Package version
Creates an instance of CertificateClient.
the base URL to the vault.
An object that implements the TokenCredential interface used to authenticate requests to the service. Use the @azure/identity package to create a credential that suits your needs.
Pipeline options used to configure Key Vault API requests. Omit this parameter to use the default pipeline configuration.
The base URL to the vault
Requests that a backup of the specified certificate be downloaded to the client. All versions of the certificate will be downloaded. This operation requires the certificates/backup permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.beginCreateCertificate("MyCertificate", {
issuerName: "Self",
subject: "cn=MyCert"
});
const backup = await client.backupCertificate("MyCertificate");Generates a backup of a certificate
The name of the certificate
The optional parameters
Creates a new certificate. If this is the first version, the certificate resource is created. This function returns a Long Running Operation poller that allows you to wait indefinitely until the certificate is fully recovered.
Note: Sending Self as the issuerName of the certificate's policy will create a self-signed certificate.
This operation requires the certificates/create permission.
Example usage:
const client = new CertificateClient(url, credentials);
const certificatePolicy = {
issuerName: "Self",
subject: "cn=MyCert"
};
const createPoller = await client.beginCreateCertificate("MyCertificate", certificatePolicy);
// The pending certificate can be obtained by calling the following method:
const pendingCertificate = createPoller.getResult();
// Serializing the poller
const serialized = createPoller.toString();
// A new poller can be created with:
// const newPoller = await client.beginCreateCertificate("MyCertificate", certificatePolicy, { resumeFrom: serialized });
// Waiting until it's done
const certificate = await createPoller.pollUntilDone();
console.log(certificate);Creates a certificate
The name of the certificate
Optional parameters
The DELETE operation applies to any certificate stored in Azure Key Vault. DELETE cannot be applied to an individual version of a certificate. This function returns a Long Running Operation poller that allows you to wait indefinitely until the certificate is fully recovered.
This operation requires the certificates/delete permission.
Example usage:
const client = new CertificateClient(url, credentials);
const createPoller = await client.beginCreateCertificate("MyCertificate", {
issuerName: "Self",
subject: "cn=MyCert"
});
await createPoller.pollUntilDone();
const deletePoller = await client.beginDeleteCertificate("MyCertificate");
// Serializing the poller
const serialized = deletePoller.toString();
// A new poller can be created with:
// const newPoller = await client.beginDeleteCertificate("MyCertificate", { resumeFrom: serialized });
// Waiting until it's done
const deletedCertificate = await deletePoller.pollUntilDone();
console.log(deletedCertificate);Deletes a certificate from a specified key vault.
The name of the certificate.
The optional parameters
Recovers the deleted certificate in the specified vault. This operation can only be performed on a soft-delete enabled vault. This operation This function returns a Long Running Operation poller that allows you to wait indefinitely until the certificate is fully recovered.
This operation requires the certificates/recover permission.
Example usage:
const client = new CertificateClient(url, credentials);
const deletePoller = await client.beginDeleteCertificate("MyCertificate");
await deletePoller.pollUntilDone();
const recoverPoller = await client.beginRecoverDeletedCertificate("MyCertificate");
// Serializing the poller
const serialized = deletePoller.toString();
// A new poller can be created with:
// const newPoller = await client.beginRecoverDeletedCertificate("MyCertificate", { resumeFrom: serialized });
// Waiting until it's done
const certificate = await recoverPoller.pollUntilDone();
console.log(certificate);Recovers a deleted certificate
The name of the deleted certificate
The optional parameters
The createIssuer operation adds or updates the specified certificate issuer. This operation requires the certificates/setissuers permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.createIssuer("IssuerName", "Test");Sets the specified certificate issuer.
The name of the issuer.
The issuer provider.
The optional parameters
Deletes the creation operation for a specified certificate that is in the process of being created. The certificate is no longer created. This operation requires the certificates/update permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.beginCreateCertificate("MyCertificate", {
issuerName: "Self",
subject: "cn=MyCert"
});
await client.deleteCertificateOperation("MyCertificate");
await client.getCertificateOperation("MyCertificate"); // Throws error: Pending certificate not found: "MyCertificate"Delete a certificate's operation
The name of the certificate
The optional parameters
Deletes all of the certificate contacts. This operation requires the certificates/managecontacts permission.
Example usage:
let client = new CertificateClient(url, credentials);
await client.setContacts([{
email: "b@b.com",
name: "b",
phone: "222222222222"
}]);
await client.deleteContacts();Deletes all of the certificate contacts
The optional parameters
The deleteIssuer operation permanently removes the specified certificate issuer from the vault. This operation requires the certificates/manageissuers/deleteissuers permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.createIssuer("IssuerName", "Provider");
await client.deleteIssuer("IssuerName");Deletes the specified certificate issuer.
The name of the issuer.
The optional parameters
Gets the latest information available from a specific certificate, including the certificate's policy. This operation requires the certificates/get permission.
Example usage:
const client = new CertificateClient(url, credentials);
const poller = await client.beginCreateCertificate("MyCertificate", {
issuerName: "Self",
subject: "cn=MyCert"
});
await poller.pollUntilDone();
const certificate = await client.getCertificate("MyCertificate");
console.log(certificate);Retrieves a certificate from the certificate's name (includes the certificate policy)
The name of the certificate
The optional parameters
Gets the creation operation associated with a specified certificate. This operation requires the certificates/get permission. This function returns a Long Running Operation poller that allows you to wait indefinitely until the certificate is fully recovered.
Example usage:
const client = new CertificateClient(url, credentials);
const createPoller = await client.beginCreateCertificate("MyCertificate", {
issuerName: "Self",
subject: "cn=MyCert"
});
const poller = await client.getCertificateOperation("MyCertificate");
const pendingCertificate = poller.getResult();
const certificateOperation = poller.getOperationState().certificateOperation;
console.log(certificateOperation);Gets a certificate's poller operation
The name of the certificate
The optional parameters
The getCertificatePolicy operation returns the specified certificate policy resources in the specified key vault. This operation requires the certificates/get permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.beginCreateCertificate("MyCertificate", {
issuerName: "Self",
subject: "cn=MyCert"
});
const policy = await client.getCertificatePolicy("MyCertificate");
console.log(policy);Gets a certificate's policy
The name of the certificate
The optional parameters
Gets information about a specific certificate on a specific version. It won't return the certificate's policy. This operation requires the certificates/get permission.
Example usage:
const client = new CertificateClient(url, credentials);
const poller = await client.beginCreateCertificate("MyCertificate", {
issuerName: "Self",
subject: "cn=MyCert"
});
await poller.pollUntilDone();
const certificateWithPolicy = await client.getCertificate("MyCertificate");
const certificate = await client.getCertificateVersion("MyCertificate", certificateWithPolicy.properties.version!);
console.log(certificate);Retrieves a certificate from the certificate's name and a specified version
The name of the certificate
The specific version of the certificate
The optional parameters
Returns the set of certificate contact resources in the specified key vault. This operation requires the certificates/managecontacts permission.
Example usage:
let client = new CertificateClient(url, credentials);
await client.setContacts([{
email: "b@b.com",
name: "b",
phone: "222222222222"
}]);
const contacts = await client.getContacts();
console.log(contacts);Sets the certificate contacts.
The optional parameters
retrieves the deleted certificate information plus its attributes, such as retention interval, scheduled permanent deletion and the current deletion recovery level. This operation requires the certificates/get permission.
Example usage:
const client = new CertificateClient(url, credentials);
const deletedCertificate = await client.getDeletedCertificate("MyDeletedCertificate");
console.log("Deleted certificate:", deletedCertificate);Gets a deleted certificate
The name of the certificate
The optional parameters
The getIssuer operation returns the specified certificate issuer resources in the specified key vault. This operation requires the certificates/manageissuers/getissuers permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.createIssuer("IssuerName", "Test");
const certificateIssuer = await client.getIssuer("IssuerName");
console.log(certificateIssuer);Gets he specified certificate issuer.
The name of the issuer.
The optional parameters
Imports an existing valid certificate, containing a private key, into Azure Key Vault. The certificate to be imported can be in either PFX or PEM format. If the certificate is in PEM format the PEM file must contain the key as well as x509 certificates. This operation requires the certificates/import permission.
Example usage:
const client = new CertificateClient(url, credentials);
// See: @azure/keyvault-secrets
const certificateSecret = await secretClient.getSecret("MyCertificate");
const base64EncodedCertificate = certificateSecret.value!;
let buffer: Uint8Array;
if (isNode) {
buffer = Buffer.from(base64EncodedCertificate, "base64");
} else {
buffer = Uint8Array.from(atob(base64EncodedCertificate), (c) => c.charCodeAt(0));
}
await client.importCertificate("MyCertificate", buffer);Imports a certificate from a certificate's secret value
The name of the certificate
The PFX or ASCII PEM formatted value of the certificate containing both the X.509 certificates and the private key
The optional parameters
Retrieves the certificates in the current vault which are in a deleted state and ready for recovery or purging. This operation includes deletion-specific information. This operation requires the certificates/get/list permission. This operation can only be enabled on soft-delete enabled vaults.
Example usage:
const client = new CertificateClient(url, credentials);
for await (const deletedCertificate of client.listDeletedCertificates()) {
console.log(deletedCertificate);
}
for await (const page of client.listDeletedCertificates().byPage()) {
for (const deletedCertificate of page) {
console.log(deletedCertificate);
}
}Lists deleted certificates
The optional parameters
Returns the versions of a certificate in the specified key vault. This operation requires the certificates/list permission.
Example usage:
const client = new CertificateClient(url, credentials);
for await (const certificateProperties of client.listPropertiesOfCertificateVersions("MyCertificate")) {
console.log(certificateProperties.version!);
}List the versions of a certificate.
The name of the certificate.
The optional parameters
Iterates the latest version of all certificates in the vault. The full certificate identifier and attributes are provided in the response. No values are returned for the certificates. This operations requires the certificates/list permission.
Example usage:
const client = new CertificateClient(url, credentials);
// All in one call
for await (const certificateProperties of client.listPropertiesOfCertificates()) {
console.log(certificateProperties);
}
// By pages
for await (const page of client.listPropertiesOfCertificates().byPage()) {
for (const certificateProperties of page) {
console.log(certificateProperties);
}
}List all versions of the specified certificate.
The optional parameters
Returns the set of certificate issuer resources in the specified key vault. This operation requires the certificates/manageissuers/getissuers permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.createIssuer("IssuerName", "Test");
// All in one call
for await (const issuerProperties of client.listPropertiesOfIssuers()) {
console.log(issuerProperties);
}
// By pages
for await (const page of client.listPropertiesOfIssuers().byPage()) {
for (const issuerProperties of page) {
console.log(issuerProperties);
}
}List the certificate issuers.
The optional parameters
Performs the merging of a certificate or certificate chain with a key pair currently available in the service. This operation requires the certificates/create permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.beginCreateCertificate("MyCertificate", {
issuerName: "Unknown",
subject: "cn=MyCert"
});
const poller = await client.getCertificateOperation("MyCertificate");
const { csr } = poller.getOperationState().certificateOperation!;
const base64Csr = Buffer.from(csr!).toString("base64");
const wrappedCsr = ["-----BEGIN CERTIFICATE REQUEST-----", base64Csr, "-----END CERTIFICATE REQUEST-----"].join("\n");
const fs = require("fs");
fs.writeFileSync("test.csr", wrappedCsr);
// Certificate available locally made using:
// openssl genrsa -out ca.key 2048
// openssl req -new -x509 -key ca.key -out ca.crt
// You can read more about how to create a fake certificate authority here: https://gist.github.com/Soarez/9688998
const childProcess = require("child_process");
childProcess.execSync("openssl x509 -req -in test.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out test.crt");
const base64Crt = fs.readFileSync("test.crt").toString().split("\n").slice(1, -1).join("");
await client.mergeCertificate("MyCertificate", [Buffer.from(base64Crt)]);Merges a signed certificate request into a pending certificate
The name of the certificate
The certificate(s) to merge
The optional parameters
Performs an irreversible deletion of the specified certificate, without possibility for recovery. The operation is not available if the recovery level does not specify 'Purgeable'. This operation requires the certificate/purge permission.
Example usage:
const client = new CertificateClient(url, credentials);
const deletePoller = await client.beginDeleteCertificate("MyCertificate");
await deletePoller.pollUntilDone();
// Deleting a certificate takes time, make sure to wait before purging it
client.purgeDeletedCertificate("MyCertificate");Gets a deleted certificate
The name of the deleted certificate to purge
The optional parameters
Restores a backed up certificate, and all its versions, to a vault. This operation requires the certificates/restore permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.beginCreateCertificate("MyCertificate", {
issuerName: "Self",
subject: "cn=MyCert"
});
const backup = await client.backupCertificate("MyCertificate");
const poller = await client.beginDeleteCertificate("MyCertificate");
await poller.pollUntilDone();
// Some time is required before we're able to restore the certificate
await client.restoreCertificateBackup(backup!);Restores a certificate from a backup
The back-up certificate to restore from
The optional parameters
Sets the certificate contacts for the key vault. This operation requires the certificates/managecontacts permission.
Example usage:
let client = new CertificateClient(url, credentials);
await client.setContacts([{
email: "b@b.com",
name: "b",
phone: "222222222222"
}]);Sets the certificate contacts.
The contacts to use
The optional parameters
Updates the certificate policy for the specified certificate. This operation requires the certificates/update permission. Gets a certificate's policy
The name of the certificate
The certificate policy
The optional parameters
Applies the specified update on the given certificate; the only elements updated are the certificate's attributes. This operation requires the certificates/update permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.beginCreateCertificate("MyCertificate", {
issuerName: "Self",
subject: "cn=MyCert"
});
await client.updateCertificateProperties("MyCertificate", "", {
tags: {
customTag: "value"
}
});Updates a certificate
The name of the certificate
The version of the certificate to update
The options, including what to update
The updateIssuer operation performs an update on the specified certificate issuer entity. This operation requires the certificates/setissuers permission.
Example usage:
const client = new CertificateClient(url, credentials);
await client.createIssuer("IssuerName", "Test");
await client.updateIssuer("IssuerName", {
provider: "Provider2"
});Updates the specified certificate issuer.
The name of the issuer.
The optional parameters
Generated using TypeDoc
The client to interact with the KeyVault certificates functionality