Api Version
The parameter options
The Key Backup operation exports a key from Azure Key Vault in a protected form. Note that this operation does NOT return key material in a form that can be used outside the Azure Key Vault system, the returned key material is either protected to a Azure Key Vault HSM or to Azure Key Vault itself. The intent of this operation is to allow a client to GENERATE a key in one Azure Key Vault instance, BACKUP the key, and then RESTORE it into another Azure Key Vault instance. The BACKUP operation may be used to export, in protected form, any key type from Azure Key Vault. Individual versions of a key cannot be backed up. BACKUP / RESTORE can be performed within geographical boundaries only; meaning that a BACKUP from one geographical area cannot be restored to another geographical area. For example, a backup from the US geographical area cannot be restored in an EU geographical area. This operation requires the key/backup permission.
The vault name, for example https://myvault.vault.azure.net.
The name of the key.
The options parameters.
The create key operation can be used to create any key type in Azure Key Vault. If the named key already exists, Azure Key Vault creates a new version of the key. It requires the keys/create permission.
The vault name, for example https://myvault.vault.azure.net.
The name for the new key. The system will generate the version name for the new key.
The type of key to create. For valid values, see JsonWebKeyType.
The options parameters.
The DECRYPT operation decrypts a well-formed block of ciphertext using the target encryption key and specified algorithm. This operation is the reverse of the ENCRYPT operation; only a single block of data may be decrypted, the size of this block is dependent on the target key and the algorithm to be used. The DECRYPT operation applies to asymmetric and symmetric keys stored in Azure Key Vault since it uses the private portion of the key. This operation requires the keys/decrypt permission.
The vault name, for example https://myvault.vault.azure.net.
The name of the key.
The version of the key.
algorithm identifier
The options parameters.
The delete key operation cannot be used to remove individual versions of a key. This operation removes the cryptographic material associated with the key, which means the key is not usable for Sign/Verify, Wrap/Unwrap or Encrypt/Decrypt operations. This operation requires the keys/delete permission.
The vault name, for example https://myvault.vault.azure.net.
The name of the key to delete.
The options parameters.
The ENCRYPT operation encrypts an arbitrary sequence of bytes using an encryption key that is stored in Azure Key Vault. Note that the ENCRYPT operation only supports a single block of data, the size of which is dependent on the target key and the encryption algorithm to be used. The ENCRYPT operation is only strictly necessary for symmetric keys stored in Azure Key Vault since protection with an asymmetric key can be performed using public portion of the key. This operation is supported for asymmetric keys as a convenience for callers that have a key-reference but do not have access to the public key material. This operation requires the keys/encrypt permission.
The vault name, for example https://myvault.vault.azure.net.
The name of the key.
The version of the key.
algorithm identifier
The options parameters.
The Get Deleted Key operation is applicable for soft-delete enabled vaults. While the operation can be invoked on any vault, it will return an error if invoked on a non soft-delete enabled vault. This operation requires the keys/get permission.
The vault name, for example https://myvault.vault.azure.net.
The name of the key.
The options parameters.
Retrieves a list of the keys in the Key Vault as JSON Web Key structures that contain the public part of a deleted key. This operation includes deletion-specific information. The Get Deleted Keys operation is applicable for vaults enabled for soft-delete. While the operation can be invoked on any vault, it will return an error if invoked on a non soft-delete enabled vault. This operation requires the keys/list permission.
The vault name, for example https://myvault.vault.azure.net.
The options parameters.
GetDeletedKeysNext
The vault name, for example https://myvault.vault.azure.net.
The nextLink from the previous successful call to the GetDeletedKeys method.
The options parameters.
The get key operation is applicable to all key types. If the requested key is symmetric, then no key material is released in the response. This operation requires the keys/get permission.
The vault name, for example https://myvault.vault.azure.net.
The name of the key to get.
Adding the version parameter retrieves a specific version of a key. This URI fragment is optional. If not specified, the latest version of the key is returned.
The options parameters.
The GetKeyRotationPolicy operation returns the specified key policy resources in the specified key vault. This operation requires the keys/get permission.
The vault name, for example https://myvault.vault.azure.net.
The name of the key in a given key vault.
The options parameters.
The full key identifier, attributes, and tags are provided in the response. This operation requires the keys/list permission.
The vault name, for example https://myvault.vault.azure.net.
The name of the key.
The options parameters.
GetKeyVersionsNext
The vault name, for example https://myvault.vault.azure.net.
The name of the key.
The nextLink from the previous successful call to the GetKeyVersions method.
The options parameters.
Retrieves a list of the keys in the Key Vault as JSON Web Key structures that contain the public part of a stored key. The LIST operation is applicable to all key types, however only the base key identifier, attributes, and tags are provided in the response. Individual versions of a key are not listed in the response. This operation requires the keys/list permission.
The vault name, for example https://myvault.vault.azure.net.
The options parameters.
GetKeysNext
The vault name, for example https://myvault.vault.azure.net.
The nextLink from the previous successful call to the GetKeys method.
The options parameters.
Get the requested number of bytes containing random values from a managed HSM.
The vault name, for example https://myvault.vault.azure.net.
The requested number of random bytes.
The options parameters.
The import key operation may be used to import any key type into an Azure Key Vault. If the named key already exists, Azure Key Vault creates a new version of the key. This operation requires the keys/import permission.
The vault name, for example https://myvault.vault.azure.net.
Name for the imported key.
The Json web key
The options parameters.
The Purge Deleted Key operation is applicable for soft-delete enabled vaults. While the operation can be invoked on any vault, it will return an error if invoked on a non soft-delete enabled vault. This operation requires the keys/purge permission.
The vault name, for example https://myvault.vault.azure.net.
The name of the key
The options parameters.
The Recover Deleted Key operation is applicable for deleted keys in soft-delete enabled vaults. It recovers the deleted key back to its latest version under /keys. An attempt to recover an non-deleted key will return an error. Consider this the inverse of the delete operation on soft-delete enabled vaults. This operation requires the keys/recover permission.
The vault name, for example https://myvault.vault.azure.net.
The name of the deleted key.
The options parameters.
The release key operation is applicable to all key types. The target key must be marked exportable. This operation requires the keys/release permission.
The vault name, for example https://myvault.vault.azure.net.
The name of the key to get.
Adding the version parameter retrieves a specific version of a key.
The attestation assertion for the target of the key release.
The options parameters.
Imports a previously backed up key into Azure Key Vault, restoring the key, its key identifier, attributes and access control policies. The RESTORE operation may be used to import a previously backed up key. Individual versions of a key cannot be restored. The key is restored in its entirety with the same key name as it had when it was backed up. If the key name is not available in the target Key Vault, the RESTORE operation will be rejected. While the key name is retained during restore, the final key identifier will change if the key is restored to a different vault. Restore will restore all versions and preserve version identifiers. The RESTORE operation is subject to security constraints: The target Key Vault must be owned by the same Microsoft Azure Subscription as the source Key Vault The user must have RESTORE permission in the target Key Vault. This operation requires the keys/restore permission.
The vault name, for example https://myvault.vault.azure.net.
The backup blob associated with a key bundle.
The options parameters.
The operation will rotate the key based on the key policy. It requires the keys/rotate permission.
The vault name, for example https://myvault.vault.azure.net.
The name of key to be rotated. The system will generate a new version in the specified key.
The options parameters.
The SIGN operation is applicable to asymmetric and symmetric keys stored in Azure Key Vault since this operation uses the private portion of the key. This operation requires the keys/sign permission.
The vault name, for example https://myvault.vault.azure.net.
The name of the key.
The version of the key.
The signing/verification algorithm identifier. For more information on possible algorithm types, see JsonWebKeySignatureAlgorithm.
The options parameters.
The UNWRAP operation supports decryption of a symmetric key using the target key encryption key. This operation is the reverse of the WRAP operation. The UNWRAP operation applies to asymmetric and symmetric keys stored in Azure Key Vault since it uses the private portion of the key. This operation requires the keys/unwrapKey permission.
The vault name, for example https://myvault.vault.azure.net.
The name of the key.
The version of the key.
algorithm identifier
The options parameters.
In order to perform this operation, the key must already exist in the Key Vault. Note: The cryptographic material of a key itself cannot be changed. This operation requires the keys/update permission.
The vault name, for example https://myvault.vault.azure.net.
The name of key to update.
The version of the key to update.
The options parameters.
Set specified members in the key policy. Leave others as undefined. This operation requires the keys/update permission.
The vault name, for example https://myvault.vault.azure.net.
The name of the key in the given vault.
The policy for the key.
The options parameters.
The VERIFY operation is applicable to symmetric keys stored in Azure Key Vault. VERIFY is not strictly necessary for asymmetric keys stored in Azure Key Vault since signature verification can be performed using the public portion of the key but this operation is supported as a convenience for callers that only have a key-reference and not the public portion of the key. This operation requires the keys/verify permission.
The vault name, for example https://myvault.vault.azure.net.
The name of the key.
The version of the key.
The signing/verification algorithm. For more information on possible algorithm types, see JsonWebKeySignatureAlgorithm.
The digest used for signing.
The signature to be verified.
The options parameters.
The WRAP operation supports encryption of a symmetric key using a key encryption key that has previously been stored in an Azure Key Vault. The WRAP operation is only strictly necessary for symmetric keys stored in Azure Key Vault since protection with an asymmetric key can be performed using the public portion of the key. This operation is supported for asymmetric keys as a convenience for callers that have a key-reference but do not have access to the public key material. This operation requires the keys/wrapKey permission.
The vault name, for example https://myvault.vault.azure.net.
The name of the key.
The version of the key.
algorithm identifier
The options parameters.
Generated using TypeDoc
Initializes a new instance of the KeyVaultClient class.