Package version
Creates an instance of KeyClient.
Example usage:
import { KeyClient } from "@azure/keyvault-keys";
import { DefaultAzureCredential } from "@azure/identity";
let vaultUrl = `https://<MY KEYVAULT HERE>.vault.azure.net`;
let credentials = new DefaultAzureCredential();
let client = new KeyClient(vaultUrl, credentials);the URL of the Key Vault. It should have this shape: https://${your-key-vault-name}.vault.azure.net
An object that implements the TokenCredential interface used to authenticate requests to the service. Use the @azure/identity package to create a credential that suits your needs.
The base URL to the vault
Requests that a backup of the specified key be downloaded to the client. All versions of the key will be downloaded. This operation requires the keys/backup permission.
Example usage:
let client = new KeyClient(url, credentials);
let backupContents = await client.backupKey("MyKey");The name of the key.
The delete operation applies to any key stored in Azure Key Vault. Individual versions of a key can not be deleted, only all versions of a given key at once.
This function returns a Long Running Operation poller that allows you to wait indifinetly until the key is deleted.
This operation requires the keys/delete permission.
Example usage:
const client = new KeyClient(url, credentials);
await client.createKey("MyKey", "EC");
const poller = await client.beginDeleteKey("MyKey");
// Serializing the poller
const serialized = poller.toString();
// A new poller can be created with:
// await client.beginDeleteKey("MyKey", { resumeFrom: serialized });
// Waiting until it's done
const deletedKey = await poller.pollUntilDone();
console.log(deletedKey);The name of the key.
Recovers the deleted key in the specified vault. This operation can only be performed on a soft-delete enabled vault.
This function returns a Long Running Operation poller that allows you to wait indifinetly until the deleted key is recovered.
This operation requires the keys/recover permission.
Example usage:
const client = new KeyClient(url, credentials);
await client.createKey("MyKey", "EC");
const deletePoller = await client.beginDeleteKey("MyKey");
await deletePoller.pollUntilDone();
const poller = await client.beginRecoverDeletedKey("MyKey");
// Serializing the poller
const serialized = poller.toString();
// A new poller can be created with:
// await client.beginRecoverDeletedKey("MyKey", { resumeFrom: serialized });
// Waiting until it's done
const key = await poller.pollUntilDone();
console.log(key);The name of the deleted key.
The createEcKey method creates a new eliptic curve key in Azure Key Vault. If the named key already exists, Azure Key Vault creates a new version of the key. It requires the keys/create permission.
Example usage:
let client = new KeyClient(url, credentials);
let result = await client.createEcKey("MyKey", { curve: "P-256" });The name of the key.
The create key operation can be used to create any key type in Azure Key Vault. If the named key already exists, Azure Key Vault creates a new version of the key. It requires the keys/create permission.
Example usage:
let client = new KeyClient(url, credentials);
// Create an elliptic-curve key:
let result = await client.createKey("MyKey", "EC");The name of the key.
The type of the key. One of the following: 'EC', 'EC-HSM', 'RSA', 'RSA-HSM', 'oct'.
The createRSAKey method creates a new RSA key in Azure Key Vault. If the named key already exists, Azure Key Vault creates a new version of the key. It requires the keys/create permission.
Example usage:
let client = new KeyClient(url, credentials);
let result = await client.createRsaKey("MyKey", { keySize: 2048 });The name of the key.
The getDeletedKey method returns the specified deleted key along with its properties. This operation requires the keys/get permission.
Example usage:
let client = new KeyClient(url, credentials);
let key = await client.getDeletedKey("MyDeletedKey");The name of the key.
The get method gets a specified key and is applicable to any key stored in Azure Key Vault. This operation requires the keys/get permission.
Example usage:
let client = new KeyClient(url, credentials);
let key = await client.getKey("MyKey");The name of the key.
The import key operation may be used to import any key type into an Azure Key Vault. If the named key already exists, Azure Key Vault creates a new version of the key. This operation requires the keys/import permission.
Example usage:
let client = new KeyClient(url, credentials);
// Key contents in myKeyContents
let result = await client.importKey("MyKey", myKeyContents);Name for the imported key.
The JSON web key.
Iterates the deleted keys in the vault. The full key identifier and properties are provided in the response. No values are returned for the keys. This operations requires the keys/list permission.
Example usage:
let client = new KeyClient(url, credentials);
for await (const deletedKey of client.listDeletedKeys()) {
const deletedKey = await client.getKey(deletedKey.name);
console.log("deleted key: ", deletedKey);
}Iterates all versions of the given key in the vault. The full key identifier, properties, and tags are provided in the response. This operation requires the keys/list permission.
Example usage:
let client = new KeyClient(url, credentials);
for await (const keyProperties of client.listPropertiesOfKeyVersions("MyKey")) {
const key = await client.getKey(keyProperties.name);
console.log("key version: ", key);
}Name of the key to fetch versions for
Iterates the latest version of all keys in the vault. The full key identifier and properties are provided in the response. No values are returned for the keys. This operations requires the keys/list permission.
Example usage:
let client = new KeyClient(url, credentials);
for await (const keyProperties of client.listPropertiesOfKeys()) {
const key = await client.getKey(keyProperties.name);
console.log("key: ", key);
}The purge deleted key operation removes the key permanently, without the possibility of recovery. This operation can only be enabled on a soft-delete enabled vault. This operation requires the keys/purge permission.
Example usage:
const client = new KeyClient(url, credentials);
const deletePoller = await client.beginDeleteKey("MyKey")
await deletePoller.pollUntilDone();
await client.purgeDeletedKey("MyKey");The name of the key.
Restores a backed up key, and all its versions, to a vault. This operation requires the keys/restore permission.
Example usage:
let client = new KeyClient(url, credentials);
let backupContents = await client.backupKey("MyKey");
// ...
let key = await client.restoreKeyBackup(backupContents);The backup blob associated with a key bundle.
The updateKeyProperties method changes specified properties of an existing stored key. Properties that are not specified in the request are left unchanged. The value of a key itself cannot be changed. This operation requires the keys/set permission.
Example usage:
let keyName = "MyKey";
let client = new KeyClient(url, credentials);
let key = await client.getKey(keyName);
let result = await client.updateKeyProperties(keyName, key.version, { enabled: false });The name of the key.
The version of the key.
Generated using TypeDoc
The KeyClient provides methods to manage KeyVaultKey in the Azure Key Vault. The client supports creating, retrieving, updating, deleting, purging, backing up, restoring and listing KeyVaultKeys. The client also supports listing DeletedKey for a soft-delete enabled Azure Key Vault.