Options
All
  • Public
  • Public/Protected
  • All
Menu

Class KeyClient

Package version

The KeyClient provides methods to manage KeyVaultKey in the Azure Key Vault. The client supports creating, retrieving, updating, deleting, purging, backing up, restoring and listing KeyVaultKeys. The client also supports listing DeletedKey for a soft-delete enabled Azure Key Vault.

Hierarchy

  • KeyClient

Index

Constructors

constructor

  • new KeyClient(vaultUrl: string, credential: TokenCredential, pipelineOptions?: PipelineOptions): KeyClient
  • Creates an instance of KeyClient.

    Example usage:

    import { KeyClient } from "@azure/keyvault-keys";
    import { DefaultAzureCredential } from "@azure/identity";
    
    let vaultUrl = `https://<MY KEYVAULT HERE>.vault.azure.net`;
    let credentials = new DefaultAzureCredential();
    
    let client = new KeyClient(vaultUrl, credentials);
    memberof

    KeyClient

    Parameters

    • vaultUrl: string

      the URL of the Key Vault. It should have this shape: https://${your-key-vault-name}.vault.azure.net

    • credential: TokenCredential

      An object that implements the TokenCredential interface used to authenticate requests to the service. Use the @azure/identity package to create a credential that suits your needs.

    • Default value pipelineOptions: PipelineOptions = {}

    Returns KeyClient

Properties

vaultUrl

vaultUrl: string

The base URL to the vault

Methods

backupKey

  • backupKey(name: string, options?: BackupKeyOptions): Promise<Uint8Array | undefined>
  • Requests that a backup of the specified key be downloaded to the client. All versions of the key will be downloaded. This operation requires the keys/backup permission.

    Example usage:

    let client = new KeyClient(url, credentials);
    let backupContents = await client.backupKey("MyKey");
    summary

    Backs up the specified key.

    Parameters

    • name: string

      The name of the key.

    • Default value options: BackupKeyOptions = {}

    Returns Promise<Uint8Array | undefined>

beginDeleteKey

  • The delete operation applies to any key stored in Azure Key Vault. Individual versions of a key can not be deleted, only all versions of a given key at once.

    This function returns a Long Running Operation poller that allows you to wait indifinetly until the key is deleted.

    This operation requires the keys/delete permission.

    Example usage:

    const client = new KeyClient(url, credentials);
    await client.createKey("MyKey", "EC");
    const poller = await client.beginDeleteKey("MyKey");
    
    // Serializing the poller
    const serialized = poller.toString();
    // A new poller can be created with:
    // await client.beginDeleteKey("MyKey", { resumeFrom: serialized });
    
    // Waiting until it's done
    const deletedKey = await poller.pollUntilDone();
    console.log(deletedKey);
    summary

    Deletes a key from a specified key vault.

    Parameters

    Returns Promise<PollerLike<PollOperationState<DeletedKey>, DeletedKey>>

beginRecoverDeletedKey

  • Recovers the deleted key in the specified vault. This operation can only be performed on a soft-delete enabled vault.

    This function returns a Long Running Operation poller that allows you to wait indifinetly until the deleted key is recovered.

    This operation requires the keys/recover permission.

    Example usage:

    const client = new KeyClient(url, credentials);
    await client.createKey("MyKey", "EC");
    const deletePoller = await client.beginDeleteKey("MyKey");
    await deletePoller.pollUntilDone();
    const poller = await client.beginRecoverDeletedKey("MyKey");
    
    // Serializing the poller
    const serialized = poller.toString();
    // A new poller can be created with:
    // await client.beginRecoverDeletedKey("MyKey", { resumeFrom: serialized });
    
    // Waiting until it's done
    const key = await poller.pollUntilDone();
    console.log(key);
    summary

    Recovers the deleted key to the latest version.

    Parameters

    Returns Promise<PollerLike<PollOperationState<DeletedKey>, DeletedKey>>

createEcKey

  • The createEcKey method creates a new eliptic curve key in Azure Key Vault. If the named key already exists, Azure Key Vault creates a new version of the key. It requires the keys/create permission.

    Example usage:

    let client = new KeyClient(url, credentials);
    let result = await client.createEcKey("MyKey", { curve: "P-256" });
    summary

    Creates a new key, stores it, then returns key parameters and properties to the client.

    Parameters

    Returns Promise<KeyVaultKey>

createKey

  • The create key operation can be used to create any key type in Azure Key Vault. If the named key already exists, Azure Key Vault creates a new version of the key. It requires the keys/create permission.

    Example usage:

    let client = new KeyClient(url, credentials);
    // Create an elliptic-curve key:
    let result = await client.createKey("MyKey", "EC");
    summary

    Creates a new key, stores it, then returns key parameters and properties to the client.

    Parameters

    • name: string

      The name of the key.

    • keyType: KeyType

      The type of the key. One of the following: 'EC', 'EC-HSM', 'RSA', 'RSA-HSM', 'oct'.

    • Optional options: CreateKeyOptions

    Returns Promise<KeyVaultKey>

createRsaKey

  • The createRSAKey method creates a new RSA key in Azure Key Vault. If the named key already exists, Azure Key Vault creates a new version of the key. It requires the keys/create permission.

    Example usage:

    let client = new KeyClient(url, credentials);
    let result = await client.createRsaKey("MyKey", { keySize: 2048 });
    summary

    Creates a new key, stores it, then returns key parameters and properties to the client.

    Parameters

    Returns Promise<KeyVaultKey>

getDeletedKey

  • The getDeletedKey method returns the specified deleted key along with its properties. This operation requires the keys/get permission.

    Example usage:

    let client = new KeyClient(url, credentials);
    let key = await client.getDeletedKey("MyDeletedKey");
    summary

    Gets the specified deleted key.

    Parameters

    Returns Promise<DeletedKey>

getKey

  • The get method gets a specified key and is applicable to any key stored in Azure Key Vault. This operation requires the keys/get permission.

    Example usage:

    let client = new KeyClient(url, credentials);
    let key = await client.getKey("MyKey");
    summary

    Get a specified key from a given key vault.

    Parameters

    • name: string

      The name of the key.

    • Default value options: GetKeyOptions = {}

    Returns Promise<KeyVaultKey>

importKey

  • The import key operation may be used to import any key type into an Azure Key Vault. If the named key already exists, Azure Key Vault creates a new version of the key. This operation requires the keys/import permission.

    Example usage:

    let client = new KeyClient(url, credentials);
    // Key contents in myKeyContents
    let result = await client.importKey("MyKey", myKeyContents);
    summary

    Imports an externally created key, stores it, and returns key parameters and properties to the client.

    Parameters

    Returns Promise<KeyVaultKey>

listDeletedKeys

  • Iterates the deleted keys in the vault. The full key identifier and properties are provided in the response. No values are returned for the keys. This operations requires the keys/list permission.

    Example usage:

    let client = new KeyClient(url, credentials);
    for await (const deletedKey of client.listDeletedKeys()) {
      const deletedKey = await client.getKey(deletedKey.name);
      console.log("deleted key: ", deletedKey);
    }
    summary

    List all keys in the vault

    Parameters

    Returns PagedAsyncIterableIterator<DeletedKey, DeletedKey[]>

listPropertiesOfKeyVersions

  • Iterates all versions of the given key in the vault. The full key identifier, properties, and tags are provided in the response. This operation requires the keys/list permission.

    Example usage:

    let client = new KeyClient(url, credentials);
    for await (const keyProperties of client.listPropertiesOfKeyVersions("MyKey")) {
      const key = await client.getKey(keyProperties.name);
      console.log("key version: ", key);
    }

    Parameters

    Returns PagedAsyncIterableIterator<KeyProperties, KeyProperties[]>

listPropertiesOfKeys

  • Iterates the latest version of all keys in the vault. The full key identifier and properties are provided in the response. No values are returned for the keys. This operations requires the keys/list permission.

    Example usage:

    let client = new KeyClient(url, credentials);
    for await (const keyProperties of client.listPropertiesOfKeys()) {
      const key = await client.getKey(keyProperties.name);
      console.log("key: ", key);
    }
    summary

    List all keys in the vault

    Parameters

    Returns PagedAsyncIterableIterator<KeyProperties, KeyProperties[]>

purgeDeletedKey

  • The purge deleted key operation removes the key permanently, without the possibility of recovery. This operation can only be enabled on a soft-delete enabled vault. This operation requires the keys/purge permission.

    Example usage:

    const client = new KeyClient(url, credentials);
    const deletePoller = await client.beginDeleteKey("MyKey")
    await deletePoller.pollUntilDone();
    await client.purgeDeletedKey("MyKey");
    summary

    Permanently deletes the specified key.

    Parameters

    Returns Promise<void>

restoreKeyBackup

  • Restores a backed up key, and all its versions, to a vault. This operation requires the keys/restore permission.

    Example usage:

    let client = new KeyClient(url, credentials);
    let backupContents = await client.backupKey("MyKey");
    // ...
    let key = await client.restoreKeyBackup(backupContents);
    summary

    Restores a backed up key to a vault.

    Parameters

    • backup: Uint8Array

      The backup blob associated with a key bundle.

    • Default value options: RestoreKeyBackupOptions = {}

    Returns Promise<KeyVaultKey>

updateKeyProperties

  • The updateKeyProperties method changes specified properties of an existing stored key. Properties that are not specified in the request are left unchanged. The value of a key itself cannot be changed. This operation requires the keys/set permission.

    Example usage:

    let keyName = "MyKey";
    let client = new KeyClient(url, credentials);
    let key = await client.getKey(keyName);
    let result = await client.updateKeyProperties(keyName, key.version, { enabled: false });
    summary

    Updates the properties associated with a specified key in a given key vault.

    Parameters

    Returns Promise<KeyVaultKey>

Generated using TypeDoc