azure.keyvault.keys package

class azure.keyvault.keys.ApiVersion(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)

Key Vault API versions supported by this package

capitalize()

Return a capitalized version of the string.

More specifically, make the first character have upper case and the rest lower case.

casefold()

Return a version of the string suitable for caseless comparisons.

center(width, fillchar=' ', /)

Return a centered string of length width.

Padding is done using the specified fill character (default is a space).

count(sub[, start[, end]]) → int

Return the number of non-overlapping occurrences of substring sub in string S[start:end]. Optional arguments start and end are interpreted as in slice notation.

encode(encoding='utf-8', errors='strict')

Encode the string using the codec registered for encoding.

encoding

The encoding in which to encode the string.

errors

The error handling scheme to use for encoding errors. The default is ‘strict’ meaning that encoding errors raise a UnicodeEncodeError. Other possible values are ‘ignore’, ‘replace’ and ‘xmlcharrefreplace’ as well as any other name registered with codecs.register_error that can handle UnicodeEncodeErrors.

endswith(suffix[, start[, end]]) → bool

Return True if S ends with the specified suffix, False otherwise. With optional start, test S beginning at that position. With optional end, stop comparing S at that position. suffix can also be a tuple of strings to try.

expandtabs(tabsize=8)

Return a copy where all tab characters are expanded using spaces.

If tabsize is not given, a tab size of 8 characters is assumed.

find(sub[, start[, end]]) → int

Return the lowest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Return -1 on failure.

format(*args, **kwargs) → str

Return a formatted version of S, using substitutions from args and kwargs. The substitutions are identified by braces (‘{’ and ‘}’).

format_map(mapping) → str

Return a formatted version of S, using substitutions from mapping. The substitutions are identified by braces (‘{’ and ‘}’).

index(sub[, start[, end]]) → int

Return the lowest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Raises ValueError when the substring is not found.

isalnum()

Return True if the string is an alpha-numeric string, False otherwise.

A string is alpha-numeric if all characters in the string are alpha-numeric and there is at least one character in the string.

isalpha()

Return True if the string is an alphabetic string, False otherwise.

A string is alphabetic if all characters in the string are alphabetic and there is at least one character in the string.

isascii()

Return True if all characters in the string are ASCII, False otherwise.

ASCII characters have code points in the range U+0000-U+007F. Empty string is ASCII too.

isdecimal()

Return True if the string is a decimal string, False otherwise.

A string is a decimal string if all characters in the string are decimal and there is at least one character in the string.

isdigit()

Return True if the string is a digit string, False otherwise.

A string is a digit string if all characters in the string are digits and there is at least one character in the string.

isidentifier()

Return True if the string is a valid Python identifier, False otherwise.

Call keyword.iskeyword(s) to test whether string s is a reserved identifier, such as “def” or “class”.

islower()

Return True if the string is a lowercase string, False otherwise.

A string is lowercase if all cased characters in the string are lowercase and there is at least one cased character in the string.

isnumeric()

Return True if the string is a numeric string, False otherwise.

A string is numeric if all characters in the string are numeric and there is at least one character in the string.

isprintable()

Return True if the string is printable, False otherwise.

A string is printable if all of its characters are considered printable in repr() or if it is empty.

isspace()

Return True if the string is a whitespace string, False otherwise.

A string is whitespace if all characters in the string are whitespace and there is at least one character in the string.

istitle()

Return True if the string is a title-cased string, False otherwise.

In a title-cased string, upper- and title-case characters may only follow uncased characters and lowercase characters only cased ones.

isupper()

Return True if the string is an uppercase string, False otherwise.

A string is uppercase if all cased characters in the string are uppercase and there is at least one cased character in the string.

join(iterable, /)

Concatenate any number of strings.

The string whose method is called is inserted in between each given string. The result is returned as a new string.

Example: ‘.’.join([‘ab’, ‘pq’, ‘rs’]) -> ‘ab.pq.rs’

ljust(width, fillchar=' ', /)

Return a left-justified string of length width.

Padding is done using the specified fill character (default is a space).

lower()

Return a copy of the string converted to lowercase.

lstrip(chars=None, /)

Return a copy of the string with leading whitespace removed.

If chars is given and not None, remove characters in chars instead.

static maketrans()

Return a translation table usable for str.translate().

If there is only one argument, it must be a dictionary mapping Unicode ordinals (integers) or characters to Unicode ordinals, strings or None. Character keys will be then converted to ordinals. If there are two arguments, they must be strings of equal length, and in the resulting dictionary, each character in x will be mapped to the character at the same position in y. If there is a third argument, it must be a string, whose characters will be mapped to None in the result.

partition(sep, /)

Partition the string into three parts using the given separator.

This will search for the separator in the string. If the separator is found, returns a 3-tuple containing the part before the separator, the separator itself, and the part after it.

If the separator is not found, returns a 3-tuple containing the original string and two empty strings.

removeprefix(prefix, /)

Return a str with the given prefix string removed if present.

If the string starts with the prefix string, return string[len(prefix):]. Otherwise, return a copy of the original string.

removesuffix(suffix, /)

Return a str with the given suffix string removed if present.

If the string ends with the suffix string and that suffix is not empty, return string[:-len(suffix)]. Otherwise, return a copy of the original string.

replace(old, new, count=-1, /)

Return a copy with all occurrences of substring old replaced by new.

count

Maximum number of occurrences to replace. -1 (the default value) means replace all occurrences.

If the optional argument count is given, only the first count occurrences are replaced.

rfind(sub[, start[, end]]) → int

Return the highest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Return -1 on failure.

rindex(sub[, start[, end]]) → int

Return the highest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Raises ValueError when the substring is not found.

rjust(width, fillchar=' ', /)

Return a right-justified string of length width.

Padding is done using the specified fill character (default is a space).

rpartition(sep, /)

Partition the string into three parts using the given separator.

This will search for the separator in the string, starting at the end. If the separator is found, returns a 3-tuple containing the part before the separator, the separator itself, and the part after it.

If the separator is not found, returns a 3-tuple containing two empty strings and the original string.

rsplit(sep=None, maxsplit=-1)

Return a list of the substrings in the string, using sep as the separator string.

sep

The separator used to split the string.

When set to None (the default value), will split on any whitespace character (including n r t f and spaces) and will discard empty strings from the result.

maxsplit

Maximum number of splits. -1 (the default value) means no limit.

Splitting starts at the end of the string and works to the front.

rstrip(chars=None, /)

Return a copy of the string with trailing whitespace removed.

If chars is given and not None, remove characters in chars instead.

split(sep=None, maxsplit=-1)

Return a list of the substrings in the string, using sep as the separator string.

sep

The separator used to split the string.

When set to None (the default value), will split on any whitespace character (including n r t f and spaces) and will discard empty strings from the result.

maxsplit

Maximum number of splits. -1 (the default value) means no limit.

Splitting starts at the front of the string and works to the end.

Note, str.split() is mainly useful for data that has been intentionally delimited. With natural text that includes punctuation, consider using the regular expression module.

splitlines(keepends=False)

Return a list of the lines in the string, breaking at line boundaries.

Line breaks are not included in the resulting list unless keepends is given and true.

startswith(prefix[, start[, end]]) → bool

Return True if S starts with the specified prefix, False otherwise. With optional start, test S beginning at that position. With optional end, stop comparing S at that position. prefix can also be a tuple of strings to try.

strip(chars=None, /)

Return a copy of the string with leading and trailing whitespace removed.

If chars is given and not None, remove characters in chars instead.

swapcase()

Convert uppercase characters to lowercase and lowercase characters to uppercase.

title()

Return a version of the string where each word is titlecased.

More specifically, words start with uppercased characters and all remaining cased characters have lower case.

translate(table, /)

Replace each character in the string using the given translation table.

table

Translation table, which must be a mapping of Unicode ordinals to Unicode ordinals, strings, or None.

The table must implement lookup/indexing via __getitem__, for instance a dictionary or list. If this operation raises LookupError, the character is left untouched. Characters mapped to None are deleted.

upper()

Return a copy of the string converted to uppercase.

zfill(width, /)

Pad a numeric string with zeros on the left, to fill a field of the given width.

The string is never truncated.

V2016_10_01 = '2016-10-01'

V7_0 = '7.0'

V7_1 = '7.1'

V7_2 = '7.2'

V7_3 = '7.3'

V7_4 = '7.4'

V7_5 = '7.5'

this is the default version

class azure.keyvault.keys.DeletedKey(properties: KeyProperties, deleted_date: datetime | None = None, recovery_id: str | None = None, scheduled_purge_date: datetime | None = None, **kwargs: Any)

A deleted key’s properties, cryptographic material and its deletion information.

If soft-delete is enabled, returns information about its recovery as well.

Parameters:

• properties (KeyProperties) – Properties of the deleted key.

• deleted_date (datetime or None) – When the key was deleted, in UTC.

• recovery_id (str or None) – An identifier used to recover the deleted key. Returns None if soft-delete is disabled.

• scheduled_purge_date (datetime or None) – When the key is scheduled to be purged, in UTC. Returns None if soft-delete is disabled.

property deleted_date: datetime | None

When the key was deleted, in UTC.

Returns:

When the key was deleted, in UTC.

Return type:

datetime or None

property id: str

The key ID.

Returns:

The key ID.

Return type:

str

property key: JsonWebKey

The JSON Web Key (JWK) for the key.

Returns:

The JSON Web Key (JWK) for the key.

Return type:

JsonWebKey

property key_operations: List[str | KeyOperation]

Permitted operations. See KeyOperation for possible values.

Returns:

Permitted operations. See KeyOperation for possible values.

Return type:

List[KeyOperation or str]

property key_type: str | KeyType

The key’s type. See KeyType for possible values.

Returns:

The key’s type. See KeyType for possible values.

Return type:

KeyType or str

property name: str

The key name.

Returns:

The key name.

Return type:

str

property properties: KeyProperties

The key properties.

Returns:

The key properties.

Return type:

KeyProperties

property recovery_id: str | None

An identifier used to recover the deleted key. Returns None if soft-delete is disabled.

Returns:

An identifier used to recover the deleted key. Returns None if soft-delete is disabled.

Return type:

str or None

property scheduled_purge_date: datetime | None

When the key is scheduled to be purged, in UTC. Returns None if soft-delete is disabled.

Returns:

When the key is scheduled to be purged, in UTC. Returns None if soft-delete is disabled.

Return type:

datetime or None

class azure.keyvault.keys.JsonWebKey(**kwargs: Any)

As defined in http://tools.ietf.org/html/draft-ietf-jose-json-web-key-18. All parameters are optional.

Keyword Arguments:

• kid (str) – Key identifier.

• kty (KeyType or str) – Key Type (kty), as defined in https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40

• key_ops (list[str or KeyOperation]) – Allowed operations for the key

• n (bytes) – RSA modulus.

• e (bytes) – RSA public exponent.

• d (bytes) – RSA private exponent, or the D component of an EC private key.

• dp (bytes) – RSA private key parameter.

• dq (bytes) – RSA private key parameter.

• qi (bytes) – RSA private key parameter.

• p (bytes) – RSA secret prime.

• q (bytes) – RSA secret prime, with p < q.

• k (bytes) – Symmetric key.

• t (bytes) – HSM Token, used with ‘Bring Your Own Key’.

• crv (KeyCurveName or str) – Elliptic curve name.

• x (bytes) – X component of an EC public key.

• y (bytes) – Y component of an EC public key.

class azure.keyvault.keys.KeyClient(vault_url: str, credential: TokenCredential, **kwargs: Any)

A high-level interface for managing a vault’s keys.

Parameters:

• vault_url (str) – URL of the vault the client will access. This is also called the vault’s “DNS Name”. You should validate that this URL references a valid Key Vault or Managed HSM resource. See https://aka.ms/azsdk/blog/vault-uri for details.

• credential (TokenCredential) – An object which can provide an access token for the vault, such as a credential from azure.identity

Keyword Arguments:

• api_version (ApiVersion or str) – Version of the service API to use. Defaults to the most recent.

• verify_challenge_resource (bool) – Whether to verify the authentication challenge resource matches the Key Vault or Managed HSM domain. Defaults to True.

Example

Create a new KeyClient

from azure.identity import DefaultAzureCredential
from azure.keyvault.keys import KeyClient

# Create a KeyClient using default Azure credentials
credential = DefaultAzureCredential()
key_client = KeyClient(vault_url, credential)

backup_key(name: str, **kwargs: Any) → bytes

Back up a key in a protected form useable only by Azure Key Vault.

Requires keys/backup permission.

This is intended to allow copying a key from one vault to another. Both vaults must be owned by the same Azure subscription. Also, backup / restore cannot be performed across geopolitical boundaries. For example, a backup from a vault in a USA region cannot be restored to a vault in an EU region.

Parameters:

name (str) – The name of the key to back up

Returns:

The key backup result, in a protected bytes format that can only be used by Azure Key Vault.

Return type:

bytes

Raises:

ResourceNotFoundError or HttpResponseError – the former if the key doesn’t exist; the latter for other errors

Example

Get a key backup

# backup key
key_backup = key_client.backup_key(key_name)

# returns the raw bytes of the backed up key
print(key_backup)

begin_delete_key(name: str, **kwargs: Any) → LROPoller[DeletedKey]

Delete all versions of a key and its cryptographic material.

Requires keys/delete permission. When this method returns Key Vault has begun deleting the key. Deletion may take several seconds in a vault with soft-delete enabled. This method therefore returns a poller enabling you to wait for deletion to complete.

Parameters:

name (str) – The name of the key to delete.

Returns:

A poller for the delete key operation. The poller’s result method returns the DeletedKey without waiting for deletion to complete. If the vault has soft-delete enabled and you want to permanently delete the key with purge_deleted_key(), call the poller’s wait method first. It will block until the deletion is complete. The wait method requires keys/get permission.

Return type:

LROPoller[DeletedKey]

Raises:

ResourceNotFoundError or HttpResponseError – the former if the key doesn’t exist; the latter for other errors

Example

Delete a key

# delete a key
deleted_key_poller = key_client.begin_delete_key(key_name)
deleted_key = deleted_key_poller.result()

print(deleted_key.name)

# if the vault has soft-delete enabled, the key's deleted_date,
# scheduled purge date and recovery id are set
print(deleted_key.deleted_date)
print(deleted_key.scheduled_purge_date)
print(deleted_key.recovery_id)

# if you want to block until deletion is complete, call wait() on the poller
deleted_key_poller.wait()

begin_recover_deleted_key(name: str, **kwargs: Any) → LROPoller[KeyVaultKey]

Recover a deleted key to its latest version. Possible only in a vault with soft-delete enabled.

Requires keys/recover permission.

When this method returns Key Vault has begun recovering the key. Recovery may take several seconds. This method therefore returns a poller enabling you to wait for recovery to complete. Waiting is only necessary when you want to use the recovered key in another operation immediately.

Parameters:

name (str) – The name of the deleted key to recover

Returns:

A poller for the recovery operation. The poller’s result method returns the recovered KeyVaultKey without waiting for recovery to complete. If you want to use the recovered key immediately, call the poller’s wait method, which blocks until the key is ready to use. The wait method requires keys/get permission.

Return type:

LROPoller[KeyVaultKey]

Raises:

HttpResponseError –

Example

Recover a deleted key

# recover a deleted key to its latest version (requires soft-delete enabled for the vault)
recover_key_poller = key_client.begin_recover_deleted_key(key_name)
recovered_key = recover_key_poller.result()
print(recovered_key.id)
print(recovered_key.name)

# if you want to block until key is recovered server-side, call wait() on the poller
recover_key_poller.wait()

close() → None

Close sockets opened by the client.

Calling this method is unnecessary when using the client as a context manager.

create_ec_key(name: str, *, curve: str | KeyCurveName | None = None, key_operations: List[str | KeyOperation] | None = None, hardware_protected: bool | None = False, enabled: bool | None = None, tags: Dict[str, str] | None = None, not_before: datetime | None = None, expires_on: datetime | None = None, exportable: bool | None = None, release_policy: KeyReleasePolicy | None = None, **kwargs: Any) → KeyVaultKey

Create a new elliptic curve key or, if name is already in use, create a new version of the key.

Requires the keys/create permission.

Parameters:

name (str) – The name for the new key.

Keyword Arguments:

• curve (KeyCurveName or str or None) – Elliptic curve name. Defaults to the NIST P-256 elliptic curve.

• key_operations (List[KeyOperation or str] or None) – Allowed key operations

• hardware_protected (bool or None) – Whether the key should be created in a hardware security module. Defaults to False.

• enabled (bool or None) – Whether the key is enabled for use.

• tags (dict[str, str] or None) – Application specific metadata in the form of key-value pairs.

• not_before (datetime or None) – Not before date of the key in UTC

• expires_on (datetime or None) – Expiry date of the key in UTC

• exportable (bool or None) – Whether the private key can be exported.

• release_policy (KeyReleasePolicy or None) – The policy rules under which the key can be exported.

Returns:

The created key

Return type:

KeyVaultKey

Raises:

HttpResponseError –

Example

Create an elliptic curve key

key_curve = "P-256"

# create an EC (Elliptic curve) key with curve specification
# EC key can be created with default curve of 'P-256'
ec_key = key_client.create_ec_key(key_name, curve=key_curve)

print(ec_key.id)
print(ec_key.properties.version)
print(ec_key.key_type)
print(ec_key.key.crv)

create_key(name: str, key_type: str | KeyType, *, size: int | None = None, curve: str | KeyCurveName | None = None, public_exponent: int | None = None, key_operations: List[str | KeyOperation] | None = None, enabled: bool | None = None, tags: Dict[str, str] | None = None, not_before: datetime | None = None, expires_on: datetime | None = None, exportable: bool | None = None, release_policy: KeyReleasePolicy | None = None, **kwargs: Any) → KeyVaultKey

Create a key or, if name is already in use, create a new version of the key.

Requires keys/create permission.

Parameters:

• name (str) – The name of the new key.

• key_type (KeyType or str) – The type of key to create

Keyword Arguments:

• size (int or None) – Key size in bits. Applies only to RSA and symmetric keys. Consider using create_rsa_key() or create_oct_key() instead.

• curve (KeyCurveName or str or None) – Elliptic curve name. Applies only to elliptic curve keys. Defaults to the NIST P-256 elliptic curve. To create an elliptic curve key, consider using create_ec_key() instead.

• public_exponent (int or None) – The RSA public exponent to use. Applies only to RSA keys created in a Managed HSM.

• key_operations (List[KeyOperation or str] or None) – Allowed key operations

• enabled (bool or None) – Whether the key is enabled for use.

• tags (dict[str, str] or None) – Application specific metadata in the form of key-value pairs.

• not_before (datetime or None) – Not before date of the key in UTC

• expires_on (datetime or None) – Expiry date of the key in UTC

• exportable (bool or None) – Whether the private key can be exported.

• release_policy (KeyReleasePolicy or None) – The policy rules under which the key can be exported.

Returns:

The created key

Return type:

KeyVaultKey

Raises:

HttpResponseError –

Example

Create a key

from dateutil import parser as date_parse

expires_on = date_parse.parse("2050-02-02T08:00:00.000Z")

# create a key with optional arguments
key = key_client.create_key(key_name, KeyType.rsa_hsm, expires_on=expires_on)

print(key.name)
print(key.id)
print(key.key_type)
print(key.properties.expires_on)

create_oct_key(name: str, *, size: int | None = None, key_operations: List[str | KeyOperation] | None = None, hardware_protected: bool | None = False, enabled: bool | None = None, tags: Dict[str, str] | None = None, not_before: datetime | None = None, expires_on: datetime | None = None, exportable: bool | None = None, release_policy: KeyReleasePolicy | None = None, **kwargs: Any) → KeyVaultKey

Create a new octet sequence (symmetric) key or, if name is in use, create a new version of the key.

Requires the keys/create permission.

Parameters:

name (str) – The name for the new key.

Keyword Arguments:

• size (int or None) – Key size in bits, for example 128, 192, or 256.

• key_operations (List[KeyOperation or str] or None) – Allowed key operations.

• hardware_protected (bool or None) – Whether the key should be created in a hardware security module. Defaults to False.

• enabled (bool or None) – Whether the key is enabled for use.

• tags (dict[str, str] or None) – Application specific metadata in the form of key-value pairs.

• not_before (datetime or None) – Not before date of the key in UTC

• expires_on (datetime or None) – Expiry date of the key in UTC

• exportable (bool or None) – Whether the key can be exported.

• release_policy (KeyReleasePolicy or None) – The policy rules under which the key can be exported.

Returns:

The created key

Return type:

KeyVaultKey

Raises:

HttpResponseError –

Example

Create an octet sequence (symmetric) key

key = key_client.create_oct_key(key_name, size=256, hardware_protected=True)

print(key.id)
print(key.name)
print(key.key_type)

create_rsa_key(name: str, *, size: int | None = None, public_exponent: int | None = None, hardware_protected: bool | None = False, key_operations: List[str | KeyOperation] | None = None, enabled: bool | None = None, tags: Dict[str, str] | None = None, not_before: datetime | None = None, expires_on: datetime | None = None, exportable: bool | None = None, release_policy: KeyReleasePolicy | None = None, **kwargs: Any) → KeyVaultKey

Create a new RSA key or, if name is already in use, create a new version of the key

Requires the keys/create permission.

Parameters:

name (str) – The name for the new key.

Keyword Arguments:

• size (int or None) – Key size in bits, for example 2048, 3072, or 4096.

• public_exponent (int or None) – The RSA public exponent to use. Applies only to RSA keys created in a Managed HSM.

• hardware_protected (bool or None) – Whether the key should be created in a hardware security module. Defaults to False.

• key_operations (List[KeyOperation or str] or None) – Allowed key operations

• enabled (bool or None) – Whether the key is enabled for use.

• tags (dict[str, str] or None) – Application specific metadata in the form of key-value pairs.

• not_before (datetime or None) – Not before date of the key in UTC

• expires_on (datetime or None) – Expiry date of the key in UTC

• exportable (bool or None) – Whether the private key can be exported.

• release_policy (KeyReleasePolicy or None) – The policy rules under which the key can be exported.

Returns:

The created key

Return type:

KeyVaultKey

Raises:

HttpResponseError –

Example

Create RSA key

key_size = 2048
key_ops = ["encrypt", "decrypt", "sign", "verify", "wrapKey", "unwrapKey"]

# create an rsa key with size specification
# RSA key can be created with default size of '2048'
key = key_client.create_rsa_key(key_name, hardware_protected=True, size=key_size, key_operations=key_ops)

print(key.id)
print(key.name)
print(key.key_type)
print(key.key_operations)

get_cryptography_client(key_name: str, *, key_version: str | None = None, **kwargs) → CryptographyClient

Gets a CryptographyClient for the given key.

Parameters:

key_name (str) – The name of the key used to perform cryptographic operations.

Keyword Arguments:

key_version (str or None) – Optional version of the key used to perform cryptographic operations.

Returns:

A CryptographyClient using the same options, credentials, and HTTP client as this KeyClient.

Return type:

CryptographyClient

get_deleted_key(name: str, **kwargs: Any) → DeletedKey

Get a deleted key. Possible only in a vault with soft-delete enabled.

Requires keys/get permission.

Parameters:

name (str) – The name of the key

Returns:

The deleted key

Return type:

DeletedKey

Raises:

ResourceNotFoundError or HttpResponseError – the former if the key doesn’t exist; the latter for other errors

Example

Get a deleted key

# get a deleted key (requires soft-delete enabled for the vault)
deleted_key = key_client.get_deleted_key(key_name)
print(deleted_key.name)

# if the vault has soft-delete enabled, the key's deleted_date
# scheduled purge date and recovery id are set
print(deleted_key.deleted_date)
print(deleted_key.scheduled_purge_date)
print(deleted_key.recovery_id)

get_key(name: str, version: str | None = None, **kwargs: Any) → KeyVaultKey

Get a key’s attributes and, if it’s an asymmetric key, its public material.

Requires keys/get permission.

Parameters:

• name (str) – The name of the key to get.

• version (str or None) – (optional) A specific version of the key to get. If not specified, gets the latest version of the key.

Returns:

The fetched key.

Return type:

KeyVaultKey

Raises:

ResourceNotFoundError or HttpResponseError – the former if the key doesn’t exist; the latter for other errors

Example

Get a key

# get the latest version of a key
key = key_client.get_key(key_name)

# alternatively, specify a version
key_version = key.properties.version
key = key_client.get_key(key_name, key_version)

print(key.id)
print(key.name)
print(key.properties.version)
print(key.key_type)
print(key.properties.vault_url)

get_key_rotation_policy(key_name: str, **kwargs: Any) → KeyRotationPolicy

Get the rotation policy of a Key Vault key.

Parameters:

key_name (str) – The name of the key.

Returns:

The key rotation policy.

Return type:

KeyRotationPolicy

Raises:

HttpResponseError –

get_random_bytes(count: int, **kwargs: Any) → bytes

Get the requested number of random bytes from a managed HSM.

Parameters:

count (int) – The requested number of random bytes.

Returns:

The random bytes.

Return type:

bytes

Raises:

ValueError or HttpResponseError – the former if less than one random byte is requested; the latter for other errors

Example

Get random bytes

# get eight random bytes from a managed HSM
random_bytes = client.get_random_bytes(count=8)

import_key(name: str, key: JsonWebKey, *, hardware_protected: bool | None = None, enabled: bool | None = None, tags: Dict[str, str] | None = None, not_before: datetime | None = None, expires_on: datetime | None = None, exportable: bool | None = None, release_policy: KeyReleasePolicy | None = None, **kwargs: Any) → KeyVaultKey

Import a key created externally.

Requires keys/import permission. If name is already in use, the key will be imported as a new version.

Parameters:

• name (str) – Name for the imported key

• key (JsonWebKey) – The JSON web key to import

Keyword Arguments:

• hardware_protected (bool or None) – Whether the key should be backed by a hardware security module

• enabled (bool or None) – Whether the key is enabled for use.

• tags (dict[str, str] or None) – Application specific metadata in the form of key-value pairs.

• not_before (datetime or None) – Not before date of the key in UTC

• expires_on (datetime or None) – Expiry date of the key in UTC

• exportable (bool or None) – Whether the private key can be exported.

• release_policy (KeyReleasePolicy or None) – The policy rules under which the key can be exported.

Returns:

The imported key

Return type:

KeyVaultKey

Raises:

HttpResponseError –

list_deleted_keys(**kwargs: Any) → ItemPaged[DeletedKey]

List all deleted keys, including the public part of each. Possible only in a vault with soft-delete enabled.

Requires keys/list permission.

Returns:

An iterator of deleted keys

Return type:

ItemPaged[DeletedKey]

Example

List all the deleted keys

# get an iterator of deleted keys (requires soft-delete enabled for the vault)
deleted_keys = key_client.list_deleted_keys()

for key in deleted_keys:
    print(key.id)
    print(key.name)
    print(key.scheduled_purge_date)
    print(key.recovery_id)
    print(key.deleted_date)

list_properties_of_key_versions(name: str, **kwargs: Any) → ItemPaged[KeyProperties]

List the identifiers and properties of a key’s versions.

Requires keys/list permission.

Parameters:

name (str) – The name of the key

Returns:

An iterator of keys without their cryptographic material

Return type:

ItemPaged[KeyProperties]

Example

List all versions of a key

# get an iterator of a key's versions
key_versions = key_client.list_properties_of_key_versions("key-name")

for key in key_versions:
    print(key.id)
    print(key.name)

list_properties_of_keys(**kwargs: Any) → ItemPaged[KeyProperties]

List identifiers and properties of all keys in the vault.

Requires keys/list permission.

Returns:

An iterator of keys without their cryptographic material or version information

Return type:

ItemPaged[KeyProperties]

Example

List all keys

# get an iterator of keys
keys = key_client.list_properties_of_keys()

for key in keys:
    print(key.id)
    print(key.name)

purge_deleted_key(name: str, **kwargs: Any) → None

Permanently deletes a deleted key. Only possible in a vault with soft-delete enabled.

Performs an irreversible deletion of the specified key, without possibility for recovery. The operation is not available if the recovery_level does not specify ‘Purgeable’. This method is only necessary for purging a key before its scheduled_purge_date.

Requires keys/purge permission.

Parameters:

name (str) – The name of the deleted key to purge

Returns:

None

Raises:

HttpResponseError –

Example

# if the vault has soft-delete enabled, purge permanently deletes a deleted key
# (with soft-delete disabled, begin_delete_key is permanent)
key_client.purge_deleted_key("key-name")

release_key(name: str, target_attestation_token: str, *, version: str | None = None, algorithm: str | KeyExportEncryptionAlgorithm | None = None, nonce: str | None = None, **kwargs: Any) → ReleaseKeyResult

Releases a key.

The release key operation is applicable to all key types. The target key must be marked exportable. This operation requires the keys/release permission.

Parameters:

• name (str) – The name of the key to get.

• target_attestation_token (str) – The attestation assertion for the target of the key release.

Keyword Arguments:

• version (str or None) – A specific version of the key to release. If unspecified, the latest version is released.

• algorithm (str or KeyExportEncryptionAlgorithm or None) – The encryption algorithm to use to protect the released key material.

• nonce (str or None) – A client-provided nonce for freshness.

Returns:

The result of the key release.

Return type:

ReleaseKeyResult

Raises:

HttpResponseError –

restore_key_backup(backup: bytes, **kwargs: Any) → KeyVaultKey

Restore a key backup to the vault.

Requires keys/restore permission.

This imports all versions of the key, with its name, attributes, and access control policies. If the key’s name is already in use, restoring it will fail. Also, the target vault must be owned by the same Microsoft Azure subscription as the source vault.

Parameters:

backup (bytes) – A key backup as returned by backup_key()

Returns:

The restored key

Return type:

KeyVaultKey

Raises:

ResourceExistsError or HttpResponseError – the former if the backed up key’s name is already in use; the latter for other errors

Example

Restore a key backup

# restore a key backup
restored_key = key_client.restore_key_backup(key_backup)
print(restored_key.id)
print(restored_key.properties.version)

rotate_key(name: str, **kwargs: Any) → KeyVaultKey

Rotate the key based on the key policy by generating a new version of the key.

This operation requires the keys/rotate permission.

Parameters:

name (str) – The name of the key to rotate.

Returns:

The new version of the rotated key.

Return type:

KeyVaultKey

Raises:

HttpResponseError –

send_request(request: HttpRequest, *, stream: bool = False, **kwargs: Any) → HttpResponse

Runs a network request using the client’s existing pipeline.

The request URL can be relative to the vault URL. The service API version used for the request is the same as the client’s unless otherwise specified. This method does not raise if the response is an error; to raise an exception, call raise_for_status() on the returned response object. For more information about how to send custom requests with this method, see https://aka.ms/azsdk/dpcodegen/python/send_request.

Parameters:

request (HttpRequest) – The network request you want to make.

Keyword Arguments:

stream (bool) – Whether the response payload will be streamed. Defaults to False.

Returns:

The response of your network call. Does not do error handling on your response.

Return type:

HttpResponse

update_key_properties(name: str, version: str | None = None, *, key_operations: List[str | KeyOperation] | None = None, enabled: bool | None = None, tags: Dict[str, str] | None = None, not_before: datetime | None = None, expires_on: datetime | None = None, release_policy: KeyReleasePolicy | None = None, **kwargs: Any) → KeyVaultKey

Change a key’s properties (not its cryptographic material).

Requires keys/update permission.

Parameters:

• name (str) – The name of key to update

• version (str or None) – (optional) The version of the key to update. If unspecified, the latest version is updated.

Keyword Arguments:

• key_operations (List[KeyOperation or str] or None) – Allowed key operations

• enabled (bool or None) – Whether the key is enabled for use.

• tags (dict[str, str] or None) – Application specific metadata in the form of key-value pairs.

• not_before (datetime or None) – Not before date of the key in UTC

• expires_on (datetime or None) – Expiry date of the key in UTC

• release_policy (KeyReleasePolicy or None) – The policy rules under which the key can be exported.

Returns:

The updated key

Return type:

KeyVaultKey

Raises:

ResourceNotFoundError or HttpResponseError – the former if the key doesn’t exist; the latter for other errors

Example

Update a key’s attributes

# update attributes of an existing key
expires_on = date_parse.parse("2050-01-02T08:00:00.000Z")
tags = {"foo": "updated tag"}
updated_key = key_client.update_key_properties(key.name, expires_on=expires_on, tags=tags)

print(updated_key.properties.version)
print(updated_key.properties.updated_on)
print(updated_key.properties.expires_on)
print(updated_key.properties.tags)
print(key.key_type)

update_key_rotation_policy(key_name: str, policy: KeyRotationPolicy, *, lifetime_actions: List[KeyRotationLifetimeAction] | None = None, expires_in: str | None = None, **kwargs: Any) → KeyRotationPolicy

Updates the rotation policy of a Key Vault key.

This operation requires the keys/update permission.

Parameters:

• key_name (str) – The name of the key in the given vault.

• policy (KeyRotationPolicy) – The new rotation policy for the key.

Keyword Arguments:

• lifetime_actions (List[KeyRotationLifetimeAction]) – Actions that will be performed by Key Vault over the lifetime of a key. This will override the lifetime actions of the provided policy.

• expires_in (str) – The expiry time of the policy that will be applied on new key versions, defined as an ISO 8601 duration. For example: 90 days is “P90D”, 3 months is “P3M”, and 48 hours is “PT48H”. See Wikipedia for more information on ISO 8601 durations. This will override the expiry time of the provided policy.

Returns:

The updated rotation policy.

Return type:

KeyRotationPolicy

Raises:

HttpResponseError –

property vault_url: str

class azure.keyvault.keys.KeyCurveName(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)

Supported elliptic curves

capitalize()

Return a capitalized version of the string.

More specifically, make the first character have upper case and the rest lower case.

casefold()

Return a version of the string suitable for caseless comparisons.

center(width, fillchar=' ', /)

Return a centered string of length width.

Padding is done using the specified fill character (default is a space).

count(sub[, start[, end]]) → int

Return the number of non-overlapping occurrences of substring sub in string S[start:end]. Optional arguments start and end are interpreted as in slice notation.

encode(encoding='utf-8', errors='strict')

Encode the string using the codec registered for encoding.

encoding

The encoding in which to encode the string.

errors

The error handling scheme to use for encoding errors. The default is ‘strict’ meaning that encoding errors raise a UnicodeEncodeError. Other possible values are ‘ignore’, ‘replace’ and ‘xmlcharrefreplace’ as well as any other name registered with codecs.register_error that can handle UnicodeEncodeErrors.

endswith(suffix[, start[, end]]) → bool

Return True if S ends with the specified suffix, False otherwise. With optional start, test S beginning at that position. With optional end, stop comparing S at that position. suffix can also be a tuple of strings to try.

expandtabs(tabsize=8)

Return a copy where all tab characters are expanded using spaces.

If tabsize is not given, a tab size of 8 characters is assumed.

find(sub[, start[, end]]) → int

Return the lowest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Return -1 on failure.

format(*args, **kwargs) → str

Return a formatted version of S, using substitutions from args and kwargs. The substitutions are identified by braces (‘{’ and ‘}’).

format_map(mapping) → str

Return a formatted version of S, using substitutions from mapping. The substitutions are identified by braces (‘{’ and ‘}’).

index(sub[, start[, end]]) → int

Return the lowest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Raises ValueError when the substring is not found.

isalnum()

Return True if the string is an alpha-numeric string, False otherwise.

A string is alpha-numeric if all characters in the string are alpha-numeric and there is at least one character in the string.

isalpha()

Return True if the string is an alphabetic string, False otherwise.

A string is alphabetic if all characters in the string are alphabetic and there is at least one character in the string.

isascii()

Return True if all characters in the string are ASCII, False otherwise.

ASCII characters have code points in the range U+0000-U+007F. Empty string is ASCII too.

isdecimal()

Return True if the string is a decimal string, False otherwise.

A string is a decimal string if all characters in the string are decimal and there is at least one character in the string.

isdigit()

Return True if the string is a digit string, False otherwise.

A string is a digit string if all characters in the string are digits and there is at least one character in the string.

isidentifier()

Return True if the string is a valid Python identifier, False otherwise.

Call keyword.iskeyword(s) to test whether string s is a reserved identifier, such as “def” or “class”.

islower()

Return True if the string is a lowercase string, False otherwise.

A string is lowercase if all cased characters in the string are lowercase and there is at least one cased character in the string.

isnumeric()

Return True if the string is a numeric string, False otherwise.

A string is numeric if all characters in the string are numeric and there is at least one character in the string.

isprintable()

Return True if the string is printable, False otherwise.

A string is printable if all of its characters are considered printable in repr() or if it is empty.

isspace()

Return True if the string is a whitespace string, False otherwise.

A string is whitespace if all characters in the string are whitespace and there is at least one character in the string.

istitle()

Return True if the string is a title-cased string, False otherwise.

In a title-cased string, upper- and title-case characters may only follow uncased characters and lowercase characters only cased ones.

isupper()

Return True if the string is an uppercase string, False otherwise.

A string is uppercase if all cased characters in the string are uppercase and there is at least one cased character in the string.

join(iterable, /)

Concatenate any number of strings.

The string whose method is called is inserted in between each given string. The result is returned as a new string.

Example: ‘.’.join([‘ab’, ‘pq’, ‘rs’]) -> ‘ab.pq.rs’

ljust(width, fillchar=' ', /)

Return a left-justified string of length width.

Padding is done using the specified fill character (default is a space).

lower()

Return a copy of the string converted to lowercase.

lstrip(chars=None, /)

Return a copy of the string with leading whitespace removed.

If chars is given and not None, remove characters in chars instead.

static maketrans()

Return a translation table usable for str.translate().

If there is only one argument, it must be a dictionary mapping Unicode ordinals (integers) or characters to Unicode ordinals, strings or None. Character keys will be then converted to ordinals. If there are two arguments, they must be strings of equal length, and in the resulting dictionary, each character in x will be mapped to the character at the same position in y. If there is a third argument, it must be a string, whose characters will be mapped to None in the result.

partition(sep, /)

Partition the string into three parts using the given separator.

This will search for the separator in the string. If the separator is found, returns a 3-tuple containing the part before the separator, the separator itself, and the part after it.

If the separator is not found, returns a 3-tuple containing the original string and two empty strings.

removeprefix(prefix, /)

Return a str with the given prefix string removed if present.

If the string starts with the prefix string, return string[len(prefix):]. Otherwise, return a copy of the original string.

removesuffix(suffix, /)

Return a str with the given suffix string removed if present.

If the string ends with the suffix string and that suffix is not empty, return string[:-len(suffix)]. Otherwise, return a copy of the original string.

replace(old, new, count=-1, /)

Return a copy with all occurrences of substring old replaced by new.

count

Maximum number of occurrences to replace. -1 (the default value) means replace all occurrences.

If the optional argument count is given, only the first count occurrences are replaced.

rfind(sub[, start[, end]]) → int

Return the highest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Return -1 on failure.

rindex(sub[, start[, end]]) → int

Return the highest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Raises ValueError when the substring is not found.

rjust(width, fillchar=' ', /)

Return a right-justified string of length width.

Padding is done using the specified fill character (default is a space).

rpartition(sep, /)

Partition the string into three parts using the given separator.

This will search for the separator in the string, starting at the end. If the separator is found, returns a 3-tuple containing the part before the separator, the separator itself, and the part after it.

If the separator is not found, returns a 3-tuple containing two empty strings and the original string.

rsplit(sep=None, maxsplit=-1)

Return a list of the substrings in the string, using sep as the separator string.

sep

The separator used to split the string.

When set to None (the default value), will split on any whitespace character (including n r t f and spaces) and will discard empty strings from the result.

maxsplit

Maximum number of splits. -1 (the default value) means no limit.

Splitting starts at the end of the string and works to the front.

rstrip(chars=None, /)

Return a copy of the string with trailing whitespace removed.

If chars is given and not None, remove characters in chars instead.

split(sep=None, maxsplit=-1)

Return a list of the substrings in the string, using sep as the separator string.

sep

The separator used to split the string.

When set to None (the default value), will split on any whitespace character (including n r t f and spaces) and will discard empty strings from the result.

maxsplit

Maximum number of splits. -1 (the default value) means no limit.

Splitting starts at the front of the string and works to the end.

Note, str.split() is mainly useful for data that has been intentionally delimited. With natural text that includes punctuation, consider using the regular expression module.

splitlines(keepends=False)

Return a list of the lines in the string, breaking at line boundaries.

Line breaks are not included in the resulting list unless keepends is given and true.

startswith(prefix[, start[, end]]) → bool

Return True if S starts with the specified prefix, False otherwise. With optional start, test S beginning at that position. With optional end, stop comparing S at that position. prefix can also be a tuple of strings to try.

strip(chars=None, /)

Return a copy of the string with leading and trailing whitespace removed.

If chars is given and not None, remove characters in chars instead.

swapcase()

Convert uppercase characters to lowercase and lowercase characters to uppercase.

title()

Return a version of the string where each word is titlecased.

More specifically, words start with uppercased characters and all remaining cased characters have lower case.

translate(table, /)

Replace each character in the string using the given translation table.

table

Translation table, which must be a mapping of Unicode ordinals to Unicode ordinals, strings, or None.

The table must implement lookup/indexing via __getitem__, for instance a dictionary or list. If this operation raises LookupError, the character is left untouched. Characters mapped to None are deleted.

upper()

Return a copy of the string converted to uppercase.

zfill(width, /)

Pad a numeric string with zeros on the left, to fill a field of the given width.

The string is never truncated.

p_256 = 'P-256'

The NIST P-256 elliptic curve, AKA SECG curve SECP256R1.

p_256_k = 'P-256K'

The SECG SECP256K1 elliptic curve.

p_384 = 'P-384'

The NIST P-384 elliptic curve, AKA SECG curve SECP384R1.

p_521 = 'P-521'

The NIST P-521 elliptic curve, AKA SECG curve SECP521R1.

class azure.keyvault.keys.KeyExportEncryptionAlgorithm(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)

Supported algorithms for protecting exported key material

capitalize()

Return a capitalized version of the string.

More specifically, make the first character have upper case and the rest lower case.

casefold()

Return a version of the string suitable for caseless comparisons.

center(width, fillchar=' ', /)

Return a centered string of length width.

Padding is done using the specified fill character (default is a space).

count(sub[, start[, end]]) → int

Return the number of non-overlapping occurrences of substring sub in string S[start:end]. Optional arguments start and end are interpreted as in slice notation.

encode(encoding='utf-8', errors='strict')

Encode the string using the codec registered for encoding.

encoding

The encoding in which to encode the string.

errors

The error handling scheme to use for encoding errors. The default is ‘strict’ meaning that encoding errors raise a UnicodeEncodeError. Other possible values are ‘ignore’, ‘replace’ and ‘xmlcharrefreplace’ as well as any other name registered with codecs.register_error that can handle UnicodeEncodeErrors.

endswith(suffix[, start[, end]]) → bool

Return True if S ends with the specified suffix, False otherwise. With optional start, test S beginning at that position. With optional end, stop comparing S at that position. suffix can also be a tuple of strings to try.

expandtabs(tabsize=8)

Return a copy where all tab characters are expanded using spaces.

If tabsize is not given, a tab size of 8 characters is assumed.

find(sub[, start[, end]]) → int

Return the lowest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Return -1 on failure.

format(*args, **kwargs) → str

Return a formatted version of S, using substitutions from args and kwargs. The substitutions are identified by braces (‘{’ and ‘}’).

format_map(mapping) → str

Return a formatted version of S, using substitutions from mapping. The substitutions are identified by braces (‘{’ and ‘}’).

index(sub[, start[, end]]) → int

Return the lowest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Raises ValueError when the substring is not found.

isalnum()

Return True if the string is an alpha-numeric string, False otherwise.

A string is alpha-numeric if all characters in the string are alpha-numeric and there is at least one character in the string.

isalpha()

Return True if the string is an alphabetic string, False otherwise.

A string is alphabetic if all characters in the string are alphabetic and there is at least one character in the string.

isascii()

Return True if all characters in the string are ASCII, False otherwise.

ASCII characters have code points in the range U+0000-U+007F. Empty string is ASCII too.

isdecimal()

Return True if the string is a decimal string, False otherwise.

A string is a decimal string if all characters in the string are decimal and there is at least one character in the string.

isdigit()

Return True if the string is a digit string, False otherwise.

A string is a digit string if all characters in the string are digits and there is at least one character in the string.

isidentifier()

Return True if the string is a valid Python identifier, False otherwise.

Call keyword.iskeyword(s) to test whether string s is a reserved identifier, such as “def” or “class”.

islower()

Return True if the string is a lowercase string, False otherwise.

A string is lowercase if all cased characters in the string are lowercase and there is at least one cased character in the string.

isnumeric()

Return True if the string is a numeric string, False otherwise.

A string is numeric if all characters in the string are numeric and there is at least one character in the string.

isprintable()

Return True if the string is printable, False otherwise.

A string is printable if all of its characters are considered printable in repr() or if it is empty.

isspace()

Return True if the string is a whitespace string, False otherwise.

A string is whitespace if all characters in the string are whitespace and there is at least one character in the string.

istitle()

Return True if the string is a title-cased string, False otherwise.

In a title-cased string, upper- and title-case characters may only follow uncased characters and lowercase characters only cased ones.

isupper()

Return True if the string is an uppercase string, False otherwise.

A string is uppercase if all cased characters in the string are uppercase and there is at least one cased character in the string.

join(iterable, /)

Concatenate any number of strings.

The string whose method is called is inserted in between each given string. The result is returned as a new string.

Example: ‘.’.join([‘ab’, ‘pq’, ‘rs’]) -> ‘ab.pq.rs’

ljust(width, fillchar=' ', /)

Return a left-justified string of length width.

Padding is done using the specified fill character (default is a space).

lower()

Return a copy of the string converted to lowercase.

lstrip(chars=None, /)

Return a copy of the string with leading whitespace removed.

If chars is given and not None, remove characters in chars instead.

static maketrans()

Return a translation table usable for str.translate().

If there is only one argument, it must be a dictionary mapping Unicode ordinals (integers) or characters to Unicode ordinals, strings or None. Character keys will be then converted to ordinals. If there are two arguments, they must be strings of equal length, and in the resulting dictionary, each character in x will be mapped to the character at the same position in y. If there is a third argument, it must be a string, whose characters will be mapped to None in the result.

partition(sep, /)

Partition the string into three parts using the given separator.

This will search for the separator in the string. If the separator is found, returns a 3-tuple containing the part before the separator, the separator itself, and the part after it.

If the separator is not found, returns a 3-tuple containing the original string and two empty strings.

removeprefix(prefix, /)

Return a str with the given prefix string removed if present.

If the string starts with the prefix string, return string[len(prefix):]. Otherwise, return a copy of the original string.

removesuffix(suffix, /)

Return a str with the given suffix string removed if present.

If the string ends with the suffix string and that suffix is not empty, return string[:-len(suffix)]. Otherwise, return a copy of the original string.

replace(old, new, count=-1, /)

Return a copy with all occurrences of substring old replaced by new.

count

Maximum number of occurrences to replace. -1 (the default value) means replace all occurrences.

If the optional argument count is given, only the first count occurrences are replaced.

rfind(sub[, start[, end]]) → int

Return the highest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Return -1 on failure.

rindex(sub[, start[, end]]) → int

Return the highest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Raises ValueError when the substring is not found.

rjust(width, fillchar=' ', /)

Return a right-justified string of length width.

Padding is done using the specified fill character (default is a space).

rpartition(sep, /)

Partition the string into three parts using the given separator.

This will search for the separator in the string, starting at the end. If the separator is found, returns a 3-tuple containing the part before the separator, the separator itself, and the part after it.

If the separator is not found, returns a 3-tuple containing two empty strings and the original string.

rsplit(sep=None, maxsplit=-1)

Return a list of the substrings in the string, using sep as the separator string.

sep

The separator used to split the string.

When set to None (the default value), will split on any whitespace character (including n r t f and spaces) and will discard empty strings from the result.

maxsplit

Maximum number of splits. -1 (the default value) means no limit.

Splitting starts at the end of the string and works to the front.

rstrip(chars=None, /)

Return a copy of the string with trailing whitespace removed.

If chars is given and not None, remove characters in chars instead.

split(sep=None, maxsplit=-1)

Return a list of the substrings in the string, using sep as the separator string.

sep

The separator used to split the string.

When set to None (the default value), will split on any whitespace character (including n r t f and spaces) and will discard empty strings from the result.

maxsplit

Maximum number of splits. -1 (the default value) means no limit.

Splitting starts at the front of the string and works to the end.

Note, str.split() is mainly useful for data that has been intentionally delimited. With natural text that includes punctuation, consider using the regular expression module.

splitlines(keepends=False)

Return a list of the lines in the string, breaking at line boundaries.

Line breaks are not included in the resulting list unless keepends is given and true.

startswith(prefix[, start[, end]]) → bool

Return True if S starts with the specified prefix, False otherwise. With optional start, test S beginning at that position. With optional end, stop comparing S at that position. prefix can also be a tuple of strings to try.

strip(chars=None, /)

Return a copy of the string with leading and trailing whitespace removed.

If chars is given and not None, remove characters in chars instead.

swapcase()

Convert uppercase characters to lowercase and lowercase characters to uppercase.

title()

Return a version of the string where each word is titlecased.

More specifically, words start with uppercased characters and all remaining cased characters have lower case.

translate(table, /)

Replace each character in the string using the given translation table.

table

Translation table, which must be a mapping of Unicode ordinals to Unicode ordinals, strings, or None.

The table must implement lookup/indexing via __getitem__, for instance a dictionary or list. If this operation raises LookupError, the character is left untouched. Characters mapped to None are deleted.

upper()

Return a copy of the string converted to uppercase.

zfill(width, /)

Pad a numeric string with zeros on the left, to fill a field of the given width.

The string is never truncated.

ckm_rsa_aes_key_wrap = 'CKM_RSA_AES_KEY_WRAP'

rsa_aes_key_wrap_256 = 'RSA_AES_KEY_WRAP_256'

rsa_aes_key_wrap_384 = 'RSA_AES_KEY_WRAP_384'

class azure.keyvault.keys.KeyOperation(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)

Supported key operations

capitalize()

Return a capitalized version of the string.

More specifically, make the first character have upper case and the rest lower case.

casefold()

Return a version of the string suitable for caseless comparisons.

center(width, fillchar=' ', /)

Return a centered string of length width.

Padding is done using the specified fill character (default is a space).

count(sub[, start[, end]]) → int

Return the number of non-overlapping occurrences of substring sub in string S[start:end]. Optional arguments start and end are interpreted as in slice notation.

encode(encoding='utf-8', errors='strict')

Encode the string using the codec registered for encoding.

encoding

The encoding in which to encode the string.

errors

The error handling scheme to use for encoding errors. The default is ‘strict’ meaning that encoding errors raise a UnicodeEncodeError. Other possible values are ‘ignore’, ‘replace’ and ‘xmlcharrefreplace’ as well as any other name registered with codecs.register_error that can handle UnicodeEncodeErrors.

endswith(suffix[, start[, end]]) → bool

Return True if S ends with the specified suffix, False otherwise. With optional start, test S beginning at that position. With optional end, stop comparing S at that position. suffix can also be a tuple of strings to try.

expandtabs(tabsize=8)

Return a copy where all tab characters are expanded using spaces.

If tabsize is not given, a tab size of 8 characters is assumed.

find(sub[, start[, end]]) → int

Return the lowest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Return -1 on failure.

format(*args, **kwargs) → str

Return a formatted version of S, using substitutions from args and kwargs. The substitutions are identified by braces (‘{’ and ‘}’).

format_map(mapping) → str

Return a formatted version of S, using substitutions from mapping. The substitutions are identified by braces (‘{’ and ‘}’).

index(sub[, start[, end]]) → int

Return the lowest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Raises ValueError when the substring is not found.

isalnum()

Return True if the string is an alpha-numeric string, False otherwise.

A string is alpha-numeric if all characters in the string are alpha-numeric and there is at least one character in the string.

isalpha()

Return True if the string is an alphabetic string, False otherwise.

A string is alphabetic if all characters in the string are alphabetic and there is at least one character in the string.

isascii()

Return True if all characters in the string are ASCII, False otherwise.

ASCII characters have code points in the range U+0000-U+007F. Empty string is ASCII too.

isdecimal()

Return True if the string is a decimal string, False otherwise.

A string is a decimal string if all characters in the string are decimal and there is at least one character in the string.

isdigit()

Return True if the string is a digit string, False otherwise.

A string is a digit string if all characters in the string are digits and there is at least one character in the string.

isidentifier()

Return True if the string is a valid Python identifier, False otherwise.

Call keyword.iskeyword(s) to test whether string s is a reserved identifier, such as “def” or “class”.

islower()

Return True if the string is a lowercase string, False otherwise.

A string is lowercase if all cased characters in the string are lowercase and there is at least one cased character in the string.

isnumeric()

Return True if the string is a numeric string, False otherwise.

A string is numeric if all characters in the string are numeric and there is at least one character in the string.

isprintable()

Return True if the string is printable, False otherwise.

A string is printable if all of its characters are considered printable in repr() or if it is empty.

isspace()

Return True if the string is a whitespace string, False otherwise.

A string is whitespace if all characters in the string are whitespace and there is at least one character in the string.

istitle()

Return True if the string is a title-cased string, False otherwise.

In a title-cased string, upper- and title-case characters may only follow uncased characters and lowercase characters only cased ones.

isupper()

Return True if the string is an uppercase string, False otherwise.

A string is uppercase if all cased characters in the string are uppercase and there is at least one cased character in the string.

join(iterable, /)

Concatenate any number of strings.

The string whose method is called is inserted in between each given string. The result is returned as a new string.

Example: ‘.’.join([‘ab’, ‘pq’, ‘rs’]) -> ‘ab.pq.rs’

ljust(width, fillchar=' ', /)

Return a left-justified string of length width.

Padding is done using the specified fill character (default is a space).

lower()

Return a copy of the string converted to lowercase.

lstrip(chars=None, /)

Return a copy of the string with leading whitespace removed.

If chars is given and not None, remove characters in chars instead.

static maketrans()

Return a translation table usable for str.translate().

If there is only one argument, it must be a dictionary mapping Unicode ordinals (integers) or characters to Unicode ordinals, strings or None. Character keys will be then converted to ordinals. If there are two arguments, they must be strings of equal length, and in the resulting dictionary, each character in x will be mapped to the character at the same position in y. If there is a third argument, it must be a string, whose characters will be mapped to None in the result.

partition(sep, /)

Partition the string into three parts using the given separator.

This will search for the separator in the string. If the separator is found, returns a 3-tuple containing the part before the separator, the separator itself, and the part after it.

If the separator is not found, returns a 3-tuple containing the original string and two empty strings.

removeprefix(prefix, /)

Return a str with the given prefix string removed if present.

If the string starts with the prefix string, return string[len(prefix):]. Otherwise, return a copy of the original string.

removesuffix(suffix, /)

Return a str with the given suffix string removed if present.

If the string ends with the suffix string and that suffix is not empty, return string[:-len(suffix)]. Otherwise, return a copy of the original string.

replace(old, new, count=-1, /)

Return a copy with all occurrences of substring old replaced by new.

count

Maximum number of occurrences to replace. -1 (the default value) means replace all occurrences.

If the optional argument count is given, only the first count occurrences are replaced.

rfind(sub[, start[, end]]) → int

Return the highest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Return -1 on failure.

rindex(sub[, start[, end]]) → int

Return the highest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Raises ValueError when the substring is not found.

rjust(width, fillchar=' ', /)

Return a right-justified string of length width.

Padding is done using the specified fill character (default is a space).

rpartition(sep, /)

Partition the string into three parts using the given separator.

This will search for the separator in the string, starting at the end. If the separator is found, returns a 3-tuple containing the part before the separator, the separator itself, and the part after it.

If the separator is not found, returns a 3-tuple containing two empty strings and the original string.

rsplit(sep=None, maxsplit=-1)

Return a list of the substrings in the string, using sep as the separator string.

sep

The separator used to split the string.

When set to None (the default value), will split on any whitespace character (including n r t f and spaces) and will discard empty strings from the result.

maxsplit

Maximum number of splits. -1 (the default value) means no limit.

Splitting starts at the end of the string and works to the front.

rstrip(chars=None, /)

Return a copy of the string with trailing whitespace removed.

If chars is given and not None, remove characters in chars instead.

split(sep=None, maxsplit=-1)

Return a list of the substrings in the string, using sep as the separator string.

sep

The separator used to split the string.

When set to None (the default value), will split on any whitespace character (including n r t f and spaces) and will discard empty strings from the result.

maxsplit

Maximum number of splits. -1 (the default value) means no limit.

Splitting starts at the front of the string and works to the end.

Note, str.split() is mainly useful for data that has been intentionally delimited. With natural text that includes punctuation, consider using the regular expression module.

splitlines(keepends=False)

Return a list of the lines in the string, breaking at line boundaries.

Line breaks are not included in the resulting list unless keepends is given and true.

startswith(prefix[, start[, end]]) → bool

Return True if S starts with the specified prefix, False otherwise. With optional start, test S beginning at that position. With optional end, stop comparing S at that position. prefix can also be a tuple of strings to try.

strip(chars=None, /)

Return a copy of the string with leading and trailing whitespace removed.

If chars is given and not None, remove characters in chars instead.

swapcase()

Convert uppercase characters to lowercase and lowercase characters to uppercase.

title()

Return a version of the string where each word is titlecased.

More specifically, words start with uppercased characters and all remaining cased characters have lower case.

translate(table, /)

Replace each character in the string using the given translation table.

table

Translation table, which must be a mapping of Unicode ordinals to Unicode ordinals, strings, or None.

The table must implement lookup/indexing via __getitem__, for instance a dictionary or list. If this operation raises LookupError, the character is left untouched. Characters mapped to None are deleted.

upper()

Return a copy of the string converted to uppercase.

zfill(width, /)

Pad a numeric string with zeros on the left, to fill a field of the given width.

The string is never truncated.

decrypt = 'decrypt'

encrypt = 'encrypt'

export = 'export'

import_key = 'import'

sign = 'sign'

unwrap_key = 'unwrapKey'

verify = 'verify'

wrap_key = 'wrapKey'

class azure.keyvault.keys.KeyProperties(key_id: str, attributes: _models.KeyAttributes | None = None, **kwargs: Any)

A key’s ID and attributes.

Parameters:

• key_id (str) – The key ID.

• attributes (KeyAttributes) – The key attributes.

Keyword Arguments:

• managed (bool) – Whether the key’s lifetime is managed by Key Vault.

• tags (dict[str, str] or None) – Application specific metadata in the form of key-value pairs.

• release_policy (KeyReleasePolicy or None) – The azure.keyvault.keys.KeyReleasePolicy specifying the rules under which the key can be exported.

property created_on: datetime | None

When the key was created, in UTC.

Returns:

When the key was created, in UTC.

Return type:

datetime or None

property enabled: bool | None

Whether the key is enabled for use.

Returns:

True if the key is enabled for use; False otherwise.

Return type:

bool or None

property expires_on: datetime | None

When the key will expire, in UTC.

Returns:

When the key will expire, in UTC.

Return type:

datetime or None

property exportable: bool | None

Whether the private key can be exported.

Returns:

True if the private key can be exported; False otherwise.

Return type:

bool or None

property hsm_platform: str | None

The underlying HSM platform.

Returns:

The underlying HSM platform.

Return type:

str or None

property id: str

The key ID.

Returns:

The key ID.

Return type:

str

property managed: bool | None

Whether the key’s lifetime is managed by Key Vault. If the key backs a certificate, this will be true.

Returns:

True if the key’s lifetime is managed by Key Vault; False otherwise.

Return type:

bool or None

property name: str

The key name.

Returns:

The key name.

Return type:

str

property not_before: datetime | None

The time before which the key can not be used, in UTC.

Returns:

The time before which the key can not be used, in UTC.

Return type:

datetime or None

property recoverable_days: int | None

The number of days the key is retained before being deleted from a soft-delete enabled Key Vault.

Returns:

The number of days the key is retained before being deleted from a soft-delete enabled Key Vault.

Return type:

int or None

property recovery_level: str | None

The vault’s deletion recovery level for keys.

Returns:

The vault’s deletion recovery level for keys.

Return type:

str or None

property release_policy: KeyReleasePolicy | None

The KeyReleasePolicy specifying the rules under which the key can be exported.

Returns:

The key’s release policy specifying the rules for exporting.

Return type:

KeyReleasePolicy or None

property tags: Dict[str, str]

Application specific metadata in the form of key-value pairs.

Returns:

A dictionary of tags attached to the key.

Return type:

dict[str, str]

property updated_on: datetime | None

When the key was last updated, in UTC.

Returns:

When the key was last updated, in UTC.

Return type:

datetime or None

property vault_url: str

URL of the vault containing the key.

Returns:

URL of the vault containing the key.

Return type:

str

property version: str | None

The key version.

Returns:

The key version.

Return type:

str or None

class azure.keyvault.keys.KeyReleasePolicy(encoded_policy: bytes, **kwargs: Any)

The policy rules under which a key can be exported.

Parameters:

encoded_policy (bytes) – The policy rules under which the key can be released. Encoded based on the content_type. For more information regarding release policy grammar, please refer to: https://aka.ms/policygrammarkeys for Azure Key Vault; https://aka.ms/policygrammarmhsm for Azure Managed HSM.

Keyword Arguments:

• content_type (str) – Content type and version of the release policy. Defaults to “application/json; charset=utf-8” if omitted.

• immutable (bool) – Marks a release policy as immutable. An immutable release policy cannot be changed or updated after being marked immutable. Release policies are mutable by default.

class azure.keyvault.keys.KeyRotationLifetimeAction(action: KeyRotationPolicyAction | str, **kwargs: Any)

An action and its corresponding trigger that will be performed by Key Vault over the lifetime of a key.

Parameters:

action (KeyRotationPolicyAction or str) – The action that will be executed.

Keyword Arguments:

• time_after_create (str or None) –

  Time after creation to attempt the specified action, as an ISO 8601 duration. For example, 90 days is “P90D”. See Wikipedia for more information on ISO 8601 durations.

• time_before_expiry (str or None) –

  Time before expiry to attempt the specified action, as an ISO 8601 duration. For example, 90 days is “P90D”. See Wikipedia for more information on ISO 8601 durations.

class azure.keyvault.keys.KeyRotationPolicy(**kwargs: Any)

The key rotation policy that belongs to a key.

Variables:

• id (str or None) – The identifier of the key rotation policy.

• lifetime_actions (list[KeyRotationLifetimeAction]) – Actions that will be performed by Key Vault over the lifetime of a key.

• expires_in (str or None) –

  The expiry time of the policy that will be applied on new key versions, defined as an ISO 8601 duration. For example, 90 days is “P90D”. See Wikipedia for more information on ISO 8601 durations.

• created_on (datetime or None) – When the policy was created, in UTC

• updated_on (datetime or None) – When the policy was last updated, in UTC

class azure.keyvault.keys.KeyRotationPolicyAction(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)

The action that will be executed in a key rotation policy

capitalize()

Return a capitalized version of the string.

More specifically, make the first character have upper case and the rest lower case.

casefold()

Return a version of the string suitable for caseless comparisons.

center(width, fillchar=' ', /)

Return a centered string of length width.

Padding is done using the specified fill character (default is a space).

count(sub[, start[, end]]) → int

Return the number of non-overlapping occurrences of substring sub in string S[start:end]. Optional arguments start and end are interpreted as in slice notation.

encode(encoding='utf-8', errors='strict')

Encode the string using the codec registered for encoding.

encoding

The encoding in which to encode the string.

errors

The error handling scheme to use for encoding errors. The default is ‘strict’ meaning that encoding errors raise a UnicodeEncodeError. Other possible values are ‘ignore’, ‘replace’ and ‘xmlcharrefreplace’ as well as any other name registered with codecs.register_error that can handle UnicodeEncodeErrors.

endswith(suffix[, start[, end]]) → bool

Return True if S ends with the specified suffix, False otherwise. With optional start, test S beginning at that position. With optional end, stop comparing S at that position. suffix can also be a tuple of strings to try.

expandtabs(tabsize=8)

Return a copy where all tab characters are expanded using spaces.

If tabsize is not given, a tab size of 8 characters is assumed.

find(sub[, start[, end]]) → int

Return the lowest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Return -1 on failure.

format(*args, **kwargs) → str

Return a formatted version of S, using substitutions from args and kwargs. The substitutions are identified by braces (‘{’ and ‘}’).

format_map(mapping) → str

Return a formatted version of S, using substitutions from mapping. The substitutions are identified by braces (‘{’ and ‘}’).

index(sub[, start[, end]]) → int

Return the lowest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Raises ValueError when the substring is not found.

isalnum()

Return True if the string is an alpha-numeric string, False otherwise.

A string is alpha-numeric if all characters in the string are alpha-numeric and there is at least one character in the string.

isalpha()

Return True if the string is an alphabetic string, False otherwise.

A string is alphabetic if all characters in the string are alphabetic and there is at least one character in the string.

isascii()

Return True if all characters in the string are ASCII, False otherwise.

ASCII characters have code points in the range U+0000-U+007F. Empty string is ASCII too.

isdecimal()

Return True if the string is a decimal string, False otherwise.

A string is a decimal string if all characters in the string are decimal and there is at least one character in the string.

isdigit()

Return True if the string is a digit string, False otherwise.

A string is a digit string if all characters in the string are digits and there is at least one character in the string.

isidentifier()

Return True if the string is a valid Python identifier, False otherwise.

Call keyword.iskeyword(s) to test whether string s is a reserved identifier, such as “def” or “class”.

islower()

Return True if the string is a lowercase string, False otherwise.

A string is lowercase if all cased characters in the string are lowercase and there is at least one cased character in the string.

isnumeric()

Return True if the string is a numeric string, False otherwise.

A string is numeric if all characters in the string are numeric and there is at least one character in the string.

isprintable()

Return True if the string is printable, False otherwise.

A string is printable if all of its characters are considered printable in repr() or if it is empty.

isspace()

Return True if the string is a whitespace string, False otherwise.

A string is whitespace if all characters in the string are whitespace and there is at least one character in the string.

istitle()

Return True if the string is a title-cased string, False otherwise.

In a title-cased string, upper- and title-case characters may only follow uncased characters and lowercase characters only cased ones.

isupper()

Return True if the string is an uppercase string, False otherwise.

A string is uppercase if all cased characters in the string are uppercase and there is at least one cased character in the string.

join(iterable, /)

Concatenate any number of strings.

The string whose method is called is inserted in between each given string. The result is returned as a new string.

Example: ‘.’.join([‘ab’, ‘pq’, ‘rs’]) -> ‘ab.pq.rs’

ljust(width, fillchar=' ', /)

Return a left-justified string of length width.

Padding is done using the specified fill character (default is a space).

lower()

Return a copy of the string converted to lowercase.

lstrip(chars=None, /)

Return a copy of the string with leading whitespace removed.

If chars is given and not None, remove characters in chars instead.

static maketrans()

Return a translation table usable for str.translate().

If there is only one argument, it must be a dictionary mapping Unicode ordinals (integers) or characters to Unicode ordinals, strings or None. Character keys will be then converted to ordinals. If there are two arguments, they must be strings of equal length, and in the resulting dictionary, each character in x will be mapped to the character at the same position in y. If there is a third argument, it must be a string, whose characters will be mapped to None in the result.

partition(sep, /)

Partition the string into three parts using the given separator.

This will search for the separator in the string. If the separator is found, returns a 3-tuple containing the part before the separator, the separator itself, and the part after it.

If the separator is not found, returns a 3-tuple containing the original string and two empty strings.

removeprefix(prefix, /)

Return a str with the given prefix string removed if present.

If the string starts with the prefix string, return string[len(prefix):]. Otherwise, return a copy of the original string.

removesuffix(suffix, /)

Return a str with the given suffix string removed if present.

If the string ends with the suffix string and that suffix is not empty, return string[:-len(suffix)]. Otherwise, return a copy of the original string.

replace(old, new, count=-1, /)

Return a copy with all occurrences of substring old replaced by new.

count

Maximum number of occurrences to replace. -1 (the default value) means replace all occurrences.

If the optional argument count is given, only the first count occurrences are replaced.

rfind(sub[, start[, end]]) → int

Return the highest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Return -1 on failure.

rindex(sub[, start[, end]]) → int

Return the highest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Raises ValueError when the substring is not found.

rjust(width, fillchar=' ', /)

Return a right-justified string of length width.

Padding is done using the specified fill character (default is a space).

rpartition(sep, /)

Partition the string into three parts using the given separator.

This will search for the separator in the string, starting at the end. If the separator is found, returns a 3-tuple containing the part before the separator, the separator itself, and the part after it.

If the separator is not found, returns a 3-tuple containing two empty strings and the original string.

rsplit(sep=None, maxsplit=-1)

Return a list of the substrings in the string, using sep as the separator string.

sep

The separator used to split the string.

When set to None (the default value), will split on any whitespace character (including n r t f and spaces) and will discard empty strings from the result.

maxsplit

Maximum number of splits. -1 (the default value) means no limit.

Splitting starts at the end of the string and works to the front.

rstrip(chars=None, /)

Return a copy of the string with trailing whitespace removed.

If chars is given and not None, remove characters in chars instead.

split(sep=None, maxsplit=-1)

Return a list of the substrings in the string, using sep as the separator string.

sep

The separator used to split the string.

When set to None (the default value), will split on any whitespace character (including n r t f and spaces) and will discard empty strings from the result.

maxsplit

Maximum number of splits. -1 (the default value) means no limit.

Splitting starts at the front of the string and works to the end.

Note, str.split() is mainly useful for data that has been intentionally delimited. With natural text that includes punctuation, consider using the regular expression module.

splitlines(keepends=False)

Return a list of the lines in the string, breaking at line boundaries.

Line breaks are not included in the resulting list unless keepends is given and true.

startswith(prefix[, start[, end]]) → bool

Return True if S starts with the specified prefix, False otherwise. With optional start, test S beginning at that position. With optional end, stop comparing S at that position. prefix can also be a tuple of strings to try.

strip(chars=None, /)

Return a copy of the string with leading and trailing whitespace removed.

If chars is given and not None, remove characters in chars instead.

swapcase()

Convert uppercase characters to lowercase and lowercase characters to uppercase.

title()

Return a version of the string where each word is titlecased.

More specifically, words start with uppercased characters and all remaining cased characters have lower case.

translate(table, /)

Replace each character in the string using the given translation table.

table

Translation table, which must be a mapping of Unicode ordinals to Unicode ordinals, strings, or None.

The table must implement lookup/indexing via __getitem__, for instance a dictionary or list. If this operation raises LookupError, the character is left untouched. Characters mapped to None are deleted.

upper()

Return a copy of the string converted to uppercase.

zfill(width, /)

Pad a numeric string with zeros on the left, to fill a field of the given width.

The string is never truncated.

notify = 'Notify'

Trigger Event Grid events.

rotate = 'Rotate'

Rotate the key based on the key policy.

class azure.keyvault.keys.KeyType(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)

Supported key types

capitalize()

Return a capitalized version of the string.

More specifically, make the first character have upper case and the rest lower case.

casefold()

Return a version of the string suitable for caseless comparisons.

center(width, fillchar=' ', /)

Return a centered string of length width.

Padding is done using the specified fill character (default is a space).

count(sub[, start[, end]]) → int

Return the number of non-overlapping occurrences of substring sub in string S[start:end]. Optional arguments start and end are interpreted as in slice notation.

encode(encoding='utf-8', errors='strict')

Encode the string using the codec registered for encoding.

encoding

The encoding in which to encode the string.

errors

The error handling scheme to use for encoding errors. The default is ‘strict’ meaning that encoding errors raise a UnicodeEncodeError. Other possible values are ‘ignore’, ‘replace’ and ‘xmlcharrefreplace’ as well as any other name registered with codecs.register_error that can handle UnicodeEncodeErrors.

endswith(suffix[, start[, end]]) → bool

Return True if S ends with the specified suffix, False otherwise. With optional start, test S beginning at that position. With optional end, stop comparing S at that position. suffix can also be a tuple of strings to try.

expandtabs(tabsize=8)

Return a copy where all tab characters are expanded using spaces.

If tabsize is not given, a tab size of 8 characters is assumed.

find(sub[, start[, end]]) → int

Return the lowest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Return -1 on failure.

format(*args, **kwargs) → str

Return a formatted version of S, using substitutions from args and kwargs. The substitutions are identified by braces (‘{’ and ‘}’).

format_map(mapping) → str

Return a formatted version of S, using substitutions from mapping. The substitutions are identified by braces (‘{’ and ‘}’).

index(sub[, start[, end]]) → int

Return the lowest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Raises ValueError when the substring is not found.

isalnum()

Return True if the string is an alpha-numeric string, False otherwise.

A string is alpha-numeric if all characters in the string are alpha-numeric and there is at least one character in the string.

isalpha()

Return True if the string is an alphabetic string, False otherwise.

A string is alphabetic if all characters in the string are alphabetic and there is at least one character in the string.

isascii()

Return True if all characters in the string are ASCII, False otherwise.

ASCII characters have code points in the range U+0000-U+007F. Empty string is ASCII too.

isdecimal()

Return True if the string is a decimal string, False otherwise.

A string is a decimal string if all characters in the string are decimal and there is at least one character in the string.

isdigit()

Return True if the string is a digit string, False otherwise.

A string is a digit string if all characters in the string are digits and there is at least one character in the string.

isidentifier()

Return True if the string is a valid Python identifier, False otherwise.

Call keyword.iskeyword(s) to test whether string s is a reserved identifier, such as “def” or “class”.

islower()

Return True if the string is a lowercase string, False otherwise.

A string is lowercase if all cased characters in the string are lowercase and there is at least one cased character in the string.

isnumeric()

Return True if the string is a numeric string, False otherwise.

A string is numeric if all characters in the string are numeric and there is at least one character in the string.

isprintable()

Return True if the string is printable, False otherwise.

A string is printable if all of its characters are considered printable in repr() or if it is empty.

isspace()

Return True if the string is a whitespace string, False otherwise.

A string is whitespace if all characters in the string are whitespace and there is at least one character in the string.

istitle()

Return True if the string is a title-cased string, False otherwise.

In a title-cased string, upper- and title-case characters may only follow uncased characters and lowercase characters only cased ones.

isupper()

Return True if the string is an uppercase string, False otherwise.

A string is uppercase if all cased characters in the string are uppercase and there is at least one cased character in the string.

join(iterable, /)

Concatenate any number of strings.

The string whose method is called is inserted in between each given string. The result is returned as a new string.

Example: ‘.’.join([‘ab’, ‘pq’, ‘rs’]) -> ‘ab.pq.rs’

ljust(width, fillchar=' ', /)

Return a left-justified string of length width.

Padding is done using the specified fill character (default is a space).

lower()

Return a copy of the string converted to lowercase.

lstrip(chars=None, /)

Return a copy of the string with leading whitespace removed.

If chars is given and not None, remove characters in chars instead.

static maketrans()

Return a translation table usable for str.translate().

If there is only one argument, it must be a dictionary mapping Unicode ordinals (integers) or characters to Unicode ordinals, strings or None. Character keys will be then converted to ordinals. If there are two arguments, they must be strings of equal length, and in the resulting dictionary, each character in x will be mapped to the character at the same position in y. If there is a third argument, it must be a string, whose characters will be mapped to None in the result.

partition(sep, /)

Partition the string into three parts using the given separator.

This will search for the separator in the string. If the separator is found, returns a 3-tuple containing the part before the separator, the separator itself, and the part after it.

If the separator is not found, returns a 3-tuple containing the original string and two empty strings.

removeprefix(prefix, /)

Return a str with the given prefix string removed if present.

If the string starts with the prefix string, return string[len(prefix):]. Otherwise, return a copy of the original string.

removesuffix(suffix, /)

Return a str with the given suffix string removed if present.

If the string ends with the suffix string and that suffix is not empty, return string[:-len(suffix)]. Otherwise, return a copy of the original string.

replace(old, new, count=-1, /)

Return a copy with all occurrences of substring old replaced by new.

count

Maximum number of occurrences to replace. -1 (the default value) means replace all occurrences.

If the optional argument count is given, only the first count occurrences are replaced.

rfind(sub[, start[, end]]) → int

Return the highest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Return -1 on failure.

rindex(sub[, start[, end]]) → int

Return the highest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Raises ValueError when the substring is not found.

rjust(width, fillchar=' ', /)

Return a right-justified string of length width.

Padding is done using the specified fill character (default is a space).

rpartition(sep, /)

Partition the string into three parts using the given separator.

This will search for the separator in the string, starting at the end. If the separator is found, returns a 3-tuple containing the part before the separator, the separator itself, and the part after it.

If the separator is not found, returns a 3-tuple containing two empty strings and the original string.

rsplit(sep=None, maxsplit=-1)

Return a list of the substrings in the string, using sep as the separator string.

sep

The separator used to split the string.

When set to None (the default value), will split on any whitespace character (including n r t f and spaces) and will discard empty strings from the result.

maxsplit

Maximum number of splits. -1 (the default value) means no limit.

Splitting starts at the end of the string and works to the front.

rstrip(chars=None, /)

Return a copy of the string with trailing whitespace removed.

If chars is given and not None, remove characters in chars instead.

split(sep=None, maxsplit=-1)

Return a list of the substrings in the string, using sep as the separator string.

sep

The separator used to split the string.

When set to None (the default value), will split on any whitespace character (including n r t f and spaces) and will discard empty strings from the result.

maxsplit

Maximum number of splits. -1 (the default value) means no limit.

Splitting starts at the front of the string and works to the end.

Note, str.split() is mainly useful for data that has been intentionally delimited. With natural text that includes punctuation, consider using the regular expression module.

splitlines(keepends=False)

Return a list of the lines in the string, breaking at line boundaries.

Line breaks are not included in the resulting list unless keepends is given and true.

startswith(prefix[, start[, end]]) → bool

Return True if S starts with the specified prefix, False otherwise. With optional start, test S beginning at that position. With optional end, stop comparing S at that position. prefix can also be a tuple of strings to try.

strip(chars=None, /)

Return a copy of the string with leading and trailing whitespace removed.

If chars is given and not None, remove characters in chars instead.

swapcase()

Convert uppercase characters to lowercase and lowercase characters to uppercase.

title()

Return a version of the string where each word is titlecased.

More specifically, words start with uppercased characters and all remaining cased characters have lower case.

translate(table, /)

Replace each character in the string using the given translation table.

table

Translation table, which must be a mapping of Unicode ordinals to Unicode ordinals, strings, or None.

The table must implement lookup/indexing via __getitem__, for instance a dictionary or list. If this operation raises LookupError, the character is left untouched. Characters mapped to None are deleted.

upper()

Return a copy of the string converted to uppercase.

zfill(width, /)

Pad a numeric string with zeros on the left, to fill a field of the given width.

The string is never truncated.

ec = 'EC'

Elliptic Curve

ec_hsm = 'EC-HSM'

Elliptic Curve with a private key which is not exportable from the HSM

oct = 'oct'

Octet sequence (used to represent symmetric keys)

oct_hsm = 'oct-HSM'

Octet sequence with a private key which is not exportable from the HSM

rsa = 'RSA'

//tools.ietf.org/html/rfc3447)

Type:

RSA (https

rsa_hsm = 'RSA-HSM'

RSA with a private key which is not exportable from the HSM

class azure.keyvault.keys.KeyVaultKey(key_id: str, jwk: Dict[str, Any] | None = None, **kwargs)

A key’s attributes and cryptographic material.

Parameters:

• key_id (str) – Key Vault’s identifier for the key. Typically a URI, e.g. https://myvault.vault.azure.net/keys/my-key/version

• jwk (Dict[str, Any]) – The key’s cryptographic material as a JSON Web Key (https://tools.ietf.org/html/rfc7517). This may be provided as a dictionary or keyword arguments. See JsonWebKey for field names.

Providing cryptographic material as keyword arguments:

from azure.keyvault.keys.models import KeyVaultKey

key_id = 'https://myvault.vault.azure.net/keys/my-key/my-key-version'
key_bytes = os.urandom(32)
key = KeyVaultKey(key_id, k=key_bytes, kty='oct', key_ops=['unwrapKey', 'wrapKey'])

Providing cryptographic material as a dictionary:

from azure.keyvault.keys.models import KeyVaultKey

key_id = 'https://myvault.vault.azure.net/keys/my-key/my-key-version'
key_bytes = os.urandom(32)
jwk = {'k': key_bytes, 'kty': 'oct', 'key_ops': ['unwrapKey', 'wrapKey']}
key = KeyVaultKey(key_id, jwk=jwk)

property id: str

The key ID.

Returns:

The key ID.

Return type:

str

property key: JsonWebKey

The JSON Web Key (JWK) for the key.

Returns:

The JSON Web Key (JWK) for the key.

Return type:

JsonWebKey

property key_operations: List[str | KeyOperation]

Permitted operations. See KeyOperation for possible values.

Returns:

Permitted operations. See KeyOperation for possible values.

Return type:

List[KeyOperation or str]

property key_type: str | KeyType

The key’s type. See KeyType for possible values.

Returns:

The key’s type. See KeyType for possible values.

Return type:

KeyType or str

property name: str

The key name.

Returns:

The key name.

Return type:

str

property properties: KeyProperties

The key properties.

Returns:

The key properties.

Return type:

KeyProperties

class azure.keyvault.keys.KeyVaultKeyIdentifier(source_id: str)

Information about a KeyVaultKey parsed from a key ID.

Parameters:

source_id (str) – The full original identifier of a key

Raises:

ValueError – if the key ID is improperly formatted

Example

Parse a key’s ID

key = client.get_key(key_name)
parsed_key_id = KeyVaultKeyIdentifier(key.id)

print(parsed_key_id.name)
print(parsed_key_id.vault_url)
print(parsed_key_id.version)
print(parsed_key_id.source_id)

property name: str

property source_id: str

property vault_url: str

property version: str | None

class azure.keyvault.keys.ReleaseKeyResult(value: str)

The result of a key release operation.

Variables:

value (str) – A signed token containing the released key.

Parameters:

value (str) – A signed token containing the released key.

Subpackages

• azure.keyvault.keys.aio package
  • KeyClient
    • KeyClient.backup_key()
    • KeyClient.close()
    • KeyClient.create_ec_key()
    • KeyClient.create_key()
    • KeyClient.create_oct_key()
    • KeyClient.create_rsa_key()
    • KeyClient.delete_key()
    • KeyClient.get_cryptography_client()
    • KeyClient.get_deleted_key()
    • KeyClient.get_key()
    • KeyClient.get_key_rotation_policy()
    • KeyClient.get_random_bytes()
    • KeyClient.import_key()
    • KeyClient.list_deleted_keys()
    • KeyClient.list_properties_of_key_versions()
    • KeyClient.list_properties_of_keys()
    • KeyClient.purge_deleted_key()
    • KeyClient.recover_deleted_key()
    • KeyClient.release_key()
    • KeyClient.restore_key_backup()
    • KeyClient.rotate_key()
    • KeyClient.send_request()
    • KeyClient.update_key_properties()
    • KeyClient.update_key_rotation_policy()
    • KeyClient.vault_url
• azure.keyvault.keys.crypto package
  • CryptographyClient
    • CryptographyClient.close()
    • CryptographyClient.create_rsa_private_key()
    • CryptographyClient.create_rsa_public_key()
    • CryptographyClient.decrypt()
    • CryptographyClient.encrypt()
    • CryptographyClient.from_jwk()
    • CryptographyClient.send_request()
    • CryptographyClient.sign()
    • CryptographyClient.unwrap_key()
    • CryptographyClient.verify()
    • CryptographyClient.wrap_key()
    • CryptographyClient.key_id
    • CryptographyClient.vault_url
  • DecryptResult
  • EncryptResult
  • EncryptionAlgorithm
    • EncryptionAlgorithm.capitalize()
    • EncryptionAlgorithm.casefold()
    • EncryptionAlgorithm.center()
    • EncryptionAlgorithm.count()
    • EncryptionAlgorithm.encode()
    • EncryptionAlgorithm.endswith()
    • EncryptionAlgorithm.expandtabs()
    • EncryptionAlgorithm.find()
    • EncryptionAlgorithm.format()
    • EncryptionAlgorithm.format_map()
    • EncryptionAlgorithm.index()
    • EncryptionAlgorithm.isalnum()
    • EncryptionAlgorithm.isalpha()
    • EncryptionAlgorithm.isascii()
    • EncryptionAlgorithm.isdecimal()
    • EncryptionAlgorithm.isdigit()
    • EncryptionAlgorithm.isidentifier()
    • EncryptionAlgorithm.islower()
    • EncryptionAlgorithm.isnumeric()
    • EncryptionAlgorithm.isprintable()
    • EncryptionAlgorithm.isspace()
    • EncryptionAlgorithm.istitle()
    • EncryptionAlgorithm.isupper()
    • EncryptionAlgorithm.join()
    • EncryptionAlgorithm.ljust()
    • EncryptionAlgorithm.lower()
    • EncryptionAlgorithm.lstrip()
    • EncryptionAlgorithm.maketrans()
    • EncryptionAlgorithm.partition()
    • EncryptionAlgorithm.removeprefix()
    • EncryptionAlgorithm.removesuffix()
    • EncryptionAlgorithm.replace()
    • EncryptionAlgorithm.rfind()
    • EncryptionAlgorithm.rindex()
    • EncryptionAlgorithm.rjust()
    • EncryptionAlgorithm.rpartition()
    • EncryptionAlgorithm.rsplit()
    • EncryptionAlgorithm.rstrip()
    • EncryptionAlgorithm.split()
    • EncryptionAlgorithm.splitlines()
    • EncryptionAlgorithm.startswith()
    • EncryptionAlgorithm.strip()
    • EncryptionAlgorithm.swapcase()
    • EncryptionAlgorithm.title()
    • EncryptionAlgorithm.translate()
    • EncryptionAlgorithm.upper()
    • EncryptionAlgorithm.zfill()
    • EncryptionAlgorithm.a128_cbc
    • EncryptionAlgorithm.a128_cbcpad
    • EncryptionAlgorithm.a128_gcm
    • EncryptionAlgorithm.a192_cbc
    • EncryptionAlgorithm.a192_cbcpad
    • EncryptionAlgorithm.a192_gcm
    • EncryptionAlgorithm.a256_cbc
    • EncryptionAlgorithm.a256_cbcpad
    • EncryptionAlgorithm.a256_gcm
    • EncryptionAlgorithm.rsa1_5
    • EncryptionAlgorithm.rsa_oaep
    • EncryptionAlgorithm.rsa_oaep_256
  • KeyVaultRSAPrivateKey
    • KeyVaultRSAPrivateKey.decrypt()
    • KeyVaultRSAPrivateKey.private_bytes()
    • KeyVaultRSAPrivateKey.private_numbers()
    • KeyVaultRSAPrivateKey.public_key()
    • KeyVaultRSAPrivateKey.sign()
    • KeyVaultRSAPrivateKey.signer()
    • KeyVaultRSAPrivateKey.key_size
  • KeyVaultRSAPublicKey
    • KeyVaultRSAPublicKey.encrypt()
    • KeyVaultRSAPublicKey.public_bytes()
    • KeyVaultRSAPublicKey.public_numbers()
    • KeyVaultRSAPublicKey.recover_data_from_signature()
    • KeyVaultRSAPublicKey.verifier()
    • KeyVaultRSAPublicKey.verify()
    • KeyVaultRSAPublicKey.key_size
  • KeyWrapAlgorithm
    • KeyWrapAlgorithm.capitalize()
    • KeyWrapAlgorithm.casefold()
    • KeyWrapAlgorithm.center()
    • KeyWrapAlgorithm.count()
    • KeyWrapAlgorithm.encode()
    • KeyWrapAlgorithm.endswith()
    • KeyWrapAlgorithm.expandtabs()
    • KeyWrapAlgorithm.find()
    • KeyWrapAlgorithm.format()
    • KeyWrapAlgorithm.format_map()
    • KeyWrapAlgorithm.index()
    • KeyWrapAlgorithm.isalnum()
    • KeyWrapAlgorithm.isalpha()
    • KeyWrapAlgorithm.isascii()
    • KeyWrapAlgorithm.isdecimal()
    • KeyWrapAlgorithm.isdigit()
    • KeyWrapAlgorithm.isidentifier()
    • KeyWrapAlgorithm.islower()
    • KeyWrapAlgorithm.isnumeric()
    • KeyWrapAlgorithm.isprintable()
    • KeyWrapAlgorithm.isspace()
    • KeyWrapAlgorithm.istitle()
    • KeyWrapAlgorithm.isupper()
    • KeyWrapAlgorithm.join()
    • KeyWrapAlgorithm.ljust()
    • KeyWrapAlgorithm.lower()
    • KeyWrapAlgorithm.lstrip()
    • KeyWrapAlgorithm.maketrans()
    • KeyWrapAlgorithm.partition()
    • KeyWrapAlgorithm.removeprefix()
    • KeyWrapAlgorithm.removesuffix()
    • KeyWrapAlgorithm.replace()
    • KeyWrapAlgorithm.rfind()
    • KeyWrapAlgorithm.rindex()
    • KeyWrapAlgorithm.rjust()
    • KeyWrapAlgorithm.rpartition()
    • KeyWrapAlgorithm.rsplit()
    • KeyWrapAlgorithm.rstrip()
    • KeyWrapAlgorithm.split()
    • KeyWrapAlgorithm.splitlines()
    • KeyWrapAlgorithm.startswith()
    • KeyWrapAlgorithm.strip()
    • KeyWrapAlgorithm.swapcase()
    • KeyWrapAlgorithm.title()
    • KeyWrapAlgorithm.translate()
    • KeyWrapAlgorithm.upper()
    • KeyWrapAlgorithm.zfill()
    • KeyWrapAlgorithm.aes_128
    • KeyWrapAlgorithm.aes_192
    • KeyWrapAlgorithm.aes_256
    • KeyWrapAlgorithm.rsa1_5
    • KeyWrapAlgorithm.rsa_oaep
    • KeyWrapAlgorithm.rsa_oaep_256
  • SignResult
  • SignatureAlgorithm
    • SignatureAlgorithm.capitalize()
    • SignatureAlgorithm.casefold()
    • SignatureAlgorithm.center()
    • SignatureAlgorithm.count()
    • SignatureAlgorithm.encode()
    • SignatureAlgorithm.endswith()
    • SignatureAlgorithm.expandtabs()
    • SignatureAlgorithm.find()
    • SignatureAlgorithm.format()
    • SignatureAlgorithm.format_map()
    • SignatureAlgorithm.index()
    • SignatureAlgorithm.isalnum()
    • SignatureAlgorithm.isalpha()
    • SignatureAlgorithm.isascii()
    • SignatureAlgorithm.isdecimal()
    • SignatureAlgorithm.isdigit()
    • SignatureAlgorithm.isidentifier()
    • SignatureAlgorithm.islower()
    • SignatureAlgorithm.isnumeric()
    • SignatureAlgorithm.isprintable()
    • SignatureAlgorithm.isspace()
    • SignatureAlgorithm.istitle()
    • SignatureAlgorithm.isupper()
    • SignatureAlgorithm.join()
    • SignatureAlgorithm.ljust()
    • SignatureAlgorithm.lower()
    • SignatureAlgorithm.lstrip()
    • SignatureAlgorithm.maketrans()
    • SignatureAlgorithm.partition()
    • SignatureAlgorithm.removeprefix()
    • SignatureAlgorithm.removesuffix()
    • SignatureAlgorithm.replace()
    • SignatureAlgorithm.rfind()
    • SignatureAlgorithm.rindex()
    • SignatureAlgorithm.rjust()
    • SignatureAlgorithm.rpartition()
    • SignatureAlgorithm.rsplit()
    • SignatureAlgorithm.rstrip()
    • SignatureAlgorithm.split()
    • SignatureAlgorithm.splitlines()
    • SignatureAlgorithm.startswith()
    • SignatureAlgorithm.strip()
    • SignatureAlgorithm.swapcase()
    • SignatureAlgorithm.title()
    • SignatureAlgorithm.translate()
    • SignatureAlgorithm.upper()
    • SignatureAlgorithm.zfill()
    • SignatureAlgorithm.es256
    • SignatureAlgorithm.es256_k
    • SignatureAlgorithm.es384
    • SignatureAlgorithm.es512
    • SignatureAlgorithm.ps256
    • SignatureAlgorithm.ps384
    • SignatureAlgorithm.ps512
    • SignatureAlgorithm.rs256
    • SignatureAlgorithm.rs384
    • SignatureAlgorithm.rs512
  • UnwrapResult
  • VerifyResult
  • WrapResult
  • Subpackages
    • azure.keyvault.keys.crypto.aio package
      • CryptographyClient