poller = await client.beginCreateCertificate("MyCertificate", {
issuerName: "Self",
subject: "cn=MyCert"
});
await poller.pollUntilDone();
const certificate = await client.getCertificate("MyCertificate");
console.log(certificate);
The name of the certificate
Gets the creation operation associated with a specified certificate. This operation requires the certificates/get permission. This function returns a Long Running Operation poller that allows you to wait indefinitely until the certificate is fully recovered.
Example usage:
const client = new CertificateClient(url, credentials);
const createPoller = await client.beginCreateCertificate("MyCertificate", {
issuerName: "Self",
subject: "cn=MyCert"
});
const poller = await client.getCertificateOperation("MyCertificate");
const pendingCertificate = poller.getResult();
const certificateOperation = poller.getOperationState().certificateOperation;
console.log(certificateOperation);
The name of the certificate
The getCertificatePolicy operation returns the specified certificate policy resources in the specified key vault. This operation requires the certificates/get permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.beginCreateCertificate("MyCertificate", {
issuerName: "Self",
subject: "cn=MyCert"
});
const policy = await client.getCertificatePolicy("MyCertificate");
console.log(policy);
The name of the certificate
Gets information about a specific certificate on a specific version. It won't return the certificate's policy. This operation requires the certificates/get permission.
Example usage:
const client = new CertificateClient(url, credentials);
const poller = await client.beginCreateCertificate("MyCertificate", {
issuerName: "Self",
subject: "cn=MyCert"
});
await poller.pollUntilDone();
const certificateWithPolicy = await client.getCertificate("MyCertificate");
const certificate = await client.getCertificateVersion("MyCertificate", certificateWithPolicy.properties.version!);
console.log(certificate);
The name of the certificate
The specific version of the certificate
The optional parameters
Returns the set of certificate contact resources in the specified key vault. This operation requires the certificates/managecontacts permission.
Example usage:
let client = new CertificateClient(url, credentials);
await client.setContacts([{
email: "b@b.com",
name: "b",
phone: "222222222222"
}]);
const contacts = await client.getContacts();
console.log(contacts);
retrieves the deleted certificate information plus its attributes, such as retention interval, scheduled permanent deletion and the current deletion recovery level. This operation requires the certificates/get permission.
Example usage:
const client = new CertificateClient(url, credentials);
const deletedCertificate = await client.getDeletedCertificate("MyDeletedCertificate");
console.log("Deleted certificate:", deletedCertificate);
The name of the certificate
The getIssuer operation returns the specified certificate issuer resources in the specified key vault. This operation requires the certificates/manageissuers/getissuers permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.createIssuer("IssuerName", "Test");
const certificateIssuer = await client.getIssuer("IssuerName");
console.log(certificateIssuer);
The name of the issuer.
Imports an existing valid certificate, containing a private key, into Azure Key Vault. The certificate to be imported can be in either PFX or PEM format. If the certificate is in PEM format the PEM file must contain the key as well as x509 certificates. This operation requires the certificates/import permission.
Example usage:
const client = new CertificateClient(url, credentials);
// See: @azure/keyvault-secrets
const certificateSecret = await secretClient.getSecret("MyCertificate");
const base64EncodedCertificate = certificateSecret.value!;
let buffer: Uint8Array;
if (isNode) {
buffer = Buffer.from(base64EncodedCertificate, "base64");
} else {
buffer = Uint8Array.from(atob(base64EncodedCertificate), (c) => c.charCodeAt(0));
}
await client.importCertificate("MyCertificate", buffer);
The name of the certificate
The PFX or ASCII PEM formatted value of the certificate containing both the X.509 certificates and the private key
Retrieves the certificates in the current vault which are in a deleted state and ready for recovery or purging. This operation includes deletion-specific information. This operation requires the certificates/get/list permission. This operation can only be enabled on soft-delete enabled vaults.
Example usage:
const client = new CertificateClient(url, credentials);
for await (const deletedCertificate of client.listDeletedCertificates()) {
console.log(deletedCertificate);
}
for await (const page of client.listDeletedCertificates().byPage()) {
for (const deletedCertificate of page) {
console.log(deletedCertificate);
}
}
Returns the versions of a certificate in the specified key vault. This operation requires the certificates/list permission.
Example usage:
const client = new CertificateClient(url, credentials);
for await (const certificateProperties of client.listPropertiesOfCertificateVersions("MyCertificate")) {
console.log(certificateProperties.version!);
}
The name of the certificate.
Iterates the latest version of all certificates in the vault. The full certificate identifier and attributes are provided in the response. No values are returned for the certificates. This operations requires the certificates/list permission.
Example usage:
const client = new CertificateClient(url, credentials);
// All in one call
for await (const certificateProperties of client.listPropertiesOfCertificates()) {
console.log(certificateProperties);
}
// By pages
for await (const page of client.listPropertiesOfCertificates().byPage()) {
for (const certificateProperties of page) {
console.log(certificateProperties);
}
}
Returns the set of certificate issuer resources in the specified key vault. This operation requires the certificates/manageissuers/getissuers permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.createIssuer("IssuerName", "Test");
// All in one call
for await (const issuerProperties of client.listPropertiesOfIssuers()) {
console.log(issuerProperties);
}
// By pages
for await (const page of client.listPropertiesOfIssuers().byPage()) {
for (const issuerProperties of page) {
console.log(issuerProperties);
}
}
Performs the merging of a certificate or certificate chain with a key pair currently available in the service. This operation requires the certificates/create permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.beginCreateCertificate("MyCertificate", {
issuerName: "Unknown",
subject: "cn=MyCert"
});
const poller = await client.getCertificateOperation("MyCertificate");
const { csr } = poller.getOperationState().certificateOperation!;
const base64Csr = Buffer.from(csr!).toString("base64");
const wrappedCsr = ["-----BEGIN CERTIFICATE REQUEST-----", base64Csr, "-----END CERTIFICATE REQUEST-----"].join("\n");
const fs = require("fs");
fs.writeFileSync("test.csr", wrappedCsr);
// Certificate available locally made using:
// openssl genrsa -out ca.key 2048
// openssl req -new -x509 -key ca.key -out ca.crt
// You can read more about how to create a fake certificate authority here: https://gist.github.com/Soarez/9688998
const childProcess = require("child_process");
childProcess.execSync("openssl x509 -req -in test.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out test.crt");
const base64Crt = fs.readFileSync("test.crt").toString().split("\n").slice(1, -1).join("");
await client.mergeCertificate("MyCertificate", [Buffer.from(base64Crt)]);
The name of the certificate
The certificate(s) to merge
Performs an irreversible deletion of the specified certificate, without possibility for recovery. The operation is not available if the recovery level does not specify 'Purgeable'. This operation requires the certificate/purge permission.
Example usage:
const client = new CertificateClient(url, credentials);
const deletePoller = await client.beginDeleteCertificate("MyCertificate");
await deletePoller.pollUntilDone();
// Deleting a certificate takes time, make sure to wait before purging it
client.purgeDeletedCertificate("MyCertificate");
The name of the deleted certificate to purge
Restores a backed up certificate, and all its versions, to a vault. This operation requires the certificates/restore permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.beginCreateCertificate("MyCertificate", {
issuerName: "Self",
subject: "cn=MyCert"
});
const backup = await client.backupCertificate("MyCertificate");
const poller = await client.beginDeleteCertificate("MyCertificate");
await poller.pollUntilDone();
// Some time is required before we're able to restore the certificate
await client.restoreCertificateBackup(backup!);
The back-up certificate to restore from
Sets the certificate contacts for the key vault. This operation requires the certificates/managecontacts permission.
Example usage:
let client = new CertificateClient(url, credentials);
await client.setContacts([{
email: "b@b.com",
name: "b",
phone: "222222222222"
}]);
The contacts to use
Updates the certificate policy for the specified certificate. This operation requires the certificates/update permission.
The name of the certificate
The certificate policy
Applies the specified update on the given certificate; the only elements updated are the certificate's attributes. This operation requires the certificates/update permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.beginCreateCertificate("MyCertificate", {
issuerName: "Self",
subject: "cn=MyCert"
});
await client.updateCertificateProperties("MyCertificate", "", {
tags: {
customTag: "value"
}
});
The name of the certificate
The version of the certificate to update
The options, including what to update
The updateIssuer operation performs an update on the specified certificate issuer entity. This operation requires the certificates/setissuers permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.createIssuer("IssuerName", "Test");
await client.updateIssuer("IssuerName", {
provider: "Provider2"
});
The name of the issuer.
Generated using TypeDoc
The client to interact with the KeyVault certificates functionality