azure.keyvault.certificates package¶

class azure.keyvault.certificates.AdministratorContact(first_name: str | None = None, last_name: str | None = None, email: str | None = None, phone: str | None = None)[source]¶

Details of the organization administrator of the certificate issuer.

Parameters:

first_name (str or None) – First name of the issuer.
last_name (str or None) – Last name of the issuer.
email (str or None) – email of the issuer.
phone (str or None) – phone number of the issuer.

property email: str | None¶

str or None

Type:: rtype

property first_name: str | None¶

str or None

Type:: rtype

property last_name: str | None¶

str or None

Type:: rtype

property phone: str | None¶

str or None

Type:: rtype

class azure.keyvault.certificates.ApiVersion(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)[source]¶

Key Vault API versions supported by this package

capitalize()¶

Return a capitalized version of the string.

More specifically, make the first character have upper case and the rest lower case.

casefold()¶: Return a version of the string suitable for caseless comparisons.

center(width, fillchar=' ', /)¶

Return a centered string of length width.

Padding is done using the specified fill character (default is a space).

count(sub[, start[, end]]) → int¶: Return the number of non-overlapping occurrences of substring sub in string S[start:end]. Optional arguments start and end are interpreted as in slice notation.

encode(encoding='utf-8', errors='strict')¶

Encode the string using the codec registered for encoding.

encoding: The encoding in which to encode the string.
errors: The error handling scheme to use for encoding errors. The default is ‘strict’ meaning that encoding errors raise a UnicodeEncodeError. Other possible values are ‘ignore’, ‘replace’ and ‘xmlcharrefreplace’ as well as any other name registered with codecs.register_error that can handle UnicodeEncodeErrors.

endswith(suffix[, start[, end]]) → bool¶: Return True if S ends with the specified suffix, False otherwise. With optional start, test S beginning at that position. With optional end, stop comparing S at that position. suffix can also be a tuple of strings to try.

expandtabs(tabsize=8)¶

Return a copy where all tab characters are expanded using spaces.

If tabsize is not given, a tab size of 8 characters is assumed.

find(sub[, start[, end]]) → int¶

Return the lowest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Return -1 on failure.

format(*args, **kwargs) → str¶: Return a formatted version of S, using substitutions from args and kwargs. The substitutions are identified by braces (‘{’ and ‘}’).

format_map(mapping) → str¶: Return a formatted version of S, using substitutions from mapping. The substitutions are identified by braces (‘{’ and ‘}’).

index(sub[, start[, end]]) → int¶

Return the lowest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Raises ValueError when the substring is not found.

isalnum()¶

Return True if the string is an alpha-numeric string, False otherwise.

A string is alpha-numeric if all characters in the string are alpha-numeric and there is at least one character in the string.

isalpha()¶

Return True if the string is an alphabetic string, False otherwise.

A string is alphabetic if all characters in the string are alphabetic and there is at least one character in the string.

isascii()¶

Return True if all characters in the string are ASCII, False otherwise.

ASCII characters have code points in the range U+0000-U+007F. Empty string is ASCII too.

isdecimal()¶

Return True if the string is a decimal string, False otherwise.

A string is a decimal string if all characters in the string are decimal and there is at least one character in the string.

isdigit()¶

Return True if the string is a digit string, False otherwise.

A string is a digit string if all characters in the string are digits and there is at least one character in the string.

isidentifier()¶

Return True if the string is a valid Python identifier, False otherwise.

Call keyword.iskeyword(s) to test whether string s is a reserved identifier, such as “def” or “class”.

islower()¶

Return True if the string is a lowercase string, False otherwise.

A string is lowercase if all cased characters in the string are lowercase and there is at least one cased character in the string.

isnumeric()¶

Return True if the string is a numeric string, False otherwise.

A string is numeric if all characters in the string are numeric and there is at least one character in the string.

isprintable()¶

Return True if the string is printable, False otherwise.

A string is printable if all of its characters are considered printable in repr() or if it is empty.

isspace()¶

Return True if the string is a whitespace string, False otherwise.

A string is whitespace if all characters in the string are whitespace and there is at least one character in the string.

istitle()¶

Return True if the string is a title-cased string, False otherwise.

In a title-cased string, upper- and title-case characters may only follow uncased characters and lowercase characters only cased ones.

isupper()¶

Return True if the string is an uppercase string, False otherwise.

A string is uppercase if all cased characters in the string are uppercase and there is at least one cased character in the string.

join(iterable, /)¶

Concatenate any number of strings.

The string whose method is called is inserted in between each given string. The result is returned as a new string.

Example: ‘.’.join([‘ab’, ‘pq’, ‘rs’]) -> ‘ab.pq.rs’

ljust(width, fillchar=' ', /)¶

Return a left-justified string of length width.

Padding is done using the specified fill character (default is a space).

lower()¶: Return a copy of the string converted to lowercase.

lstrip(chars=None, /)¶

Return a copy of the string with leading whitespace removed.

If chars is given and not None, remove characters in chars instead.

static maketrans()¶

Return a translation table usable for str.translate().

If there is only one argument, it must be a dictionary mapping Unicode ordinals (integers) or characters to Unicode ordinals, strings or None. Character keys will be then converted to ordinals. If there are two arguments, they must be strings of equal length, and in the resulting dictionary, each character in x will be mapped to the character at the same position in y. If there is a third argument, it must be a string, whose characters will be mapped to None in the result.

partition(sep, /)¶

Partition the string into three parts using the given separator.

This will search for the separator in the string. If the separator is found, returns a 3-tuple containing the part before the separator, the separator itself, and the part after it.

If the separator is not found, returns a 3-tuple containing the original string and two empty strings.

removeprefix(prefix, /)¶

Return a str with the given prefix string removed if present.

If the string starts with the prefix string, return string[len(prefix):]. Otherwise, return a copy of the original string.

removesuffix(suffix, /)¶

Return a str with the given suffix string removed if present.

If the string ends with the suffix string and that suffix is not empty, return string[:-len(suffix)]. Otherwise, return a copy of the original string.

replace(old, new, count=-1, /)¶

Return a copy with all occurrences of substring old replaced by new.

count
Maximum number of occurrences to replace. -1 (the default value) means replace all occurrences.

If the optional argument count is given, only the first count occurrences are replaced.

rfind(sub[, start[, end]]) → int¶

Return the highest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Return -1 on failure.

rindex(sub[, start[, end]]) → int¶

Return the highest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Raises ValueError when the substring is not found.

rjust(width, fillchar=' ', /)¶

Return a right-justified string of length width.

Padding is done using the specified fill character (default is a space).

rpartition(sep, /)¶

Partition the string into three parts using the given separator.

This will search for the separator in the string, starting at the end. If the separator is found, returns a 3-tuple containing the part before the separator, the separator itself, and the part after it.

If the separator is not found, returns a 3-tuple containing two empty strings and the original string.

rsplit(sep=None, maxsplit=-1)¶

Return a list of the substrings in the string, using sep as the separator string.

sep
The separator used to split the string.

When set to None (the default value), will split on any whitespace character (including n r t f and spaces) and will discard empty strings from the result.

maxsplit
Maximum number of splits. -1 (the default value) means no limit.

Splitting starts at the end of the string and works to the front.

rstrip(chars=None, /)¶

Return a copy of the string with trailing whitespace removed.

If chars is given and not None, remove characters in chars instead.

split(sep=None, maxsplit=-1)¶

Return a list of the substrings in the string, using sep as the separator string.

sep
The separator used to split the string.

When set to None (the default value), will split on any whitespace character (including n r t f and spaces) and will discard empty strings from the result.

maxsplit
Maximum number of splits. -1 (the default value) means no limit.

Splitting starts at the front of the string and works to the end.

Note, str.split() is mainly useful for data that has been intentionally delimited. With natural text that includes punctuation, consider using the regular expression module.

splitlines(keepends=False)¶

Return a list of the lines in the string, breaking at line boundaries.

Line breaks are not included in the resulting list unless keepends is given and true.

startswith(prefix[, start[, end]]) → bool¶: Return True if S starts with the specified prefix, False otherwise. With optional start, test S beginning at that position. With optional end, stop comparing S at that position. prefix can also be a tuple of strings to try.

strip(chars=None, /)¶

Return a copy of the string with leading and trailing whitespace removed.

If chars is given and not None, remove characters in chars instead.

swapcase()¶: Convert uppercase characters to lowercase and lowercase characters to uppercase.

title()¶

Return a version of the string where each word is titlecased.

More specifically, words start with uppercased characters and all remaining cased characters have lower case.

translate(table, /)¶

Replace each character in the string using the given translation table.

table
Translation table, which must be a mapping of Unicode ordinals to Unicode ordinals, strings, or None.

The table must implement lookup/indexing via __getitem__, for instance a dictionary or list. If this operation raises LookupError, the character is left untouched. Characters mapped to None are deleted.

upper()¶: Return a copy of the string converted to uppercase.

zfill(width, /)¶

Pad a numeric string with zeros on the left, to fill a field of the given width.

The string is never truncated.

V2016_10_01 = '2016-10-01'¶

V7_0 = '7.0'¶

V7_1 = '7.1'¶

V7_2 = '7.2'¶

V7_3 = '7.3'¶

V7_4 = '7.4'¶

V7_5 = '7.5'¶: this is the default version

class azure.keyvault.certificates.CertificateClient(vault_url: str, credential: TokenCredential, **kwargs: Any)[source]¶

A high-level interface for managing a vault’s certificates.

Parameters:

vault_url (str) – URL of the vault the client will access. This is also called the vault’s “DNS Name”. You should validate that this URL references a valid Key Vault resource. See https://aka.ms/azsdk/blog/vault-uri for details.
credential (TokenCredential) – An object which can provide an access token for the vault, such as a credential from azure.identity

Keyword Arguments:

api_version (ApiVersion or str) – Version of the service API to use. Defaults to the most recent.
verify_challenge_resource (bool) – Whether to verify the authentication challenge resource matches the Key Vault domain. Defaults to True.

Example

Create a new CertificateClient¶

from azure.identity import DefaultAzureCredential
from azure.keyvault.certificates import CertificateClient

# Create a CertificateClient using default Azure credentials
credential = DefaultAzureCredential()
certificate_client = CertificateClient(vault_url=vault_url, credential=credential)

backup_certificate(certificate_name: str, **kwargs: Any) → bytes[source]¶

Back up a certificate in a protected form useable only by Azure Key Vault.

Requires certificates/backup permission. This is intended to allow copying a certificate from one vault to another. Both vaults must be owned by the same Azure subscription. Also, backup / restore cannot be performed across geopolitical boundaries. For example, a backup from a vault in a USA region cannot be restored to a vault in an EU region.

Parameters:: certificate_name (str) – The name of the certificate.
Returns:: The backup blob containing the backed up certificate.
Return type:: bytes
Raises:: ResourceNotFoundError or HttpResponseError – the former if the certificate doesn’t exist; the latter for other errors

Example

Get a certificate backup¶

# backup certificate
certificate_backup = certificate_client.backup_certificate(cert_name)

# returns the raw bytes of the backed up certificate
print(certificate_backup)

begin_create_certificate(certificate_name: str, policy: CertificatePolicy, **kwargs: Any) → LROPoller[KeyVaultCertificate | CertificateOperation][source]¶

Creates a new certificate.

If this is the first version, the certificate resource is created. This operation requires the certificates/create permission. Waiting on the returned poller requires the certificates/get permission and gives you the certificate if creation is successful, or the CertificateOperation if not – otherwise, it raises an HttpResponseError.

Parameters:

certificate_name (str) – The name of the certificate.
policy (CertificatePolicy) – The management policy for the certificate. Either subject or one of the subject alternative name properties are required.

Keyword Arguments:

enabled (bool) – Whether the certificate is enabled for use.
tags (dict[str, str]) – Application specific metadata in the form of key-value pairs.

Returns:

An LROPoller for the create certificate operation. Waiting on the poller gives you the certificate if creation is successful, or the CertificateOperation if not.

Return type:

LROPoller[KeyVaultCertificate or CertificateOperation]

Raises:

ValueError or HttpResponseError – the former if the certificate policy is invalid; the latter for other errors

Example

Create a certificate¶

from azure.keyvault.certificates import (CertificateContentType,
                                         CertificatePolicy,
                                         WellKnownIssuerNames)

# specify the certificate policy
cert_policy = CertificatePolicy(
    issuer_name=WellKnownIssuerNames.self,
    subject="CN=*.microsoft.com",
    san_dns_names=["sdk.azure-int.net"],
    exportable=True,
    key_type="RSA",
    key_size=2048,
    reuse_key=False,
    content_type=CertificateContentType.pkcs12,
    validity_in_months=24,
)

# create a certificate with optional arguments, returns a long running operation poller
certificate_operation_poller = certificate_client.begin_create_certificate(
    certificate_name=cert_name, policy=cert_policy
)

# Here we are waiting for the certificate creation operation to be completed
certificate = certificate_operation_poller.result()

# You can get the final status of the certificate operation poller using .result()
print(certificate_operation_poller.result())

print(certificate.id)
print(certificate.name)
print(certificate.policy.issuer_name)

begin_delete_certificate(certificate_name: str, **kwargs: Any) → LROPoller[DeletedCertificate][source]¶

Delete all versions of a certificate. Requires certificates/delete permission.

When this method returns Key Vault has begun deleting the certificate. Deletion may take several seconds in a vault with soft-delete enabled. This method therefore returns a poller enabling you to wait for deletion to complete.

Parameters:: certificate_name (str) – The name of the certificate to delete.
Returns:: A poller for the delete certificate operation. The poller’s result method returns the DeletedCertificate without waiting for deletion to complete. If the vault has soft-delete enabled and you want to immediately, permanently delete the certificate with purge_deleted_certificate(), call the poller’s wait method first. It will block until the deletion is complete. The wait method requires certificates/get permission.
Return type:: LROPoller[DeletedCertificate]
Raises:: ResourceNotFoundError or HttpResponseError – the former if the certificate doesn’t exist; the latter for other errors

Example

Delete a certificate¶

# delete a certificate
deleted_certificate = certificate_client.begin_delete_certificate(certificate.name).result()

print(deleted_certificate.name)

# if the vault has soft-delete enabled, the certificate's deleted date,
# scheduled purge date, and recovery id are available
print(deleted_certificate.deleted_on)
print(deleted_certificate.scheduled_purge_date)
print(deleted_certificate.recovery_id)

begin_recover_deleted_certificate(certificate_name: str, **kwargs: Any) → LROPoller[KeyVaultCertificate][source]¶

Recover a deleted certificate to its latest version. Possible only in a vault with soft-delete enabled.

Requires certificates/recover permission. When this method returns Key Vault has begun recovering the certificate. Recovery may take several seconds. This method therefore returns a poller enabling you to wait for recovery to complete. Waiting is only necessary when you want to use the recovered certificate in another operation immediately.

Parameters:: certificate_name (str) – The name of the deleted certificate to recover
Returns:: A poller for the recovery operation. The poller’s result method returns the recovered KeyVaultCertificate without waiting for recovery to complete. If you want to use the recovered certificate immediately, call the poller’s wait method, which blocks until the certificate is ready to use. The wait method requires certificate/get permission.
Return type:: LROPoller[KeyVaultCertificate]
Raises:: HttpResponseError –

Example

Recover a deleted certificate¶

# recover a deleted certificate to its latest version (requires soft-delete enabled for the vault)
recovered_certificate = certificate_client.begin_recover_deleted_certificate(cert_name).result()

print(recovered_certificate.id)
print(recovered_certificate.name)

cancel_certificate_operation(certificate_name: str, **kwargs: Any) → CertificateOperation[source]¶

Cancels an in-progress certificate operation. Requires the certificates/update permission.

Parameters:: certificate_name (str) – The name of the certificate.
Returns:: The cancelled certificate operation
Return type:: CertificateOperation
Raises:: HttpResponseError –

close() → None¶

Close sockets opened by the client.

Calling this method is unnecessary when using the client as a context manager.

create_issuer(issuer_name: str, provider: str, **kwargs: Any) → CertificateIssuer[source]¶

Sets the specified certificate issuer. Requires certificates/setissuers permission.

Parameters:

issuer_name (str) – The name of the issuer.
provider (str) – The issuer provider.

Keyword Arguments:

enabled (bool) – Whether the issuer is enabled for use.
account_id (str) – The user name/account name/account id.
password (str) – The password/secret/account key.
organization_id (str) – Id of the organization
admin_contacts (list[AdministratorContact]) – Contact details of the organization administrators of the certificate issuer.

Returns:

The created CertificateIssuer

Return type:

CertificateIssuer

Raises:

HttpResponseError –

Example

Create an issuer¶

from azure.keyvault.certificates import AdministratorContact

# First we specify the AdministratorContact for a issuer.
admin_contacts = [
    AdministratorContact(first_name="John", last_name="Doe", email="admin@microsoft.com", phone="4255555555")
]

issuer = certificate_client.create_issuer(
    issuer_name="issuer1",
    provider="Test",
    account_id="keyvaultuser",
    admin_contacts=admin_contacts,
    enabled=True,
)

print(issuer.name)
print(issuer.provider)
print(issuer.account_id)

for contact in issuer.admin_contacts:
    print(contact.first_name)
    print(contact.last_name)
    print(contact.email)
    print(contact.phone)

delete_certificate_operation(certificate_name: str, **kwargs: Any) → CertificateOperation[source]¶

Deletes and stops the creation operation for a specific certificate.

Requires the certificates/update permission.

Parameters:: certificate_name (str) – The name of the certificate.
Returns:: The deleted CertificateOperation
Return type:: CertificateOperation
Raises:: HttpResponseError –

delete_contacts(**kwargs: Any) → List[CertificateContact][source]¶

Deletes the certificate contacts for the key vault. Requires the certificates/managecontacts permission.

Returns:: The deleted contacts for the key vault.
Return type:: list[CertificateContact]
Raises:: HttpResponseError –

Example

Delete contacts¶

deleted_contacts = certificate_client.delete_contacts()

for deleted_contact in deleted_contacts:
    print(deleted_contact.name)
    print(deleted_contact.email)
    print(deleted_contact.phone)

delete_issuer(issuer_name: str, **kwargs: Any) → CertificateIssuer[source]¶

Deletes the specified certificate issuer.

Requires certificates/manageissuers/deleteissuers permission.

Parameters:: issuer_name (str) – The name of the issuer.
Returns:: CertificateIssuer
Return type:: CertificateIssuer
Raises:: HttpResponseError –

Example

Delete an issuer¶

deleted_issuer = certificate_client.delete_issuer("issuer1")

print(deleted_issuer.name)
print(deleted_issuer.provider)
print(deleted_issuer.account_id)

for contact in deleted_issuer.admin_contacts:
    print(contact.first_name)
    print(contact.last_name)
    print(contact.email)
    print(contact.phone)

get_certificate(certificate_name: str, **kwargs: Any) → KeyVaultCertificate[source]¶

Gets a certificate with its management policy attached. Requires certificates/get permission.

Does not accept the version of the certificate as a parameter. To get a specific version of the certificate, call get_certificate_version().

Parameters:: certificate_name (str) – The name of the certificate in the given vault.
Returns:: An instance of KeyVaultCertificate
Return type:: KeyVaultCertificate
Raises:: ResourceNotFoundError or HttpResponseError – the former if the certificate doesn’t exist; the latter for other errors

Example

Get a certificate¶

# get the certificate
certificate = certificate_client.get_certificate(cert_name)

print(certificate.id)
print(certificate.name)
print(certificate.policy.issuer_name)

get_certificate_operation(certificate_name: str, **kwargs: Any) → CertificateOperation[source]¶

Gets the creation operation of a certificate. Requires the certificates/get permission.

Parameters:: certificate_name (str) – The name of the certificate.
Returns:: The created CertificateOperation
Return type:: CertificateOperation
Raises:: ResourceNotFoundError or HttpResponseError – the former if the certificate doesn’t exist; the latter for other errors

get_certificate_policy(certificate_name: str, **kwargs: Any) → CertificatePolicy[source]¶

Gets the policy for a certificate. Requires certificates/get permission.

Returns the specified certificate policy resources in the key vault.

Parameters:: certificate_name (str) – The name of the certificate in a given key vault.
Returns:: The certificate policy
Return type:: CertificatePolicy
Raises:: HttpResponseError –

get_certificate_version(certificate_name: str, version: str, **kwargs: Any) → KeyVaultCertificate[source]¶

Gets a specific version of a certificate without returning its management policy.

Requires certificates/get permission. To get the latest version of the certificate, or to get the certificate’s policy as well, call get_certificate().

Parameters:

certificate_name (str) – The name of the certificate in the given vault.
version (str) – The version of the certificate.

Returns:

An instance of KeyVaultCertificate

Return type:

KeyVaultCertificate

Raises:

ResourceNotFoundError or HttpResponseError – the former if the certificate doesn’t exist; the latter for other errors

Example

Get a certificate with a specific version¶

certificate = certificate_client.get_certificate_version(cert_name, version)

print(certificate.id)
print(certificate.properties.version)

get_contacts(**kwargs: Any) → List[CertificateContact][source]¶

Gets the certificate contacts for the key vault. Requires the certificates/managecontacts permission.

Returns:: The certificate contacts for the key vault.
Return type:: list[CertificateContact]
Raises:: HttpResponseError –

Example

Get contacts¶

contacts = certificate_client.get_contacts()

# Loop through the certificate contacts for this key vault.
for contact in contacts:
    print(contact.name)
    print(contact.email)
    print(contact.phone)

get_deleted_certificate(certificate_name: str, **kwargs: Any) → DeletedCertificate[source]¶

Get a deleted certificate. Possible only in a vault with soft-delete enabled.

Requires certificates/get permission. Retrieves the deleted certificate information plus its attributes, such as retention interval, scheduled permanent deletion, and the current deletion recovery level.

Parameters:: certificate_name (str) – The name of the certificate.
Returns:: The deleted certificate
Return type:: DeletedCertificate
Raises:: ResourceNotFoundError or HttpResponseError – the former if the certificate doesn’t exist; the latter for other errors

Example

Get a deleted certificate¶

# get a deleted certificate (requires soft-delete enabled for the vault)
deleted_certificate = certificate_client.get_deleted_certificate(cert_name)
print(deleted_certificate.name)

# if the vault has soft-delete enabled, the certificate's deleted date,
# scheduled purge date, and recovery id are available
print(deleted_certificate.deleted_on)
print(deleted_certificate.scheduled_purge_date)
print(deleted_certificate.recovery_id)

get_issuer(issuer_name: str, **kwargs: Any) → CertificateIssuer[source]¶

Gets the specified certificate issuer. Requires certificates/manageissuers/getissuers permission.

Parameters:: issuer_name (str) – The name of the issuer.
Returns:: The specified certificate issuer.
Return type:: CertificateIssuer
Raises:: ResourceNotFoundError or HttpResponseError – the former if the issuer doesn’t exist; the latter for other errors

Example

Get an issuer¶

issuer = certificate_client.get_issuer("issuer1")

print(issuer.name)
print(issuer.provider)
print(issuer.account_id)

for contact in issuer.admin_contacts:
    print(contact.first_name)
    print(contact.last_name)
    print(contact.email)
    print(contact.phone)

import_certificate(certificate_name: str, certificate_bytes: bytes, **kwargs: Any) → KeyVaultCertificate[source]¶

Import a certificate created externally. Requires certificates/import permission.

Imports an existing valid certificate, containing a private key, into Azure Key Vault. The certificate to be imported can be in either PFX or PEM format. If the certificate is in PEM format the PEM file must contain the key as well as x509 certificates, and you must provide a policy with content_type of pem.

Parameters:

certificate_name (str) – The name of the certificate.
certificate_bytes (bytes) – Bytes of the certificate object to import. This certificate needs to contain the private key.

Keyword Arguments:

enabled (bool) – Whether the certificate is enabled for use.
tags (dict[str, str]) – Application specific metadata in the form of key-value pairs.
password (str) – If the private key in the passed in certificate is encrypted, it is the password used for encryption.
policy (CertificatePolicy) – The management policy for the certificate. Required if importing a PEM-format certificate, with content_type set to pem.

Returns:

The imported KeyVaultCertificate

Return type:

KeyVaultCertificate

Raises:

HttpResponseError –

list_deleted_certificates(*, include_pending: bool | None = None, **kwargs: Any) → ItemPaged[DeletedCertificate][source]¶

Lists the currently-recoverable deleted certificates. Possible only if vault is soft-delete enabled.

Requires certificates/get/list permission. Retrieves the certificates in the current vault which are in a deleted state and ready for recovery or purging. This operation includes deletion-specific information.

Keyword Arguments:: include_pending (bool or None) – Specifies whether to include certificates which are not completely deleted. Only available for API versions v7.0 and up. If not provided, Key Vault treats this as False.
Returns:: An iterator-like instance of DeletedCertificate
Return type:: ItemPaged[DeletedCertificate]
Raises:: HttpResponseError –

Example

List all the deleted certificates¶

# get an iterator of deleted certificates (requires soft-delete enabled for the vault)
deleted_certificates = certificate_client.list_deleted_certificates()

for certificate in deleted_certificates:
    print(certificate.id)
    print(certificate.name)
    print(certificate.deleted_on)
    print(certificate.scheduled_purge_date)
    print(certificate.deleted_on)

list_properties_of_certificate_versions(certificate_name: str, **kwargs: Any) → ItemPaged[CertificateProperties][source]¶

List the identifiers and properties of a certificate’s versions.

Requires certificates/list permission.

Parameters:: certificate_name (str) – The name of the certificate.
Returns:: An iterator-like instance of CertificateProperties
Return type:: ItemPaged[CertificateProperties]
Raises:: HttpResponseError –

Example

List all versions of a certificate¶

# get an iterator of a certificate's versions
certificate_versions = certificate_client.list_properties_of_certificate_versions(certificate_name)

for certificate in certificate_versions:
    print(certificate.id)
    print(certificate.updated_on)
    print(certificate.version)

list_properties_of_certificates(*, include_pending: bool | None = None, **kwargs: Any) → ItemPaged[CertificateProperties][source]¶

List identifiers and properties of all certificates in the vault.

Requires certificates/list permission.

Keyword Arguments:: include_pending (bool or None) – Specifies whether to include certificates which are not completely provisioned. Only available for API versions v7.0 and up. If not provided, Key Vault treats this as False.
Returns:: An iterator-like instance of CertificateProperties
Return type:: ItemPaged[CertificateProperties]
Raises:: HttpResponseError –

Example

List all certificates¶

# get an iterator of certificates
certificates = certificate_client.list_properties_of_certificates()

for certificate in certificates:
    print(certificate.id)
    print(certificate.created_on)
    print(certificate.name)
    print(certificate.updated_on)
    print(certificate.enabled)

list_properties_of_issuers(**kwargs: Any) → ItemPaged[IssuerProperties][source]¶

Lists properties of the certificate issuers for the key vault.

Requires the certificates/manageissuers/getissuers permission.

Returns:: An iterator-like instance of Issuers
Return type:: ItemPaged[CertificateIssuer]
Raises:: HttpResponseError –

Example

List issuers of a vault¶

issuers = certificate_client.list_properties_of_issuers()

for issuer in issuers:
    print(issuer.name)
    print(issuer.provider)

merge_certificate(certificate_name: str, x509_certificates: List[bytes], **kwargs: Any) → KeyVaultCertificate[source]¶

Merges a certificate or a certificate chain with a key pair existing on the server.

Requires the certificates/create permission. Performs the merging of a certificate or certificate chain with a key pair currently available in the service. Make sure when creating the certificate to merge using begin_create_certificate() that you set its issuer to ‘Unknown’. This way Key Vault knows that the certificate will not be signed by an issuer known to it.

Parameters:

certificate_name (str) – The name of the certificate
x509_certificates (list[bytes]) – The certificate or the certificate chain to merge.

Keyword Arguments:

enabled (bool or None) – Whether the certificate is enabled for use.
tags (dict[str, str] or None) – Application specific metadata in the form of key-value pairs.

Returns:

The merged certificate

Return type:

KeyVaultCertificate

Raises:

HttpResponseError –

purge_deleted_certificate(certificate_name: str, **kwargs: Any) → None[source]¶

Permanently deletes a deleted certificate. Possible only in vaults with soft-delete enabled.

Requires certificates/purge permission. Performs an irreversible deletion of the specified certificate, without possibility for recovery. The operation is not available if the recovery_level does not specify ‘Purgeable’. This method is only necessary for purging a certificate before its scheduled_purge_date.

Parameters:: certificate_name (str) – The name of the certificate
Returns:: None
Return type:: None
Raises:: HttpResponseError –

restore_certificate_backup(backup: bytes, **kwargs: Any) → KeyVaultCertificate[source]¶

Restore a certificate backup to the vault. Requires certificates/restore permission.

This restores all versions of the certificate, with its name, attributes, and access control policies. If the certificate’s name is already in use, restoring it will fail. Also, the target vault must be owned by the same Microsoft Azure subscription as the source vault.

Parameters:: backup (bytes) – The backup blob associated with a certificate bundle.
Returns:: The restored KeyVaultCertificate
Return type:: KeyVaultCertificate
Raises:: HttpResponseError –

Example

Restore a certificate backup¶

# restore a certificate backup
restored_certificate = certificate_client.restore_certificate_backup(certificate_backup)

print(restored_certificate.id)
print(restored_certificate.name)
print(restored_certificate.properties.version)

send_request(request: HttpRequest, *, stream: bool = False, **kwargs: Any) → HttpResponse¶

Runs a network request using the client’s existing pipeline.

The request URL can be relative to the vault URL. The service API version used for the request is the same as the client’s unless otherwise specified. This method does not raise if the response is an error; to raise an exception, call raise_for_status() on the returned response object. For more information about how to send custom requests with this method, see https://aka.ms/azsdk/dpcodegen/python/send_request.

Parameters:: request (HttpRequest) – The network request you want to make.
Keyword Arguments:: stream (bool) – Whether the response payload will be streamed. Defaults to False.
Returns:: The response of your network call. Does not do error handling on your response.
Return type:: HttpResponse

set_contacts(contacts: List[CertificateContact], **kwargs: Any) → List[CertificateContact][source]¶

Sets the certificate contacts for the key vault. Requires certificates/managecontacts permission.

Parameters:: contacts (list[CertificateContact]) – The contact list for the vault certificates.
Returns:: The created list of contacts
Return type:: list[CertificateContact]
Raises:: HttpResponseError –

Example

Create contacts¶

from azure.keyvault.certificates import CertificateContact

# Create a list of the contacts that you want to set for this key vault.
contact_list = [
    CertificateContact(email="admin@contoso.com", name="John Doe", phone="1111111111"),
    CertificateContact(email="admin2@contoso.com", name="John Doe2", phone="2222222222"),
]

contacts = certificate_client.set_contacts(contact_list)
for contact in contacts:
    print(contact.name)
    print(contact.email)
    print(contact.phone)

update_certificate_policy(certificate_name: str, policy: CertificatePolicy, **kwargs: Any) → CertificatePolicy[source]¶

Updates the policy for a certificate. Requires certificates/update permission.

Set specified members in the certificate policy. Leaves others as null.

Parameters:

certificate_name (str) – The name of the certificate in the given vault.
policy (CertificatePolicy) – The policy for the certificate.

Returns:

The certificate policy

Return type:

CertificatePolicy

Raises:

HttpResponseError –

update_certificate_properties(certificate_name: str, version: str | None = None, **kwargs: Any) → KeyVaultCertificate[source]¶

Change a certificate’s properties. Requires certificates/update permission.

Parameters:

certificate_name (str) – The name of the certificate in the given key vault.
version (str) – The version of the certificate.

Keyword Arguments:

enabled (bool) – Whether the certificate is enabled for use.
tags (dict[str, str]) – Application specific metadata in the form of key-value pairs.

Returns:

The updated KeyVaultCertificate

Return type:

KeyVaultCertificate

Raises:

HttpResponseError –

Example

Update a certificate’s attributes¶

# update attributes of an existing certificate
tags = {"foo": "updated tag"}
updated_certificate = certificate_client.update_certificate_properties(
    certificate_name=certificate.name, tags=tags
)

print(updated_certificate.properties.version)
print(updated_certificate.properties.updated_on)
print(updated_certificate.properties.tags)

update_issuer(issuer_name: str, **kwargs: Any) → CertificateIssuer[source]¶

Updates the specified certificate issuer. Requires certificates/setissuers permission.

Parameters:

issuer_name (str) – The name of the issuer.

Keyword Arguments:

enabled (bool) – Whether the issuer is enabled for use.
provider (str) – The issuer provider
account_id (str) – The user name/account name/account id.
password (str) – The password/secret/account key.
organization_id (str) – Id of the organization
admin_contacts (list[AdministratorContact]) – Contact details of the organization administrators of the certificate issuer

Returns:

The updated issuer

Return type:

CertificateIssuer

Raises:

HttpResponseError –

property vault_url: str¶

class azure.keyvault.certificates.CertificateContact(email: str | None = None, name: str | None = None, phone: str | None = None)[source]¶

The contact information for the vault certificates.

Parameters:

email (str or None) – Email address of a contact for the certificate.
name (str or None) – Name of a contact for the certificate.
phone (str or None) – phone number of a contact for the certificate.

property email: str | None¶

str or None

Type:: rtype

property name: str | None¶

str or None

Type:: rtype

property phone: str | None¶

str or None

Type:: rtype

class azure.keyvault.certificates.CertificateContentType(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)[source]¶

Content type of the secrets as specified in Certificate Policy

capitalize()¶

Return a capitalized version of the string.

More specifically, make the first character have upper case and the rest lower case.

casefold()¶: Return a version of the string suitable for caseless comparisons.

center(width, fillchar=' ', /)¶

Return a centered string of length width.

Padding is done using the specified fill character (default is a space).

count(sub[, start[, end]]) → int¶: Return the number of non-overlapping occurrences of substring sub in string S[start:end]. Optional arguments start and end are interpreted as in slice notation.

encode(encoding='utf-8', errors='strict')¶

Encode the string using the codec registered for encoding.

encoding: The encoding in which to encode the string.
errors: The error handling scheme to use for encoding errors. The default is ‘strict’ meaning that encoding errors raise a UnicodeEncodeError. Other possible values are ‘ignore’, ‘replace’ and ‘xmlcharrefreplace’ as well as any other name registered with codecs.register_error that can handle UnicodeEncodeErrors.

endswith(suffix[, start[, end]]) → bool¶: Return True if S ends with the specified suffix, False otherwise. With optional start, test S beginning at that position. With optional end, stop comparing S at that position. suffix can also be a tuple of strings to try.

expandtabs(tabsize=8)¶

Return a copy where all tab characters are expanded using spaces.

If tabsize is not given, a tab size of 8 characters is assumed.

find(sub[, start[, end]]) → int¶

Return the lowest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Return -1 on failure.

format(*args, **kwargs) → str¶: Return a formatted version of S, using substitutions from args and kwargs. The substitutions are identified by braces (‘{’ and ‘}’).

format_map(mapping) → str¶: Return a formatted version of S, using substitutions from mapping. The substitutions are identified by braces (‘{’ and ‘}’).

index(sub[, start[, end]]) → int¶

Return the lowest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Raises ValueError when the substring is not found.

isalnum()¶

Return True if the string is an alpha-numeric string, False otherwise.

A string is alpha-numeric if all characters in the string are alpha-numeric and there is at least one character in the string.

isalpha()¶

Return True if the string is an alphabetic string, False otherwise.

A string is alphabetic if all characters in the string are alphabetic and there is at least one character in the string.

isascii()¶

Return True if all characters in the string are ASCII, False otherwise.

ASCII characters have code points in the range U+0000-U+007F. Empty string is ASCII too.

isdecimal()¶

Return True if the string is a decimal string, False otherwise.

A string is a decimal string if all characters in the string are decimal and there is at least one character in the string.

isdigit()¶

Return True if the string is a digit string, False otherwise.

A string is a digit string if all characters in the string are digits and there is at least one character in the string.

isidentifier()¶

Return True if the string is a valid Python identifier, False otherwise.

Call keyword.iskeyword(s) to test whether string s is a reserved identifier, such as “def” or “class”.

islower()¶

Return True if the string is a lowercase string, False otherwise.

A string is lowercase if all cased characters in the string are lowercase and there is at least one cased character in the string.

isnumeric()¶

Return True if the string is a numeric string, False otherwise.

A string is numeric if all characters in the string are numeric and there is at least one character in the string.

isprintable()¶

Return True if the string is printable, False otherwise.

A string is printable if all of its characters are considered printable in repr() or if it is empty.

isspace()¶

Return True if the string is a whitespace string, False otherwise.

A string is whitespace if all characters in the string are whitespace and there is at least one character in the string.

istitle()¶

Return True if the string is a title-cased string, False otherwise.

In a title-cased string, upper- and title-case characters may only follow uncased characters and lowercase characters only cased ones.

isupper()¶

Return True if the string is an uppercase string, False otherwise.

A string is uppercase if all cased characters in the string are uppercase and there is at least one cased character in the string.

join(iterable, /)¶

Concatenate any number of strings.

The string whose method is called is inserted in between each given string. The result is returned as a new string.

Example: ‘.’.join([‘ab’, ‘pq’, ‘rs’]) -> ‘ab.pq.rs’

ljust(width, fillchar=' ', /)¶

Return a left-justified string of length width.

Padding is done using the specified fill character (default is a space).

lower()¶: Return a copy of the string converted to lowercase.

lstrip(chars=None, /)¶

Return a copy of the string with leading whitespace removed.

If chars is given and not None, remove characters in chars instead.

static maketrans()¶

Return a translation table usable for str.translate().

If there is only one argument, it must be a dictionary mapping Unicode ordinals (integers) or characters to Unicode ordinals, strings or None. Character keys will be then converted to ordinals. If there are two arguments, they must be strings of equal length, and in the resulting dictionary, each character in x will be mapped to the character at the same position in y. If there is a third argument, it must be a string, whose characters will be mapped to None in the result.

partition(sep, /)¶

Partition the string into three parts using the given separator.

This will search for the separator in the string. If the separator is found, returns a 3-tuple containing the part before the separator, the separator itself, and the part after it.

If the separator is not found, returns a 3-tuple containing the original string and two empty strings.

removeprefix(prefix, /)¶

Return a str with the given prefix string removed if present.

If the string starts with the prefix string, return string[len(prefix):]. Otherwise, return a copy of the original string.

removesuffix(suffix, /)¶

Return a str with the given suffix string removed if present.

If the string ends with the suffix string and that suffix is not empty, return string[:-len(suffix)]. Otherwise, return a copy of the original string.

replace(old, new, count=-1, /)¶

Return a copy with all occurrences of substring old replaced by new.

count
Maximum number of occurrences to replace. -1 (the default value) means replace all occurrences.

If the optional argument count is given, only the first count occurrences are replaced.

rfind(sub[, start[, end]]) → int¶

Return the highest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Return -1 on failure.

rindex(sub[, start[, end]]) → int¶

Return the highest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Raises ValueError when the substring is not found.

rjust(width, fillchar=' ', /)¶

Return a right-justified string of length width.

Padding is done using the specified fill character (default is a space).

rpartition(sep, /)¶

Partition the string into three parts using the given separator.

This will search for the separator in the string, starting at the end. If the separator is found, returns a 3-tuple containing the part before the separator, the separator itself, and the part after it.

If the separator is not found, returns a 3-tuple containing two empty strings and the original string.

rsplit(sep=None, maxsplit=-1)¶

Return a list of the substrings in the string, using sep as the separator string.

sep
The separator used to split the string.

When set to None (the default value), will split on any whitespace character (including n r t f and spaces) and will discard empty strings from the result.

maxsplit
Maximum number of splits. -1 (the default value) means no limit.

Splitting starts at the end of the string and works to the front.

rstrip(chars=None, /)¶

Return a copy of the string with trailing whitespace removed.

If chars is given and not None, remove characters in chars instead.

split(sep=None, maxsplit=-1)¶

Return a list of the substrings in the string, using sep as the separator string.

sep
The separator used to split the string.

When set to None (the default value), will split on any whitespace character (including n r t f and spaces) and will discard empty strings from the result.

maxsplit
Maximum number of splits. -1 (the default value) means no limit.

Splitting starts at the front of the string and works to the end.

Note, str.split() is mainly useful for data that has been intentionally delimited. With natural text that includes punctuation, consider using the regular expression module.

splitlines(keepends=False)¶

Return a list of the lines in the string, breaking at line boundaries.

Line breaks are not included in the resulting list unless keepends is given and true.

startswith(prefix[, start[, end]]) → bool¶: Return True if S starts with the specified prefix, False otherwise. With optional start, test S beginning at that position. With optional end, stop comparing S at that position. prefix can also be a tuple of strings to try.

strip(chars=None, /)¶

Return a copy of the string with leading and trailing whitespace removed.

If chars is given and not None, remove characters in chars instead.

swapcase()¶: Convert uppercase characters to lowercase and lowercase characters to uppercase.

title()¶

Return a version of the string where each word is titlecased.

More specifically, words start with uppercased characters and all remaining cased characters have lower case.

translate(table, /)¶

Replace each character in the string using the given translation table.

table
Translation table, which must be a mapping of Unicode ordinals to Unicode ordinals, strings, or None.

The table must implement lookup/indexing via __getitem__, for instance a dictionary or list. If this operation raises LookupError, the character is left untouched. Characters mapped to None are deleted.

upper()¶: Return a copy of the string converted to uppercase.

zfill(width, /)¶

Pad a numeric string with zeros on the left, to fill a field of the given width.

The string is never truncated.

pem = 'application/x-pem-file'¶

pkcs12 = 'application/x-pkcs12'¶

class azure.keyvault.certificates.CertificateIssuer(provider: str | None, attributes: IssuerAttributes | None = None, account_id: str | None = None, password: str | None = None, organization_id: str | None = None, admin_contacts: List[AdministratorContact] | None = None, **kwargs: Any)[source]¶

The issuer for a Key Vault certificate.

Parameters:

provider (str or None) – The issuer provider
attributes (IssuerAttributes or None) – The issuer attributes.
account_id (str or None) – The username / account name / account id.
password (str or None) – The password / secret / account key.
organization_id (str or None) – The ID of the organization.
admin_contacts (list[AdministratorContact] or None) – Details of the organization administrator.

property account_id: str | None¶

The username / account name / account id.

Returns:: The username / account name / account id.
Return type:: str or None

property admin_contacts: List[AdministratorContact] | None¶

Contact details of the organization administrator(s) of this issuer.

Returns:: Contact details of the organization administrator(s) of this issuer.
Return type:: list[AdministratorContact] or None

property created_on: datetime | None¶

The datetime when the certificate is created.

Returns:: The datetime when the certificate is created.
Return type:: datetime or None

property enabled: bool | None¶

Whether the certificate is enabled or not.

Returns:: True if the certificate is enabled; False otherwise.
Return type:: bool or None

property id: str | None¶

The issuer ID.

Returns:: The issuer ID.
Return type:: str or None

property name: str | None¶

The issuer name.

Returns:: The issuer name.
Return type:: str or None

property organization_id: str | None¶

The issuer organization ID.

Returns:: The issuer organization ID.
Return type:: str or None

property password: str | None¶

The password / secret / account key.

Returns:: The password / secret / account key.
Return type:: str or None

property provider: str | None¶

The issuer provider.

Returns:: The issuer provider.
Return type:: str or None

property updated_on: datetime | None¶

The datetime when the certificate was last updated.

Returns:: The datetime when the certificate was last updated.
Return type:: datetime or None

A certificate operation is returned in case of long running requests.

Parameters:

cert_operation_id (str or None) – The certificate id.
issuer_name (str or WellKnownIssuerNames or None) – Name of the operation’s issuer object or reserved names.
certificate_type (str or None) – Type of certificate requested from the issuer provider.
certificate_transparency (bool or None) – Indicates if the certificate this operation is running for is published to certificate transparency logs. Defaults to False.
csr (bytes or None) – The certificate signing request (CSR) that is being used in the certificate operation.
cancellation_requested (bool or None) – Indicates if cancellation was requested on the certificate operation. Defaults to False.
status (str or None) – Status of the certificate operation.
status_details (str or None) – The status details of the certificate operation
error (CertificateOperationError or None) – Error encountered, if any, during the certificate operation.
target (str or None) – Location which contains the result of the certificate operation.
request_id (str or None) – Identifier for the certificate operation.

property cancellation_requested: bool | None¶

Whether cancellation was requested on the certificate operation.

Returns:: True if cancellation was requested; False otherwise.
Return type:: bool or None

property certificate_transparency: bool | None¶

Whether certificates generated under this policy should be published to certificate transparency logs.

Returns:: True if the certificates should be published to transparency logs; False otherwise.
Return type:: bool or None

property certificate_type: str | None¶

Type of certificate to be requested from the issuer provider.

Returns:: Type of certificate to be requested from the issuer provider.
Return type:: str or None

property csr: bytes | None¶

The certificate signing request that is being used in this certificate operation.

Returns:: The certificate signing request that is being used in this certificate operation.
Return type:: bytes or None

property error: CertificateOperationError | None¶

Any error associated with the certificate operation.

Returns:: Any error associated with the operation, as a CertificateOperationError.
Return type:: CertificateOperationError or None

property id: str | None¶

The certificate ID.

Returns:: The certificate ID.
Return type:: str or None

property issuer_name: str | WellKnownIssuerNames | None¶

The name of the certificate issuer.

Returns:: The name of the certificate issuer.
Return type:: str or WellKnownIssuerNames or None

property name: str | None¶

The certificate name.

Returns:: The certificate name.
Return type:: str or None

property request_id: str | None¶

Identifier for the certificate operation.

Returns:: Identifier for the certificate operation.
Return type:: str or None

property status: str | None¶

The operation status.

Returns:: The operation status.
Return type:: str or None

property status_details: str | None¶

Details of the operation status.

Returns:: Details of the operation status.
Return type:: str or None

property target: str | None¶

Location which contains the result of the certificate operation.

Returns:: Location which contains the result of the certificate operation.
Return type:: str or None

property vault_url: str | None¶

URL of the vault performing the certificate operation.

Returns:: URL of the vault performing the certificate operation.
Return type:: str or None

class azure.keyvault.certificates.CertificateOperationError(code: str, message: str, inner_error: CertificateOperationError)[source]¶

The key vault server error.

Parameters:

code (str) – The error code.
message (str) – The error message.
inner_error (CertificateOperationError) – The error object itself

property code: str¶

The error code.

Returns:: The error code.
Return type:: str

property inner_error: CertificateOperationError¶

The error itself.

Returns:: The error itself.
Return type:: CertificateOperationError

property message: str¶

The error message.

Returns:: The error message.
Return type:: str

class azure.keyvault.certificates.CertificatePolicy(issuer_name: str | None = None, **kwargs: Any)[source]¶

Management policy for a certificate.

Parameters:

issuer_name (str or None) – Optional. Name of the referenced issuer object or reserved names; for example, self or unknown

Keyword Arguments:

subject (str or None) – The subject name of the certificate. Should be a valid X509 distinguished name. Either subject or one of the subject alternative name parameters are required for creating a certificate. This will be ignored when importing a certificate; the subject will be parsed from the imported certificate.
san_emails (list[str] or None) – Subject alternative emails of the X509 object. Either subject or one of the subject alternative name parameters are required for creating a certificate.
san_dns_names (list[str] or None) – Subject alternative DNS names of the X509 object. Either subject or one of the subject alternative name parameters are required for creating a certificate.
san_user_principal_names (list[str] or None) – Subject alternative user principal names of the X509 object. Either subject or one of the subject alternative name parameters are required for creating a certificate.
exportable (bool or None) – Indicates if the private key can be exported. For valid values, see KeyType.
key_type (str or KeyType or None) – The type of key pair to be used for the certificate.
key_size (int or None) – The key size in bits. For example: 2048, 3072, or 4096 for RSA.
reuse_key (bool or None) – Indicates if the same key pair will be used on certificate renewal.
key_curve_name (str or KeyCurveName or None) – Elliptic curve name. For valid values, see KeyCurveName.
enhanced_key_usage (list[str] or None) – The extended ways the key of the certificate can be used.
key_usage (list[str or KeyUsageType] or None) – List of key usages.
content_type (str or CertificateContentType or None) – The media type (MIME type) of the secret backing the certificate. If not specified, CertificateContentType.pkcs12 is assumed.
validity_in_months (int or None) – The duration that the certificate is valid in months.
lifetime_actions (list[LifetimeAction] or None) – Actions that will be performed by Key Vault over the lifetime of a certificate.
certificate_type (str or None) – Type of certificate to be requested from the issuer provider.
certificate_transparency (bool or None) – Indicates if the certificates generated under this policy should be published to certificate transparency logs.

classmethod get_default() → CertificatePolicy[source]¶

property certificate_transparency: bool | None¶

Whether the certificates generated under this policy should be published to certificate transparency logs.

Returns:: True if the certificates should be published to transparency logs; False otherwise.
Return type:: bool or None

property certificate_type: str | None¶

Type of certificate requested from the issuer provider.

Returns:: Type of certificate requested from the issuer provider.
Return type:: str or None

property content_type: CertificateContentType | None¶

The media type (MIME type).

Returns:: The media type (MIME type).
Return type:: CertificateContentType or None

property created_on: datetime | None¶

The datetime when the certificate is created.

Returns:: The datetime when the certificate is created.
Return type:: datetime or None

property enabled: bool | None¶

Whether the certificate is enabled or not.

Returns:: True if the certificate is enabled; False otherwise.
Return type:: bool or None

property enhanced_key_usage: List[str] | None¶

The enhanced key usage.

Returns:: The enhanced key usage.
Return type:: list[str] or None

property exportable: bool | None¶

Whether the private key can be exported.

Returns:: True if the private key can be exported; False otherwise.
Return type:: bool or None

property issuer_name: str | None¶

Name of the referenced issuer object or reserved names for the issuer of the certificate.

Returns:: Name of the referenced issuer object or reserved names for the issuer of the certificate.
Return type:: str or None

property key_curve_name: KeyCurveName | None¶

Elliptic curve name.

Returns:: Elliptic curve name.
Return type:: KeyCurveName or None

property key_size: int | None¶

The key size in bits.

Returns:: The key size in bits.
Return type:: int or None

property key_type: KeyType | None¶

The type of key pair to be used for the certificate.

Returns:: The type of key pair to be used for the certificate.
Return type:: KeyType or None

property key_usage: List[KeyUsageType] | None¶

List of key usages.

Returns:: List of key usages.
Return type:: list[KeyUsageType] or None

property lifetime_actions: List[LifetimeAction] | None¶

Actions and their triggers that will be performed by Key Vault over the lifetime of the certificate.

Returns:: Actions and their triggers that will be performed by Key Vault over the lifetime of the certificate.
Return type:: list[LifetimeAction] or None

property reuse_key: bool | None¶

Whether the same key pair will be used on certificate renewal.

Returns:: True if the same key pair will be used on certificate renewal; False otherwise.
Return type:: bool or None

property san_dns_names: List[str] | None¶

The subject alternative domain names.

Returns:: The subject alternative domain names, as a list.
Return type:: list[str] or None

property san_emails: List[str] | None¶

The subject alternative email addresses.

Returns:: The subject alternative email addresses, as a list.
Return type:: list[str] or None

property san_user_principal_names: List[str] | None¶

The subject alternative user principal names.

Returns:: The subject alternative user principal names, as a list.
Return type:: list[str] or None

property subject: str | None¶

The subject name of the certificate.

Returns:: The subject name of the certificate.
Return type:: str or None

property updated_on: datetime | None¶

The datetime when the certificate was last updated.

Returns:: The datetime when the certificate was last updated.
Return type:: datetime or None

property validity_in_months: int | None¶

The duration that the certificate is valid for in months.

Returns:: The duration that the certificate is valid for in months.
Return type:: int or None

class azure.keyvault.certificates.CertificatePolicyAction(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)[source]¶

The supported action types for the lifetime of a certificate

capitalize()¶

Return a capitalized version of the string.

More specifically, make the first character have upper case and the rest lower case.

casefold()¶: Return a version of the string suitable for caseless comparisons.

center(width, fillchar=' ', /)¶

Return a centered string of length width.

Padding is done using the specified fill character (default is a space).

count(sub[, start[, end]]) → int¶: Return the number of non-overlapping occurrences of substring sub in string S[start:end]. Optional arguments start and end are interpreted as in slice notation.

encode(encoding='utf-8', errors='strict')¶

Encode the string using the codec registered for encoding.

encoding: The encoding in which to encode the string.
errors: The error handling scheme to use for encoding errors. The default is ‘strict’ meaning that encoding errors raise a UnicodeEncodeError. Other possible values are ‘ignore’, ‘replace’ and ‘xmlcharrefreplace’ as well as any other name registered with codecs.register_error that can handle UnicodeEncodeErrors.

endswith(suffix[, start[, end]]) → bool¶: Return True if S ends with the specified suffix, False otherwise. With optional start, test S beginning at that position. With optional end, stop comparing S at that position. suffix can also be a tuple of strings to try.

expandtabs(tabsize=8)¶

Return a copy where all tab characters are expanded using spaces.

If tabsize is not given, a tab size of 8 characters is assumed.

find(sub[, start[, end]]) → int¶

Return the lowest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Return -1 on failure.

format(*args, **kwargs) → str¶: Return a formatted version of S, using substitutions from args and kwargs. The substitutions are identified by braces (‘{’ and ‘}’).

format_map(mapping) → str¶: Return a formatted version of S, using substitutions from mapping. The substitutions are identified by braces (‘{’ and ‘}’).

index(sub[, start[, end]]) → int¶

Return the lowest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Raises ValueError when the substring is not found.

isalnum()¶

Return True if the string is an alpha-numeric string, False otherwise.

A string is alpha-numeric if all characters in the string are alpha-numeric and there is at least one character in the string.

isalpha()¶

Return True if the string is an alphabetic string, False otherwise.

A string is alphabetic if all characters in the string are alphabetic and there is at least one character in the string.

isascii()¶

Return True if all characters in the string are ASCII, False otherwise.

ASCII characters have code points in the range U+0000-U+007F. Empty string is ASCII too.

isdecimal()¶

Return True if the string is a decimal string, False otherwise.

A string is a decimal string if all characters in the string are decimal and there is at least one character in the string.

isdigit()¶

Return True if the string is a digit string, False otherwise.

A string is a digit string if all characters in the string are digits and there is at least one character in the string.

isidentifier()¶

Return True if the string is a valid Python identifier, False otherwise.

Call keyword.iskeyword(s) to test whether string s is a reserved identifier, such as “def” or “class”.

islower()¶

Return True if the string is a lowercase string, False otherwise.

A string is lowercase if all cased characters in the string are lowercase and there is at least one cased character in the string.

isnumeric()¶

Return True if the string is a numeric string, False otherwise.

A string is numeric if all characters in the string are numeric and there is at least one character in the string.

isprintable()¶

Return True if the string is printable, False otherwise.

A string is printable if all of its characters are considered printable in repr() or if it is empty.

isspace()¶

Return True if the string is a whitespace string, False otherwise.

A string is whitespace if all characters in the string are whitespace and there is at least one character in the string.

istitle()¶

Return True if the string is a title-cased string, False otherwise.

In a title-cased string, upper- and title-case characters may only follow uncased characters and lowercase characters only cased ones.

isupper()¶

Return True if the string is an uppercase string, False otherwise.

A string is uppercase if all cased characters in the string are uppercase and there is at least one cased character in the string.

join(iterable, /)¶

Concatenate any number of strings.

The string whose method is called is inserted in between each given string. The result is returned as a new string.

Example: ‘.’.join([‘ab’, ‘pq’, ‘rs’]) -> ‘ab.pq.rs’

ljust(width, fillchar=' ', /)¶

Return a left-justified string of length width.

Padding is done using the specified fill character (default is a space).

lower()¶: Return a copy of the string converted to lowercase.

lstrip(chars=None, /)¶

Return a copy of the string with leading whitespace removed.

If chars is given and not None, remove characters in chars instead.

static maketrans()¶

Return a translation table usable for str.translate().

If there is only one argument, it must be a dictionary mapping Unicode ordinals (integers) or characters to Unicode ordinals, strings or None. Character keys will be then converted to ordinals. If there are two arguments, they must be strings of equal length, and in the resulting dictionary, each character in x will be mapped to the character at the same position in y. If there is a third argument, it must be a string, whose characters will be mapped to None in the result.

partition(sep, /)¶

Partition the string into three parts using the given separator.

This will search for the separator in the string. If the separator is found, returns a 3-tuple containing the part before the separator, the separator itself, and the part after it.

If the separator is not found, returns a 3-tuple containing the original string and two empty strings.

removeprefix(prefix, /)¶

Return a str with the given prefix string removed if present.

If the string starts with the prefix string, return string[len(prefix):]. Otherwise, return a copy of the original string.

removesuffix(suffix, /)¶

Return a str with the given suffix string removed if present.

If the string ends with the suffix string and that suffix is not empty, return string[:-len(suffix)]. Otherwise, return a copy of the original string.

replace(old, new, count=-1, /)¶

Return a copy with all occurrences of substring old replaced by new.

count
Maximum number of occurrences to replace. -1 (the default value) means replace all occurrences.

If the optional argument count is given, only the first count occurrences are replaced.

rfind(sub[, start[, end]]) → int¶

Return the highest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Return -1 on failure.

rindex(sub[, start[, end]]) → int¶

Return the highest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Raises ValueError when the substring is not found.

rjust(width, fillchar=' ', /)¶

Return a right-justified string of length width.

Padding is done using the specified fill character (default is a space).

rpartition(sep, /)¶

Partition the string into three parts using the given separator.

This will search for the separator in the string, starting at the end. If the separator is found, returns a 3-tuple containing the part before the separator, the separator itself, and the part after it.

If the separator is not found, returns a 3-tuple containing two empty strings and the original string.

rsplit(sep=None, maxsplit=-1)¶

Return a list of the substrings in the string, using sep as the separator string.

sep
The separator used to split the string.

When set to None (the default value), will split on any whitespace character (including n r t f and spaces) and will discard empty strings from the result.

maxsplit
Maximum number of splits. -1 (the default value) means no limit.

Splitting starts at the end of the string and works to the front.

rstrip(chars=None, /)¶

Return a copy of the string with trailing whitespace removed.

If chars is given and not None, remove characters in chars instead.

split(sep=None, maxsplit=-1)¶

Return a list of the substrings in the string, using sep as the separator string.

sep
The separator used to split the string.

When set to None (the default value), will split on any whitespace character (including n r t f and spaces) and will discard empty strings from the result.

maxsplit
Maximum number of splits. -1 (the default value) means no limit.

Splitting starts at the front of the string and works to the end.

Note, str.split() is mainly useful for data that has been intentionally delimited. With natural text that includes punctuation, consider using the regular expression module.

splitlines(keepends=False)¶

Return a list of the lines in the string, breaking at line boundaries.

Line breaks are not included in the resulting list unless keepends is given and true.

startswith(prefix[, start[, end]]) → bool¶: Return True if S starts with the specified prefix, False otherwise. With optional start, test S beginning at that position. With optional end, stop comparing S at that position. prefix can also be a tuple of strings to try.

strip(chars=None, /)¶

Return a copy of the string with leading and trailing whitespace removed.

If chars is given and not None, remove characters in chars instead.

swapcase()¶: Convert uppercase characters to lowercase and lowercase characters to uppercase.

title()¶

Return a version of the string where each word is titlecased.

More specifically, words start with uppercased characters and all remaining cased characters have lower case.

translate(table, /)¶

Replace each character in the string using the given translation table.

table
Translation table, which must be a mapping of Unicode ordinals to Unicode ordinals, strings, or None.

The table must implement lookup/indexing via __getitem__, for instance a dictionary or list. If this operation raises LookupError, the character is left untouched. Characters mapped to None are deleted.

upper()¶: Return a copy of the string converted to uppercase.

zfill(width, /)¶

Pad a numeric string with zeros on the left, to fill a field of the given width.

The string is never truncated.

auto_renew = 'AutoRenew'¶

email_contacts = 'EmailContacts'¶

class azure.keyvault.certificates.CertificateProperties(**kwargs: Any)[source]¶

Certificate properties consists of a certificates metadata.

property created_on: datetime | None¶

The datetime when the certificate is created.

Returns:: A datetime representing the certificate’s creation time.
Return type:: datetime or None

property enabled: bool | None¶

Whether the certificate is enabled or not.

Returns:: True if the certificate is enabled; False otherwise.
Return type:: bool or None

property expires_on: datetime | None¶

The datetime when the certificate expires.

Returns:: A datetime representing the point in time when the certificate expires.
Return type:: datetime or None

property id: str¶

The certificate identifier.

Returns:: The certificate identifier.
Return type:: str

property name: str¶

The name of the certificate.

Returns:: The name of the certificate.
Return type:: str

property not_before: datetime | None¶

The datetime before which the certificate is not valid.

Returns:: A datetime representing the point in time when the certificate becomes valid.
Return type:: datetime or None

property recoverable_days: int | None¶

The number of days the certificate is retained before being deleted from a soft-delete enabled Key Vault.

Returns:: The number of days remaining where the certificate can be restored.
Return type:: int or None

property recovery_level: DeletionRecoveryLevel | None¶

The deletion recovery level currently in effect for the certificate.

Returns:: The deletion recovery level currently in effect for the certificate.
Return type:: models.DeletionRecoveryLevel or None

property tags: Dict[str, str] | None¶

Application specific metadata in the form of key-value pairs.

Returns:: A dictionary of tags attached to the certificate.
Return type:: dict[str, str] or None

property updated_on: datetime | None¶

The datetime when the certificate was last updated.

Returns:: A datetime representing the time of the certificate’s most recent update.
Return type:: datetime or None

property vault_url: str¶

The URL of the vault containing the certificate.

Returns:: The URL of the vault containing the certificate.
Return type:: str

property version: str | None¶

The version of the certificate.

Returns:: The version of the certificate.
Return type:: str or None

property x509_thumbprint: bytes¶

The certificate’s thumbprint, in bytes.

To get the thumbprint as a hexadecimal string, call .hex() on this property.

Returns:: The certificate’s thumbprint, in bytes.
Return type:: bytes

class azure.keyvault.certificates.DeletedCertificate(properties: CertificateProperties | None = None, policy: CertificatePolicy | None = None, cer: bytearray | None = None, **kwargs: Any)[source]¶

A deleted Certificate consisting of its previous ID, attributes, tags, and information on when it will be purged.

Parameters:

properties (CertificateProperties) – Properties of the deleted certificate.
policy (CertificatePolicy or None) – The management policy of the deleted certificate.
cer (bytearray or None) – CER contents of the X509 certificate.

Keyword Arguments:

deleted_on (datetime or None) – The time when the certificate was deleted, in UTC.
recovery_id (str or None) – The url of the recovery object, used to identify and recover the deleted certificate.
scheduled_purge_date (datetime or None) – The time when the certificate is scheduled to be purged, in UTC.

property cer: bytearray | None¶

The CER contents of the certificate.

Returns:: The CER contents of the certificate.
Return type:: bytearray or None

property deleted_on: datetime | None¶

The datetime when the certificate was deleted.

Returns:: The datetime when the certificate was deleted.
Return type:: datetime or None

property id: str | None¶

The certificate identifier.

Returns:: The certificate identifier.
Return type:: str or None

property key_id: str | None¶

The ID of the key associated with the certificate.

Returns:: The ID of the key associated with the certificate.
Return type:: str or None

property name: str | None¶

The name of the certificate.

Returns:: The name of the certificate.
Return type:: str or None

property policy: CertificatePolicy | None¶

The management policy of the certificate.

Returns:: The management policy of the certificate.
Return type:: CertificatePolicy or None

property properties: CertificateProperties | None¶

The certificate’s properties.

Returns:: The certificate’s properties.
Return type:: CertificateProperties or None

property recovery_id: str | None¶

The URL of the recovery object, used to identify and recover the deleted certificate.

Returns:: The URL of the recovery object, used to identify and recover the deleted certificate.
Return type:: str or None

property scheduled_purge_date: datetime | None¶

The datetime when the certificate is scheduled to be purged.

Returns:: The datetime when the certificate is scheduled to be purged.
Return type:: datetime or None

property secret_id: str | None¶

The ID of the secret associated with the certificate.

Returns:: The ID of the secret associated with the certificate.
Return type:: str or None

class azure.keyvault.certificates.IssuerProperties(provider: str | None = None, **kwargs: Any)[source]¶

The properties of an issuer containing the issuer metadata.

Parameters:: provider (str or None) – The issuer provider.

property id: str | None¶

The issuer ID.

Returns:: The issuer ID.
Return type:: str or None

property name: str | None¶

The issuer name.

Returns:: The issuer name.
Return type:: str or None

property provider: str | None¶

The issuer provider.

Returns:: The issuer provider.
Return type:: str or None

class azure.keyvault.certificates.KeyCurveName(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)[source]¶

Supported elliptic curves

capitalize()¶

Return a capitalized version of the string.

More specifically, make the first character have upper case and the rest lower case.

casefold()¶: Return a version of the string suitable for caseless comparisons.

center(width, fillchar=' ', /)¶

Return a centered string of length width.

Padding is done using the specified fill character (default is a space).

count(sub[, start[, end]]) → int¶: Return the number of non-overlapping occurrences of substring sub in string S[start:end]. Optional arguments start and end are interpreted as in slice notation.

encode(encoding='utf-8', errors='strict')¶

Encode the string using the codec registered for encoding.

encoding: The encoding in which to encode the string.
errors: The error handling scheme to use for encoding errors. The default is ‘strict’ meaning that encoding errors raise a UnicodeEncodeError. Other possible values are ‘ignore’, ‘replace’ and ‘xmlcharrefreplace’ as well as any other name registered with codecs.register_error that can handle UnicodeEncodeErrors.

endswith(suffix[, start[, end]]) → bool¶: Return True if S ends with the specified suffix, False otherwise. With optional start, test S beginning at that position. With optional end, stop comparing S at that position. suffix can also be a tuple of strings to try.

expandtabs(tabsize=8)¶

Return a copy where all tab characters are expanded using spaces.

If tabsize is not given, a tab size of 8 characters is assumed.

find(sub[, start[, end]]) → int¶

Return the lowest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Return -1 on failure.

format(*args, **kwargs) → str¶: Return a formatted version of S, using substitutions from args and kwargs. The substitutions are identified by braces (‘{’ and ‘}’).

format_map(mapping) → str¶: Return a formatted version of S, using substitutions from mapping. The substitutions are identified by braces (‘{’ and ‘}’).

index(sub[, start[, end]]) → int¶

Return the lowest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Raises ValueError when the substring is not found.

isalnum()¶

Return True if the string is an alpha-numeric string, False otherwise.

A string is alpha-numeric if all characters in the string are alpha-numeric and there is at least one character in the string.

isalpha()¶

Return True if the string is an alphabetic string, False otherwise.

A string is alphabetic if all characters in the string are alphabetic and there is at least one character in the string.

isascii()¶

Return True if all characters in the string are ASCII, False otherwise.

ASCII characters have code points in the range U+0000-U+007F. Empty string is ASCII too.

isdecimal()¶

Return True if the string is a decimal string, False otherwise.

A string is a decimal string if all characters in the string are decimal and there is at least one character in the string.

isdigit()¶

Return True if the string is a digit string, False otherwise.

A string is a digit string if all characters in the string are digits and there is at least one character in the string.

isidentifier()¶

Return True if the string is a valid Python identifier, False otherwise.

Call keyword.iskeyword(s) to test whether string s is a reserved identifier, such as “def” or “class”.

islower()¶

Return True if the string is a lowercase string, False otherwise.

A string is lowercase if all cased characters in the string are lowercase and there is at least one cased character in the string.

isnumeric()¶

Return True if the string is a numeric string, False otherwise.

A string is numeric if all characters in the string are numeric and there is at least one character in the string.

isprintable()¶

Return True if the string is printable, False otherwise.

A string is printable if all of its characters are considered printable in repr() or if it is empty.

isspace()¶

Return True if the string is a whitespace string, False otherwise.

A string is whitespace if all characters in the string are whitespace and there is at least one character in the string.

istitle()¶

Return True if the string is a title-cased string, False otherwise.

In a title-cased string, upper- and title-case characters may only follow uncased characters and lowercase characters only cased ones.

isupper()¶

Return True if the string is an uppercase string, False otherwise.

A string is uppercase if all cased characters in the string are uppercase and there is at least one cased character in the string.

join(iterable, /)¶

Concatenate any number of strings.

The string whose method is called is inserted in between each given string. The result is returned as a new string.

Example: ‘.’.join([‘ab’, ‘pq’, ‘rs’]) -> ‘ab.pq.rs’

ljust(width, fillchar=' ', /)¶

Return a left-justified string of length width.

Padding is done using the specified fill character (default is a space).

lower()¶: Return a copy of the string converted to lowercase.

lstrip(chars=None, /)¶

Return a copy of the string with leading whitespace removed.

If chars is given and not None, remove characters in chars instead.

static maketrans()¶

Return a translation table usable for str.translate().

If there is only one argument, it must be a dictionary mapping Unicode ordinals (integers) or characters to Unicode ordinals, strings or None. Character keys will be then converted to ordinals. If there are two arguments, they must be strings of equal length, and in the resulting dictionary, each character in x will be mapped to the character at the same position in y. If there is a third argument, it must be a string, whose characters will be mapped to None in the result.

partition(sep, /)¶

Partition the string into three parts using the given separator.

This will search for the separator in the string. If the separator is found, returns a 3-tuple containing the part before the separator, the separator itself, and the part after it.

If the separator is not found, returns a 3-tuple containing the original string and two empty strings.

removeprefix(prefix, /)¶

Return a str with the given prefix string removed if present.

If the string starts with the prefix string, return string[len(prefix):]. Otherwise, return a copy of the original string.

removesuffix(suffix, /)¶

Return a str with the given suffix string removed if present.

If the string ends with the suffix string and that suffix is not empty, return string[:-len(suffix)]. Otherwise, return a copy of the original string.

replace(old, new, count=-1, /)¶

Return a copy with all occurrences of substring old replaced by new.

count
Maximum number of occurrences to replace. -1 (the default value) means replace all occurrences.

If the optional argument count is given, only the first count occurrences are replaced.

rfind(sub[, start[, end]]) → int¶

Return the highest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Return -1 on failure.

rindex(sub[, start[, end]]) → int¶

Return the highest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Raises ValueError when the substring is not found.

rjust(width, fillchar=' ', /)¶

Return a right-justified string of length width.

Padding is done using the specified fill character (default is a space).

rpartition(sep, /)¶

Partition the string into three parts using the given separator.

This will search for the separator in the string, starting at the end. If the separator is found, returns a 3-tuple containing the part before the separator, the separator itself, and the part after it.

If the separator is not found, returns a 3-tuple containing two empty strings and the original string.

rsplit(sep=None, maxsplit=-1)¶

Return a list of the substrings in the string, using sep as the separator string.

sep
The separator used to split the string.

When set to None (the default value), will split on any whitespace character (including n r t f and spaces) and will discard empty strings from the result.

maxsplit
Maximum number of splits. -1 (the default value) means no limit.

Splitting starts at the end of the string and works to the front.

rstrip(chars=None, /)¶

Return a copy of the string with trailing whitespace removed.

If chars is given and not None, remove characters in chars instead.

split(sep=None, maxsplit=-1)¶

Return a list of the substrings in the string, using sep as the separator string.

sep
The separator used to split the string.

When set to None (the default value), will split on any whitespace character (including n r t f and spaces) and will discard empty strings from the result.

maxsplit
Maximum number of splits. -1 (the default value) means no limit.

Splitting starts at the front of the string and works to the end.

Note, str.split() is mainly useful for data that has been intentionally delimited. With natural text that includes punctuation, consider using the regular expression module.

splitlines(keepends=False)¶

Return a list of the lines in the string, breaking at line boundaries.

Line breaks are not included in the resulting list unless keepends is given and true.

startswith(prefix[, start[, end]]) → bool¶: Return True if S starts with the specified prefix, False otherwise. With optional start, test S beginning at that position. With optional end, stop comparing S at that position. prefix can also be a tuple of strings to try.

strip(chars=None, /)¶

Return a copy of the string with leading and trailing whitespace removed.

If chars is given and not None, remove characters in chars instead.

swapcase()¶: Convert uppercase characters to lowercase and lowercase characters to uppercase.

title()¶

Return a version of the string where each word is titlecased.

More specifically, words start with uppercased characters and all remaining cased characters have lower case.

translate(table, /)¶

Replace each character in the string using the given translation table.

table
Translation table, which must be a mapping of Unicode ordinals to Unicode ordinals, strings, or None.

The table must implement lookup/indexing via __getitem__, for instance a dictionary or list. If this operation raises LookupError, the character is left untouched. Characters mapped to None are deleted.

upper()¶: Return a copy of the string converted to uppercase.

zfill(width, /)¶

Pad a numeric string with zeros on the left, to fill a field of the given width.

The string is never truncated.

p_256 = 'P-256'¶: The NIST P-256 elliptic curve, AKA SECG curve SECP256R1.

p_256_k = 'P-256K'¶: The SECG SECP256K1 elliptic curve.

p_384 = 'P-384'¶: The NIST P-384 elliptic curve, AKA SECG curve SECP384R1.

p_521 = 'P-521'¶: The NIST P-521 elliptic curve, AKA SECG curve SECP521R1.

class azure.keyvault.certificates.KeyType(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)[source]¶

Supported key types

capitalize()¶

Return a capitalized version of the string.

More specifically, make the first character have upper case and the rest lower case.

casefold()¶: Return a version of the string suitable for caseless comparisons.

center(width, fillchar=' ', /)¶

Return a centered string of length width.

Padding is done using the specified fill character (default is a space).

count(sub[, start[, end]]) → int¶: Return the number of non-overlapping occurrences of substring sub in string S[start:end]. Optional arguments start and end are interpreted as in slice notation.

encode(encoding='utf-8', errors='strict')¶

Encode the string using the codec registered for encoding.

encoding: The encoding in which to encode the string.
errors: The error handling scheme to use for encoding errors. The default is ‘strict’ meaning that encoding errors raise a UnicodeEncodeError. Other possible values are ‘ignore’, ‘replace’ and ‘xmlcharrefreplace’ as well as any other name registered with codecs.register_error that can handle UnicodeEncodeErrors.

endswith(suffix[, start[, end]]) → bool¶: Return True if S ends with the specified suffix, False otherwise. With optional start, test S beginning at that position. With optional end, stop comparing S at that position. suffix can also be a tuple of strings to try.

expandtabs(tabsize=8)¶

Return a copy where all tab characters are expanded using spaces.

If tabsize is not given, a tab size of 8 characters is assumed.

find(sub[, start[, end]]) → int¶

Return the lowest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Return -1 on failure.

format(*args, **kwargs) → str¶: Return a formatted version of S, using substitutions from args and kwargs. The substitutions are identified by braces (‘{’ and ‘}’).

format_map(mapping) → str¶: Return a formatted version of S, using substitutions from mapping. The substitutions are identified by braces (‘{’ and ‘}’).

index(sub[, start[, end]]) → int¶

Return the lowest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Raises ValueError when the substring is not found.

isalnum()¶

Return True if the string is an alpha-numeric string, False otherwise.

A string is alpha-numeric if all characters in the string are alpha-numeric and there is at least one character in the string.

isalpha()¶

Return True if the string is an alphabetic string, False otherwise.

A string is alphabetic if all characters in the string are alphabetic and there is at least one character in the string.

isascii()¶

Return True if all characters in the string are ASCII, False otherwise.

ASCII characters have code points in the range U+0000-U+007F. Empty string is ASCII too.

isdecimal()¶

Return True if the string is a decimal string, False otherwise.

A string is a decimal string if all characters in the string are decimal and there is at least one character in the string.

isdigit()¶

Return True if the string is a digit string, False otherwise.

A string is a digit string if all characters in the string are digits and there is at least one character in the string.

isidentifier()¶

Return True if the string is a valid Python identifier, False otherwise.

Call keyword.iskeyword(s) to test whether string s is a reserved identifier, such as “def” or “class”.

islower()¶

Return True if the string is a lowercase string, False otherwise.

A string is lowercase if all cased characters in the string are lowercase and there is at least one cased character in the string.

isnumeric()¶

Return True if the string is a numeric string, False otherwise.

A string is numeric if all characters in the string are numeric and there is at least one character in the string.

isprintable()¶

Return True if the string is printable, False otherwise.

A string is printable if all of its characters are considered printable in repr() or if it is empty.

isspace()¶

Return True if the string is a whitespace string, False otherwise.

A string is whitespace if all characters in the string are whitespace and there is at least one character in the string.

istitle()¶

Return True if the string is a title-cased string, False otherwise.

In a title-cased string, upper- and title-case characters may only follow uncased characters and lowercase characters only cased ones.

isupper()¶

Return True if the string is an uppercase string, False otherwise.

A string is uppercase if all cased characters in the string are uppercase and there is at least one cased character in the string.

join(iterable, /)¶

Concatenate any number of strings.

The string whose method is called is inserted in between each given string. The result is returned as a new string.

Example: ‘.’.join([‘ab’, ‘pq’, ‘rs’]) -> ‘ab.pq.rs’

ljust(width, fillchar=' ', /)¶

Return a left-justified string of length width.

Padding is done using the specified fill character (default is a space).

lower()¶: Return a copy of the string converted to lowercase.

lstrip(chars=None, /)¶

Return a copy of the string with leading whitespace removed.

If chars is given and not None, remove characters in chars instead.

static maketrans()¶

Return a translation table usable for str.translate().

If there is only one argument, it must be a dictionary mapping Unicode ordinals (integers) or characters to Unicode ordinals, strings or None. Character keys will be then converted to ordinals. If there are two arguments, they must be strings of equal length, and in the resulting dictionary, each character in x will be mapped to the character at the same position in y. If there is a third argument, it must be a string, whose characters will be mapped to None in the result.

partition(sep, /)¶

Partition the string into three parts using the given separator.

This will search for the separator in the string. If the separator is found, returns a 3-tuple containing the part before the separator, the separator itself, and the part after it.

If the separator is not found, returns a 3-tuple containing the original string and two empty strings.

removeprefix(prefix, /)¶

Return a str with the given prefix string removed if present.

If the string starts with the prefix string, return string[len(prefix):]. Otherwise, return a copy of the original string.

removesuffix(suffix, /)¶

Return a str with the given suffix string removed if present.

If the string ends with the suffix string and that suffix is not empty, return string[:-len(suffix)]. Otherwise, return a copy of the original string.

replace(old, new, count=-1, /)¶

Return a copy with all occurrences of substring old replaced by new.

count
Maximum number of occurrences to replace. -1 (the default value) means replace all occurrences.

If the optional argument count is given, only the first count occurrences are replaced.

rfind(sub[, start[, end]]) → int¶

Return the highest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Return -1 on failure.

rindex(sub[, start[, end]]) → int¶

Return the highest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Raises ValueError when the substring is not found.

rjust(width, fillchar=' ', /)¶

Return a right-justified string of length width.

Padding is done using the specified fill character (default is a space).

rpartition(sep, /)¶

Partition the string into three parts using the given separator.

This will search for the separator in the string, starting at the end. If the separator is found, returns a 3-tuple containing the part before the separator, the separator itself, and the part after it.

If the separator is not found, returns a 3-tuple containing two empty strings and the original string.

rsplit(sep=None, maxsplit=-1)¶

Return a list of the substrings in the string, using sep as the separator string.

sep
The separator used to split the string.

When set to None (the default value), will split on any whitespace character (including n r t f and spaces) and will discard empty strings from the result.

maxsplit
Maximum number of splits. -1 (the default value) means no limit.

Splitting starts at the end of the string and works to the front.

rstrip(chars=None, /)¶

Return a copy of the string with trailing whitespace removed.

If chars is given and not None, remove characters in chars instead.

split(sep=None, maxsplit=-1)¶

Return a list of the substrings in the string, using sep as the separator string.

sep
The separator used to split the string.

When set to None (the default value), will split on any whitespace character (including n r t f and spaces) and will discard empty strings from the result.

maxsplit
Maximum number of splits. -1 (the default value) means no limit.

Splitting starts at the front of the string and works to the end.

Note, str.split() is mainly useful for data that has been intentionally delimited. With natural text that includes punctuation, consider using the regular expression module.

splitlines(keepends=False)¶

Return a list of the lines in the string, breaking at line boundaries.

Line breaks are not included in the resulting list unless keepends is given and true.

startswith(prefix[, start[, end]]) → bool¶: Return True if S starts with the specified prefix, False otherwise. With optional start, test S beginning at that position. With optional end, stop comparing S at that position. prefix can also be a tuple of strings to try.

strip(chars=None, /)¶

Return a copy of the string with leading and trailing whitespace removed.

If chars is given and not None, remove characters in chars instead.

swapcase()¶: Convert uppercase characters to lowercase and lowercase characters to uppercase.

title()¶

Return a version of the string where each word is titlecased.

More specifically, words start with uppercased characters and all remaining cased characters have lower case.

translate(table, /)¶

Replace each character in the string using the given translation table.

table
Translation table, which must be a mapping of Unicode ordinals to Unicode ordinals, strings, or None.

The table must implement lookup/indexing via __getitem__, for instance a dictionary or list. If this operation raises LookupError, the character is left untouched. Characters mapped to None are deleted.

upper()¶: Return a copy of the string converted to uppercase.

zfill(width, /)¶

Pad a numeric string with zeros on the left, to fill a field of the given width.

The string is never truncated.

ec = 'EC'¶: Elliptic Curve

ec_hsm = 'EC-HSM'¶: Elliptic Curve with a private key which is not exportable from the HSM

oct = 'oct'¶: Octet sequence (used to represent symmetric keys)

oct_hsm = 'oct-HSM'¶: Octet sequence with a private key which is not exportable from the HSM

rsa = 'RSA'¶

//tools.ietf.org/html/rfc3447)

Type:: RSA (https

rsa_hsm = 'RSA-HSM'¶: RSA with a private key which is not exportable from the HSM

class azure.keyvault.certificates.KeyUsageType(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)[source]¶

The supported types of key usages

capitalize()¶

Return a capitalized version of the string.

More specifically, make the first character have upper case and the rest lower case.

casefold()¶: Return a version of the string suitable for caseless comparisons.

center(width, fillchar=' ', /)¶

Return a centered string of length width.

Padding is done using the specified fill character (default is a space).

count(sub[, start[, end]]) → int¶: Return the number of non-overlapping occurrences of substring sub in string S[start:end]. Optional arguments start and end are interpreted as in slice notation.

encode(encoding='utf-8', errors='strict')¶

Encode the string using the codec registered for encoding.

encoding: The encoding in which to encode the string.
errors: The error handling scheme to use for encoding errors. The default is ‘strict’ meaning that encoding errors raise a UnicodeEncodeError. Other possible values are ‘ignore’, ‘replace’ and ‘xmlcharrefreplace’ as well as any other name registered with codecs.register_error that can handle UnicodeEncodeErrors.

endswith(suffix[, start[, end]]) → bool¶: Return True if S ends with the specified suffix, False otherwise. With optional start, test S beginning at that position. With optional end, stop comparing S at that position. suffix can also be a tuple of strings to try.

expandtabs(tabsize=8)¶

Return a copy where all tab characters are expanded using spaces.

If tabsize is not given, a tab size of 8 characters is assumed.

find(sub[, start[, end]]) → int¶

Return the lowest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Return -1 on failure.

format(*args, **kwargs) → str¶: Return a formatted version of S, using substitutions from args and kwargs. The substitutions are identified by braces (‘{’ and ‘}’).

format_map(mapping) → str¶: Return a formatted version of S, using substitutions from mapping. The substitutions are identified by braces (‘{’ and ‘}’).

index(sub[, start[, end]]) → int¶

Return the lowest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Raises ValueError when the substring is not found.

isalnum()¶

Return True if the string is an alpha-numeric string, False otherwise.

A string is alpha-numeric if all characters in the string are alpha-numeric and there is at least one character in the string.

isalpha()¶

Return True if the string is an alphabetic string, False otherwise.

A string is alphabetic if all characters in the string are alphabetic and there is at least one character in the string.

isascii()¶

Return True if all characters in the string are ASCII, False otherwise.

ASCII characters have code points in the range U+0000-U+007F. Empty string is ASCII too.

isdecimal()¶

Return True if the string is a decimal string, False otherwise.

A string is a decimal string if all characters in the string are decimal and there is at least one character in the string.

isdigit()¶

Return True if the string is a digit string, False otherwise.

A string is a digit string if all characters in the string are digits and there is at least one character in the string.

isidentifier()¶

Return True if the string is a valid Python identifier, False otherwise.

Call keyword.iskeyword(s) to test whether string s is a reserved identifier, such as “def” or “class”.

islower()¶

Return True if the string is a lowercase string, False otherwise.

A string is lowercase if all cased characters in the string are lowercase and there is at least one cased character in the string.

isnumeric()¶

Return True if the string is a numeric string, False otherwise.

A string is numeric if all characters in the string are numeric and there is at least one character in the string.

isprintable()¶

Return True if the string is printable, False otherwise.

A string is printable if all of its characters are considered printable in repr() or if it is empty.

isspace()¶

Return True if the string is a whitespace string, False otherwise.

A string is whitespace if all characters in the string are whitespace and there is at least one character in the string.

istitle()¶

Return True if the string is a title-cased string, False otherwise.

In a title-cased string, upper- and title-case characters may only follow uncased characters and lowercase characters only cased ones.

isupper()¶

Return True if the string is an uppercase string, False otherwise.

A string is uppercase if all cased characters in the string are uppercase and there is at least one cased character in the string.

join(iterable, /)¶

Concatenate any number of strings.

The string whose method is called is inserted in between each given string. The result is returned as a new string.

Example: ‘.’.join([‘ab’, ‘pq’, ‘rs’]) -> ‘ab.pq.rs’

ljust(width, fillchar=' ', /)¶

Return a left-justified string of length width.

Padding is done using the specified fill character (default is a space).

lower()¶: Return a copy of the string converted to lowercase.

lstrip(chars=None, /)¶

Return a copy of the string with leading whitespace removed.

If chars is given and not None, remove characters in chars instead.

static maketrans()¶

Return a translation table usable for str.translate().

If there is only one argument, it must be a dictionary mapping Unicode ordinals (integers) or characters to Unicode ordinals, strings or None. Character keys will be then converted to ordinals. If there are two arguments, they must be strings of equal length, and in the resulting dictionary, each character in x will be mapped to the character at the same position in y. If there is a third argument, it must be a string, whose characters will be mapped to None in the result.

partition(sep, /)¶

Partition the string into three parts using the given separator.

This will search for the separator in the string. If the separator is found, returns a 3-tuple containing the part before the separator, the separator itself, and the part after it.

If the separator is not found, returns a 3-tuple containing the original string and two empty strings.

removeprefix(prefix, /)¶

Return a str with the given prefix string removed if present.

If the string starts with the prefix string, return string[len(prefix):]. Otherwise, return a copy of the original string.

removesuffix(suffix, /)¶

Return a str with the given suffix string removed if present.

If the string ends with the suffix string and that suffix is not empty, return string[:-len(suffix)]. Otherwise, return a copy of the original string.

replace(old, new, count=-1, /)¶

Return a copy with all occurrences of substring old replaced by new.

count
Maximum number of occurrences to replace. -1 (the default value) means replace all occurrences.

If the optional argument count is given, only the first count occurrences are replaced.

rfind(sub[, start[, end]]) → int¶

Return the highest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Return -1 on failure.

rindex(sub[, start[, end]]) → int¶

Return the highest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Raises ValueError when the substring is not found.

rjust(width, fillchar=' ', /)¶

Return a right-justified string of length width.

Padding is done using the specified fill character (default is a space).

rpartition(sep, /)¶

Partition the string into three parts using the given separator.

This will search for the separator in the string, starting at the end. If the separator is found, returns a 3-tuple containing the part before the separator, the separator itself, and the part after it.

If the separator is not found, returns a 3-tuple containing two empty strings and the original string.

rsplit(sep=None, maxsplit=-1)¶

Return a list of the substrings in the string, using sep as the separator string.

sep
The separator used to split the string.

When set to None (the default value), will split on any whitespace character (including n r t f and spaces) and will discard empty strings from the result.

maxsplit
Maximum number of splits. -1 (the default value) means no limit.

Splitting starts at the end of the string and works to the front.

rstrip(chars=None, /)¶

Return a copy of the string with trailing whitespace removed.

If chars is given and not None, remove characters in chars instead.

split(sep=None, maxsplit=-1)¶

Return a list of the substrings in the string, using sep as the separator string.

sep
The separator used to split the string.

When set to None (the default value), will split on any whitespace character (including n r t f and spaces) and will discard empty strings from the result.

maxsplit
Maximum number of splits. -1 (the default value) means no limit.

Splitting starts at the front of the string and works to the end.

Note, str.split() is mainly useful for data that has been intentionally delimited. With natural text that includes punctuation, consider using the regular expression module.

splitlines(keepends=False)¶

Return a list of the lines in the string, breaking at line boundaries.

Line breaks are not included in the resulting list unless keepends is given and true.

startswith(prefix[, start[, end]]) → bool¶: Return True if S starts with the specified prefix, False otherwise. With optional start, test S beginning at that position. With optional end, stop comparing S at that position. prefix can also be a tuple of strings to try.

strip(chars=None, /)¶

Return a copy of the string with leading and trailing whitespace removed.

If chars is given and not None, remove characters in chars instead.

swapcase()¶: Convert uppercase characters to lowercase and lowercase characters to uppercase.

title()¶

Return a version of the string where each word is titlecased.

More specifically, words start with uppercased characters and all remaining cased characters have lower case.

translate(table, /)¶

Replace each character in the string using the given translation table.

table
Translation table, which must be a mapping of Unicode ordinals to Unicode ordinals, strings, or None.

The table must implement lookup/indexing via __getitem__, for instance a dictionary or list. If this operation raises LookupError, the character is left untouched. Characters mapped to None are deleted.

upper()¶: Return a copy of the string converted to uppercase.

zfill(width, /)¶

Pad a numeric string with zeros on the left, to fill a field of the given width.

The string is never truncated.

crl_sign = 'cRLSign'¶

data_encipherment = 'dataEncipherment'¶

decipher_only = 'decipherOnly'¶

digital_signature = 'digitalSignature'¶

encipher_only = 'encipherOnly'¶

key_agreement = 'keyAgreement'¶

key_cert_sign = 'keyCertSign'¶

key_encipherment = 'keyEncipherment'¶

non_repudiation = 'nonRepudiation'¶

class azure.keyvault.certificates.KeyVaultCertificate(policy: CertificatePolicy | None = None, properties: CertificateProperties | None = None, cer: bytearray | None = None, **kwargs: Any)[source]¶

Consists of a certificate and its attributes

Parameters:

policy (CertificatePolicy or None) – The management policy for the certificate.
properties (CertificateProperties or None) – The certificate’s properties.
cer (bytearray or None) – CER contents of the X509 certificate.

property cer: bytearray | None¶

The CER contents of the certificate.

Returns:: The CER contents of the certificate.
Return type:: bytearray or None

property id: str | None¶

The certificate identifier.

Returns:: The certificate identifier.
Return type:: str or None

property key_id: str | None¶

The ID of the key associated with the certificate.

Returns:: The ID of the key associated with the certificate.
Return type:: str or None

property name: str | None¶

The name of the certificate.

Returns:: The name of the certificate.
Return type:: str or None

property policy: CertificatePolicy | None¶

The management policy of the certificate.

Returns:: The management policy of the certificate.
Return type:: CertificatePolicy or None

property properties: CertificateProperties | None¶

The certificate’s properties.

Returns:: The certificate’s properties.
Return type:: CertificateProperties or None

property secret_id: str | None¶

The ID of the secret associated with the certificate.

Returns:: The ID of the secret associated with the certificate.
Return type:: str or None

class azure.keyvault.certificates.KeyVaultCertificateIdentifier(source_id: str)[source]¶

Information about a KeyVaultCertificate parsed from a certificate ID.

Parameters:: source_id (str) – the full original identifier of a certificate
Raises:: ValueError – if the certificate ID is improperly formatted

Example

Parse a certificate’s ID¶

cert = client.get_certificate(cert_name)
parsed_certificate_id = KeyVaultCertificateIdentifier(cert.id)

print(parsed_certificate_id.name)
print(parsed_certificate_id.vault_url)
print(parsed_certificate_id.version)
print(parsed_certificate_id.source_id)

property name: str¶

property source_id: str¶

property vault_url: str¶

property version: str | None¶

class azure.keyvault.certificates.LifetimeAction(action: str | CertificatePolicyAction | None, lifetime_percentage: int | None = None, days_before_expiry: int | None = None)[source]¶

Action and its trigger that will be performed by certificate Vault over the lifetime of a certificate.

Parameters:

action (str or CertificatePolicyAction or None) – The type of the action. For valid values, see CertificatePolicyAction
lifetime_percentage (int or None) – Percentage of lifetime at which to trigger. Value should be between 1 and 99.
days_before_expiry (int or None) – Days before expiry to attempt renewal. Value should be between 1 and validity_in_months multiplied by 27. I.e., if validity_in_months is 36, then value should be between 1 and 972 (36 * 27).

property action: str | CertificatePolicyAction | None¶

The type of action that will be executed; see CertificatePolicyAction.

Returns:: The type of action that will be executed; see CertificatePolicyAction.
Return type:: str or CertificatePolicyAction or None

property days_before_expiry: int | None¶

Days before expiry to attempt renewal.

Returns:: Days before expiry to attempt renewal.
Return type:: int or None

property lifetime_percentage: int | None¶

Percentage of lifetime at which to trigger.

Returns:: Percentage of lifetime at which to trigger.
Return type:: int or None

class azure.keyvault.certificates.WellKnownIssuerNames(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)[source]¶

Collection of well-known issuer names

capitalize()¶

Return a capitalized version of the string.

More specifically, make the first character have upper case and the rest lower case.

casefold()¶: Return a version of the string suitable for caseless comparisons.

center(width, fillchar=' ', /)¶

Return a centered string of length width.

Padding is done using the specified fill character (default is a space).

count(sub[, start[, end]]) → int¶: Return the number of non-overlapping occurrences of substring sub in string S[start:end]. Optional arguments start and end are interpreted as in slice notation.

encode(encoding='utf-8', errors='strict')¶

Encode the string using the codec registered for encoding.

encoding: The encoding in which to encode the string.
errors: The error handling scheme to use for encoding errors. The default is ‘strict’ meaning that encoding errors raise a UnicodeEncodeError. Other possible values are ‘ignore’, ‘replace’ and ‘xmlcharrefreplace’ as well as any other name registered with codecs.register_error that can handle UnicodeEncodeErrors.

endswith(suffix[, start[, end]]) → bool¶: Return True if S ends with the specified suffix, False otherwise. With optional start, test S beginning at that position. With optional end, stop comparing S at that position. suffix can also be a tuple of strings to try.

expandtabs(tabsize=8)¶

Return a copy where all tab characters are expanded using spaces.

If tabsize is not given, a tab size of 8 characters is assumed.

find(sub[, start[, end]]) → int¶

Return the lowest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Return -1 on failure.

format(*args, **kwargs) → str¶: Return a formatted version of S, using substitutions from args and kwargs. The substitutions are identified by braces (‘{’ and ‘}’).

format_map(mapping) → str¶: Return a formatted version of S, using substitutions from mapping. The substitutions are identified by braces (‘{’ and ‘}’).

index(sub[, start[, end]]) → int¶

Return the lowest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Raises ValueError when the substring is not found.

isalnum()¶

Return True if the string is an alpha-numeric string, False otherwise.

A string is alpha-numeric if all characters in the string are alpha-numeric and there is at least one character in the string.

isalpha()¶

Return True if the string is an alphabetic string, False otherwise.

A string is alphabetic if all characters in the string are alphabetic and there is at least one character in the string.

isascii()¶

Return True if all characters in the string are ASCII, False otherwise.

ASCII characters have code points in the range U+0000-U+007F. Empty string is ASCII too.

isdecimal()¶

Return True if the string is a decimal string, False otherwise.

A string is a decimal string if all characters in the string are decimal and there is at least one character in the string.

isdigit()¶

Return True if the string is a digit string, False otherwise.

A string is a digit string if all characters in the string are digits and there is at least one character in the string.

isidentifier()¶

Return True if the string is a valid Python identifier, False otherwise.

Call keyword.iskeyword(s) to test whether string s is a reserved identifier, such as “def” or “class”.

islower()¶

Return True if the string is a lowercase string, False otherwise.

A string is lowercase if all cased characters in the string are lowercase and there is at least one cased character in the string.

isnumeric()¶

Return True if the string is a numeric string, False otherwise.

A string is numeric if all characters in the string are numeric and there is at least one character in the string.

isprintable()¶

Return True if the string is printable, False otherwise.

A string is printable if all of its characters are considered printable in repr() or if it is empty.

isspace()¶

Return True if the string is a whitespace string, False otherwise.

A string is whitespace if all characters in the string are whitespace and there is at least one character in the string.

istitle()¶

Return True if the string is a title-cased string, False otherwise.

In a title-cased string, upper- and title-case characters may only follow uncased characters and lowercase characters only cased ones.

isupper()¶

Return True if the string is an uppercase string, False otherwise.

A string is uppercase if all cased characters in the string are uppercase and there is at least one cased character in the string.

join(iterable, /)¶

Concatenate any number of strings.

The string whose method is called is inserted in between each given string. The result is returned as a new string.

Example: ‘.’.join([‘ab’, ‘pq’, ‘rs’]) -> ‘ab.pq.rs’

ljust(width, fillchar=' ', /)¶

Return a left-justified string of length width.

Padding is done using the specified fill character (default is a space).

lower()¶: Return a copy of the string converted to lowercase.

lstrip(chars=None, /)¶

Return a copy of the string with leading whitespace removed.

If chars is given and not None, remove characters in chars instead.

static maketrans()¶

Return a translation table usable for str.translate().

If there is only one argument, it must be a dictionary mapping Unicode ordinals (integers) or characters to Unicode ordinals, strings or None. Character keys will be then converted to ordinals. If there are two arguments, they must be strings of equal length, and in the resulting dictionary, each character in x will be mapped to the character at the same position in y. If there is a third argument, it must be a string, whose characters will be mapped to None in the result.

partition(sep, /)¶

Partition the string into three parts using the given separator.

This will search for the separator in the string. If the separator is found, returns a 3-tuple containing the part before the separator, the separator itself, and the part after it.

If the separator is not found, returns a 3-tuple containing the original string and two empty strings.

removeprefix(prefix, /)¶

Return a str with the given prefix string removed if present.

If the string starts with the prefix string, return string[len(prefix):]. Otherwise, return a copy of the original string.

removesuffix(suffix, /)¶

Return a str with the given suffix string removed if present.

If the string ends with the suffix string and that suffix is not empty, return string[:-len(suffix)]. Otherwise, return a copy of the original string.

replace(old, new, count=-1, /)¶

Return a copy with all occurrences of substring old replaced by new.

count
Maximum number of occurrences to replace. -1 (the default value) means replace all occurrences.

If the optional argument count is given, only the first count occurrences are replaced.

rfind(sub[, start[, end]]) → int¶

Return the highest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Return -1 on failure.

rindex(sub[, start[, end]]) → int¶

Return the highest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Raises ValueError when the substring is not found.

rjust(width, fillchar=' ', /)¶

Return a right-justified string of length width.

Padding is done using the specified fill character (default is a space).

rpartition(sep, /)¶

Partition the string into three parts using the given separator.

This will search for the separator in the string, starting at the end. If the separator is found, returns a 3-tuple containing the part before the separator, the separator itself, and the part after it.

If the separator is not found, returns a 3-tuple containing two empty strings and the original string.

rsplit(sep=None, maxsplit=-1)¶

Return a list of the substrings in the string, using sep as the separator string.

sep
The separator used to split the string.

When set to None (the default value), will split on any whitespace character (including n r t f and spaces) and will discard empty strings from the result.

maxsplit
Maximum number of splits. -1 (the default value) means no limit.

Splitting starts at the end of the string and works to the front.

rstrip(chars=None, /)¶

Return a copy of the string with trailing whitespace removed.

If chars is given and not None, remove characters in chars instead.

split(sep=None, maxsplit=-1)¶

Return a list of the substrings in the string, using sep as the separator string.

sep
The separator used to split the string.

When set to None (the default value), will split on any whitespace character (including n r t f and spaces) and will discard empty strings from the result.

maxsplit
Maximum number of splits. -1 (the default value) means no limit.

Splitting starts at the front of the string and works to the end.

Note, str.split() is mainly useful for data that has been intentionally delimited. With natural text that includes punctuation, consider using the regular expression module.

splitlines(keepends=False)¶

Return a list of the lines in the string, breaking at line boundaries.

Line breaks are not included in the resulting list unless keepends is given and true.

startswith(prefix[, start[, end]]) → bool¶: Return True if S starts with the specified prefix, False otherwise. With optional start, test S beginning at that position. With optional end, stop comparing S at that position. prefix can also be a tuple of strings to try.

strip(chars=None, /)¶

Return a copy of the string with leading and trailing whitespace removed.

If chars is given and not None, remove characters in chars instead.

swapcase()¶: Convert uppercase characters to lowercase and lowercase characters to uppercase.

title()¶

Return a version of the string where each word is titlecased.

More specifically, words start with uppercased characters and all remaining cased characters have lower case.

translate(table, /)¶

Replace each character in the string using the given translation table.

table
Translation table, which must be a mapping of Unicode ordinals to Unicode ordinals, strings, or None.

The table must implement lookup/indexing via __getitem__, for instance a dictionary or list. If this operation raises LookupError, the character is left untouched. Characters mapped to None are deleted.

upper()¶: Return a copy of the string converted to uppercase.

zfill(width, /)¶

Pad a numeric string with zeros on the left, to fill a field of the given width.

The string is never truncated.

self = 'Self'¶: Use this issuer for a self-signed certificate

unknown = 'Unknown'¶: If you use this issuer, you must manually get an x509 certificate from the issuer of your choice. You must then call merge_certificate() to merge the public x509 certificate with your key vault certificate pending object to complete creation.

Subpackages¶

azure.keyvault.certificates.aio package
- CertificateClient