Microsoft.KeyVault (stable:7.5)

2025/04/23 • 5 updated methods

HSMSecurityDomain_Download (updated)
Description Retrieves the Security Domain from the managed HSM. Calling this endpoint can be used to activate a provisioned managed HSM resource.
Reference Link ¶

⚶ Changes

{
  "#id": "HSMSecurityDomain_Download",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    },
    {
      "@added_1c326e9c9c444d029fddd508b0d632aa": {
        "#name": "certificateInfoObject",
        "Description": "The Security Domain download operation requires customer to provide N certificates (minimum 3 and maximum 10) containing a public key in JWK format.",
        "Required": true,
        "$schema": {
          "Description": "The Security Domain download operation requires customer to provide N certificates (minimum 3 and maximum 10) containing a public key in JWK format.",
          "Type": "object",
          "$properties": [
            {
              "#name": "certificates",
              "Description": "Certificates needed from customer.",
              "Required": true,
              "Type": "array",
              "$items": {
                "Description": "A JSON Web Key (JWK) for use in a security domain operation.",
                "Type": "object",
                "$properties": [
                  {
                    "#name": "kid",
                    "Description": "Key identifier.",
                    "Required": true,
                    "Type": "string"
                  },
                  {
                    "#name": "kty",
                    "Description": "JsonWebKey Key Type (kty), as defined in https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40. For Security Domain this value must be RSA.",
                    "Required": true,
                    "Type": "string"
                  },
                  {
                    "#name": "key_ops",
                    "Description": "Supported key operations.",
                    "Required": true,
                    "Type": "array",
                    "$items": {
                      "Type": "string"
                    }
                  },
                  {
                    "#name": "n",
                    "Description": "RSA modulus.",
                    "Required": true,
                    "Type": "string"
                  },
                  {
                    "#name": "e",
                    "Description": "RSA public exponent.",
                    "Required": true,
                    "Type": "string"
                  },
                  {
                    "#name": "x5c",
                    "Description": "X509 certificate chain parameter.",
                    "Required": true,
                    "Type": "array",
                    "$items": {
                      "Type": "string"
                    }
                  },
                  {
                    "#name": "use",
                    "Description": "Public Key Use Parameter. This is optional and if present must be enc.",
                    "Required": false,
                    "Type": "string"
                  },
                  {
                    "#name": "x5t",
                    "Description": "X509 certificate SHA1 thumbprint. This is optional.",
                    "Required": false,
                    "Type": "string"
                  },
                  {
                    "#name": "x5t#S256",
                    "Description": "X509 certificate SHA256 thumbprint.",
                    "Required": true,
                    "Type": "string"
                  },
                  {
                    "#name": "alg",
                    "Description": "Algorithm intended for use with the key.",
                    "Required": true,
                    "Type": "string"
                  }
                ]
              }
            },
            {
              "#name": "required",
              "Description": "Customer to specify the number of certificates (minimum 2 and maximum 10) to restore Security Domain.",
              "Format": "int32",
              "Required": false,
              "Type": "integer"
            }
          ]
        }
      }
    },
    {
      "@removed_6dc8611464704fa78459db47a49134f6": {
        "#name": "CertificateInfoObject",
        "Description": "The Security Domain download operation requires customer to provide N certificates (minimum 3 and maximum 10) containing a public key in JWK format.",
        "Required": true,
        "$schema": {
          "Type": "object",
          "$properties": [
            {
              "#name": "certificates",
              "Description": "Certificates needed from customer",
              "Required": true,
              "Type": "array",
              "$items": {
                "Type": "object",
                "$properties": [
                  {
                    "#name": "kid",
                    "Description": "Key identifier.",
                    "Required": true,
                    "Type": "string"
                  },
                  {
                    "#name": "kty",
                    "Description": "JsonWebKey Key Type (kty), as defined in https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40. For Security Domain this value must be RSA.",
                    "Required": true,
                    "Type": "string"
                  },
                  {
                    "#name": "key_ops",
                    "Required": true,
                    "Type": "array",
                    "$items": {
                      "Description": "Supported key operations.",
                      "Type": "string"
                    }
                  },
                  {
                    "#name": "n",
                    "Description": "RSA modulus.",
                    "Required": true,
                    "Type": "string"
                  },
                  {
                    "#name": "e",
                    "Description": "RSA public exponent.",
                    "Required": true,
                    "Type": "string"
                  },
                  {
                    "#name": "x5c",
                    "Description": "X509 certificate chain parameter",
                    "Required": true,
                    "Type": "array",
                    "$items": {
                      "Type": "string"
                    }
                  },
                  {
                    "#name": "use",
                    "Description": "Public Key Use Parameter. This is optional and if present must be enc.",
                    "Required": false,
                    "Type": "string"
                  },
                  {
                    "#name": "x5t",
                    "Description": "X509 certificate SHA1 thumbprint. This is optional.",
                    "Required": false,
                    "Type": "string"
                  },
                  {
                    "#name": "x5t#S256",
                    "Description": "X509 certificate SHA256 thumbprint.",
                    "Required": true,
                    "Type": "string"
                  },
                  {
                    "#name": "alg",
                    "Description": "Algorithm intended for use with the key.",
                    "Required": true,
                    "Type": "string"
                  }
                ]
              }
            },
            {
              "#name": "required",
              "Description": "Customer to specify the number of certificates (minimum 2 and maximum 10) to restore Security Domain",
              "Required": false,
              "Type": "integer"
            }
          ]
        }
      }
    }
  ]
}

⚼ Request

POST:  /securitydomain/download
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
certificateInfoObject:
{
Description: The Security Domain download operation requires customer to provide N certificates (minimum 3 and maximum 10) containing a public key in JWK format. ,
Required: True ,
}
{
certificates:
{
Description: Certificates needed from customer. ,
Required: True ,
}
[
{
kid:
{
Description: Key identifier. ,
Required: True ,
}
string ,
kty:
{
Description: JsonWebKey Key Type (kty), as defined in https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40. For Security Domain this value must be RSA. ,
Required: True ,
}
string ,
key_ops:
{
Description: Supported key operations. ,
Required: True ,
}
[
string ,
]
,
n:
{
Description: RSA modulus. ,
Required: True ,
}
string ,
e:
{
Description: RSA public exponent. ,
Required: True ,
}
string ,
x5c:
{
Description: X509 certificate chain parameter. ,
Required: True ,
}
[
string ,
]
,
use:
{
Description: Public Key Use Parameter. This is optional and if present must be enc. ,
Required: False ,
}
string ,
x5t:
{
Description: X509 certificate SHA1 thumbprint. This is optional. ,
Required: False ,
}
string ,
x5t#S256:
{
Description: X509 certificate SHA256 thumbprint. ,
Required: True ,
}
string ,
alg:
{
Description: Algorithm intended for use with the key. ,
Required: True ,
}
string ,
}
,
]
,
required:
{
Description: Customer to specify the number of certificates (minimum 2 and maximum 10) to restore Security Domain. ,
Format: int32 ,
Required: False ,
}
integer ,
}
,
}

⚐ Response (202)

{
$headers:
{
azure-asyncoperation:
{
Description: The URI to poll for completion status. ,
}
string ,
retry-after:
{
Description: The recommended number of seconds to wait before calling the URI specified in Azure-AsyncOperation. ,
}
integer ,
}
,
$schema:
{
Description: The Security Domain. ,
}
{
value:
{
Description: The Security Domain. ,
Required: True ,
}
string ,
}
,
}

⚐ Response (default)

{
error:
{
Description: The key vault server error. ,
Required: False ,
}
{
code:
{
Description: The error code. ,
Required: False ,
}
string ,
message:
{
Description: The error message. ,
Required: False ,
}
string ,
innererror:
{
Required: False ,
}
string ,
}
,
}
HSMSecurityDomain_DownloadPending (updated)
Description Retrieves the Security Domain download operation status
Reference Link ¶

⚶ Changes

{
  "#id": "HSMSecurityDomain_DownloadPending",
  "$responses": {
    "200": {
      "$properties": [
        {
          "#name": "status",
          "Description": {
            "new": "Operation status.",
            "old": "operation status"
          },
          "Enum": {
            "new": [
              [
                "Success",
                "The operation succeeded."
              ],
              [
                "InProgress",
                "The operation is in progress."
              ],
              [
                "Failed",
                "The operation failed."
              ]
            ],
            "old": [
              [
                "Success",
                ""
              ],
              [
                "InProgress",
                ""
              ],
              [
                "Failed",
                ""
              ]
            ]
          }
        }
      ]
    }
  }
}

⚼ Request

GET:  /securitydomain/download/pending
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
status:
{
Description: Operation status. ,
Enum:
{
Success: The operation succeeded. ,
InProgress: The operation is in progress. ,
Failed: The operation failed. ,
}
,
Required: False ,
}
enum ,
status_details:
{
Description: Details of the operation status. ,
Required: False ,
}
string ,
}

⚐ Response (default)

{
error:
{
Description: The key vault server error. ,
Required: False ,
}
{
code:
{
Description: The error code. ,
Required: False ,
}
string ,
message:
{
Description: The error message. ,
Required: False ,
}
string ,
innererror:
{
Required: False ,
}
string ,
}
,
}
HSMSecurityDomain_TransferKey (updated)
Description Retrieve Security Domain transfer key
Reference Link ¶

⚶ Changes

{
  "#id": "HSMSecurityDomain_TransferKey",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    }
  ],
  "$responses": {
    "200": {
      "$properties": [
        {
          "#name": "key_format",
          "Description": {
            "new": "Specifies the format of the transfer key.",
            "old": "Specifies the format of the transfer key"
          }
        },
        {
          "#name": "transfer_key",
          "Description": {
            "new": "Specifies the transfer key in JWK format.",
            "old": "Specifies the transfer key in JWK format"
          },
          "$properties": [
            {
              "#name": "x5c",
              "Description": {
                "new": "X509 certificate chain parameter.",
                "old": "X509 certificate chain parameter"
              }
            }
          ]
        }
      ]
    }
  }
}

⚼ Request

GET:  /securitydomain/upload
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
key_format:
{
Description: Specifies the format of the transfer key. ,
Required: False ,
}
string ,
transfer_key:
{
Description: Specifies the transfer key in JWK format. ,
Required: True ,
}
{
kid:
{
Description: Key identifier. ,
Required: True ,
}
string ,
kty:
{
Description: JsonWebKey Key Type (kty), as defined in https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40. For Security Domain this value must be RSA. ,
Required: True ,
}
string ,
key_ops:
{
Description: Supported key operations. ,
Required: True ,
}
[
string ,
]
,
n:
{
Description: RSA modulus. ,
Required: True ,
}
string ,
e:
{
Description: RSA public exponent. ,
Required: True ,
}
string ,
x5c:
{
Description: X509 certificate chain parameter. ,
Required: True ,
}
[
string ,
]
,
use:
{
Description: Public Key Use Parameter. This is optional and if present must be enc. ,
Required: False ,
}
string ,
x5t:
{
Description: X509 certificate SHA1 thumbprint. This is optional. ,
Required: False ,
}
string ,
x5t#S256:
{
Description: X509 certificate SHA256 thumbprint. ,
Required: True ,
}
string ,
alg:
{
Description: Algorithm intended for use with the key. ,
Required: True ,
}
string ,
}
,
}

⚐ Response (default)

{
error:
{
Description: The key vault server error. ,
Required: False ,
}
{
code:
{
Description: The error code. ,
Required: False ,
}
string ,
message:
{
Description: The error message. ,
Required: False ,
}
string ,
innererror:
{
Required: False ,
}
string ,
}
,
}
HSMSecurityDomain_Upload (updated)
Description Restore the provided Security Domain.
Reference Link ¶

⚶ Changes

{
  "#id": "HSMSecurityDomain_Upload",
  "$parameters": {
    "@added_cb39c952d2ef4c2bbc42b99fff7527df": {
      "#name": "api-version",
      "Description": "The API version to use for this operation.",
      "Required": true,
      "Type": "string"
    },
    "@added_ad80e98925c741aca6568458b7047c2b": {
      "#name": "securityDomain",
      "Description": "The Security Domain to be restored.",
      "Required": true,
      "$schema": {
        "Description": "The Security Domain.",
        "Type": "object",
        "$properties": [
          {
            "#name": "value",
            "Description": "The Security Domain.",
            "Required": true,
            "Type": "string"
          }
        ]
      }
    },
    "@removed_7eb2515a589b4c499c3d1397adb0df1f": {
      "#name": "security_domain",
      "Description": "The Security Domain to be restored.",
      "Required": true,
      "$schema": {
        "Description": "The Security Domain.",
        "Type": "object",
        "$properties": [
          {
            "#name": "value",
            "Description": "The Security Domain.",
            "Required": true,
            "Type": "string"
          }
        ]
      }
    }
  },
  "$responses": {
    "202": {
      "$properties": [
        {
          "#name": "status",
          "Description": {
            "new": "Operation status.",
            "old": "operation status"
          },
          "Enum": {
            "new": [
              [
                "Success",
                "The operation succeeded."
              ],
              [
                "InProgress",
                "The operation is in progress."
              ],
              [
                "Failed",
                "The operation failed."
              ]
            ],
            "old": [
              [
                "Success",
                ""
              ],
              [
                "InProgress",
                ""
              ],
              [
                "Failed",
                ""
              ]
            ]
          }
        }
      ]
    }
  }
}

⚼ Request

POST:  /securitydomain/upload
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
securityDomain:
{
Description: The Security Domain to be restored. ,
Required: True ,
}
{
value:
{
Description: The Security Domain. ,
Required: True ,
}
string ,
}
,
}

⚐ Response (202)

{
$headers:
{
azure-asyncoperation:
{
Description: The URI to poll for completion status. ,
}
string ,
retry-after:
{
Description: The recommended number of seconds to wait before calling the URI specified in Azure-AsyncOperation. ,
}
integer ,
}
,
$schema:
{
Description: The Security Domain operation status. ,
}
{
status:
{
Description: Operation status. ,
Enum:
{
Success: The operation succeeded. ,
InProgress: The operation is in progress. ,
Failed: The operation failed. ,
}
,
Required: False ,
}
enum ,
status_details:
{
Description: Details of the operation status. ,
Required: False ,
}
string ,
}
,
}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
Description: The key vault server error. ,
Required: False ,
}
{
code:
{
Description: The error code. ,
Required: False ,
}
string ,
message:
{
Description: The error message. ,
Required: False ,
}
string ,
innererror:
{
Required: False ,
}
string ,
}
,
}
HSMSecurityDomain_UploadPending (updated)
Description Get Security Domain upload operation status
Reference Link ¶

⚶ Changes

{
  "#id": "HSMSecurityDomain_UploadPending",
  "$responses": {
    "200": {
      "$properties": [
        {
          "#name": "status",
          "Description": {
            "new": "Operation status.",
            "old": "operation status"
          },
          "Enum": {
            "new": [
              [
                "Success",
                "The operation succeeded."
              ],
              [
                "InProgress",
                "The operation is in progress."
              ],
              [
                "Failed",
                "The operation failed."
              ]
            ],
            "old": [
              [
                "Success",
                ""
              ],
              [
                "InProgress",
                ""
              ],
              [
                "Failed",
                ""
              ]
            ]
          }
        }
      ]
    }
  }
}

⚼ Request

GET:  /securitydomain/upload/pending
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
status:
{
Description: Operation status. ,
Enum:
{
Success: The operation succeeded. ,
InProgress: The operation is in progress. ,
Failed: The operation failed. ,
}
,
Required: False ,
}
enum ,
status_details:
{
Description: Details of the operation status. ,
Required: False ,
}
string ,
}

⚐ Response (default)

{
error:
{
Description: The key vault server error. ,
Required: False ,
}
{
code:
{
Description: The error code. ,
Required: False ,
}
string ,
message:
{
Description: The error message. ,
Required: False ,
}
string ,
innererror:
{
Required: False ,
}
string ,
}
,
}