Package version
Creates an instance of KeyClient.
Example usage:
import { KeyClient } from "@azure/keyvault-keys";
import { DefaultAzureCredential } from "@azure/identity";
let vaultUrl = `https://<MY KEYVAULT HERE>.vault.azure.net`;
let credentials = new DefaultAzureCredential();
let client = new KeyClient(vaultUrl, credentials);the URL of the Key Vault. It should have this shape: https://${your-key-vault-name}.vault.azure.net
An object that implements the TokenCredential interface used to authenticate requests to the service. Use the @azure/identity package to create a credential that suits your needs.
Pipeline options used to configure Key Vault API requests. Omit this parameter to use the default pipeline configuration.
The base URL to the vault
Requests that a backup of the specified key be downloaded to the client. All versions of the key will be downloaded. This operation requires the keys/backup permission.
Example usage:
let client = new KeyClient(url, credentials);
let backupContents = await client.backupKey("MyKey");Backs up the specified key.
The name of the key.
The optional parameters.
The delete operation applies to any key stored in Azure Key Vault. Individual versions of a key can not be deleted, only all versions of a given key at once.
This function returns a Long Running Operation poller that allows you to wait indefinitely until the key is deleted.
This operation requires the keys/delete permission.
Example usage:
const client = new KeyClient(url, credentials);
await client.createKey("MyKey", "EC");
const poller = await client.beginDeleteKey("MyKey");
// Serializing the poller
const serialized = poller.toString();
// A new poller can be created with:
// await client.beginDeleteKey("MyKey", { resumeFrom: serialized });
// Waiting until it's done
const deletedKey = await poller.pollUntilDone();
console.log(deletedKey);Deletes a key from a specified key vault.
The name of the key.
The optional parameters.
Recovers the deleted key in the specified vault. This operation can only be performed on a soft-delete enabled vault.
This function returns a Long Running Operation poller that allows you to wait indefinitely until the deleted key is recovered.
This operation requires the keys/recover permission.
Example usage:
const client = new KeyClient(url, credentials);
await client.createKey("MyKey", "EC");
const deletePoller = await client.beginDeleteKey("MyKey");
await deletePoller.pollUntilDone();
const poller = await client.beginRecoverDeletedKey("MyKey");
// Serializing the poller
const serialized = poller.toString();
// A new poller can be created with:
// await client.beginRecoverDeletedKey("MyKey", { resumeFrom: serialized });
// Waiting until it's done
const key = await poller.pollUntilDone();
console.log(key);Recovers the deleted key to the latest version.
The name of the deleted key.
The optional parameters.
The createEcKey method creates a new elliptic curve key in Azure Key Vault. If the named key already exists, Azure Key Vault creates a new version of the key. It requires the keys/create permission.
Example usage:
let client = new KeyClient(url, credentials);
let result = await client.createEcKey("MyKey", { curve: "P-256" });Creates a new key, stores it, then returns key parameters and properties to the client.
The name of the key.
The optional parameters.
The create key operation can be used to create any key type in Azure Key Vault. If the named key already exists, Azure Key Vault creates a new version of the key. It requires the keys/create permission.
Example usage:
let client = new KeyClient(url, credentials);
// Create an elliptic-curve key:
let result = await client.createKey("MyKey", "EC");Creates a new key, stores it, then returns key parameters and properties to the client.
The name of the key.
The type of the key. One of the following: 'EC', 'EC-HSM', 'RSA', 'RSA-HSM', 'oct'.
The optional parameters.
The createOctKey method creates a new OCT key in Azure Key Vault. If the named key already exists, Azure Key Vault creates a new version of the key. It requires the keys/create permission.
Example usage:
let client = new KeyClient(url, credentials);
let result = await client.createOctKey("MyKey", { hsm: true });Creates a new key, stores it, then returns key parameters and properties to the client.
The name of the key.
The optional parameters.
The createRSAKey method creates a new RSA key in Azure Key Vault. If the named key already exists, Azure Key Vault creates a new version of the key. It requires the keys/create permission.
Example usage:
let client = new KeyClient(url, credentials);
let result = await client.createRsaKey("MyKey", { keySize: 2048 });Creates a new key, stores it, then returns key parameters and properties to the client.
The name of the key.
The optional parameters.
The getDeletedKey method returns the specified deleted key along with its properties. This operation requires the keys/get permission.
Example usage:
let client = new KeyClient(url, credentials);
let key = await client.getDeletedKey("MyDeletedKey");Gets the specified deleted key.
The name of the key.
The optional parameters.
The getKey method gets a specified key and is applicable to any key stored in Azure Key Vault. This operation requires the keys/get permission.
Example usage:
let client = new KeyClient(url, credentials);
let key = await client.getKey("MyKey");Get a specified key from a given key vault.
The name of the key.
The optional parameters.
Gets the requested number of bytes containing random values from a managed HSM.
Example usage:
let client = new KeyClient(vaultUrl, credentials);
let bytes = await client.getRandomBytes(10);The number of bytes to generate between 1 and 128 inclusive.
The optional parameters.
The import key operation may be used to import any key type into an Azure Key Vault. If the named key already exists, Azure Key Vault creates a new version of the key. This operation requires the keys/import permission.
Example usage:
let client = new KeyClient(url, credentials);
// Key contents in myKeyContents
let result = await client.importKey("MyKey", myKeyContents);Imports an externally created key, stores it, and returns key parameters and properties to the client.
Name for the imported key.
The JSON web key.
The optional parameters.
Iterates the deleted keys in the vault. The full key identifier and properties are provided in the response. No values are returned for the keys. This operations requires the keys/list permission.
Example usage:
let client = new KeyClient(url, credentials);
for await (const deletedKey of client.listDeletedKeys()) {
console.log("deleted key: ", deletedKey);
}List all keys in the vault
The optional parameters.
Iterates all versions of the given key in the vault. The full key identifier, properties, and tags are provided in the response. This operation requires the keys/list permission.
Example usage:
let client = new KeyClient(url, credentials);
for await (const keyProperties of client.listPropertiesOfKeyVersions("MyKey")) {
const key = await client.getKey(keyProperties.name);
console.log("key version: ", key);
}Name of the key to fetch versions for
The optional parameters.
Iterates the latest version of all keys in the vault. The full key identifier and properties are provided in the response. No values are returned for the keys. This operations requires the keys/list permission.
Example usage:
let client = new KeyClient(url, credentials);
for await (const keyProperties of client.listPropertiesOfKeys()) {
const key = await client.getKey(keyProperties.name);
console.log("key: ", key);
}List all keys in the vault
The optional parameters.
The purge deleted key operation removes the key permanently, without the possibility of recovery. This operation can only be enabled on a soft-delete enabled vault. This operation requires the keys/purge permission.
Example usage:
const client = new KeyClient(url, credentials);
const deletePoller = await client.beginDeleteKey("MyKey")
await deletePoller.pollUntilDone();
await client.purgeDeletedKey("MyKey");Permanently deletes the specified key.
The name of the key.
The optional parameters.
Restores a backed up key, and all its versions, to a vault. This operation requires the keys/restore permission.
Example usage:
let client = new KeyClient(url, credentials);
let backupContents = await client.backupKey("MyKey");
// ...
let key = await client.restoreKeyBackup(backupContents);Restores a backed up key to a vault.
The backup blob associated with a key bundle.
The optional parameters.
The updateKeyProperties method changes specified properties of an existing stored key. Properties that are not specified in the request are left unchanged. The value of a key itself cannot be changed. This operation requires the keys/set permission.
Example usage:
let keyName = "MyKey";
let client = new KeyClient(url, credentials);
let key = await client.getKey(keyName);
let result = await client.updateKeyProperties(keyName, key.properties.version, { enabled: false });Updates the properties associated with a specified key in a given key vault.
The name of the key.
The version of the key.
The optional parameters.
Generated using TypeDoc
The KeyClient provides methods to manage KeyVaultKey in the Azure Key Vault. The client supports creating, retrieving, updating, deleting, purging, backing up, restoring and listing KeyVaultKeys. The client also supports listing DeletedKey for a soft-delete enabled Azure Key Vault.