Microsoft.KeyVault (stable:2024-11-01)

2025/01/13 • 48 new methods

Keys_CreateIfNotExist (new)

Description	:  Creates the first version of a new key if it does not exist. If it already exists, then the existing key is returned without any write operations being performed. This API does not create subsequent versions, and does not update existing keys.
Reference	:  Link ¶

---

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}/keys/{keyName}

{

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group which contains the specified key vault. ,

Required: True ,

}

string ,

vaultName:

{

Description: The name of the key vault which contains the key to be created. ,

Required: True ,

}

string ,

keyName:

{

Description: The name of the key to be created. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information. ,

Required: True ,

}

string ,

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

parameters:

{

Description: The parameters used to create the specified key. ,

Required: True ,

}

{

tags:

{

Description: The tags that will be assigned to the key. ,

Required: False ,

}

object ,

properties:

{

Description: The properties of the key to be created. ,

Required: True ,

}

{

attributes:

{

Description: The attributes of the key. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether or not the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Description: The deletion recovery level currently in effect for the object. If it contains 'Purgeable', then the object can be permanently deleted by a privileged user; otherwise, only the system can purge the object at the end of the retention interval. ,

Enum:

{

Purgeable: No description available. ,

Recoverable+Purgeable: No description available. ,

Recoverable: No description available. ,

Recoverable+ProtectedSubscription: No description available. ,

}

,

Required: False ,

}

enum ,

exportable:

{

Description: Indicates if the private key can be exported. ,

Required: False ,

}

boolean ,

}

,

kty:

{

Description: The type of the key. For valid values, see JsonWebKeyType. ,

Enum:

{

EC: No description available. ,

EC-HSM: No description available. ,

RSA: No description available. ,

RSA-HSM: No description available. ,

}

,

Required: False ,

}

enum ,

keyOps:

{

Required: False ,

}

[

string ,

]

,

keySize:

{

Description: The key size in bits. For example: 2048, 3072, or 4096 for RSA. Default for RSA and RSA-HSM keys is 2048. Exception made for bring your own key (BYOK), key exchange keys default to 4096. ,

Format: int32 ,

Required: False ,

}

integer ,

curveName:

{

Description: The elliptic curve name. For valid values, see JsonWebKeyCurveName. Default for EC and EC-HSM keys is P-256 ,

Enum:

{

P-256: No description available. ,

P-384: No description available. ,

P-521: No description available. ,

P-256K: No description available. ,

}

,

Required: False ,

}

enum ,

keyUri:

{

Description: The URI to retrieve the current version of the key. ,

Required: False ,

}

string ,

keyUriWithVersion:

{

Description: The URI to retrieve the specific version of the key. ,

Required: False ,

}

string ,

rotationPolicy:

{

Description: Key rotation policy in response. It will be used for both output and input. Omitted if empty ,

Required: False ,

}

{

attributes:

{

Description: The attributes of key rotation policy. ,

Required: False ,

}

{

created:

{

Description: Creation time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

expiryTime:

{

Description: The expiration time for the new key version. It should be in ISO8601 format. Eg: 'P90D', 'P1Y'. ,

Required: False ,

}

string ,

}

,

lifetimeActions:

{

Description: The lifetimeActions for key rotation action. ,

Required: False ,

}

[

{

trigger:

{

Description: The trigger of key rotation policy lifetimeAction. ,

Required: False ,

}

{

timeAfterCreate:

{

Description: The time duration after key creation to rotate the key. It only applies to rotate. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'. ,

Required: False ,

}

string ,

timeBeforeExpiry:

{

Description: The time duration before key expiring to rotate or notify. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'. ,

Required: False ,

}

string ,

}

,

action:

{

Description: The action of key rotation policy lifetimeAction. ,

Required: False ,

}

{

type:

{

Description: The type of action. ,

Enum:

{

rotate: No description available. ,

notify: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

}

,

]

,

}

,

release_policy:

{

Description: Key release policy in response. It will be used for both output and input. Omitted if empty ,

Required: False ,

}

{

contentType:

{

Description: Content type and version of key release policy ,

Required: False ,

}

string ,

data:

{

Description: Blob encoding the policy rules under which the key can be released. ,

Format: base64url ,

Required: False ,

}

string ,

}

,

}

,

}

,

}

---

⚐ Response (200)

{

properties:

{

Description: The properties of the key. ,

Required: True ,

}

{

attributes:

{

Description: The attributes of the key. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether or not the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Description: The deletion recovery level currently in effect for the object. If it contains 'Purgeable', then the object can be permanently deleted by a privileged user; otherwise, only the system can purge the object at the end of the retention interval. ,

Enum:

{

Purgeable: No description available. ,

Recoverable+Purgeable: No description available. ,

Recoverable: No description available. ,

Recoverable+ProtectedSubscription: No description available. ,

}

,

Required: False ,

}

enum ,

exportable:

{

Description: Indicates if the private key can be exported. ,

Required: False ,

}

boolean ,

}

,

kty:

{

Description: The type of the key. For valid values, see JsonWebKeyType. ,

Enum:

{

EC: No description available. ,

EC-HSM: No description available. ,

RSA: No description available. ,

RSA-HSM: No description available. ,

}

,

Required: False ,

}

enum ,

keyOps:

{

Required: False ,

}

[

string ,

]

,

keySize:

{

Description: The key size in bits. For example: 2048, 3072, or 4096 for RSA. Default for RSA and RSA-HSM keys is 2048. Exception made for bring your own key (BYOK), key exchange keys default to 4096. ,

Format: int32 ,

Required: False ,

}

integer ,

curveName:

{

Description: The elliptic curve name. For valid values, see JsonWebKeyCurveName. Default for EC and EC-HSM keys is P-256 ,

Enum:

{

P-256: No description available. ,

P-384: No description available. ,

P-521: No description available. ,

P-256K: No description available. ,

}

,

Required: False ,

}

enum ,

keyUri:

{

Description: The URI to retrieve the current version of the key. ,

Required: False ,

}

string ,

keyUriWithVersion:

{

Description: The URI to retrieve the specific version of the key. ,

Required: False ,

}

string ,

rotationPolicy:

{

Description: Key rotation policy in response. It will be used for both output and input. Omitted if empty ,

Required: False ,

}

{

attributes:

{

Description: The attributes of key rotation policy. ,

Required: False ,

}

{

created:

{

Description: Creation time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

expiryTime:

{

Description: The expiration time for the new key version. It should be in ISO8601 format. Eg: 'P90D', 'P1Y'. ,

Required: False ,

}

string ,

}

,

lifetimeActions:

{

Description: The lifetimeActions for key rotation action. ,

Required: False ,

}

[

{

trigger:

{

Description: The trigger of key rotation policy lifetimeAction. ,

Required: False ,

}

{

timeAfterCreate:

{

Description: The time duration after key creation to rotate the key. It only applies to rotate. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'. ,

Required: False ,

}

string ,

timeBeforeExpiry:

{

Description: The time duration before key expiring to rotate or notify. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'. ,

Required: False ,

}

string ,

}

,

action:

{

Description: The action of key rotation policy lifetimeAction. ,

Required: False ,

}

{

type:

{

Description: The type of action. ,

Enum:

{

rotate: No description available. ,

notify: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

}

,

]

,

}

,

release_policy:

{

Description: Key release policy in response. It will be used for both output and input. Omitted if empty ,

Required: False ,

}

{

contentType:

{

Description: Content type and version of key release policy ,

Required: False ,

}

string ,

data:

{

Description: Blob encoding the policy rules under which the key can be released. ,

Format: base64url ,

Required: False ,

}

string ,

}

,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: An error response from Key Vault resource provider ,

Required: False ,

}

{

code:

{

Description: Error code. This is a mnemonic that can be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: User friendly error message. The message is typically localized and may vary with service version. ,

Required: False ,

}

string ,

}

,

}

Keys_Get (new)

Description	:  Gets the current version of the specified key from the specified key vault.
Reference	:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}/keys/{keyName}

{

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group which contains the specified key vault. ,

Required: True ,

}

string ,

vaultName:

{

Description: The name of the vault which contains the key to be retrieved. ,

Required: True ,

}

string ,

keyName:

{

Description: The name of the key to be retrieved. ,

Required: True ,

}

string ,

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

properties:

{

Description: The properties of the key. ,

Required: True ,

}

{

attributes:

{

Description: The attributes of the key. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether or not the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Description: The deletion recovery level currently in effect for the object. If it contains 'Purgeable', then the object can be permanently deleted by a privileged user; otherwise, only the system can purge the object at the end of the retention interval. ,

Enum:

{

Purgeable: No description available. ,

Recoverable+Purgeable: No description available. ,

Recoverable: No description available. ,

Recoverable+ProtectedSubscription: No description available. ,

}

,

Required: False ,

}

enum ,

exportable:

{

Description: Indicates if the private key can be exported. ,

Required: False ,

}

boolean ,

}

,

kty:

{

Description: The type of the key. For valid values, see JsonWebKeyType. ,

Enum:

{

EC: No description available. ,

EC-HSM: No description available. ,

RSA: No description available. ,

RSA-HSM: No description available. ,

}

,

Required: False ,

}

enum ,

keyOps:

{

Required: False ,

}

[

string ,

]

,

keySize:

{

Description: The key size in bits. For example: 2048, 3072, or 4096 for RSA. Default for RSA and RSA-HSM keys is 2048. Exception made for bring your own key (BYOK), key exchange keys default to 4096. ,

Format: int32 ,

Required: False ,

}

integer ,

curveName:

{

Description: The elliptic curve name. For valid values, see JsonWebKeyCurveName. Default for EC and EC-HSM keys is P-256 ,

Enum:

{

P-256: No description available. ,

P-384: No description available. ,

P-521: No description available. ,

P-256K: No description available. ,

}

,

Required: False ,

}

enum ,

keyUri:

{

Description: The URI to retrieve the current version of the key. ,

Required: False ,

}

string ,

keyUriWithVersion:

{

Description: The URI to retrieve the specific version of the key. ,

Required: False ,

}

string ,

rotationPolicy:

{

Description: Key rotation policy in response. It will be used for both output and input. Omitted if empty ,

Required: False ,

}

{

attributes:

{

Description: The attributes of key rotation policy. ,

Required: False ,

}

{

created:

{

Description: Creation time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

expiryTime:

{

Description: The expiration time for the new key version. It should be in ISO8601 format. Eg: 'P90D', 'P1Y'. ,

Required: False ,

}

string ,

}

,

lifetimeActions:

{

Description: The lifetimeActions for key rotation action. ,

Required: False ,

}

[

{

trigger:

{

Description: The trigger of key rotation policy lifetimeAction. ,

Required: False ,

}

{

timeAfterCreate:

{

Description: The time duration after key creation to rotate the key. It only applies to rotate. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'. ,

Required: False ,

}

string ,

timeBeforeExpiry:

{

Description: The time duration before key expiring to rotate or notify. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'. ,

Required: False ,

}

string ,

}

,

action:

{

Description: The action of key rotation policy lifetimeAction. ,

Required: False ,

}

{

type:

{

Description: The type of action. ,

Enum:

{

rotate: No description available. ,

notify: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

}

,

]

,

}

,

release_policy:

{

Description: Key release policy in response. It will be used for both output and input. Omitted if empty ,

Required: False ,

}

{

contentType:

{

Description: Content type and version of key release policy ,

Required: False ,

}

string ,

data:

{

Description: Blob encoding the policy rules under which the key can be released. ,

Format: base64url ,

Required: False ,

}

string ,

}

,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: An error response from Key Vault resource provider ,

Required: False ,

}

{

code:

{

Description: Error code. This is a mnemonic that can be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: User friendly error message. The message is typically localized and may vary with service version. ,

Required: False ,

}

string ,

}

,

}

Keys_List (new)

Description	:  Lists the keys in the specified key vault.
Reference	:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}/keys

{

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group which contains the specified key vault. ,

Required: True ,

}

string ,

vaultName:

{

Description: The name of the vault which contains the keys to be retrieved. ,

Required: True ,

}

string ,

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

value:

{

Description: The key resources. ,

Required: False ,

}

[

{

properties:

{

Description: The properties of the key. ,

Required: True ,

}

{

attributes:

{

Description: The attributes of the key. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether or not the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Description: The deletion recovery level currently in effect for the object. If it contains 'Purgeable', then the object can be permanently deleted by a privileged user; otherwise, only the system can purge the object at the end of the retention interval. ,

Enum:

{

Purgeable: No description available. ,

Recoverable+Purgeable: No description available. ,

Recoverable: No description available. ,

Recoverable+ProtectedSubscription: No description available. ,

}

,

Required: False ,

}

enum ,

exportable:

{

Description: Indicates if the private key can be exported. ,

Required: False ,

}

boolean ,

}

,

kty:

{

Description: The type of the key. For valid values, see JsonWebKeyType. ,

Enum:

{

EC: No description available. ,

EC-HSM: No description available. ,

RSA: No description available. ,

RSA-HSM: No description available. ,

}

,

Required: False ,

}

enum ,

keyOps:

{

Required: False ,

}

[

string ,

]

,

keySize:

{

Description: The key size in bits. For example: 2048, 3072, or 4096 for RSA. Default for RSA and RSA-HSM keys is 2048. Exception made for bring your own key (BYOK), key exchange keys default to 4096. ,

Format: int32 ,

Required: False ,

}

integer ,

curveName:

{

Description: The elliptic curve name. For valid values, see JsonWebKeyCurveName. Default for EC and EC-HSM keys is P-256 ,

Enum:

{

P-256: No description available. ,

P-384: No description available. ,

P-521: No description available. ,

P-256K: No description available. ,

}

,

Required: False ,

}

enum ,

keyUri:

{

Description: The URI to retrieve the current version of the key. ,

Required: False ,

}

string ,

keyUriWithVersion:

{

Description: The URI to retrieve the specific version of the key. ,

Required: False ,

}

string ,

rotationPolicy:

{

Description: Key rotation policy in response. It will be used for both output and input. Omitted if empty ,

Required: False ,

}

{

attributes:

{

Description: The attributes of key rotation policy. ,

Required: False ,

}

{

created:

{

Description: Creation time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

expiryTime:

{

Description: The expiration time for the new key version. It should be in ISO8601 format. Eg: 'P90D', 'P1Y'. ,

Required: False ,

}

string ,

}

,

lifetimeActions:

{

Description: The lifetimeActions for key rotation action. ,

Required: False ,

}

[

{

trigger:

{

Description: The trigger of key rotation policy lifetimeAction. ,

Required: False ,

}

{

timeAfterCreate:

{

Description: The time duration after key creation to rotate the key. It only applies to rotate. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'. ,

Required: False ,

}

string ,

timeBeforeExpiry:

{

Description: The time duration before key expiring to rotate or notify. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'. ,

Required: False ,

}

string ,

}

,

action:

{

Description: The action of key rotation policy lifetimeAction. ,

Required: False ,

}

{

type:

{

Description: The type of action. ,

Enum:

{

rotate: No description available. ,

notify: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

}

,

]

,

}

,

release_policy:

{

Description: Key release policy in response. It will be used for both output and input. Omitted if empty ,

Required: False ,

}

{

contentType:

{

Description: Content type and version of key release policy ,

Required: False ,

}

string ,

data:

{

Description: Blob encoding the policy rules under which the key can be released. ,

Format: base64url ,

Required: False ,

}

string ,

}

,

}

,

}

,

]

,

nextLink:

{

Description: The URL to get the next page of keys. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: An error response from Key Vault resource provider ,

Required: False ,

}

{

code:

{

Description: Error code. This is a mnemonic that can be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: User friendly error message. The message is typically localized and may vary with service version. ,

Required: False ,

}

string ,

}

,

}

Keys_GetVersion (new)

Description	:  Gets the specified version of the specified key in the specified key vault.
Reference	:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}/keys/{keyName}/versions/{keyVersion}

{

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group which contains the specified key vault. ,

Required: True ,

}

string ,

vaultName:

{

Description: The name of the vault which contains the key version to be retrieved. ,

Required: True ,

}

string ,

keyName:

{

Description: The name of the key version to be retrieved. ,

Required: True ,

}

string ,

keyVersion:

{

Description: The version of the key to be retrieved. ,

Required: True ,

}

string ,

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

properties:

{

Description: The properties of the key. ,

Required: True ,

}

{

attributes:

{

Description: The attributes of the key. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether or not the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Description: The deletion recovery level currently in effect for the object. If it contains 'Purgeable', then the object can be permanently deleted by a privileged user; otherwise, only the system can purge the object at the end of the retention interval. ,

Enum:

{

Purgeable: No description available. ,

Recoverable+Purgeable: No description available. ,

Recoverable: No description available. ,

Recoverable+ProtectedSubscription: No description available. ,

}

,

Required: False ,

}

enum ,

exportable:

{

Description: Indicates if the private key can be exported. ,

Required: False ,

}

boolean ,

}

,

kty:

{

Description: The type of the key. For valid values, see JsonWebKeyType. ,

Enum:

{

EC: No description available. ,

EC-HSM: No description available. ,

RSA: No description available. ,

RSA-HSM: No description available. ,

}

,

Required: False ,

}

enum ,

keyOps:

{

Required: False ,

}

[

string ,

]

,

keySize:

{

Description: The key size in bits. For example: 2048, 3072, or 4096 for RSA. Default for RSA and RSA-HSM keys is 2048. Exception made for bring your own key (BYOK), key exchange keys default to 4096. ,

Format: int32 ,

Required: False ,

}

integer ,

curveName:

{

Description: The elliptic curve name. For valid values, see JsonWebKeyCurveName. Default for EC and EC-HSM keys is P-256 ,

Enum:

{

P-256: No description available. ,

P-384: No description available. ,

P-521: No description available. ,

P-256K: No description available. ,

}

,

Required: False ,

}

enum ,

keyUri:

{

Description: The URI to retrieve the current version of the key. ,

Required: False ,

}

string ,

keyUriWithVersion:

{

Description: The URI to retrieve the specific version of the key. ,

Required: False ,

}

string ,

rotationPolicy:

{

Description: Key rotation policy in response. It will be used for both output and input. Omitted if empty ,

Required: False ,

}

{

attributes:

{

Description: The attributes of key rotation policy. ,

Required: False ,

}

{

created:

{

Description: Creation time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

expiryTime:

{

Description: The expiration time for the new key version. It should be in ISO8601 format. Eg: 'P90D', 'P1Y'. ,

Required: False ,

}

string ,

}

,

lifetimeActions:

{

Description: The lifetimeActions for key rotation action. ,

Required: False ,

}

[

{

trigger:

{

Description: The trigger of key rotation policy lifetimeAction. ,

Required: False ,

}

{

timeAfterCreate:

{

Description: The time duration after key creation to rotate the key. It only applies to rotate. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'. ,

Required: False ,

}

string ,

timeBeforeExpiry:

{

Description: The time duration before key expiring to rotate or notify. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'. ,

Required: False ,

}

string ,

}

,

action:

{

Description: The action of key rotation policy lifetimeAction. ,

Required: False ,

}

{

type:

{

Description: The type of action. ,

Enum:

{

rotate: No description available. ,

notify: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

}

,

]

,

}

,

release_policy:

{

Description: Key release policy in response. It will be used for both output and input. Omitted if empty ,

Required: False ,

}

{

contentType:

{

Description: Content type and version of key release policy ,

Required: False ,

}

string ,

data:

{

Description: Blob encoding the policy rules under which the key can be released. ,

Format: base64url ,

Required: False ,

}

string ,

}

,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: An error response from Key Vault resource provider ,

Required: False ,

}

{

code:

{

Description: Error code. This is a mnemonic that can be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: User friendly error message. The message is typically localized and may vary with service version. ,

Required: False ,

}

string ,

}

,

}

Keys_ListVersions (new)

Description	:  Lists the versions of the specified key in the specified key vault.
Reference	:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}/keys/{keyName}/versions

{

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group which contains the specified key vault. ,

Required: True ,

}

string ,

vaultName:

{

Description: The name of the vault which contains the key versions to be retrieved. ,

Required: True ,

}

string ,

keyName:

{

Description: The name of the key versions to be retrieved. ,

Required: True ,

}

string ,

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

value:

{

Description: The key resources. ,

Required: False ,

}

[

{

properties:

{

Description: The properties of the key. ,

Required: True ,

}

{

attributes:

{

Description: The attributes of the key. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether or not the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Description: The deletion recovery level currently in effect for the object. If it contains 'Purgeable', then the object can be permanently deleted by a privileged user; otherwise, only the system can purge the object at the end of the retention interval. ,

Enum:

{

Purgeable: No description available. ,

Recoverable+Purgeable: No description available. ,

Recoverable: No description available. ,

Recoverable+ProtectedSubscription: No description available. ,

}

,

Required: False ,

}

enum ,

exportable:

{

Description: Indicates if the private key can be exported. ,

Required: False ,

}

boolean ,

}

,

kty:

{

Description: The type of the key. For valid values, see JsonWebKeyType. ,

Enum:

{

EC: No description available. ,

EC-HSM: No description available. ,

RSA: No description available. ,

RSA-HSM: No description available. ,

}

,

Required: False ,

}

enum ,

keyOps:

{

Required: False ,

}

[

string ,

]

,

keySize:

{

Description: The key size in bits. For example: 2048, 3072, or 4096 for RSA. Default for RSA and RSA-HSM keys is 2048. Exception made for bring your own key (BYOK), key exchange keys default to 4096. ,

Format: int32 ,

Required: False ,

}

integer ,

curveName:

{

Description: The elliptic curve name. For valid values, see JsonWebKeyCurveName. Default for EC and EC-HSM keys is P-256 ,

Enum:

{

P-256: No description available. ,

P-384: No description available. ,

P-521: No description available. ,

P-256K: No description available. ,

}

,

Required: False ,

}

enum ,

keyUri:

{

Description: The URI to retrieve the current version of the key. ,

Required: False ,

}

string ,

keyUriWithVersion:

{

Description: The URI to retrieve the specific version of the key. ,

Required: False ,

}

string ,

rotationPolicy:

{

Description: Key rotation policy in response. It will be used for both output and input. Omitted if empty ,

Required: False ,

}

{

attributes:

{

Description: The attributes of key rotation policy. ,

Required: False ,

}

{

created:

{

Description: Creation time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

expiryTime:

{

Description: The expiration time for the new key version. It should be in ISO8601 format. Eg: 'P90D', 'P1Y'. ,

Required: False ,

}

string ,

}

,

lifetimeActions:

{

Description: The lifetimeActions for key rotation action. ,

Required: False ,

}

[

{

trigger:

{

Description: The trigger of key rotation policy lifetimeAction. ,

Required: False ,

}

{

timeAfterCreate:

{

Description: The time duration after key creation to rotate the key. It only applies to rotate. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'. ,

Required: False ,

}

string ,

timeBeforeExpiry:

{

Description: The time duration before key expiring to rotate or notify. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'. ,

Required: False ,

}

string ,

}

,

action:

{

Description: The action of key rotation policy lifetimeAction. ,

Required: False ,

}

{

type:

{

Description: The type of action. ,

Enum:

{

rotate: No description available. ,

notify: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

}

,

]

,

}

,

release_policy:

{

Description: Key release policy in response. It will be used for both output and input. Omitted if empty ,

Required: False ,

}

{

contentType:

{

Description: Content type and version of key release policy ,

Required: False ,

}

string ,

data:

{

Description: Blob encoding the policy rules under which the key can be released. ,

Format: base64url ,

Required: False ,

}

string ,

}

,

}

,

}

,

]

,

nextLink:

{

Description: The URL to get the next page of keys. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: An error response from Key Vault resource provider ,

Required: False ,

}

{

code:

{

Description: Error code. This is a mnemonic that can be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: User friendly error message. The message is typically localized and may vary with service version. ,

Required: False ,

}

string ,

}

,

}

ManagedHsmKeys_CreateIfNotExist (new)

Description	:  Creates the first version of a new key if it does not exist. If it already exists, then the existing key is returned without any write operations being performed. This API does not create subsequent versions, and does not update existing keys.
Reference	:  Link ¶

---

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/managedHSMs/{name}/keys/{keyName}

{

subscriptionId:

{

Description: The ID of the target subscription. ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

name:

{

Description: The name of the Managed HSM Pool within the specified resource group. ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

keyName:

{

Description: The name of the key to be created. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information. ,

Required: True ,

}

string ,

parameters:

{

Description: The parameters used to create the specified key. ,

Required: True ,

}

{

tags:

{

Description: The tags that will be assigned to the key. ,

Required: False ,

}

object ,

properties:

{

Description: The properties of the key to be created. ,

Required: True ,

}

{

attributes:

{

Description: The attributes of the key. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether or not the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Description: The deletion recovery level currently in effect for the object. If it contains 'Purgeable', then the object can be permanently deleted by a privileged user; otherwise, only the system can purge the object at the end of the retention interval. ,

Enum:

{

Purgeable: No description available. ,

Recoverable+Purgeable: No description available. ,

Recoverable: No description available. ,

Recoverable+ProtectedSubscription: No description available. ,

}

,

Required: False ,

}

enum ,

exportable:

{

Description: Indicates if the private key can be exported. ,

Required: False ,

}

boolean ,

}

,

kty:

{

Description: The type of the key. For valid values, see JsonWebKeyType. ,

Enum:

{

EC: No description available. ,

EC-HSM: No description available. ,

RSA: No description available. ,

RSA-HSM: No description available. ,

}

,

Required: False ,

}

enum ,

keyOps:

{

Required: False ,

}

[

string ,

]

,

keySize:

{

Description: The key size in bits. For example: 2048, 3072, or 4096 for RSA. Default for RSA and RSA-HSM keys is 2048. Exception made for bring your own key (BYOK), key exchange keys default to 4096. ,

Format: int32 ,

Required: False ,

}

integer ,

curveName:

{

Description: The elliptic curve name. For valid values, see JsonWebKeyCurveName. Default for EC and EC-HSM keys is P-256 ,

Enum:

{

P-256: No description available. ,

P-384: No description available. ,

P-521: No description available. ,

P-256K: No description available. ,

}

,

Required: False ,

}

enum ,

keyUri:

{

Description: The URI to retrieve the current version of the key. ,

Required: False ,

}

string ,

keyUriWithVersion:

{

Description: The URI to retrieve the specific version of the key. ,

Required: False ,

}

string ,

rotationPolicy:

{

Description: Key rotation policy in response. It will be used for both output and input. Omitted if empty ,

Required: False ,

}

{

attributes:

{

Description: The attributes of key rotation policy. ,

Required: False ,

}

{

created:

{

Description: Creation time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

expiryTime:

{

Description: The expiration time for the new key version. It should be in ISO8601 format. Eg: 'P90D', 'P1Y'. ,

Required: False ,

}

string ,

}

,

lifetimeActions:

{

Description: The lifetimeActions for key rotation action. ,

Required: False ,

}

[

{

trigger:

{

Description: The trigger of key rotation policy lifetimeAction. ,

Required: False ,

}

{

timeAfterCreate:

{

Description: The time duration after key creation to rotate the key. It only applies to rotate. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'. ,

Required: False ,

}

string ,

timeBeforeExpiry:

{

Description: The time duration before key expiring to rotate or notify. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'. ,

Required: False ,

}

string ,

}

,

action:

{

Description: The action of key rotation policy lifetimeAction. ,

Required: False ,

}

{

type:

{

Description: The type of action. ,

Enum:

{

rotate: No description available. ,

notify: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

}

,

]

,

}

,

release_policy:

{

Description: Key release policy in response. It will be used for both output and input. Omitted if empty ,

Required: False ,

}

{

contentType:

{

Description: Content type and version of key release policy ,

Required: False ,

}

string ,

data:

{

Description: Blob encoding the policy rules under which the key can be released. ,

Format: base64url ,

Required: False ,

}

string ,

}

,

}

,

}

,

}

---

⚐ Response (200)

{

properties:

{

Description: The properties of the key. ,

Required: True ,

}

{

attributes:

{

Description: The attributes of the key. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether or not the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Description: The deletion recovery level currently in effect for the object. If it contains 'Purgeable', then the object can be permanently deleted by a privileged user; otherwise, only the system can purge the object at the end of the retention interval. ,

Enum:

{

Purgeable: No description available. ,

Recoverable+Purgeable: No description available. ,

Recoverable: No description available. ,

Recoverable+ProtectedSubscription: No description available. ,

}

,

Required: False ,

}

enum ,

exportable:

{

Description: Indicates if the private key can be exported. ,

Required: False ,

}

boolean ,

}

,

kty:

{

Description: The type of the key. For valid values, see JsonWebKeyType. ,

Enum:

{

EC: No description available. ,

EC-HSM: No description available. ,

RSA: No description available. ,

RSA-HSM: No description available. ,

}

,

Required: False ,

}

enum ,

keyOps:

{

Required: False ,

}

[

string ,

]

,

keySize:

{

Description: The key size in bits. For example: 2048, 3072, or 4096 for RSA. Default for RSA and RSA-HSM keys is 2048. Exception made for bring your own key (BYOK), key exchange keys default to 4096. ,

Format: int32 ,

Required: False ,

}

integer ,

curveName:

{

Description: The elliptic curve name. For valid values, see JsonWebKeyCurveName. Default for EC and EC-HSM keys is P-256 ,

Enum:

{

P-256: No description available. ,

P-384: No description available. ,

P-521: No description available. ,

P-256K: No description available. ,

}

,

Required: False ,

}

enum ,

keyUri:

{

Description: The URI to retrieve the current version of the key. ,

Required: False ,

}

string ,

keyUriWithVersion:

{

Description: The URI to retrieve the specific version of the key. ,

Required: False ,

}

string ,

rotationPolicy:

{

Description: Key rotation policy in response. It will be used for both output and input. Omitted if empty ,

Required: False ,

}

{

attributes:

{

Description: The attributes of key rotation policy. ,

Required: False ,

}

{

created:

{

Description: Creation time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

expiryTime:

{

Description: The expiration time for the new key version. It should be in ISO8601 format. Eg: 'P90D', 'P1Y'. ,

Required: False ,

}

string ,

}

,

lifetimeActions:

{

Description: The lifetimeActions for key rotation action. ,

Required: False ,

}

[

{

trigger:

{

Description: The trigger of key rotation policy lifetimeAction. ,

Required: False ,

}

{

timeAfterCreate:

{

Description: The time duration after key creation to rotate the key. It only applies to rotate. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'. ,

Required: False ,

}

string ,

timeBeforeExpiry:

{

Description: The time duration before key expiring to rotate or notify. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'. ,

Required: False ,

}

string ,

}

,

action:

{

Description: The action of key rotation policy lifetimeAction. ,

Required: False ,

}

{

type:

{

Description: The type of action. ,

Enum:

{

rotate: No description available. ,

notify: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

}

,

]

,

}

,

release_policy:

{

Description: Key release policy in response. It will be used for both output and input. Omitted if empty ,

Required: False ,

}

{

contentType:

{

Description: Content type and version of key release policy ,

Required: False ,

}

string ,

data:

{

Description: Blob encoding the policy rules under which the key can be released. ,

Format: base64url ,

Required: False ,

}

string ,

}

,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: An error response from Key Vault resource provider ,

Required: False ,

}

{

code:

{

Description: Error code. This is a mnemonic that can be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: User friendly error message. The message is typically localized and may vary with service version. ,

Required: False ,

}

string ,

}

,

}

ManagedHsmKeys_Get (new)

Description	:  Gets the current version of the specified key from the specified managed HSM.
Reference	:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/managedHSMs/{name}/keys/{keyName}

{

subscriptionId:

{

Description: The ID of the target subscription. ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

name:

{

Description: The name of the Managed HSM Pool within the specified resource group. ,

Required: True ,

}

string ,

keyName:

{

Description: The name of the key to be created. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information. ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

properties:

{

Description: The properties of the key. ,

Required: True ,

}

{

attributes:

{

Description: The attributes of the key. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether or not the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Description: The deletion recovery level currently in effect for the object. If it contains 'Purgeable', then the object can be permanently deleted by a privileged user; otherwise, only the system can purge the object at the end of the retention interval. ,

Enum:

{

Purgeable: No description available. ,

Recoverable+Purgeable: No description available. ,

Recoverable: No description available. ,

Recoverable+ProtectedSubscription: No description available. ,

}

,

Required: False ,

}

enum ,

exportable:

{

Description: Indicates if the private key can be exported. ,

Required: False ,

}

boolean ,

}

,

kty:

{

Description: The type of the key. For valid values, see JsonWebKeyType. ,

Enum:

{

EC: No description available. ,

EC-HSM: No description available. ,

RSA: No description available. ,

RSA-HSM: No description available. ,

}

,

Required: False ,

}

enum ,

keyOps:

{

Required: False ,

}

[

string ,

]

,

keySize:

{

Description: The key size in bits. For example: 2048, 3072, or 4096 for RSA. Default for RSA and RSA-HSM keys is 2048. Exception made for bring your own key (BYOK), key exchange keys default to 4096. ,

Format: int32 ,

Required: False ,

}

integer ,

curveName:

{

Description: The elliptic curve name. For valid values, see JsonWebKeyCurveName. Default for EC and EC-HSM keys is P-256 ,

Enum:

{

P-256: No description available. ,

P-384: No description available. ,

P-521: No description available. ,

P-256K: No description available. ,

}

,

Required: False ,

}

enum ,

keyUri:

{

Description: The URI to retrieve the current version of the key. ,

Required: False ,

}

string ,

keyUriWithVersion:

{

Description: The URI to retrieve the specific version of the key. ,

Required: False ,

}

string ,

rotationPolicy:

{

Description: Key rotation policy in response. It will be used for both output and input. Omitted if empty ,

Required: False ,

}

{

attributes:

{

Description: The attributes of key rotation policy. ,

Required: False ,

}

{

created:

{

Description: Creation time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

expiryTime:

{

Description: The expiration time for the new key version. It should be in ISO8601 format. Eg: 'P90D', 'P1Y'. ,

Required: False ,

}

string ,

}

,

lifetimeActions:

{

Description: The lifetimeActions for key rotation action. ,

Required: False ,

}

[

{

trigger:

{

Description: The trigger of key rotation policy lifetimeAction. ,

Required: False ,

}

{

timeAfterCreate:

{

Description: The time duration after key creation to rotate the key. It only applies to rotate. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'. ,

Required: False ,

}

string ,

timeBeforeExpiry:

{

Description: The time duration before key expiring to rotate or notify. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'. ,

Required: False ,

}

string ,

}

,

action:

{

Description: The action of key rotation policy lifetimeAction. ,

Required: False ,

}

{

type:

{

Description: The type of action. ,

Enum:

{

rotate: No description available. ,

notify: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

}

,

]

,

}

,

release_policy:

{

Description: Key release policy in response. It will be used for both output and input. Omitted if empty ,

Required: False ,

}

{

contentType:

{

Description: Content type and version of key release policy ,

Required: False ,

}

string ,

data:

{

Description: Blob encoding the policy rules under which the key can be released. ,

Format: base64url ,

Required: False ,

}

string ,

}

,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: An error response from Key Vault resource provider ,

Required: False ,

}

{

code:

{

Description: Error code. This is a mnemonic that can be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: User friendly error message. The message is typically localized and may vary with service version. ,

Required: False ,

}

string ,

}

,

}

ManagedHsmKeys_List (new)

Description	:  Lists the keys in the specified managed HSM.
Reference	:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/managedHSMs/{name}/keys

{

subscriptionId:

{

Description: The ID of the target subscription. ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

name:

{

Description: The name of the Managed HSM Pool within the specified resource group. ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

value:

{

Description: The key resources. ,

Required: False ,

}

[

{

properties:

{

Description: The properties of the key. ,

Required: True ,

}

{

attributes:

{

Description: The attributes of the key. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether or not the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Description: The deletion recovery level currently in effect for the object. If it contains 'Purgeable', then the object can be permanently deleted by a privileged user; otherwise, only the system can purge the object at the end of the retention interval. ,

Enum:

{

Purgeable: No description available. ,

Recoverable+Purgeable: No description available. ,

Recoverable: No description available. ,

Recoverable+ProtectedSubscription: No description available. ,

}

,

Required: False ,

}

enum ,

exportable:

{

Description: Indicates if the private key can be exported. ,

Required: False ,

}

boolean ,

}

,

kty:

{

Description: The type of the key. For valid values, see JsonWebKeyType. ,

Enum:

{

EC: No description available. ,

EC-HSM: No description available. ,

RSA: No description available. ,

RSA-HSM: No description available. ,

}

,

Required: False ,

}

enum ,

keyOps:

{

Required: False ,

}

[

string ,

]

,

keySize:

{

Description: The key size in bits. For example: 2048, 3072, or 4096 for RSA. Default for RSA and RSA-HSM keys is 2048. Exception made for bring your own key (BYOK), key exchange keys default to 4096. ,

Format: int32 ,

Required: False ,

}

integer ,

curveName:

{

Description: The elliptic curve name. For valid values, see JsonWebKeyCurveName. Default for EC and EC-HSM keys is P-256 ,

Enum:

{

P-256: No description available. ,

P-384: No description available. ,

P-521: No description available. ,

P-256K: No description available. ,

}

,

Required: False ,

}

enum ,

keyUri:

{

Description: The URI to retrieve the current version of the key. ,

Required: False ,

}

string ,

keyUriWithVersion:

{

Description: The URI to retrieve the specific version of the key. ,

Required: False ,

}

string ,

rotationPolicy:

{

Description: Key rotation policy in response. It will be used for both output and input. Omitted if empty ,

Required: False ,

}

{

attributes:

{

Description: The attributes of key rotation policy. ,

Required: False ,

}

{

created:

{

Description: Creation time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

expiryTime:

{

Description: The expiration time for the new key version. It should be in ISO8601 format. Eg: 'P90D', 'P1Y'. ,

Required: False ,

}

string ,

}

,

lifetimeActions:

{

Description: The lifetimeActions for key rotation action. ,

Required: False ,

}

[

{

trigger:

{

Description: The trigger of key rotation policy lifetimeAction. ,

Required: False ,

}

{

timeAfterCreate:

{

Description: The time duration after key creation to rotate the key. It only applies to rotate. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'. ,

Required: False ,

}

string ,

timeBeforeExpiry:

{

Description: The time duration before key expiring to rotate or notify. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'. ,

Required: False ,

}

string ,

}

,

action:

{

Description: The action of key rotation policy lifetimeAction. ,

Required: False ,

}

{

type:

{

Description: The type of action. ,

Enum:

{

rotate: No description available. ,

notify: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

}

,

]

,

}

,

release_policy:

{

Description: Key release policy in response. It will be used for both output and input. Omitted if empty ,

Required: False ,

}

{

contentType:

{

Description: Content type and version of key release policy ,

Required: False ,

}

string ,

data:

{

Description: Blob encoding the policy rules under which the key can be released. ,

Format: base64url ,

Required: False ,

}

string ,

}

,

}

,

}

,

]

,

nextLink:

{

Description: The URL to get the next page of keys. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: An error response from Key Vault resource provider ,

Required: False ,

}

{

code:

{

Description: Error code. This is a mnemonic that can be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: User friendly error message. The message is typically localized and may vary with service version. ,

Required: False ,

}

string ,

}

,

}

ManagedHsmKeys_GetVersion (new)

Description	:  Gets the specified version of the specified key in the specified managed HSM.
Reference	:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/managedHSMs/{name}/keys/{keyName}/versions/{keyVersion}

{

subscriptionId:

{

Description: The ID of the target subscription. ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

name:

{

Description: The name of the Managed HSM Pool within the specified resource group. ,

Required: True ,

}

string ,

keyName:

{

Description: The name of the key to be created. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information. ,

Required: True ,

}

string ,

keyVersion:

{

Description: The version of the key to be retrieved. ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

properties:

{

Description: The properties of the key. ,

Required: True ,

}

{

attributes:

{

Description: The attributes of the key. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether or not the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Description: The deletion recovery level currently in effect for the object. If it contains 'Purgeable', then the object can be permanently deleted by a privileged user; otherwise, only the system can purge the object at the end of the retention interval. ,

Enum:

{

Purgeable: No description available. ,

Recoverable+Purgeable: No description available. ,

Recoverable: No description available. ,

Recoverable+ProtectedSubscription: No description available. ,

}

,

Required: False ,

}

enum ,

exportable:

{

Description: Indicates if the private key can be exported. ,

Required: False ,

}

boolean ,

}

,

kty:

{

Description: The type of the key. For valid values, see JsonWebKeyType. ,

Enum:

{

EC: No description available. ,

EC-HSM: No description available. ,

RSA: No description available. ,

RSA-HSM: No description available. ,

}

,

Required: False ,

}

enum ,

keyOps:

{

Required: False ,

}

[

string ,

]

,

keySize:

{

Description: The key size in bits. For example: 2048, 3072, or 4096 for RSA. Default for RSA and RSA-HSM keys is 2048. Exception made for bring your own key (BYOK), key exchange keys default to 4096. ,

Format: int32 ,

Required: False ,

}

integer ,

curveName:

{

Description: The elliptic curve name. For valid values, see JsonWebKeyCurveName. Default for EC and EC-HSM keys is P-256 ,

Enum:

{

P-256: No description available. ,

P-384: No description available. ,

P-521: No description available. ,

P-256K: No description available. ,

}

,

Required: False ,

}

enum ,

keyUri:

{

Description: The URI to retrieve the current version of the key. ,

Required: False ,

}

string ,

keyUriWithVersion:

{

Description: The URI to retrieve the specific version of the key. ,

Required: False ,

}

string ,

rotationPolicy:

{

Description: Key rotation policy in response. It will be used for both output and input. Omitted if empty ,

Required: False ,

}

{

attributes:

{

Description: The attributes of key rotation policy. ,

Required: False ,

}

{

created:

{

Description: Creation time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

expiryTime:

{

Description: The expiration time for the new key version. It should be in ISO8601 format. Eg: 'P90D', 'P1Y'. ,

Required: False ,

}

string ,

}

,

lifetimeActions:

{

Description: The lifetimeActions for key rotation action. ,

Required: False ,

}

[

{

trigger:

{

Description: The trigger of key rotation policy lifetimeAction. ,

Required: False ,

}

{

timeAfterCreate:

{

Description: The time duration after key creation to rotate the key. It only applies to rotate. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'. ,

Required: False ,

}

string ,

timeBeforeExpiry:

{

Description: The time duration before key expiring to rotate or notify. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'. ,

Required: False ,

}

string ,

}

,

action:

{

Description: The action of key rotation policy lifetimeAction. ,

Required: False ,

}

{

type:

{

Description: The type of action. ,

Enum:

{

rotate: No description available. ,

notify: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

}

,

]

,

}

,

release_policy:

{

Description: Key release policy in response. It will be used for both output and input. Omitted if empty ,

Required: False ,

}

{

contentType:

{

Description: Content type and version of key release policy ,

Required: False ,

}

string ,

data:

{

Description: Blob encoding the policy rules under which the key can be released. ,

Format: base64url ,

Required: False ,

}

string ,

}

,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: An error response from Key Vault resource provider ,

Required: False ,

}

{

code:

{

Description: Error code. This is a mnemonic that can be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: User friendly error message. The message is typically localized and may vary with service version. ,

Required: False ,

}

string ,

}

,

}

ManagedHsmKeys_ListVersions (new)

Description	:  Lists the versions of the specified key in the specified managed HSM.
Reference	:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/managedHSMs/{name}/keys/{keyName}/versions

{

subscriptionId:

{

Description: The ID of the target subscription. ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

name:

{

Description: The name of the Managed HSM Pool within the specified resource group. ,

Required: True ,

}

string ,

keyName:

{

Description: The name of the key to be created. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information. ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

value:

{

Description: The key resources. ,

Required: False ,

}

[

{

properties:

{

Description: The properties of the key. ,

Required: True ,

}

{

attributes:

{

Description: The attributes of the key. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether or not the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Description: The deletion recovery level currently in effect for the object. If it contains 'Purgeable', then the object can be permanently deleted by a privileged user; otherwise, only the system can purge the object at the end of the retention interval. ,

Enum:

{

Purgeable: No description available. ,

Recoverable+Purgeable: No description available. ,

Recoverable: No description available. ,

Recoverable+ProtectedSubscription: No description available. ,

}

,

Required: False ,

}

enum ,

exportable:

{

Description: Indicates if the private key can be exported. ,

Required: False ,

}

boolean ,

}

,

kty:

{

Description: The type of the key. For valid values, see JsonWebKeyType. ,

Enum:

{

EC: No description available. ,

EC-HSM: No description available. ,

RSA: No description available. ,

RSA-HSM: No description available. ,

}

,

Required: False ,

}

enum ,

keyOps:

{

Required: False ,

}

[

string ,

]

,

keySize:

{

Description: The key size in bits. For example: 2048, 3072, or 4096 for RSA. Default for RSA and RSA-HSM keys is 2048. Exception made for bring your own key (BYOK), key exchange keys default to 4096. ,

Format: int32 ,

Required: False ,

}

integer ,

curveName:

{

Description: The elliptic curve name. For valid values, see JsonWebKeyCurveName. Default for EC and EC-HSM keys is P-256 ,

Enum:

{

P-256: No description available. ,

P-384: No description available. ,

P-521: No description available. ,

P-256K: No description available. ,

}

,

Required: False ,

}

enum ,

keyUri:

{

Description: The URI to retrieve the current version of the key. ,

Required: False ,

}

string ,

keyUriWithVersion:

{

Description: The URI to retrieve the specific version of the key. ,

Required: False ,

}

string ,

rotationPolicy:

{

Description: Key rotation policy in response. It will be used for both output and input. Omitted if empty ,

Required: False ,

}

{

attributes:

{

Description: The attributes of key rotation policy. ,

Required: False ,

}

{

created:

{

Description: Creation time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in seconds since 1970-01-01T00:00:00Z. ,

Format: int64 ,

Required: False ,

}

integer ,

expiryTime:

{

Description: The expiration time for the new key version. It should be in ISO8601 format. Eg: 'P90D', 'P1Y'. ,

Required: False ,

}

string ,

}

,

lifetimeActions:

{

Description: The lifetimeActions for key rotation action. ,

Required: False ,

}

[

{

trigger:

{

Description: The trigger of key rotation policy lifetimeAction. ,

Required: False ,

}

{

timeAfterCreate:

{

Description: The time duration after key creation to rotate the key. It only applies to rotate. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'. ,

Required: False ,

}

string ,

timeBeforeExpiry:

{

Description: The time duration before key expiring to rotate or notify. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'. ,

Required: False ,

}

string ,

}

,

action:

{

Description: The action of key rotation policy lifetimeAction. ,

Required: False ,

}

{

type:

{

Description: The type of action. ,

Enum:

{

rotate: No description available. ,

notify: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

}

,

]

,

}

,

release_policy:

{

Description: Key release policy in response. It will be used for both output and input. Omitted if empty ,

Required: False ,

}

{

contentType:

{

Description: Content type and version of key release policy ,

Required: False ,

}

string ,

data:

{

Description: Blob encoding the policy rules under which the key can be released. ,

Format: base64url ,

Required: False ,

}

string ,

}

,

}

,

}

,

]

,

nextLink:

{

Description: The URL to get the next page of keys. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: An error response from Key Vault resource provider ,

Required: False ,

}

{

code:

{

Description: Error code. This is a mnemonic that can be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: User friendly error message. The message is typically localized and may vary with service version. ,

Required: False ,

}

string ,

}

,

}

Vaults_CreateOrUpdate (new)

Description	:  Create or update a key vault in the specified subscription.
Reference	:  Link ¶

---

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}

{

resourceGroupName:

{

Description: The name of the Resource Group to which the server belongs. ,

Required: True ,

}

string ,

vaultName:

{

Description: Name of the vault ,

Required: True ,

}

string ,

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

parameters:

{

Description: Parameters to create or update the vault ,

Required: True ,

}

{

location:

{

Description: The supported Azure location where the key vault should be created. ,

Required: True ,

}

string ,

tags:

{

Description: The tags that will be assigned to the key vault. ,

Required: False ,

}

object ,

properties:

{

Description: Properties of the vault ,

Required: True ,

}

{

tenantId:

{

Description: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. ,

Format: uuid ,

Required: True ,

}

string ,

sku:

{

Description: SKU details ,

Required: True ,

}

{

family:

{

Description: SKU family name ,

Enum:

{

A: No description available. ,

}

,

Required: True ,

}

enum ,

name:

{

Description: SKU name to specify whether the key vault is a standard vault or a premium vault. ,

Enum:

{

standard: No description available. ,

premium: No description available. ,

}

,

Required: True ,

}

enum ,

}

,

accessPolicies:

{

Description: An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required. ,

Required: False ,

}

[

{

tenantId:

{

Description: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. ,

Format: uuid ,

Required: True ,

}

string ,

objectId:

{

Description: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. ,

Required: True ,

}

string ,

applicationId:

{

Description: Application ID of the client making request on behalf of a principal ,

Format: uuid ,

Required: False ,

}

string ,

permissions:

{

Description: Permissions the identity has for keys, secrets and certificates. ,

Required: True ,

}

{

keys:

{

Description: Permissions to keys ,

Required: False ,

}

[

string ,

]

,

secrets:

{

Description: Permissions to secrets ,

Required: False ,

}

[

string ,

]

,

certificates:

{

Description: Permissions to certificates ,

Required: False ,

}

[

string ,

]

,

storage:

{

Description: Permissions to storage accounts ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

]

,

vaultUri:

{

Description: The URI of the vault for performing operations on keys and secrets. ,

Required: False ,

}

string ,

hsmPoolResourceId:

{

Description: The resource id of HSM Pool. ,

Required: False ,

}

string ,

enabledForDeployment:

{

Description: Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. ,

Required: False ,

}

boolean ,

enabledForDiskEncryption:

{

Description: Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. ,

Required: False ,

}

boolean ,

enabledForTemplateDeployment:

{

Description: Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. ,

Required: False ,

}

boolean ,

enableSoftDelete:

{

Description: Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false. ,

Required: False ,

}

boolean ,

softDeleteRetentionInDays:

{

Description: softDelete data retention days. It accepts >=7 and <=90. ,

Format: int32 ,

Required: False ,

}

integer ,

enableRbacAuthorization:

{

Description: Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC. ,

Required: False ,

}

boolean ,

createMode:

{

Description: The vault's create mode to indicate whether the vault need to be recovered or not. ,

Enum:

{

recover: No description available. ,

default: No description available. ,

}

,

Required: False ,

}

enum ,

enablePurgeProtection:

{

Description: Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value. ,

Required: False ,

}

boolean ,

networkAcls:

{

Description: Rules governing the accessibility of the key vault from specific network locations. ,

Required: False ,

}

{

bypass:

{

Description: Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'. ,

Enum:

{

AzureServices: No description available. ,

None: No description available. ,

}

,

Required: False ,

}

enum ,

defaultAction:

{

Description: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. ,

Enum:

{

Allow: No description available. ,

Deny: No description available. ,

}

,

Required: False ,

}

enum ,

ipRules:

{

Description: The list of IP address rules. ,

Required: False ,

}

[

{

value:

{

Description: An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78). ,

Required: True ,

}

string ,

}

,

]

,

virtualNetworkRules:

{

Description: The list of virtual network rules. ,

Required: False ,

}

[

{

id:

{

Description: Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'. ,

Required: True ,

}

string ,

ignoreMissingVnetServiceEndpoint:

{

Description: Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured. ,

Required: False ,

}

boolean ,

}

,

]

,

}

,

provisioningState:

{

Description: Provisioning state of the vault. ,

Enum:

{

Succeeded: No description available. ,

RegisteringDns: No description available. ,

}

,

Required: False ,

}

enum ,

privateEndpointConnections:

{

Description: List of private endpoint connections associated with the key vault. ,

Required: False ,

}

[

{

id:

{

Description: Id of private endpoint connection. ,

Required: False ,

}

string ,

etag:

{

Description: Modified whenever there is a change in the state of private endpoint connection. ,

Required: False ,

}

string ,

properties:

{

Description: Private endpoint connection properties. ,

Required: False ,

}

{

privateEndpoint:

{

Description: Properties of the private endpoint object. ,

Required: False ,

}

{

id:

{

Description: Full identifier of the private endpoint resource. ,

Required: False ,

}

string ,

}

,

privateLinkServiceConnectionState:

{

Description: Approval state of the private link connection. ,

Required: False ,

}

{

status:

{

Description: Indicates whether the connection has been approved, rejected or removed by the key vault owner. ,

Enum:

{

Pending: No description available. ,

Approved: No description available. ,

Rejected: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

description:

{

Description: The reason for approval or rejection. ,

Required: False ,

}

string ,

actionsRequired:

{

Description: A message indicating if changes on the service provider require any updates on the consumer. ,

Enum:

{

None: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

provisioningState:

{

Description: Provisioning state of the private endpoint connection. ,

Enum:

{

Succeeded: No description available. ,

Creating: No description available. ,

Updating: No description available. ,

Deleting: No description available. ,

Failed: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

}

,

]

,

publicNetworkAccess:

{

Description: Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules. ,

Required: False ,

}

string ,

}

,

}

,

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

}

---

⚐ Response (201)

{

id:

{

Description: Fully qualified identifier of the key vault resource. ,

Required: False ,

}

string ,

name:

{

Description: Name of the key vault resource. ,

Required: False ,

}

string ,

type:

{

Description: Resource type of the key vault resource. ,

Required: False ,

}

string ,

location:

{

Description: Azure location of the key vault resource. ,

Required: False ,

}

string ,

tags:

{

Description: Tags assigned to the key vault resource. ,

Required: False ,

}

object ,

systemData:

{

Description: System metadata for the key vault. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the key vault resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the key vault resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of the key vault resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the key vault resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the key vault resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of the key vault resource last modification (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

}

,

properties:

{

Description: Properties of the vault ,

Required: True ,

}

{

tenantId:

{

Description: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. ,

Format: uuid ,

Required: True ,

}

string ,

sku:

{

Description: SKU details ,

Required: True ,

}

{

family:

{

Description: SKU family name ,

Enum:

{

A: No description available. ,

}

,

Required: True ,

}

enum ,

name:

{

Description: SKU name to specify whether the key vault is a standard vault or a premium vault. ,

Enum:

{

standard: No description available. ,

premium: No description available. ,

}

,

Required: True ,

}

enum ,

}

,

accessPolicies:

{

Description: An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required. ,

Required: False ,

}

[

{

tenantId:

{

Description: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. ,

Format: uuid ,

Required: True ,

}

string ,

objectId:

{

Description: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. ,

Required: True ,

}

string ,

applicationId:

{

Description: Application ID of the client making request on behalf of a principal ,

Format: uuid ,

Required: False ,

}

string ,

permissions:

{

Description: Permissions the identity has for keys, secrets and certificates. ,

Required: True ,

}

{

keys:

{

Description: Permissions to keys ,

Required: False ,

}

[

string ,

]

,

secrets:

{

Description: Permissions to secrets ,

Required: False ,

}

[

string ,

]

,

certificates:

{

Description: Permissions to certificates ,

Required: False ,

}

[

string ,

]

,

storage:

{

Description: Permissions to storage accounts ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

]

,

vaultUri:

{

Description: The URI of the vault for performing operations on keys and secrets. ,

Required: False ,

}

string ,

hsmPoolResourceId:

{

Description: The resource id of HSM Pool. ,

Required: False ,

}

string ,

enabledForDeployment:

{

Description: Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. ,

Required: False ,

}

boolean ,

enabledForDiskEncryption:

{

Description: Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. ,

Required: False ,

}

boolean ,

enabledForTemplateDeployment:

{

Description: Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. ,

Required: False ,

}

boolean ,

enableSoftDelete:

{

Description: Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false. ,

Required: False ,

}

boolean ,

softDeleteRetentionInDays:

{

Description: softDelete data retention days. It accepts >=7 and <=90. ,

Format: int32 ,

Required: False ,

}

integer ,

enableRbacAuthorization:

{

Description: Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC. ,

Required: False ,

}

boolean ,

createMode:

{

Description: The vault's create mode to indicate whether the vault need to be recovered or not. ,

Enum:

{

recover: No description available. ,

default: No description available. ,

}

,

Required: False ,

}

enum ,

enablePurgeProtection:

{

Description: Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value. ,

Required: False ,

}

boolean ,

networkAcls:

{

Description: Rules governing the accessibility of the key vault from specific network locations. ,

Required: False ,

}

{

bypass:

{

Description: Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'. ,

Enum:

{

AzureServices: No description available. ,

None: No description available. ,

}

,

Required: False ,

}

enum ,

defaultAction:

{

Description: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. ,

Enum:

{

Allow: No description available. ,

Deny: No description available. ,

}

,

Required: False ,

}

enum ,

ipRules:

{

Description: The list of IP address rules. ,

Required: False ,

}

[

{

value:

{

Description: An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78). ,

Required: True ,

}

string ,

}

,

]

,

virtualNetworkRules:

{

Description: The list of virtual network rules. ,

Required: False ,

}

[

{

id:

{

Description: Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'. ,

Required: True ,

}

string ,

ignoreMissingVnetServiceEndpoint:

{

Description: Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured. ,

Required: False ,

}

boolean ,

}

,

]

,

}

,

provisioningState:

{

Description: Provisioning state of the vault. ,

Enum:

{

Succeeded: No description available. ,

RegisteringDns: No description available. ,

}

,

Required: False ,

}

enum ,

privateEndpointConnections:

{

Description: List of private endpoint connections associated with the key vault. ,

Required: False ,

}

[

{

id:

{

Description: Id of private endpoint connection. ,

Required: False ,

}

string ,

etag:

{

Description: Modified whenever there is a change in the state of private endpoint connection. ,

Required: False ,

}

string ,

properties:

{

Description: Private endpoint connection properties. ,

Required: False ,

}

{

privateEndpoint:

{

Description: Properties of the private endpoint object. ,

Required: False ,

}

{

id:

{

Description: Full identifier of the private endpoint resource. ,

Required: False ,

}

string ,

}

,

privateLinkServiceConnectionState:

{

Description: Approval state of the private link connection. ,

Required: False ,

}

{

status:

{

Description: Indicates whether the connection has been approved, rejected or removed by the key vault owner. ,

Enum:

{

Pending: No description available. ,

Approved: No description available. ,

Rejected: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

description:

{

Description: The reason for approval or rejection. ,

Required: False ,

}

string ,

actionsRequired:

{

Description: A message indicating if changes on the service provider require any updates on the consumer. ,

Enum:

{

None: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

provisioningState:

{

Description: Provisioning state of the private endpoint connection. ,

Enum:

{

Succeeded: No description available. ,

Creating: No description available. ,

Updating: No description available. ,

Deleting: No description available. ,

Failed: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

}

,

]

,

publicNetworkAccess:

{

Description: Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules. ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (200)

{

id:

{

Description: Fully qualified identifier of the key vault resource. ,

Required: False ,

}

string ,

name:

{

Description: Name of the key vault resource. ,

Required: False ,

}

string ,

type:

{

Description: Resource type of the key vault resource. ,

Required: False ,

}

string ,

location:

{

Description: Azure location of the key vault resource. ,

Required: False ,

}

string ,

tags:

{

Description: Tags assigned to the key vault resource. ,

Required: False ,

}

object ,

systemData:

{

Description: System metadata for the key vault. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the key vault resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the key vault resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of the key vault resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the key vault resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the key vault resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of the key vault resource last modification (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

}

,

properties:

{

Description: Properties of the vault ,

Required: True ,

}

{

tenantId:

{

Description: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. ,

Format: uuid ,

Required: True ,

}

string ,

sku:

{

Description: SKU details ,

Required: True ,

}

{

family:

{

Description: SKU family name ,

Enum:

{

A: No description available. ,

}

,

Required: True ,

}

enum ,

name:

{

Description: SKU name to specify whether the key vault is a standard vault or a premium vault. ,

Enum:

{

standard: No description available. ,

premium: No description available. ,

}

,

Required: True ,

}

enum ,

}

,

accessPolicies:

{

Description: An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required. ,

Required: False ,

}

[

{

tenantId:

{

Description: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. ,

Format: uuid ,

Required: True ,

}

string ,

objectId:

{

Description: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. ,

Required: True ,

}

string ,

applicationId:

{

Description: Application ID of the client making request on behalf of a principal ,

Format: uuid ,

Required: False ,

}

string ,

permissions:

{

Description: Permissions the identity has for keys, secrets and certificates. ,

Required: True ,

}

{

keys:

{

Description: Permissions to keys ,

Required: False ,

}

[

string ,

]

,

secrets:

{

Description: Permissions to secrets ,

Required: False ,

}

[

string ,

]

,

certificates:

{

Description: Permissions to certificates ,

Required: False ,

}

[

string ,

]

,

storage:

{

Description: Permissions to storage accounts ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

]

,

vaultUri:

{

Description: The URI of the vault for performing operations on keys and secrets. ,

Required: False ,

}

string ,

hsmPoolResourceId:

{

Description: The resource id of HSM Pool. ,

Required: False ,

}

string ,

enabledForDeployment:

{

Description: Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. ,

Required: False ,

}

boolean ,

enabledForDiskEncryption:

{

Description: Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. ,

Required: False ,

}

boolean ,

enabledForTemplateDeployment:

{

Description: Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. ,

Required: False ,

}

boolean ,

enableSoftDelete:

{

Description: Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false. ,

Required: False ,

}

boolean ,

softDeleteRetentionInDays:

{

Description: softDelete data retention days. It accepts >=7 and <=90. ,

Format: int32 ,

Required: False ,

}

integer ,

enableRbacAuthorization:

{

Description: Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC. ,

Required: False ,

}

boolean ,

createMode:

{

Description: The vault's create mode to indicate whether the vault need to be recovered or not. ,

Enum:

{

recover: No description available. ,

default: No description available. ,

}

,

Required: False ,

}

enum ,

enablePurgeProtection:

{

Description: Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value. ,

Required: False ,

}

boolean ,

networkAcls:

{

Description: Rules governing the accessibility of the key vault from specific network locations. ,

Required: False ,

}

{

bypass:

{

Description: Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'. ,

Enum:

{

AzureServices: No description available. ,

None: No description available. ,

}

,

Required: False ,

}

enum ,

defaultAction:

{

Description: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. ,

Enum:

{

Allow: No description available. ,

Deny: No description available. ,

}

,

Required: False ,

}

enum ,

ipRules:

{

Description: The list of IP address rules. ,

Required: False ,

}

[

{

value:

{

Description: An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78). ,

Required: True ,

}

string ,

}

,

]

,

virtualNetworkRules:

{

Description: The list of virtual network rules. ,

Required: False ,

}

[

{

id:

{

Description: Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'. ,

Required: True ,

}

string ,

ignoreMissingVnetServiceEndpoint:

{

Description: Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured. ,

Required: False ,

}

boolean ,

}

,

]

,

}

,

provisioningState:

{

Description: Provisioning state of the vault. ,

Enum:

{

Succeeded: No description available. ,

RegisteringDns: No description available. ,

}

,

Required: False ,

}

enum ,

privateEndpointConnections:

{

Description: List of private endpoint connections associated with the key vault. ,

Required: False ,

}

[

{

id:

{

Description: Id of private endpoint connection. ,

Required: False ,

}

string ,

etag:

{

Description: Modified whenever there is a change in the state of private endpoint connection. ,

Required: False ,

}

string ,

properties:

{

Description: Private endpoint connection properties. ,

Required: False ,

}

{

privateEndpoint:

{

Description: Properties of the private endpoint object. ,

Required: False ,

}

{

id:

{

Description: Full identifier of the private endpoint resource. ,

Required: False ,

}

string ,

}

,

privateLinkServiceConnectionState:

{

Description: Approval state of the private link connection. ,

Required: False ,

}

{

status:

{

Description: Indicates whether the connection has been approved, rejected or removed by the key vault owner. ,

Enum:

{

Pending: No description available. ,

Approved: No description available. ,

Rejected: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

description:

{

Description: The reason for approval or rejection. ,

Required: False ,

}

string ,

actionsRequired:

{

Description: A message indicating if changes on the service provider require any updates on the consumer. ,

Enum:

{

None: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

provisioningState:

{

Description: Provisioning state of the private endpoint connection. ,

Enum:

{

Succeeded: No description available. ,

Creating: No description available. ,

Updating: No description available. ,

Deleting: No description available. ,

Failed: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

}

,

]

,

publicNetworkAccess:

{

Description: Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules. ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: An error response from Key Vault resource provider ,

Required: False ,

}

{

code:

{

Description: Error code. This is a mnemonic that can be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: User friendly error message. The message is typically localized and may vary with service version. ,

Required: False ,

}

string ,

}

,

}

Vaults_Update (new)

Description	:  Update a key vault in the specified subscription.
Reference	:  Link ¶

---

⚼ Request

PATCH:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}

{

resourceGroupName:

{

Description: The name of the Resource Group to which the server belongs. ,

Required: True ,

}

string ,

vaultName:

{

Description: Name of the vault ,

Required: True ,

}

string ,

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

parameters:

{

Description: Parameters to patch the vault ,

Required: True ,

}

{

tags:

{

Description: The tags that will be assigned to the key vault. ,

Required: False ,

}

object ,

properties:

{

Description: Properties of the vault ,

Required: False ,

}

{

tenantId:

{

Description: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. ,

Format: uuid ,

Required: False ,

}

string ,

sku:

{

Description: SKU details ,

Required: False ,

}

{

family:

{

Description: SKU family name ,

Enum:

{

A: No description available. ,

}

,

Required: True ,

}

enum ,

name:

{

Description: SKU name to specify whether the key vault is a standard vault or a premium vault. ,

Enum:

{

standard: No description available. ,

premium: No description available. ,

}

,

Required: True ,

}

enum ,

}

,

accessPolicies:

{

Description: An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. ,

Required: False ,

}

[

{

tenantId:

{

Description: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. ,

Format: uuid ,

Required: True ,

}

string ,

objectId:

{

Description: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. ,

Required: True ,

}

string ,

applicationId:

{

Description: Application ID of the client making request on behalf of a principal ,

Format: uuid ,

Required: False ,

}

string ,

permissions:

{

Description: Permissions the identity has for keys, secrets and certificates. ,

Required: True ,

}

{

keys:

{

Description: Permissions to keys ,

Required: False ,

}

[

string ,

]

,

secrets:

{

Description: Permissions to secrets ,

Required: False ,

}

[

string ,

]

,

certificates:

{

Description: Permissions to certificates ,

Required: False ,

}

[

string ,

]

,

storage:

{

Description: Permissions to storage accounts ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

]

,

enabledForDeployment:

{

Description: Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. ,

Required: False ,

}

boolean ,

enabledForDiskEncryption:

{

Description: Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. ,

Required: False ,

}

boolean ,

enabledForTemplateDeployment:

{

Description: Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. ,

Required: False ,

}

boolean ,

enableSoftDelete:

{

Description: Property to specify whether the 'soft delete' functionality is enabled for this key vault. Once set to true, it cannot be reverted to false. ,

Required: False ,

}

boolean ,

enableRbacAuthorization:

{

Description: Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the value of this property will not change. ,

Required: False ,

}

boolean ,

softDeleteRetentionInDays:

{

Description: softDelete data retention days. It accepts >=7 and <=90. ,

Format: int32 ,

Required: False ,

}

integer ,

createMode:

{

Description: The vault's create mode to indicate whether the vault need to be recovered or not. ,

Enum:

{

recover: No description available. ,

default: No description available. ,

}

,

Required: False ,

}

enum ,

enablePurgeProtection:

{

Description: Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value. ,

Required: False ,

}

boolean ,

networkAcls:

{

Description: A collection of rules governing the accessibility of the vault from specific network locations. ,

Required: False ,

}

{

bypass:

{

Description: Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'. ,

Enum:

{

AzureServices: No description available. ,

None: No description available. ,

}

,

Required: False ,

}

enum ,

defaultAction:

{

Description: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. ,

Enum:

{

Allow: No description available. ,

Deny: No description available. ,

}

,

Required: False ,

}

enum ,

ipRules:

{

Description: The list of IP address rules. ,

Required: False ,

}

[

{

value:

{

Description: An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78). ,

Required: True ,

}

string ,

}

,

]

,

virtualNetworkRules:

{

Description: The list of virtual network rules. ,

Required: False ,

}

[

{

id:

{

Description: Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'. ,

Required: True ,

}

string ,

ignoreMissingVnetServiceEndpoint:

{

Description: Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured. ,

Required: False ,

}

boolean ,

}

,

]

,

}

,

publicNetworkAccess:

{

Description: Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules. ,

Required: False ,

}

string ,

}

,

}

,

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

}

---

⚐ Response (201)

{

id:

{

Description: Fully qualified identifier of the key vault resource. ,

Required: False ,

}

string ,

name:

{

Description: Name of the key vault resource. ,

Required: False ,

}

string ,

type:

{

Description: Resource type of the key vault resource. ,

Required: False ,

}

string ,

location:

{

Description: Azure location of the key vault resource. ,

Required: False ,

}

string ,

tags:

{

Description: Tags assigned to the key vault resource. ,

Required: False ,

}

object ,

systemData:

{

Description: System metadata for the key vault. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the key vault resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the key vault resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of the key vault resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the key vault resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the key vault resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of the key vault resource last modification (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

}

,

properties:

{

Description: Properties of the vault ,

Required: True ,

}

{

tenantId:

{

Description: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. ,

Format: uuid ,

Required: True ,

}

string ,

sku:

{

Description: SKU details ,

Required: True ,

}

{

family:

{

Description: SKU family name ,

Enum:

{

A: No description available. ,

}

,

Required: True ,

}

enum ,

name:

{

Description: SKU name to specify whether the key vault is a standard vault or a premium vault. ,

Enum:

{

standard: No description available. ,

premium: No description available. ,

}

,

Required: True ,

}

enum ,

}

,

accessPolicies:

{

Description: An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required. ,

Required: False ,

}

[

{

tenantId:

{

Description: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. ,

Format: uuid ,

Required: True ,

}

string ,

objectId:

{

Description: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. ,

Required: True ,

}

string ,

applicationId:

{

Description: Application ID of the client making request on behalf of a principal ,

Format: uuid ,

Required: False ,

}

string ,

permissions:

{

Description: Permissions the identity has for keys, secrets and certificates. ,

Required: True ,

}

{

keys:

{

Description: Permissions to keys ,

Required: False ,

}

[

string ,

]

,

secrets:

{

Description: Permissions to secrets ,

Required: False ,

}

[

string ,

]

,

certificates:

{

Description: Permissions to certificates ,

Required: False ,

}

[

string ,

]

,

storage:

{

Description: Permissions to storage accounts ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

]

,

vaultUri:

{

Description: The URI of the vault for performing operations on keys and secrets. ,

Required: False ,

}

string ,

hsmPoolResourceId:

{

Description: The resource id of HSM Pool. ,

Required: False ,

}

string ,

enabledForDeployment:

{

Description: Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. ,

Required: False ,

}

boolean ,

enabledForDiskEncryption:

{

Description: Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. ,

Required: False ,

}

boolean ,

enabledForTemplateDeployment:

{

Description: Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. ,

Required: False ,

}

boolean ,

enableSoftDelete:

{

Description: Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false. ,

Required: False ,

}

boolean ,

softDeleteRetentionInDays:

{

Description: softDelete data retention days. It accepts >=7 and <=90. ,

Format: int32 ,

Required: False ,

}

integer ,

enableRbacAuthorization:

{

Description: Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC. ,

Required: False ,

}

boolean ,

createMode:

{

Description: The vault's create mode to indicate whether the vault need to be recovered or not. ,

Enum:

{

recover: No description available. ,

default: No description available. ,

}

,

Required: False ,

}

enum ,

enablePurgeProtection:

{

Description: Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value. ,

Required: False ,

}

boolean ,

networkAcls:

{

Description: Rules governing the accessibility of the key vault from specific network locations. ,

Required: False ,

}

{

bypass:

{

Description: Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'. ,

Enum:

{

AzureServices: No description available. ,

None: No description available. ,

}

,

Required: False ,

}

enum ,

defaultAction:

{

Description: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. ,

Enum:

{

Allow: No description available. ,

Deny: No description available. ,

}

,

Required: False ,

}

enum ,

ipRules:

{

Description: The list of IP address rules. ,

Required: False ,

}

[

{

value:

{

Description: An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78). ,

Required: True ,

}

string ,

}

,

]

,

virtualNetworkRules:

{

Description: The list of virtual network rules. ,

Required: False ,

}

[

{

id:

{

Description: Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'. ,

Required: True ,

}

string ,

ignoreMissingVnetServiceEndpoint:

{

Description: Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured. ,

Required: False ,

}

boolean ,

}

,

]

,

}

,

provisioningState:

{

Description: Provisioning state of the vault. ,

Enum:

{

Succeeded: No description available. ,

RegisteringDns: No description available. ,

}

,

Required: False ,

}

enum ,

privateEndpointConnections:

{

Description: List of private endpoint connections associated with the key vault. ,

Required: False ,

}

[

{

id:

{

Description: Id of private endpoint connection. ,

Required: False ,

}

string ,

etag:

{

Description: Modified whenever there is a change in the state of private endpoint connection. ,

Required: False ,

}

string ,

properties:

{

Description: Private endpoint connection properties. ,

Required: False ,

}

{

privateEndpoint:

{

Description: Properties of the private endpoint object. ,

Required: False ,

}

{

id:

{

Description: Full identifier of the private endpoint resource. ,

Required: False ,

}

string ,

}

,

privateLinkServiceConnectionState:

{

Description: Approval state of the private link connection. ,

Required: False ,

}

{

status:

{

Description: Indicates whether the connection has been approved, rejected or removed by the key vault owner. ,

Enum:

{

Pending: No description available. ,

Approved: No description available. ,

Rejected: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

description:

{

Description: The reason for approval or rejection. ,

Required: False ,

}

string ,

actionsRequired:

{

Description: A message indicating if changes on the service provider require any updates on the consumer. ,

Enum:

{

None: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

provisioningState:

{

Description: Provisioning state of the private endpoint connection. ,

Enum:

{

Succeeded: No description available. ,

Creating: No description available. ,

Updating: No description available. ,

Deleting: No description available. ,

Failed: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

}

,

]

,

publicNetworkAccess:

{

Description: Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules. ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (200)

{

id:

{

Description: Fully qualified identifier of the key vault resource. ,

Required: False ,

}

string ,

name:

{

Description: Name of the key vault resource. ,

Required: False ,

}

string ,

type:

{

Description: Resource type of the key vault resource. ,

Required: False ,

}

string ,

location:

{

Description: Azure location of the key vault resource. ,

Required: False ,

}

string ,

tags:

{

Description: Tags assigned to the key vault resource. ,

Required: False ,

}

object ,

systemData:

{

Description: System metadata for the key vault. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the key vault resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the key vault resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of the key vault resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the key vault resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the key vault resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of the key vault resource last modification (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

}

,

properties:

{

Description: Properties of the vault ,

Required: True ,

}

{

tenantId:

{

Description: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. ,

Format: uuid ,

Required: True ,

}

string ,

sku:

{

Description: SKU details ,

Required: True ,

}

{

family:

{

Description: SKU family name ,

Enum:

{

A: No description available. ,

}

,

Required: True ,

}

enum ,

name:

{

Description: SKU name to specify whether the key vault is a standard vault or a premium vault. ,

Enum:

{

standard: No description available. ,

premium: No description available. ,

}

,

Required: True ,

}

enum ,

}

,

accessPolicies:

{

Description: An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required. ,

Required: False ,

}

[

{

tenantId:

{

Description: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. ,

Format: uuid ,

Required: True ,

}

string ,

objectId:

{

Description: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. ,

Required: True ,

}

string ,

applicationId:

{

Description: Application ID of the client making request on behalf of a principal ,

Format: uuid ,

Required: False ,

}

string ,

permissions:

{

Description: Permissions the identity has for keys, secrets and certificates. ,

Required: True ,

}

{

keys:

{

Description: Permissions to keys ,

Required: False ,

}

[

string ,

]

,

secrets:

{

Description: Permissions to secrets ,

Required: False ,

}

[

string ,

]

,

certificates:

{

Description: Permissions to certificates ,

Required: False ,

}

[

string ,

]

,

storage:

{

Description: Permissions to storage accounts ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

]

,

vaultUri:

{

Description: The URI of the vault for performing operations on keys and secrets. ,

Required: False ,

}

string ,

hsmPoolResourceId:

{

Description: The resource id of HSM Pool. ,

Required: False ,

}

string ,

enabledForDeployment:

{

Description: Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. ,

Required: False ,

}

boolean ,

enabledForDiskEncryption:

{

Description: Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. ,

Required: False ,

}

boolean ,

enabledForTemplateDeployment:

{

Description: Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. ,

Required: False ,

}

boolean ,

enableSoftDelete:

{

Description: Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false. ,

Required: False ,

}

boolean ,

softDeleteRetentionInDays:

{

Description: softDelete data retention days. It accepts >=7 and <=90. ,

Format: int32 ,

Required: False ,

}

integer ,

enableRbacAuthorization:

{

Description: Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC. ,

Required: False ,

}

boolean ,

createMode:

{

Description: The vault's create mode to indicate whether the vault need to be recovered or not. ,

Enum:

{

recover: No description available. ,

default: No description available. ,

}

,

Required: False ,

}

enum ,

enablePurgeProtection:

{

Description: Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value. ,

Required: False ,

}

boolean ,

networkAcls:

{

Description: Rules governing the accessibility of the key vault from specific network locations. ,

Required: False ,

}

{

bypass:

{

Description: Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'. ,

Enum:

{

AzureServices: No description available. ,

None: No description available. ,

}

,

Required: False ,

}

enum ,

defaultAction:

{

Description: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. ,

Enum:

{

Allow: No description available. ,

Deny: No description available. ,

}

,

Required: False ,

}

enum ,

ipRules:

{

Description: The list of IP address rules. ,

Required: False ,

}

[

{

value:

{

Description: An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78). ,

Required: True ,

}

string ,

}

,

]

,

virtualNetworkRules:

{

Description: The list of virtual network rules. ,

Required: False ,

}

[

{

id:

{

Description: Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'. ,

Required: True ,

}

string ,

ignoreMissingVnetServiceEndpoint:

{

Description: Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured. ,

Required: False ,

}

boolean ,

}

,

]

,

}

,

provisioningState:

{

Description: Provisioning state of the vault. ,

Enum:

{

Succeeded: No description available. ,

RegisteringDns: No description available. ,

}

,

Required: False ,

}

enum ,

privateEndpointConnections:

{

Description: List of private endpoint connections associated with the key vault. ,

Required: False ,

}

[

{

id:

{

Description: Id of private endpoint connection. ,

Required: False ,

}

string ,

etag:

{

Description: Modified whenever there is a change in the state of private endpoint connection. ,

Required: False ,

}

string ,

properties:

{

Description: Private endpoint connection properties. ,

Required: False ,

}

{

privateEndpoint:

{

Description: Properties of the private endpoint object. ,

Required: False ,

}

{

id:

{

Description: Full identifier of the private endpoint resource. ,

Required: False ,

}

string ,

}

,

privateLinkServiceConnectionState:

{

Description: Approval state of the private link connection. ,

Required: False ,

}

{

status:

{

Description: Indicates whether the connection has been approved, rejected or removed by the key vault owner. ,

Enum:

{

Pending: No description available. ,

Approved: No description available. ,

Rejected: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

description:

{

Description: The reason for approval or rejection. ,

Required: False ,

}

string ,

actionsRequired:

{

Description: A message indicating if changes on the service provider require any updates on the consumer. ,

Enum:

{

None: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

provisioningState:

{

Description: Provisioning state of the private endpoint connection. ,

Enum:

{

Succeeded: No description available. ,

Creating: No description available. ,

Updating: No description available. ,

Deleting: No description available. ,

Failed: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

}

,

]

,

publicNetworkAccess:

{

Description: Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules. ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: An error response from Key Vault resource provider ,

Required: False ,

}

{

code:

{

Description: Error code. This is a mnemonic that can be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: User friendly error message. The message is typically localized and may vary with service version. ,

Required: False ,

}

string ,

}

,

}

Vaults_Delete (new)

Description	:  Deletes the specified Azure key vault.
Reference	:  Link ¶

---

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}

{

resourceGroupName:

{

Description: The name of the Resource Group to which the vault belongs. ,

Required: True ,

}

string ,

vaultName:

{

Description: The name of the vault to delete ,

Required: True ,

}

string ,

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{}

---

⚐ Response (204)

{}

---

⚐ Response (default)

{

error:

{

Description: An error response from Key Vault resource provider ,

Required: False ,

}

{

code:

{

Description: Error code. This is a mnemonic that can be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: User friendly error message. The message is typically localized and may vary with service version. ,

Required: False ,

}

string ,

}

,

}

Vaults_Get (new)

Description	:  Gets the specified Azure key vault.
Reference	:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}

{

resourceGroupName:

{

Description: The name of the Resource Group to which the vault belongs. ,

Required: True ,

}

string ,

vaultName:

{

Description: The name of the vault. ,

Required: True ,

}

string ,

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

id:

{

Description: Fully qualified identifier of the key vault resource. ,

Required: False ,

}

string ,

name:

{

Description: Name of the key vault resource. ,

Required: False ,

}

string ,

type:

{

Description: Resource type of the key vault resource. ,

Required: False ,

}

string ,

location:

{

Description: Azure location of the key vault resource. ,

Required: False ,

}

string ,

tags:

{

Description: Tags assigned to the key vault resource. ,

Required: False ,

}

object ,

systemData:

{

Description: System metadata for the key vault. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the key vault resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the key vault resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of the key vault resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the key vault resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the key vault resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of the key vault resource last modification (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

}

,

properties:

{

Description: Properties of the vault ,

Required: True ,

}

{

tenantId:

{

Description: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. ,

Format: uuid ,

Required: True ,

}

string ,

sku:

{

Description: SKU details ,

Required: True ,

}

{

family:

{

Description: SKU family name ,

Enum:

{

A: No description available. ,

}

,

Required: True ,

}

enum ,

name:

{

Description: SKU name to specify whether the key vault is a standard vault or a premium vault. ,

Enum:

{

standard: No description available. ,

premium: No description available. ,

}

,

Required: True ,

}

enum ,

}

,

accessPolicies:

{

Description: An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required. ,

Required: False ,

}

[

{

tenantId:

{

Description: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. ,

Format: uuid ,

Required: True ,

}

string ,

objectId:

{

Description: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. ,

Required: True ,

}

string ,

applicationId:

{

Description: Application ID of the client making request on behalf of a principal ,

Format: uuid ,

Required: False ,

}

string ,

permissions:

{

Description: Permissions the identity has for keys, secrets and certificates. ,

Required: True ,

}

{

keys:

{

Description: Permissions to keys ,

Required: False ,

}

[

string ,

]

,

secrets:

{

Description: Permissions to secrets ,

Required: False ,

}

[

string ,

]

,

certificates:

{

Description: Permissions to certificates ,

Required: False ,

}

[

string ,

]

,

storage:

{

Description: Permissions to storage accounts ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

]

,

vaultUri:

{

Description: The URI of the vault for performing operations on keys and secrets. ,

Required: False ,

}

string ,

hsmPoolResourceId:

{

Description: The resource id of HSM Pool. ,

Required: False ,

}

string ,

enabledForDeployment:

{

Description: Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. ,

Required: False ,

}

boolean ,

enabledForDiskEncryption:

{

Description: Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. ,

Required: False ,

}

boolean ,

enabledForTemplateDeployment:

{

Description: Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. ,

Required: False ,

}

boolean ,

enableSoftDelete:

{

Description: Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false. ,

Required: False ,

}

boolean ,

softDeleteRetentionInDays:

{

Description: softDelete data retention days. It accepts >=7 and <=90. ,

Format: int32 ,

Required: False ,

}

integer ,

enableRbacAuthorization:

{

Description: Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC. ,

Required: False ,

}

boolean ,

createMode:

{

Description: The vault's create mode to indicate whether the vault need to be recovered or not. ,

Enum:

{

recover: No description available. ,

default: No description available. ,

}

,

Required: False ,

}

enum ,

enablePurgeProtection:

{

Description: Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value. ,

Required: False ,

}

boolean ,

networkAcls:

{

Description: Rules governing the accessibility of the key vault from specific network locations. ,

Required: False ,

}

{

bypass:

{

Description: Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'. ,

Enum:

{

AzureServices: No description available. ,

None: No description available. ,

}

,

Required: False ,

}

enum ,

defaultAction:

{

Description: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. ,

Enum:

{

Allow: No description available. ,

Deny: No description available. ,

}

,

Required: False ,

}

enum ,

ipRules:

{

Description: The list of IP address rules. ,

Required: False ,

}

[

{

value:

{

Description: An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78). ,

Required: True ,

}

string ,

}

,

]

,

virtualNetworkRules:

{

Description: The list of virtual network rules. ,

Required: False ,

}

[

{

id:

{

Description: Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'. ,

Required: True ,

}

string ,

ignoreMissingVnetServiceEndpoint:

{

Description: Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured. ,

Required: False ,

}

boolean ,

}

,

]

,

}

,

provisioningState:

{

Description: Provisioning state of the vault. ,

Enum:

{

Succeeded: No description available. ,

RegisteringDns: No description available. ,

}

,

Required: False ,

}

enum ,

privateEndpointConnections:

{

Description: List of private endpoint connections associated with the key vault. ,

Required: False ,

}

[

{

id:

{

Description: Id of private endpoint connection. ,

Required: False ,

}

string ,

etag:

{

Description: Modified whenever there is a change in the state of private endpoint connection. ,

Required: False ,

}

string ,

properties:

{

Description: Private endpoint connection properties. ,

Required: False ,

}

{

privateEndpoint:

{

Description: Properties of the private endpoint object. ,

Required: False ,

}

{

id:

{

Description: Full identifier of the private endpoint resource. ,

Required: False ,

}

string ,

}

,

privateLinkServiceConnectionState:

{

Description: Approval state of the private link connection. ,

Required: False ,

}

{

status:

{

Description: Indicates whether the connection has been approved, rejected or removed by the key vault owner. ,

Enum:

{

Pending: No description available. ,

Approved: No description available. ,

Rejected: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

description:

{

Description: The reason for approval or rejection. ,

Required: False ,

}

string ,

actionsRequired:

{

Description: A message indicating if changes on the service provider require any updates on the consumer. ,

Enum:

{

None: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

provisioningState:

{

Description: Provisioning state of the private endpoint connection. ,

Enum:

{

Succeeded: No description available. ,

Creating: No description available. ,

Updating: No description available. ,

Deleting: No description available. ,

Failed: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

}

,

]

,

publicNetworkAccess:

{

Description: Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules. ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: An error response from Key Vault resource provider ,

Required: False ,

}

{

code:

{

Description: Error code. This is a mnemonic that can be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: User friendly error message. The message is typically localized and may vary with service version. ,

Required: False ,

}

string ,

}

,

}

Vaults_UpdateAccessPolicy (new)

Description	:  Update access policies in a key vault in the specified subscription.
Reference	:  Link ¶

---

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}/accessPolicies/{operationKind}

{

resourceGroupName:

{

Description: The name of the Resource Group to which the vault belongs. ,

Required: True ,

}

string ,

vaultName:

{

Description: Name of the vault ,

Required: True ,

}

string ,

operationKind:

{

Description: Name of the operation ,

Required: True ,

}

string ,

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

parameters:

{

Description: Access policy to merge into the vault ,

Required: True ,

}

{

id:

{

Description: The resource id of the access policy. ,

Required: False ,

}

string ,

name:

{

Description: The resource name of the access policy. ,

Required: False ,

}

string ,

type:

{

Description: The resource name of the access policy. ,

Required: False ,

}

string ,

location:

{

Description: The resource type of the access policy. ,

Required: False ,

}

string ,

properties:

{

Description: Properties of the access policy ,

Required: True ,

}

{

accessPolicies:

{

Description: An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. ,

Required: True ,

}

[

{

tenantId:

{

Description: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. ,

Format: uuid ,

Required: True ,

}

string ,

objectId:

{

Description: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. ,

Required: True ,

}

string ,

applicationId:

{

Description: Application ID of the client making request on behalf of a principal ,

Format: uuid ,

Required: False ,

}

string ,

permissions:

{

Description: Permissions the identity has for keys, secrets and certificates. ,

Required: True ,

}

{

keys:

{

Description: Permissions to keys ,

Required: False ,

}

[

string ,

]

,

secrets:

{

Description: Permissions to secrets ,

Required: False ,

}

[

string ,

]

,

certificates:

{

Description: Permissions to certificates ,

Required: False ,

}

[

string ,

]

,

storage:

{

Description: Permissions to storage accounts ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

]

,

}

,

}

,

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

}

---

⚐ Response (201)

{

id:

{

Description: The resource id of the access policy. ,

Required: False ,

}

string ,

name:

{

Description: The resource name of the access policy. ,

Required: False ,

}

string ,

type:

{

Description: The resource name of the access policy. ,

Required: False ,

}

string ,

location:

{

Description: The resource type of the access policy. ,

Required: False ,

}

string ,

properties:

{

Description: Properties of the access policy ,

Required: True ,

}

{

accessPolicies:

{

Description: An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. ,

Required: True ,

}

[

{

tenantId:

{

Description: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. ,

Format: uuid ,

Required: True ,

}

string ,

objectId:

{

Description: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. ,

Required: True ,

}

string ,

applicationId:

{

Description: Application ID of the client making request on behalf of a principal ,

Format: uuid ,

Required: False ,

}

string ,

permissions:

{

Description: Permissions the identity has for keys, secrets and certificates. ,

Required: True ,

}

{

keys:

{

Description: Permissions to keys ,

Required: False ,

}

[

string ,

]

,

secrets:

{

Description: Permissions to secrets ,

Required: False ,

}

[

string ,

]

,

certificates:

{

Description: Permissions to certificates ,

Required: False ,

}

[

string ,

]

,

storage:

{

Description: Permissions to storage accounts ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

]

,

}

,

}

---

⚐ Response (200)

{

id:

{

Description: The resource id of the access policy. ,

Required: False ,

}

string ,

name:

{

Description: The resource name of the access policy. ,

Required: False ,

}

string ,

type:

{

Description: The resource name of the access policy. ,

Required: False ,

}

string ,

location:

{

Description: The resource type of the access policy. ,

Required: False ,

}

string ,

properties:

{

Description: Properties of the access policy ,

Required: True ,

}

{

accessPolicies:

{

Description: An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. ,

Required: True ,

}

[

{

tenantId:

{

Description: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. ,

Format: uuid ,

Required: True ,

}

string ,

objectId:

{

Description: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. ,

Required: True ,

}

string ,

applicationId:

{

Description: Application ID of the client making request on behalf of a principal ,

Format: uuid ,

Required: False ,

}

string ,

permissions:

{

Description: Permissions the identity has for keys, secrets and certificates. ,

Required: True ,

}

{

keys:

{

Description: Permissions to keys ,

Required: False ,

}

[

string ,

]

,

secrets:

{

Description: Permissions to secrets ,

Required: False ,

}

[

string ,

]

,

certificates:

{

Description: Permissions to certificates ,

Required: False ,

}

[

string ,

]

,

storage:

{

Description: Permissions to storage accounts ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

]

,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: An error response from Key Vault resource provider ,

Required: False ,

}

{

code:

{

Description: Error code. This is a mnemonic that can be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: User friendly error message. The message is typically localized and may vary with service version. ,

Required: False ,

}

string ,

}

,

}

Vaults_ListByResourceGroup (new)

Description	:  The List operation gets information about the vaults associated with the subscription and within the specified resource group.
Reference	:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults

{

resourceGroupName:

{

Description: The name of the Resource Group to which the vault belongs. ,

Required: True ,

}

string ,

$top:

{

Description: Maximum number of results to return. ,

Format: int32 ,

Required: False ,

}

integer ,

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

value:

{

Description: The list of vaults. ,

Required: False ,

}

[

{

id:

{

Description: Fully qualified identifier of the key vault resource. ,

Required: False ,

}

string ,

name:

{

Description: Name of the key vault resource. ,

Required: False ,

}

string ,

type:

{

Description: Resource type of the key vault resource. ,

Required: False ,

}

string ,

location:

{

Description: Azure location of the key vault resource. ,

Required: False ,

}

string ,

tags:

{

Description: Tags assigned to the key vault resource. ,

Required: False ,

}

object ,

systemData:

{

Description: System metadata for the key vault. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the key vault resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the key vault resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of the key vault resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the key vault resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the key vault resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of the key vault resource last modification (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

}

,

properties:

{

Description: Properties of the vault ,

Required: True ,

}

{

tenantId:

{

Description: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. ,

Format: uuid ,

Required: True ,

}

string ,

sku:

{

Description: SKU details ,

Required: True ,

}

{

family:

{

Description: SKU family name ,

Enum:

{

A: No description available. ,

}

,

Required: True ,

}

enum ,

name:

{

Description: SKU name to specify whether the key vault is a standard vault or a premium vault. ,

Enum:

{

standard: No description available. ,

premium: No description available. ,

}

,

Required: True ,

}

enum ,

}

,

accessPolicies:

{

Description: An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required. ,

Required: False ,

}

[

{

tenantId:

{

Description: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. ,

Format: uuid ,

Required: True ,

}

string ,

objectId:

{

Description: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. ,

Required: True ,

}

string ,

applicationId:

{

Description: Application ID of the client making request on behalf of a principal ,

Format: uuid ,

Required: False ,

}

string ,

permissions:

{

Description: Permissions the identity has for keys, secrets and certificates. ,

Required: True ,

}

{

keys:

{

Description: Permissions to keys ,

Required: False ,

}

[

string ,

]

,

secrets:

{

Description: Permissions to secrets ,

Required: False ,

}

[

string ,

]

,

certificates:

{

Description: Permissions to certificates ,

Required: False ,

}

[

string ,

]

,

storage:

{

Description: Permissions to storage accounts ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

]

,

vaultUri:

{

Description: The URI of the vault for performing operations on keys and secrets. ,

Required: False ,

}

string ,

hsmPoolResourceId:

{

Description: The resource id of HSM Pool. ,

Required: False ,

}

string ,

enabledForDeployment:

{

Description: Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. ,

Required: False ,

}

boolean ,

enabledForDiskEncryption:

{

Description: Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. ,

Required: False ,

}

boolean ,

enabledForTemplateDeployment:

{

Description: Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. ,

Required: False ,

}

boolean ,

enableSoftDelete:

{

Description: Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false. ,

Required: False ,

}

boolean ,

softDeleteRetentionInDays:

{

Description: softDelete data retention days. It accepts >=7 and <=90. ,

Format: int32 ,

Required: False ,

}

integer ,

enableRbacAuthorization:

{

Description: Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC. ,

Required: False ,

}

boolean ,

createMode:

{

Description: The vault's create mode to indicate whether the vault need to be recovered or not. ,

Enum:

{

recover: No description available. ,

default: No description available. ,

}

,

Required: False ,

}

enum ,

enablePurgeProtection:

{

Description: Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value. ,

Required: False ,

}

boolean ,

networkAcls:

{

Description: Rules governing the accessibility of the key vault from specific network locations. ,

Required: False ,

}

{

bypass:

{

Description: Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'. ,

Enum:

{

AzureServices: No description available. ,

None: No description available. ,

}

,

Required: False ,

}

enum ,

defaultAction:

{

Description: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. ,

Enum:

{

Allow: No description available. ,

Deny: No description available. ,

}

,

Required: False ,

}

enum ,

ipRules:

{

Description: The list of IP address rules. ,

Required: False ,

}

[

{

value:

{

Description: An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78). ,

Required: True ,

}

string ,

}

,

]

,

virtualNetworkRules:

{

Description: The list of virtual network rules. ,

Required: False ,

}

[

{

id:

{

Description: Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'. ,

Required: True ,

}

string ,

ignoreMissingVnetServiceEndpoint:

{

Description: Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured. ,

Required: False ,

}

boolean ,

}

,

]

,

}

,

provisioningState:

{

Description: Provisioning state of the vault. ,

Enum:

{

Succeeded: No description available. ,

RegisteringDns: No description available. ,

}

,

Required: False ,

}

enum ,

privateEndpointConnections:

{

Description: List of private endpoint connections associated with the key vault. ,

Required: False ,

}

[

{

id:

{

Description: Id of private endpoint connection. ,

Required: False ,

}

string ,

etag:

{

Description: Modified whenever there is a change in the state of private endpoint connection. ,

Required: False ,

}

string ,

properties:

{

Description: Private endpoint connection properties. ,

Required: False ,

}

{

privateEndpoint:

{

Description: Properties of the private endpoint object. ,

Required: False ,

}

{

id:

{

Description: Full identifier of the private endpoint resource. ,

Required: False ,

}

string ,

}

,

privateLinkServiceConnectionState:

{

Description: Approval state of the private link connection. ,

Required: False ,

}

{

status:

{

Description: Indicates whether the connection has been approved, rejected or removed by the key vault owner. ,

Enum:

{

Pending: No description available. ,

Approved: No description available. ,

Rejected: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

description:

{

Description: The reason for approval or rejection. ,

Required: False ,

}

string ,

actionsRequired:

{

Description: A message indicating if changes on the service provider require any updates on the consumer. ,

Enum:

{

None: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

provisioningState:

{

Description: Provisioning state of the private endpoint connection. ,

Enum:

{

Succeeded: No description available. ,

Creating: No description available. ,

Updating: No description available. ,

Deleting: No description available. ,

Failed: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

}

,

]

,

publicNetworkAccess:

{

Description: Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules. ,

Required: False ,

}

string ,

}

,

}

,

]

,

nextLink:

{

Description: The URL to get the next set of vaults. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: An error response from Key Vault resource provider ,

Required: False ,

}

{

code:

{

Description: Error code. This is a mnemonic that can be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: User friendly error message. The message is typically localized and may vary with service version. ,

Required: False ,

}

string ,

}

,

}

Vaults_ListBySubscription (new)

Description	:  The List operation gets information about the vaults associated with the subscription.
Reference	:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/providers/Microsoft.KeyVault/vaults

{

$top:

{

Description: Maximum number of results to return. ,

Format: int32 ,

Required: False ,

}

integer ,

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

value:

{

Description: The list of vaults. ,

Required: False ,

}

[

{

id:

{

Description: Fully qualified identifier of the key vault resource. ,

Required: False ,

}

string ,

name:

{

Description: Name of the key vault resource. ,

Required: False ,

}

string ,

type:

{

Description: Resource type of the key vault resource. ,

Required: False ,

}

string ,

location:

{

Description: Azure location of the key vault resource. ,

Required: False ,

}

string ,

tags:

{

Description: Tags assigned to the key vault resource. ,

Required: False ,

}

object ,

systemData:

{

Description: System metadata for the key vault. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the key vault resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the key vault resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of the key vault resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the key vault resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the key vault resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of the key vault resource last modification (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

}

,

properties:

{

Description: Properties of the vault ,

Required: True ,

}

{

tenantId:

{

Description: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. ,

Format: uuid ,

Required: True ,

}

string ,

sku:

{

Description: SKU details ,

Required: True ,

}

{

family:

{

Description: SKU family name ,

Enum:

{

A: No description available. ,

}

,

Required: True ,

}

enum ,

name:

{

Description: SKU name to specify whether the key vault is a standard vault or a premium vault. ,

Enum:

{

standard: No description available. ,

premium: No description available. ,

}

,

Required: True ,

}

enum ,

}

,

accessPolicies:

{

Description: An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required. ,

Required: False ,

}

[

{

tenantId:

{

Description: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. ,

Format: uuid ,

Required: True ,

}

string ,

objectId:

{

Description: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. ,

Required: True ,

}

string ,

applicationId:

{

Description: Application ID of the client making request on behalf of a principal ,

Format: uuid ,

Required: False ,

}

string ,

permissions:

{

Description: Permissions the identity has for keys, secrets and certificates. ,

Required: True ,

}

{

keys:

{

Description: Permissions to keys ,

Required: False ,

}

[

string ,

]

,

secrets:

{

Description: Permissions to secrets ,

Required: False ,

}

[

string ,

]

,

certificates:

{

Description: Permissions to certificates ,

Required: False ,

}

[

string ,

]

,

storage:

{

Description: Permissions to storage accounts ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

]

,

vaultUri:

{

Description: The URI of the vault for performing operations on keys and secrets. ,

Required: False ,

}

string ,

hsmPoolResourceId:

{

Description: The resource id of HSM Pool. ,

Required: False ,

}

string ,

enabledForDeployment:

{

Description: Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. ,

Required: False ,

}

boolean ,

enabledForDiskEncryption:

{

Description: Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. ,

Required: False ,

}

boolean ,

enabledForTemplateDeployment:

{

Description: Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. ,

Required: False ,

}

boolean ,

enableSoftDelete:

{

Description: Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false. ,

Required: False ,

}

boolean ,

softDeleteRetentionInDays:

{

Description: softDelete data retention days. It accepts >=7 and <=90. ,

Format: int32 ,

Required: False ,

}

integer ,

enableRbacAuthorization:

{

Description: Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC. ,

Required: False ,

}

boolean ,

createMode:

{

Description: The vault's create mode to indicate whether the vault need to be recovered or not. ,

Enum:

{

recover: No description available. ,

default: No description available. ,

}

,

Required: False ,

}

enum ,

enablePurgeProtection:

{

Description: Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value. ,

Required: False ,

}

boolean ,

networkAcls:

{

Description: Rules governing the accessibility of the key vault from specific network locations. ,

Required: False ,

}

{

bypass:

{

Description: Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'. ,

Enum:

{

AzureServices: No description available. ,

None: No description available. ,

}

,

Required: False ,

}

enum ,

defaultAction:

{

Description: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. ,

Enum:

{

Allow: No description available. ,

Deny: No description available. ,

}

,

Required: False ,

}

enum ,

ipRules:

{

Description: The list of IP address rules. ,

Required: False ,

}

[

{

value:

{

Description: An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78). ,

Required: True ,

}

string ,

}

,

]

,

virtualNetworkRules:

{

Description: The list of virtual network rules. ,

Required: False ,

}

[

{

id:

{

Description: Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'. ,

Required: True ,

}

string ,

ignoreMissingVnetServiceEndpoint:

{

Description: Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured. ,

Required: False ,

}

boolean ,

}

,

]

,

}

,

provisioningState:

{

Description: Provisioning state of the vault. ,

Enum:

{

Succeeded: No description available. ,

RegisteringDns: No description available. ,

}

,

Required: False ,

}

enum ,

privateEndpointConnections:

{

Description: List of private endpoint connections associated with the key vault. ,

Required: False ,

}

[

{

id:

{

Description: Id of private endpoint connection. ,

Required: False ,

}

string ,

etag:

{

Description: Modified whenever there is a change in the state of private endpoint connection. ,

Required: False ,

}

string ,

properties:

{

Description: Private endpoint connection properties. ,

Required: False ,

}

{

privateEndpoint:

{

Description: Properties of the private endpoint object. ,

Required: False ,

}

{

id:

{

Description: Full identifier of the private endpoint resource. ,

Required: False ,

}

string ,

}

,

privateLinkServiceConnectionState:

{

Description: Approval state of the private link connection. ,

Required: False ,

}

{

status:

{

Description: Indicates whether the connection has been approved, rejected or removed by the key vault owner. ,

Enum:

{

Pending: No description available. ,

Approved: No description available. ,

Rejected: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

description:

{

Description: The reason for approval or rejection. ,

Required: False ,

}

string ,

actionsRequired:

{

Description: A message indicating if changes on the service provider require any updates on the consumer. ,

Enum:

{

None: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

provisioningState:

{

Description: Provisioning state of the private endpoint connection. ,

Enum:

{

Succeeded: No description available. ,

Creating: No description available. ,

Updating: No description available. ,

Deleting: No description available. ,

Failed: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

}

,

]

,

publicNetworkAccess:

{

Description: Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules. ,

Required: False ,

}

string ,

}

,

}

,

]

,

nextLink:

{

Description: The URL to get the next set of vaults. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: An error response from Key Vault resource provider ,

Required: False ,

}

{

code:

{

Description: Error code. This is a mnemonic that can be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: User friendly error message. The message is typically localized and may vary with service version. ,

Required: False ,

}

string ,

}

,

}

Vaults_ListDeleted (new)

Description	:  Gets information about the deleted vaults in a subscription.
Reference	:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/providers/Microsoft.KeyVault/deletedVaults

{

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

value:

{

Description: The list of deleted vaults. ,

Required: False ,

}

[

{

id:

{

Description: The resource ID for the deleted key vault. ,

Required: False ,

}

string ,

name:

{

Description: The name of the key vault. ,

Required: False ,

}

string ,

type:

{

Description: The resource type of the key vault. ,

Required: False ,

}

string ,

properties:

{

Description: Properties of the vault ,

Required: False ,

}

{

vaultId:

{

Description: The resource id of the original vault. ,

Required: False ,

}

string ,

location:

{

Description: The location of the original vault. ,

Required: False ,

}

string ,

deletionDate:

{

Description: The deleted date. ,

Format: date-time ,

Required: False ,

}

string ,

scheduledPurgeDate:

{

Description: The scheduled purged date. ,

Format: date-time ,

Required: False ,

}

string ,

tags:

{

Description: Tags of the original vault. ,

Required: False ,

}

object ,

purgeProtectionEnabled:

{

Description: Purge protection status of the original vault. ,

Required: False ,

}

boolean ,

}

,

}

,

]

,

nextLink:

{

Description: The URL to get the next set of deleted vaults. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: An error response from Key Vault resource provider ,

Required: False ,

}

{

code:

{

Description: Error code. This is a mnemonic that can be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: User friendly error message. The message is typically localized and may vary with service version. ,

Required: False ,

}

string ,

}

,

}

Vaults_GetDeleted (new)

Description	:  Gets the deleted Azure key vault.
Reference	:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/providers/Microsoft.KeyVault/locations/{location}/deletedVaults/{vaultName}

{

vaultName:

{

Description: The name of the vault. ,

Required: True ,

}

string ,

location:

{

Description: The location of the deleted vault. ,

Required: True ,

}

string ,

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

id:

{

Description: The resource ID for the deleted key vault. ,

Required: False ,

}

string ,

name:

{

Description: The name of the key vault. ,

Required: False ,

}

string ,

type:

{

Description: The resource type of the key vault. ,

Required: False ,

}

string ,

properties:

{

Description: Properties of the vault ,

Required: False ,

}

{

vaultId:

{

Description: The resource id of the original vault. ,

Required: False ,

}

string ,

location:

{

Description: The location of the original vault. ,

Required: False ,

}

string ,

deletionDate:

{

Description: The deleted date. ,

Format: date-time ,

Required: False ,

}

string ,

scheduledPurgeDate:

{

Description: The scheduled purged date. ,

Format: date-time ,

Required: False ,

}

string ,

tags:

{

Description: Tags of the original vault. ,

Required: False ,

}

object ,

purgeProtectionEnabled:

{

Description: Purge protection status of the original vault. ,

Required: False ,

}

boolean ,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: An error response from Key Vault resource provider ,

Required: False ,

}

{

code:

{

Description: Error code. This is a mnemonic that can be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: User friendly error message. The message is typically localized and may vary with service version. ,

Required: False ,

}

string ,

}

,

}

Vaults_PurgeDeleted (new)

Description	:  Permanently deletes the specified vault. aka Purges the deleted Azure key vault.
Reference	:  Link ¶

---

⚼ Request

POST:  /subscriptions/{subscriptionId}/providers/Microsoft.KeyVault/locations/{location}/deletedVaults/{vaultName}/purge

{

vaultName:

{

Description: The name of the soft-deleted vault. ,

Required: True ,

}

string ,

location:

{

Description: The location of the soft-deleted vault. ,

Required: True ,

}

string ,

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{}

---

⚐ Response (202)

{}

---

⚐ Response (default)

{

error:

{

Description: An error response from Key Vault resource provider ,

Required: False ,

}

{

code:

{

Description: Error code. This is a mnemonic that can be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: User friendly error message. The message is typically localized and may vary with service version. ,

Required: False ,

}

string ,

}

,

}

Vaults_List (new)

Description	:  The List operation gets information about the vaults associated with the subscription.
Reference	:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/resources

{

$filter:

{

Description: The filter to apply on the operation. ,

Required: True ,

}

string ,

$top:

{

Description: Maximum number of results to return. ,

Format: int32 ,

Required: False ,

}

integer ,

api-version:

{

Description: Azure Resource Manager Api Version. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

value:

{

Description: The list of vault resources. ,

Required: False ,

}

[

{

id:

{

Description: Fully qualified identifier of the key vault resource. ,

Required: False ,

}

string ,

name:

{

Description: Name of the key vault resource. ,

Required: False ,

}

string ,

type:

{

Description: Resource type of the key vault resource. ,

Required: False ,

}

string ,

location:

{

Description: Azure location of the key vault resource. ,

Required: False ,

}

string ,

tags:

{

Description: Tags assigned to the key vault resource. ,

Required: False ,

}

object ,

}

,

]

,

nextLink:

{

Description: The URL to get the next set of vault resources. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: An error response from Key Vault resource provider ,

Required: False ,

}

{

code:

{

Description: Error code. This is a mnemonic that can be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: User friendly error message. The message is typically localized and may vary with service version. ,

Required: False ,

}

string ,

}

,

}

Vaults_CheckNameAvailability (new)

Description	:  Checks that the vault name is valid and is not already in use.
Reference	:  Link ¶

---

⚼ Request

POST:  /subscriptions/{subscriptionId}/providers/Microsoft.KeyVault/checkNameAvailability

{

vaultName:

{

Description: The name of the vault. ,

Required: True ,

}

{

name:

{

Description: The vault name. ,

Required: True ,

}

string ,

type:

{

Description: The type of resource, Microsoft.KeyVault/vaults ,

Enum:

{

Microsoft.KeyVault/vaults: No description available. ,

}

,

Required: True ,

}

enum ,

}

,

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

nameAvailable:

{

Description: A boolean value that indicates whether the name is available for you to use. If true, the name is available. If false, the name has already been taken or is invalid and cannot be used. ,

Required: False ,

}

boolean ,

reason:

{

Description: The reason that a vault name could not be used. The Reason element is only returned if NameAvailable is false. ,

Enum:

{

AccountNameInvalid: No description available. ,

AlreadyExists: No description available. ,

}

,

Required: False ,

}

enum ,

message:

{

Description: An error message explaining the Reason value in more detail. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: An error response from Key Vault resource provider ,

Required: False ,

}

{

code:

{

Description: Error code. This is a mnemonic that can be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: User friendly error message. The message is typically localized and may vary with service version. ,

Required: False ,

}

string ,

}

,

}

PrivateEndpointConnections_Get (new)

Description	:  Gets the specified private endpoint connection associated with the key vault.
Reference	:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}/privateEndpointConnections/{privateEndpointConnectionName}

{

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: Name of the resource group that contains the key vault. ,

Required: True ,

}

string ,

vaultName:

{

Description: The name of the key vault. ,

Required: True ,

}

string ,

privateEndpointConnectionName:

{

Description: Name of the private endpoint connection associated with the key vault. ,

Required: True ,

}

string ,

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

properties:

{

Description: Resource properties. ,

Required: False ,

}

{

privateEndpoint:

{

Description: Properties of the private endpoint object. ,

Required: False ,

}

{

id:

{

Description: Full identifier of the private endpoint resource. ,

Required: False ,

}

string ,

}

,

privateLinkServiceConnectionState:

{

Description: Approval state of the private link connection. ,

Required: False ,

}

{

status:

{

Description: Indicates whether the connection has been approved, rejected or removed by the key vault owner. ,

Enum:

{

Pending: No description available. ,

Approved: No description available. ,

Rejected: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

description:

{

Description: The reason for approval or rejection. ,

Required: False ,

}

string ,

actionsRequired:

{

Description: A message indicating if changes on the service provider require any updates on the consumer. ,

Enum:

{

None: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

provisioningState:

{

Description: Provisioning state of the private endpoint connection. ,

Enum:

{

Succeeded: No description available. ,

Creating: No description available. ,

Updating: No description available. ,

Deleting: No description available. ,

Failed: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

etag:

{

Description: Modified whenever there is a change in the state of private endpoint connection. ,

Required: False ,

}

string ,

}

---

⚐ Response (204)

{}

---

⚐ Response (default)

{

error:

{

Description: An error response from Key Vault resource provider ,

Required: False ,

}

{

code:

{

Description: Error code. This is a mnemonic that can be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: User friendly error message. The message is typically localized and may vary with service version. ,

Required: False ,

}

string ,

}

,

}

PrivateEndpointConnections_Put (new)

Description	:  Updates the specified private endpoint connection associated with the key vault.
Reference	:  Link ¶

---

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}/privateEndpointConnections/{privateEndpointConnectionName}

{

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: Name of the resource group that contains the key vault. ,

Required: True ,

}

string ,

vaultName:

{

Description: The name of the key vault. ,

Required: True ,

}

string ,

privateEndpointConnectionName:

{

Description: Name of the private endpoint connection associated with the key vault. ,

Required: True ,

}

string ,

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

properties:

{

Description: The intended state of private endpoint connection. ,

Required: True ,

}

{

properties:

{

Description: Resource properties. ,

Required: False ,

}

{

privateEndpoint:

{

Description: Properties of the private endpoint object. ,

Required: False ,

}

{

id:

{

Description: Full identifier of the private endpoint resource. ,

Required: False ,

}

string ,

}

,

privateLinkServiceConnectionState:

{

Description: Approval state of the private link connection. ,

Required: False ,

}

{

status:

{

Description: Indicates whether the connection has been approved, rejected or removed by the key vault owner. ,

Enum:

{

Pending: No description available. ,

Approved: No description available. ,

Rejected: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

description:

{

Description: The reason for approval or rejection. ,

Required: False ,

}

string ,

actionsRequired:

{

Description: A message indicating if changes on the service provider require any updates on the consumer. ,

Enum:

{

None: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

provisioningState:

{

Description: Provisioning state of the private endpoint connection. ,

Enum:

{

Succeeded: No description available. ,

Creating: No description available. ,

Updating: No description available. ,

Deleting: No description available. ,

Failed: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

etag:

{

Description: Modified whenever there is a change in the state of private endpoint connection. ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (200)

{

$headers:

{

retry-after:

{

Description: (specified only if operation does not finish synchronously) The recommended number of seconds to wait before calling the URI specified in Azure-AsyncOperation. ,

}

integer ,

azure-asyncoperation:

{

Description: (specified only if operation does not finish synchronously) The URI to poll for completion status. The response of this URI may be synchronous or asynchronous. ,

}

string ,

}

,

$schema:

{

Description: Private endpoint connection resource. ,

}

{

properties:

{

Description: Resource properties. ,

Required: False ,

}

{

privateEndpoint:

{

Description: Properties of the private endpoint object. ,

Required: False ,

}

{

id:

{

Description: Full identifier of the private endpoint resource. ,

Required: False ,

}

string ,

}

,

privateLinkServiceConnectionState:

{

Description: Approval state of the private link connection. ,

Required: False ,

}

{

status:

{

Description: Indicates whether the connection has been approved, rejected or removed by the key vault owner. ,

Enum:

{

Pending: No description available. ,

Approved: No description available. ,

Rejected: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

description:

{

Description: The reason for approval or rejection. ,

Required: False ,

}

string ,

actionsRequired:

{

Description: A message indicating if changes on the service provider require any updates on the consumer. ,

Enum:

{

None: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

provisioningState:

{

Description: Provisioning state of the private endpoint connection. ,

Enum:

{

Succeeded: No description available. ,

Creating: No description available. ,

Updating: No description available. ,

Deleting: No description available. ,

Failed: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

etag:

{

Description: Modified whenever there is a change in the state of private endpoint connection. ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: An error response from Key Vault resource provider ,

Required: False ,

}

{

code:

{

Description: Error code. This is a mnemonic that can be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: User friendly error message. The message is typically localized and may vary with service version. ,

Required: False ,

}

string ,

}

,

}

PrivateEndpointConnections_Delete (new)

Description	:  Deletes the specified private endpoint connection associated with the key vault.
Reference	:  Link ¶

---

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}/privateEndpointConnections/{privateEndpointConnectionName}

{

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: Name of the resource group that contains the key vault. ,

Required: True ,

}

string ,

vaultName:

{

Description: The name of the key vault. ,

Required: True ,

}

string ,

privateEndpointConnectionName:

{

Description: Name of the private endpoint connection associated with the key vault. ,

Required: True ,

}

string ,

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

properties:

{

Description: Resource properties. ,

Required: False ,

}

{

privateEndpoint:

{

Description: Properties of the private endpoint object. ,

Required: False ,

}

{

id:

{

Description: Full identifier of the private endpoint resource. ,

Required: False ,

}

string ,

}

,

privateLinkServiceConnectionState:

{

Description: Approval state of the private link connection. ,

Required: False ,

}

{

status:

{

Description: Indicates whether the connection has been approved, rejected or removed by the key vault owner. ,

Enum:

{

Pending: No description available. ,

Approved: No description available. ,

Rejected: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

description:

{

Description: The reason for approval or rejection. ,

Required: False ,

}

string ,

actionsRequired:

{

Description: A message indicating if changes on the service provider require any updates on the consumer. ,

Enum:

{

None: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

provisioningState:

{

Description: Provisioning state of the private endpoint connection. ,

Enum:

{

Succeeded: No description available. ,

Creating: No description available. ,

Updating: No description available. ,

Deleting: No description available. ,

Failed: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

etag:

{

Description: Modified whenever there is a change in the state of private endpoint connection. ,

Required: False ,

}

string ,

}

---

⚐ Response (202)

{

retry-after:

{

Description: The recommended number of seconds to wait before calling the URI specified in the location header. ,

}

integer ,

location:

{

Description: The URI to poll for completion status. ,

}

string ,

}

---

⚐ Response (204)

{}

---

⚐ Response (default)

{

error:

{

Description: An error response from Key Vault resource provider ,

Required: False ,

}

{

code:

{

Description: Error code. This is a mnemonic that can be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: User friendly error message. The message is typically localized and may vary with service version. ,

Required: False ,

}

string ,

}

,

}

PrivateEndpointConnections_ListByResource (new)

Description	:  The List operation gets information about the private endpoint connections associated with the vault.
Reference	:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}/privateEndpointConnections

{

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: Name of the resource group that contains the key vault. ,

Required: True ,

}

string ,

vaultName:

{

Description: The name of the key vault. ,

Required: True ,

}

string ,

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

value:

{

Description: The list of private endpoint connections. ,

Required: False ,

}

[

{

properties:

{

Description: Resource properties. ,

Required: False ,

}

{

privateEndpoint:

{

Description: Properties of the private endpoint object. ,

Required: False ,

}

{

id:

{

Description: Full identifier of the private endpoint resource. ,

Required: False ,

}

string ,

}

,

privateLinkServiceConnectionState:

{

Description: Approval state of the private link connection. ,

Required: False ,

}

{

status:

{

Description: Indicates whether the connection has been approved, rejected or removed by the key vault owner. ,

Enum:

{

Pending: No description available. ,

Approved: No description available. ,

Rejected: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

description:

{

Description: The reason for approval or rejection. ,

Required: False ,

}

string ,

actionsRequired:

{

Description: A message indicating if changes on the service provider require any updates on the consumer. ,

Enum:

{

None: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

provisioningState:

{

Description: Provisioning state of the private endpoint connection. ,

Enum:

{

Succeeded: No description available. ,

Creating: No description available. ,

Updating: No description available. ,

Deleting: No description available. ,

Failed: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

etag:

{

Description: Modified whenever there is a change in the state of private endpoint connection. ,

Required: False ,

}

string ,

}

,

]

,

nextLink:

{

Description: The URL to get the next set of private endpoint connections. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: An error response from Key Vault resource provider ,

Required: False ,

}

{

code:

{

Description: Error code. This is a mnemonic that can be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: User friendly error message. The message is typically localized and may vary with service version. ,

Required: False ,

}

string ,

}

,

}

PrivateLinkResources_ListByVault (new)

Description	:  Gets the private link resources supported for the key vault.
Reference	:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}/privateLinkResources

{

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: Name of the resource group that contains the key vault. ,

Required: True ,

}

string ,

vaultName:

{

Description: The name of the key vault. ,

Required: True ,

}

string ,

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

value:

{

Description: Array of private link resources ,

Required: False ,

}

[

{

properties:

{

Description: Resource properties. ,

Required: False ,

}

{

groupId:

{

Description: Group identifier of private link resource. ,

Required: False ,

}

string ,

requiredMembers:

{

Description: Required member names of private link resource. ,

Required: False ,

}

[

string ,

]

,

requiredZoneNames:

{

Description: Required DNS zone names of the the private link resource. ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

]

,

}

---

⚐ Response (default)

{

error:

{

Description: An error response from Key Vault resource provider ,

Required: False ,

}

{

code:

{

Description: Error code. This is a mnemonic that can be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: User friendly error message. The message is typically localized and may vary with service version. ,

Required: False ,

}

string ,

}

,

}

ManagedHsms_CreateOrUpdate (new)

Description	:  Create or update a managed HSM Pool in the specified subscription.
Reference	:  Link ¶

---

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/managedHSMs/{name}

{

resourceGroupName:

{

Description: Name of the resource group that contains the managed HSM pool. ,

Required: True ,

}

string ,

name:

{

Description: Name of the managed HSM Pool ,

Required: True ,

}

string ,

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

parameters:

{

Description: Parameters to create or update the managed HSM Pool ,

Required: True ,

}

{

properties:

{

Description: Properties of the managed HSM ,

Required: False ,

}

{

tenantId:

{

Description: The Azure Active Directory tenant ID that should be used for authenticating requests to the managed HSM pool. ,

Format: uuid ,

Required: False ,

}

string ,

initialAdminObjectIds:

{

Description: Array of initial administrators object ids for this managed hsm pool. ,

Required: False ,

}

[

string ,

]

,

hsmUri:

{

Description: The URI of the managed hsm pool for performing operations on keys. ,

Required: False ,

}

string ,

enableSoftDelete:

{

Description: Property to specify whether the 'soft delete' functionality is enabled for this managed HSM pool. Soft delete is enabled by default for all managed HSMs and is immutable. ,

Required: False ,

}

boolean ,

softDeleteRetentionInDays:

{

Description: Soft deleted data retention days. When you delete an HSM or a key, it will remain recoverable for the configured retention period or for a default period of 90 days. It accepts values between 7 and 90. ,

Format: int32 ,

Required: False ,

}

integer ,

enablePurgeProtection:

{

Description: Property specifying whether protection against purge is enabled for this managed HSM pool. Setting this property to true activates protection against purge for this managed HSM pool and its content - only the Managed HSM service may initiate a hard, irrecoverable deletion. Enabling this functionality is irreversible. ,

Required: False ,

}

boolean ,

createMode:

{

Description: The create mode to indicate whether the resource is being created or is being recovered from a deleted resource. ,

Enum:

{

recover: Recover the managed HSM pool from a soft-deleted resource. ,

default: Create a new managed HSM pool. This is the default option. ,

}

,

Required: False ,

}

enum ,

statusMessage:

{

Description: Resource Status Message. ,

Required: False ,

}

string ,

provisioningState:

{

Description: Provisioning state. ,

Enum:

{

Succeeded: The managed HSM Pool has been full provisioned. ,

Provisioning: The managed HSM Pool is currently being provisioned. ,

Failed: Provisioning of the managed HSM Pool has failed. ,

Updating: The managed HSM Pool is currently being updated. ,

Deleting: The managed HSM Pool is currently being deleted. ,

Activated: The managed HSM pool is ready for normal use. ,

SecurityDomainRestore: The managed HSM pool is waiting for a security domain restore action. ,

Restoring: The managed HSM pool is being restored from full HSM backup. ,

}

,

Required: False ,

}

enum ,

networkAcls:

{

Description: Rules governing the accessibility of the key vault from specific network locations. ,

Required: False ,

}

{

bypass:

{

Description: Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'. ,

Enum:

{

AzureServices: No description available. ,

None: No description available. ,

}

,

Required: False ,

}

enum ,

defaultAction:

{

Description: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. ,

Enum:

{

Allow: No description available. ,

Deny: No description available. ,

}

,

Required: False ,

}

enum ,

ipRules:

{

Description: The list of IP address rules. ,

Required: False ,

}

[

{

value:

{

Description: An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78). ,

Required: True ,

}

string ,

}

,

]

,

virtualNetworkRules:

{

Description: The list of virtual network rules. ,

Required: False ,

}

[

{

id:

{

Description: Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'. ,

Required: True ,

}

string ,

}

,

]

,

}

,

regions:

{

Description: List of all regions associated with the managed hsm pool. ,

Required: False ,

}

[

{

name:

{

Description: Name of the geo replicated region. ,

Required: False ,

}

string ,

provisioningState:

{

Description: Provisioning state of the geo replicated region. ,

Enum:

{

Preprovisioning: No description available. ,

Provisioning: No description available. ,

Succeeded: No description available. ,

Failed: No description available. ,

Deleting: No description available. ,

Cleanup: No description available. ,

}

,

Required: False ,

}

enum ,

isPrimary:

{

Description: A boolean value that indicates whether the region is the primary region or a secondary region. ,

Required: False ,

}

boolean ,

}

,

]

,

privateEndpointConnections:

{

Description: List of private endpoint connections associated with the managed hsm pool. ,

Required: False ,

}

[

{

id:

{

Description: Id of private endpoint connection. ,

Required: False ,

}

string ,

etag:

{

Description: Modified whenever there is a change in the state of private endpoint connection. ,

Required: False ,

}

string ,

properties:

{

Description: Private endpoint connection properties. ,

Required: False ,

}

{

privateEndpoint:

{

Description: Properties of the private endpoint object. ,

Required: False ,

}

{

id:

{

Description: Full identifier of the private endpoint resource. ,

Required: False ,

}

string ,

}

,

privateLinkServiceConnectionState:

{

Description: Approval state of the private link connection. ,

Required: False ,

}

{

status:

{

Description: Indicates whether the connection has been approved, rejected or removed by the key vault owner. ,

Enum:

{

Pending: No description available. ,

Approved: No description available. ,

Rejected: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

description:

{

Description: The reason for approval or rejection. ,

Required: False ,

}

string ,

actionsRequired:

{

Description: A message indicating if changes on the service provider require any updates on the consumer. ,

Enum:

{

None: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

provisioningState:

{

Description: Provisioning state of the private endpoint connection. ,

Enum:

{

Succeeded: No description available. ,

Creating: No description available. ,

Updating: No description available. ,

Deleting: No description available. ,

Failed: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

}

,

]

,

publicNetworkAccess:

{

Description: Control permission to the managed HSM from public networks. ,

Enum:

{

Enabled: No description available. ,

Disabled: No description available. ,

}

,

Required: False ,

}

enum ,

scheduledPurgeDate:

{

Description: The scheduled purge date in UTC. ,

Format: date-time ,

Required: False ,

}

string ,

securityDomainProperties:

{

Description: Managed HSM security domain properties. ,

Required: False ,

}

{

activationStatus:

{

Description: Activation Status ,

Enum:

{

Active: The managed HSM Pool is active. ,

NotActivated: The managed HSM Pool is not yet activated. ,

Unknown: An unknown error occurred while activating managed hsm. ,

Failed: Failed to activate managed hsm. ,

}

,

Required: False ,

}

enum ,

activationStatusMessage:

{

Description: Activation Status Message. ,

Required: False ,

}

string ,

}

,

}

,

}

,

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

}

---

⚐ Response (202)

{

$headers:

{

location:

{

Description: The URI to poll for completion status. ,

}

string ,

}

,

$schema:

{

Description: Resource information with extended details. ,

}

{

properties:

{

Description: Properties of the managed HSM ,

Required: False ,

}

{

tenantId:

{

Description: The Azure Active Directory tenant ID that should be used for authenticating requests to the managed HSM pool. ,

Format: uuid ,

Required: False ,

}

string ,

initialAdminObjectIds:

{

Description: Array of initial administrators object ids for this managed hsm pool. ,

Required: False ,

}

[

string ,

]

,

hsmUri:

{

Description: The URI of the managed hsm pool for performing operations on keys. ,

Required: False ,

}

string ,

enableSoftDelete:

{

Description: Property to specify whether the 'soft delete' functionality is enabled for this managed HSM pool. Soft delete is enabled by default for all managed HSMs and is immutable. ,

Required: False ,

}

boolean ,

softDeleteRetentionInDays:

{

Description: Soft deleted data retention days. When you delete an HSM or a key, it will remain recoverable for the configured retention period or for a default period of 90 days. It accepts values between 7 and 90. ,

Format: int32 ,

Required: False ,

}

integer ,

enablePurgeProtection:

{

Description: Property specifying whether protection against purge is enabled for this managed HSM pool. Setting this property to true activates protection against purge for this managed HSM pool and its content - only the Managed HSM service may initiate a hard, irrecoverable deletion. Enabling this functionality is irreversible. ,

Required: False ,

}

boolean ,

createMode:

{

Description: The create mode to indicate whether the resource is being created or is being recovered from a deleted resource. ,

Enum:

{

recover: Recover the managed HSM pool from a soft-deleted resource. ,

default: Create a new managed HSM pool. This is the default option. ,

}

,

Required: False ,

}

enum ,

statusMessage:

{

Description: Resource Status Message. ,

Required: False ,

}

string ,

provisioningState:

{

Description: Provisioning state. ,

Enum:

{

Succeeded: The managed HSM Pool has been full provisioned. ,

Provisioning: The managed HSM Pool is currently being provisioned. ,

Failed: Provisioning of the managed HSM Pool has failed. ,

Updating: The managed HSM Pool is currently being updated. ,

Deleting: The managed HSM Pool is currently being deleted. ,

Activated: The managed HSM pool is ready for normal use. ,

SecurityDomainRestore: The managed HSM pool is waiting for a security domain restore action. ,

Restoring: The managed HSM pool is being restored from full HSM backup. ,

}

,

Required: False ,

}

enum ,

networkAcls:

{

Description: Rules governing the accessibility of the key vault from specific network locations. ,

Required: False ,

}

{

bypass:

{

Description: Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'. ,

Enum:

{

AzureServices: No description available. ,

None: No description available. ,

}

,

Required: False ,

}

enum ,

defaultAction:

{

Description: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. ,

Enum:

{

Allow: No description available. ,

Deny: No description available. ,

}

,

Required: False ,

}

enum ,

ipRules:

{

Description: The list of IP address rules. ,

Required: False ,

}

[

{

value:

{

Description: An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78). ,

Required: True ,

}

string ,

}

,

]

,

virtualNetworkRules:

{

Description: The list of virtual network rules. ,

Required: False ,

}

[

{

id:

{

Description: Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'. ,

Required: True ,

}

string ,

}

,

]

,

}

,

regions:

{

Description: List of all regions associated with the managed hsm pool. ,

Required: False ,

}

[

{

name:

{

Description: Name of the geo replicated region. ,

Required: False ,

}

string ,

provisioningState:

{

Description: Provisioning state of the geo replicated region. ,

Enum:

{

Preprovisioning: No description available. ,

Provisioning: No description available. ,

Succeeded: No description available. ,

Failed: No description available. ,

Deleting: No description available. ,

Cleanup: No description available. ,

}

,

Required: False ,

}

enum ,

isPrimary:

{

Description: A boolean value that indicates whether the region is the primary region or a secondary region. ,

Required: False ,

}

boolean ,

}

,

]

,

privateEndpointConnections:

{

Description: List of private endpoint connections associated with the managed hsm pool. ,

Required: False ,

}

[

{

id:

{

Description: Id of private endpoint connection. ,

Required: False ,

}

string ,

etag:

{

Description: Modified whenever there is a change in the state of private endpoint connection. ,

Required: False ,

}

string ,

properties:

{

Description: Private endpoint connection properties. ,

Required: False ,

}

{

privateEndpoint:

{

Description: Properties of the private endpoint object. ,

Required: False ,

}

{

id:

{

Description: Full identifier of the private endpoint resource. ,

Required: False ,

}

string ,

}

,

privateLinkServiceConnectionState:

{

Description: Approval state of the private link connection. ,

Required: False ,

}

{

status:

{

Description: Indicates whether the connection has been approved, rejected or removed by the key vault owner. ,

Enum:

{

Pending: No description available. ,

Approved: No description available. ,

Rejected: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

description:

{

Description: The reason for approval or rejection. ,

Required: False ,

}

string ,

actionsRequired:

{

Description: A message indicating if changes on the service provider require any updates on the consumer. ,

Enum:

{

None: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

provisioningState:

{

Description: Provisioning state of the private endpoint connection. ,

Enum:

{

Succeeded: No description available. ,

Creating: No description available. ,

Updating: No description available. ,

Deleting: No description available. ,

Failed: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

}

,

]

,

publicNetworkAccess:

{

Description: Control permission to the managed HSM from public networks. ,

Enum:

{

Enabled: No description available. ,

Disabled: No description available. ,

}

,

Required: False ,

}

enum ,

scheduledPurgeDate:

{

Description: The scheduled purge date in UTC. ,

Format: date-time ,

Required: False ,

}

string ,

securityDomainProperties:

{

Description: Managed HSM security domain properties. ,

Required: False ,

}

{

activationStatus:

{

Description: Activation Status ,

Enum:

{

Active: The managed HSM Pool is active. ,

NotActivated: The managed HSM Pool is not yet activated. ,

Unknown: An unknown error occurred while activating managed hsm. ,

Failed: Failed to activate managed hsm. ,

}

,

Required: False ,

}

enum ,

activationStatusMessage:

{

Description: Activation Status Message. ,

Required: False ,

}

string ,

}

,

}

,

}

,

}

---

⚐ Response (200)

{

properties:

{

Description: Properties of the managed HSM ,

Required: False ,

}

{

tenantId:

{

Description: The Azure Active Directory tenant ID that should be used for authenticating requests to the managed HSM pool. ,

Format: uuid ,

Required: False ,

}

string ,

initialAdminObjectIds:

{

Description: Array of initial administrators object ids for this managed hsm pool. ,

Required: False ,

}

[

string ,

]

,

hsmUri:

{

Description: The URI of the managed hsm pool for performing operations on keys. ,

Required: False ,

}

string ,

enableSoftDelete:

{

Description: Property to specify whether the 'soft delete' functionality is enabled for this managed HSM pool. Soft delete is enabled by default for all managed HSMs and is immutable. ,

Required: False ,

}

boolean ,

softDeleteRetentionInDays:

{

Description: Soft deleted data retention days. When you delete an HSM or a key, it will remain recoverable for the configured retention period or for a default period of 90 days. It accepts values between 7 and 90. ,

Format: int32 ,

Required: False ,

}

integer ,

enablePurgeProtection:

{

Description: Property specifying whether protection against purge is enabled for this managed HSM pool. Setting this property to true activates protection against purge for this managed HSM pool and its content - only the Managed HSM service may initiate a hard, irrecoverable deletion. Enabling this functionality is irreversible. ,

Required: False ,

}

boolean ,

createMode:

{

Description: The create mode to indicate whether the resource is being created or is being recovered from a deleted resource. ,

Enum:

{

recover: Recover the managed HSM pool from a soft-deleted resource. ,

default: Create a new managed HSM pool. This is the default option. ,

}

,

Required: False ,

}

enum ,

statusMessage:

{

Description: Resource Status Message. ,

Required: False ,

}

string ,

provisioningState:

{

Description: Provisioning state. ,

Enum:

{

Succeeded: The managed HSM Pool has been full provisioned. ,

Provisioning: The managed HSM Pool is currently being provisioned. ,

Failed: Provisioning of the managed HSM Pool has failed. ,

Updating: The managed HSM Pool is currently being updated. ,

Deleting: The managed HSM Pool is currently being deleted. ,

Activated: The managed HSM pool is ready for normal use. ,

SecurityDomainRestore: The managed HSM pool is waiting for a security domain restore action. ,

Restoring: The managed HSM pool is being restored from full HSM backup. ,

}

,

Required: False ,

}

enum ,

networkAcls:

{

Description: Rules governing the accessibility of the key vault from specific network locations. ,

Required: False ,

}

{

bypass:

{

Description: Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'. ,

Enum:

{

AzureServices: No description available. ,

None: No description available. ,

}

,

Required: False ,

}

enum ,

defaultAction:

{

Description: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. ,

Enum:

{

Allow: No description available. ,

Deny: No description available. ,

}

,

Required: False ,

}

enum ,

ipRules:

{

Description: The list of IP address rules. ,

Required: False ,

}

[

{

value:

{

Description: An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78). ,

Required: True ,

}

string ,

}

,

]

,

virtualNetworkRules:

{

Description: The list of virtual network rules. ,

Required: False ,

}

[

{

id:

{

Description: Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'. ,

Required: True ,

}

string ,

}

,

]

,

}

,

regions:

{

Description: List of all regions associated with the managed hsm pool. ,

Required: False ,

}

[

{

name:

{

Description: Name of the geo replicated region. ,

Required: False ,

}

string ,

provisioningState:

{

Description: Provisioning state of the geo replicated region. ,

Enum:

{

Preprovisioning: No description available. ,

Provisioning: No description available. ,

Succeeded: No description available. ,

Failed: No description available. ,

Deleting: No description available. ,

Cleanup: No description available. ,

}

,

Required: False ,

}

enum ,

isPrimary:

{

Description: A boolean value that indicates whether the region is the primary region or a secondary region. ,

Required: False ,

}

boolean ,

}

,

]

,

privateEndpointConnections:

{

Description: List of private endpoint connections associated with the managed hsm pool. ,

Required: False ,

}

[

{

id:

{

Description: Id of private endpoint connection. ,

Required: False ,

}

string ,

etag:

{

Description: Modified whenever there is a change in the state of private endpoint connection. ,

Required: False ,

}

string ,

properties:

{

Description: Private endpoint connection properties. ,

Required: False ,

}

{

privateEndpoint:

{

Description: Properties of the private endpoint object. ,

Required: False ,

}

{

id:

{

Description: Full identifier of the private endpoint resource. ,

Required: False ,

}

string ,

}

,

privateLinkServiceConnectionState:

{

Description: Approval state of the private link connection. ,

Required: False ,

}

{

status:

{

Description: Indicates whether the connection has been approved, rejected or removed by the key vault owner. ,

Enum:

{

Pending: No description available. ,

Approved: No description available. ,

Rejected: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

description:

{

Description: The reason for approval or rejection. ,

Required: False ,

}

string ,

actionsRequired:

{

Description: A message indicating if changes on the service provider require any updates on the consumer. ,

Enum:

{

None: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

provisioningState:

{

Description: Provisioning state of the private endpoint connection. ,

Enum:

{

Succeeded: No description available. ,

Creating: No description available. ,

Updating: No description available. ,

Deleting: No description available. ,

Failed: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

}

,

]

,

publicNetworkAccess:

{

Description: Control permission to the managed HSM from public networks. ,

Enum:

{

Enabled: No description available. ,

Disabled: No description available. ,

}

,

Required: False ,

}

enum ,

scheduledPurgeDate:

{

Description: The scheduled purge date in UTC. ,

Format: date-time ,

Required: False ,

}

string ,

securityDomainProperties:

{

Description: Managed HSM security domain properties. ,

Required: False ,

}

{

activationStatus:

{

Description: Activation Status ,

Enum:

{

Active: The managed HSM Pool is active. ,

NotActivated: The managed HSM Pool is not yet activated. ,

Unknown: An unknown error occurred while activating managed hsm. ,

Failed: Failed to activate managed hsm. ,

}

,

Required: False ,

}

enum ,

activationStatusMessage:

{

Description: Activation Status Message. ,

Required: False ,

}

string ,

}

,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: The server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

,

}

ManagedHsms_Update (new)

Description	:  Update a managed HSM Pool in the specified subscription.
Reference	:  Link ¶

---

⚼ Request

PATCH:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/managedHSMs/{name}

{

resourceGroupName:

{

Description: Name of the resource group that contains the managed HSM pool. ,

Required: True ,

}

string ,

name:

{

Description: Name of the managed HSM Pool ,

Required: True ,

}

string ,

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

parameters:

{

Description: Parameters to patch the managed HSM Pool ,

Required: True ,

}

{

properties:

{

Description: Properties of the managed HSM ,

Required: False ,

}

{

tenantId:

{

Description: The Azure Active Directory tenant ID that should be used for authenticating requests to the managed HSM pool. ,

Format: uuid ,

Required: False ,

}

string ,

initialAdminObjectIds:

{

Description: Array of initial administrators object ids for this managed hsm pool. ,

Required: False ,

}

[

string ,

]

,

hsmUri:

{

Description: The URI of the managed hsm pool for performing operations on keys. ,

Required: False ,

}

string ,

enableSoftDelete:

{

Description: Property to specify whether the 'soft delete' functionality is enabled for this managed HSM pool. Soft delete is enabled by default for all managed HSMs and is immutable. ,

Required: False ,

}

boolean ,

softDeleteRetentionInDays:

{

Description: Soft deleted data retention days. When you delete an HSM or a key, it will remain recoverable for the configured retention period or for a default period of 90 days. It accepts values between 7 and 90. ,

Format: int32 ,

Required: False ,

}

integer ,

enablePurgeProtection:

{

Description: Property specifying whether protection against purge is enabled for this managed HSM pool. Setting this property to true activates protection against purge for this managed HSM pool and its content - only the Managed HSM service may initiate a hard, irrecoverable deletion. Enabling this functionality is irreversible. ,

Required: False ,

}

boolean ,

createMode:

{

Description: The create mode to indicate whether the resource is being created or is being recovered from a deleted resource. ,

Enum:

{

recover: Recover the managed HSM pool from a soft-deleted resource. ,

default: Create a new managed HSM pool. This is the default option. ,

}

,

Required: False ,

}

enum ,

statusMessage:

{

Description: Resource Status Message. ,

Required: False ,

}

string ,

provisioningState:

{

Description: Provisioning state. ,

Enum:

{

Succeeded: The managed HSM Pool has been full provisioned. ,

Provisioning: The managed HSM Pool is currently being provisioned. ,

Failed: Provisioning of the managed HSM Pool has failed. ,

Updating: The managed HSM Pool is currently being updated. ,

Deleting: The managed HSM Pool is currently being deleted. ,

Activated: The managed HSM pool is ready for normal use. ,

SecurityDomainRestore: The managed HSM pool is waiting for a security domain restore action. ,

Restoring: The managed HSM pool is being restored from full HSM backup. ,

}

,

Required: False ,

}

enum ,

networkAcls:

{

Description: Rules governing the accessibility of the key vault from specific network locations. ,

Required: False ,

}

{

bypass:

{

Description: Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'. ,

Enum:

{

AzureServices: No description available. ,

None: No description available. ,

}

,

Required: False ,

}

enum ,

defaultAction:

{

Description: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. ,

Enum:

{

Allow: No description available. ,

Deny: No description available. ,

}

,

Required: False ,

}

enum ,

ipRules:

{

Description: The list of IP address rules. ,

Required: False ,

}

[

{

value:

{

Description: An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78). ,

Required: True ,

}

string ,

}

,

]

,

virtualNetworkRules:

{

Description: The list of virtual network rules. ,

Required: False ,

}

[

{

id:

{

Description: Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'. ,

Required: True ,

}

string ,

}

,

]

,

}

,

regions:

{

Description: List of all regions associated with the managed hsm pool. ,

Required: False ,

}

[

{

name:

{

Description: Name of the geo replicated region. ,

Required: False ,

}

string ,

provisioningState:

{

Description: Provisioning state of the geo replicated region. ,

Enum:

{

Preprovisioning: No description available. ,

Provisioning: No description available. ,

Succeeded: No description available. ,

Failed: No description available. ,

Deleting: No description available. ,

Cleanup: No description available. ,

}

,

Required: False ,

}

enum ,

isPrimary:

{

Description: A boolean value that indicates whether the region is the primary region or a secondary region. ,

Required: False ,

}

boolean ,

}

,

]

,

privateEndpointConnections:

{

Description: List of private endpoint connections associated with the managed hsm pool. ,

Required: False ,

}

[

{

id:

{

Description: Id of private endpoint connection. ,

Required: False ,

}

string ,

etag:

{

Description: Modified whenever there is a change in the state of private endpoint connection. ,

Required: False ,

}

string ,

properties:

{

Description: Private endpoint connection properties. ,

Required: False ,

}

{

privateEndpoint:

{

Description: Properties of the private endpoint object. ,

Required: False ,

}

{

id:

{

Description: Full identifier of the private endpoint resource. ,

Required: False ,

}

string ,

}

,

privateLinkServiceConnectionState:

{

Description: Approval state of the private link connection. ,

Required: False ,

}

{

status:

{

Description: Indicates whether the connection has been approved, rejected or removed by the key vault owner. ,

Enum:

{

Pending: No description available. ,

Approved: No description available. ,

Rejected: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

description:

{

Description: The reason for approval or rejection. ,

Required: False ,

}

string ,

actionsRequired:

{

Description: A message indicating if changes on the service provider require any updates on the consumer. ,

Enum:

{

None: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

provisioningState:

{

Description: Provisioning state of the private endpoint connection. ,

Enum:

{

Succeeded: No description available. ,

Creating: No description available. ,

Updating: No description available. ,

Deleting: No description available. ,

Failed: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

}

,

]

,

publicNetworkAccess:

{

Description: Control permission to the managed HSM from public networks. ,

Enum:

{

Enabled: No description available. ,

Disabled: No description available. ,

}

,

Required: False ,

}

enum ,

scheduledPurgeDate:

{

Description: The scheduled purge date in UTC. ,

Format: date-time ,

Required: False ,

}

string ,

securityDomainProperties:

{

Description: Managed HSM security domain properties. ,

Required: False ,

}

{

activationStatus:

{

Description: Activation Status ,

Enum:

{

Active: The managed HSM Pool is active. ,

NotActivated: The managed HSM Pool is not yet activated. ,

Unknown: An unknown error occurred while activating managed hsm. ,

Failed: Failed to activate managed hsm. ,

}

,

Required: False ,

}

enum ,

activationStatusMessage:

{

Description: Activation Status Message. ,

Required: False ,

}

string ,

}

,

}

,

}

,

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

}

---

⚐ Response (202)

{

$headers:

{

location:

{

Description: The URI to poll for completion status. ,

}

string ,

}

,

$schema:

{

Description: Resource information with extended details. ,

}

{

properties:

{

Description: Properties of the managed HSM ,

Required: False ,

}

{

tenantId:

{

Description: The Azure Active Directory tenant ID that should be used for authenticating requests to the managed HSM pool. ,

Format: uuid ,

Required: False ,

}

string ,

initialAdminObjectIds:

{

Description: Array of initial administrators object ids for this managed hsm pool. ,

Required: False ,

}

[

string ,

]

,

hsmUri:

{

Description: The URI of the managed hsm pool for performing operations on keys. ,

Required: False ,

}

string ,

enableSoftDelete:

{

Description: Property to specify whether the 'soft delete' functionality is enabled for this managed HSM pool. Soft delete is enabled by default for all managed HSMs and is immutable. ,

Required: False ,

}

boolean ,

softDeleteRetentionInDays:

{

Description: Soft deleted data retention days. When you delete an HSM or a key, it will remain recoverable for the configured retention period or for a default period of 90 days. It accepts values between 7 and 90. ,

Format: int32 ,

Required: False ,

}

integer ,

enablePurgeProtection:

{

Description: Property specifying whether protection against purge is enabled for this managed HSM pool. Setting this property to true activates protection against purge for this managed HSM pool and its content - only the Managed HSM service may initiate a hard, irrecoverable deletion. Enabling this functionality is irreversible. ,

Required: False ,

}

boolean ,

createMode:

{

Description: The create mode to indicate whether the resource is being created or is being recovered from a deleted resource. ,

Enum:

{

recover: Recover the managed HSM pool from a soft-deleted resource. ,

default: Create a new managed HSM pool. This is the default option. ,

}

,

Required: False ,

}

enum ,

statusMessage:

{

Description: Resource Status Message. ,

Required: False ,

}

string ,

provisioningState:

{

Description: Provisioning state. ,

Enum:

{

Succeeded: The managed HSM Pool has been full provisioned. ,

Provisioning: The managed HSM Pool is currently being provisioned. ,

Failed: Provisioning of the managed HSM Pool has failed. ,

Updating: The managed HSM Pool is currently being updated. ,

Deleting: The managed HSM Pool is currently being deleted. ,

Activated: The managed HSM pool is ready for normal use. ,

SecurityDomainRestore: The managed HSM pool is waiting for a security domain restore action. ,

Restoring: The managed HSM pool is being restored from full HSM backup. ,

}

,

Required: False ,

}

enum ,

networkAcls:

{

Description: Rules governing the accessibility of the key vault from specific network locations. ,

Required: False ,

}

{

bypass:

{

Description: Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'. ,

Enum:

{

AzureServices: No description available. ,

None: No description available. ,

}

,

Required: False ,

}

enum ,

defaultAction:

{

Description: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. ,

Enum:

{

Allow: No description available. ,

Deny: No description available. ,

}

,

Required: False ,

}

enum ,

ipRules:

{

Description: The list of IP address rules. ,

Required: False ,

}

[

{

value:

{

Description: An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78). ,

Required: True ,

}

string ,

}

,

]

,

virtualNetworkRules:

{

Description: The list of virtual network rules. ,

Required: False ,

}

[

{

id:

{

Description: Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'. ,

Required: True ,

}

string ,

}

,

]

,

}

,

regions:

{

Description: List of all regions associated with the managed hsm pool. ,

Required: False ,

}

[

{

name:

{

Description: Name of the geo replicated region. ,

Required: False ,

}

string ,

provisioningState:

{

Description: Provisioning state of the geo replicated region. ,

Enum:

{

Preprovisioning: No description available. ,

Provisioning: No description available. ,

Succeeded: No description available. ,

Failed: No description available. ,

Deleting: No description available. ,

Cleanup: No description available. ,

}

,

Required: False ,

}

enum ,

isPrimary:

{

Description: A boolean value that indicates whether the region is the primary region or a secondary region. ,

Required: False ,

}

boolean ,

}

,

]

,

privateEndpointConnections:

{

Description: List of private endpoint connections associated with the managed hsm pool. ,

Required: False ,

}

[

{

id:

{

Description: Id of private endpoint connection. ,

Required: False ,

}

string ,

etag:

{

Description: Modified whenever there is a change in the state of private endpoint connection. ,

Required: False ,

}

string ,

properties:

{

Description: Private endpoint connection properties. ,

Required: False ,

}

{

privateEndpoint:

{

Description: Properties of the private endpoint object. ,

Required: False ,

}

{

id:

{

Description: Full identifier of the private endpoint resource. ,

Required: False ,

}

string ,

}

,

privateLinkServiceConnectionState:

{

Description: Approval state of the private link connection. ,

Required: False ,

}

{

status:

{

Description: Indicates whether the connection has been approved, rejected or removed by the key vault owner. ,

Enum:

{

Pending: No description available. ,

Approved: No description available. ,

Rejected: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

description:

{

Description: The reason for approval or rejection. ,

Required: False ,

}

string ,

actionsRequired:

{

Description: A message indicating if changes on the service provider require any updates on the consumer. ,

Enum:

{

None: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

provisioningState:

{

Description: Provisioning state of the private endpoint connection. ,

Enum:

{

Succeeded: No description available. ,

Creating: No description available. ,

Updating: No description available. ,

Deleting: No description available. ,

Failed: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

}

,

]

,

publicNetworkAccess:

{

Description: Control permission to the managed HSM from public networks. ,

Enum:

{

Enabled: No description available. ,

Disabled: No description available. ,

}

,

Required: False ,

}

enum ,

scheduledPurgeDate:

{

Description: The scheduled purge date in UTC. ,

Format: date-time ,

Required: False ,

}

string ,

securityDomainProperties:

{

Description: Managed HSM security domain properties. ,

Required: False ,

}

{

activationStatus:

{

Description: Activation Status ,

Enum:

{

Active: The managed HSM Pool is active. ,

NotActivated: The managed HSM Pool is not yet activated. ,

Unknown: An unknown error occurred while activating managed hsm. ,

Failed: Failed to activate managed hsm. ,

}

,

Required: False ,

}

enum ,

activationStatusMessage:

{

Description: Activation Status Message. ,

Required: False ,

}

string ,

}

,

}

,

}

,

}

---

⚐ Response (200)

{

properties:

{

Description: Properties of the managed HSM ,

Required: False ,

}

{

tenantId:

{

Description: The Azure Active Directory tenant ID that should be used for authenticating requests to the managed HSM pool. ,

Format: uuid ,

Required: False ,

}

string ,

initialAdminObjectIds:

{

Description: Array of initial administrators object ids for this managed hsm pool. ,

Required: False ,

}

[

string ,

]

,

hsmUri:

{

Description: The URI of the managed hsm pool for performing operations on keys. ,

Required: False ,

}

string ,

enableSoftDelete:

{

Description: Property to specify whether the 'soft delete' functionality is enabled for this managed HSM pool. Soft delete is enabled by default for all managed HSMs and is immutable. ,

Required: False ,

}

boolean ,

softDeleteRetentionInDays:

{

Description: Soft deleted data retention days. When you delete an HSM or a key, it will remain recoverable for the configured retention period or for a default period of 90 days. It accepts values between 7 and 90. ,

Format: int32 ,

Required: False ,

}

integer ,

enablePurgeProtection:

{

Description: Property specifying whether protection against purge is enabled for this managed HSM pool. Setting this property to true activates protection against purge for this managed HSM pool and its content - only the Managed HSM service may initiate a hard, irrecoverable deletion. Enabling this functionality is irreversible. ,

Required: False ,

}

boolean ,

createMode:

{

Description: The create mode to indicate whether the resource is being created or is being recovered from a deleted resource. ,

Enum:

{

recover: Recover the managed HSM pool from a soft-deleted resource. ,

default: Create a new managed HSM pool. This is the default option. ,

}

,

Required: False ,

}

enum ,

statusMessage:

{

Description: Resource Status Message. ,

Required: False ,

}

string ,

provisioningState:

{

Description: Provisioning state. ,

Enum:

{

Succeeded: The managed HSM Pool has been full provisioned. ,

Provisioning: The managed HSM Pool is currently being provisioned. ,

Failed: Provisioning of the managed HSM Pool has failed. ,

Updating: The managed HSM Pool is currently being updated. ,

Deleting: The managed HSM Pool is currently being deleted. ,

Activated: The managed HSM pool is ready for normal use. ,

SecurityDomainRestore: The managed HSM pool is waiting for a security domain restore action. ,

Restoring: The managed HSM pool is being restored from full HSM backup. ,

}

,

Required: False ,

}

enum ,

networkAcls:

{

Description: Rules governing the accessibility of the key vault from specific network locations. ,

Required: False ,

}

{

bypass:

{

Description: Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'. ,

Enum:

{

AzureServices: No description available. ,

None: No description available. ,

}

,

Required: False ,

}

enum ,

defaultAction:

{

Description: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. ,

Enum:

{

Allow: No description available. ,

Deny: No description available. ,

}

,

Required: False ,

}

enum ,

ipRules:

{

Description: The list of IP address rules. ,

Required: False ,

}

[

{

value:

{

Description: An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78). ,

Required: True ,

}

string ,

}

,

]

,

virtualNetworkRules:

{

Description: The list of virtual network rules. ,

Required: False ,

}

[

{

id:

{

Description: Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'. ,

Required: True ,

}

string ,

}

,

]

,

}

,

regions:

{

Description: List of all regions associated with the managed hsm pool. ,

Required: False ,

}

[

{

name:

{

Description: Name of the geo replicated region. ,

Required: False ,

}

string ,

provisioningState:

{

Description: Provisioning state of the geo replicated region. ,

Enum:

{

Preprovisioning: No description available. ,

Provisioning: No description available. ,

Succeeded: No description available. ,

Failed: No description available. ,

Deleting: No description available. ,

Cleanup: No description available. ,

}

,

Required: False ,

}

enum ,

isPrimary:

{

Description: A boolean value that indicates whether the region is the primary region or a secondary region. ,

Required: False ,

}

boolean ,

}

,

]

,

privateEndpointConnections:

{

Description: List of private endpoint connections associated with the managed hsm pool. ,

Required: False ,

}

[

{

id:

{

Description: Id of private endpoint connection. ,

Required: False ,

}

string ,

etag:

{

Description: Modified whenever there is a change in the state of private endpoint connection. ,

Required: False ,

}

string ,

properties:

{

Description: Private endpoint connection properties. ,

Required: False ,

}

{

privateEndpoint:

{

Description: Properties of the private endpoint object. ,

Required: False ,

}

{

id:

{

Description: Full identifier of the private endpoint resource. ,

Required: False ,

}

string ,

}

,

privateLinkServiceConnectionState:

{

Description: Approval state of the private link connection. ,

Required: False ,

}

{

status:

{

Description: Indicates whether the connection has been approved, rejected or removed by the key vault owner. ,

Enum:

{

Pending: No description available. ,

Approved: No description available. ,

Rejected: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

description:

{

Description: The reason for approval or rejection. ,

Required: False ,

}

string ,

actionsRequired:

{

Description: A message indicating if changes on the service provider require any updates on the consumer. ,

Enum:

{

None: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

provisioningState:

{

Description: Provisioning state of the private endpoint connection. ,

Enum:

{

Succeeded: No description available. ,

Creating: No description available. ,

Updating: No description available. ,

Deleting: No description available. ,

Failed: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

}

,

]

,

publicNetworkAccess:

{

Description: Control permission to the managed HSM from public networks. ,

Enum:

{

Enabled: No description available. ,

Disabled: No description available. ,

}

,

Required: False ,

}

enum ,

scheduledPurgeDate:

{

Description: The scheduled purge date in UTC. ,

Format: date-time ,

Required: False ,

}

string ,

securityDomainProperties:

{

Description: Managed HSM security domain properties. ,

Required: False ,

}

{

activationStatus:

{

Description: Activation Status ,

Enum:

{

Active: The managed HSM Pool is active. ,

NotActivated: The managed HSM Pool is not yet activated. ,

Unknown: An unknown error occurred while activating managed hsm. ,

Failed: Failed to activate managed hsm. ,

}

,

Required: False ,

}

enum ,

activationStatusMessage:

{

Description: Activation Status Message. ,

Required: False ,

}

string ,

}

,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: The server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

,

}

ManagedHsms_Delete (new)

Description	:  Deletes the specified managed HSM Pool.
Reference	:  Link ¶

---

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/managedHSMs/{name}

{

resourceGroupName:

{

Description: Name of the resource group that contains the managed HSM pool. ,

Required: True ,

}

string ,

name:

{

Description: The name of the managed HSM Pool to delete ,

Required: True ,

}

string ,

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

}

---

⚐ Response (204)

{}

---

⚐ Response (202)

{

location:

{

Description: The URI to poll for completion status. ,

}

string ,

}

---

⚐ Response (200)

{}

---

⚐ Response (default)

{

error:

{

Description: The server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

,

}

ManagedHsms_Get (new)

Description	:  Gets the specified managed HSM Pool.
Reference	:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/managedHSMs/{name}

{

resourceGroupName:

{

Description: Name of the resource group that contains the managed HSM pool. ,

Required: True ,

}

string ,

name:

{

Description: The name of the managed HSM Pool. ,

Required: True ,

}

string ,

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

properties:

{

Description: Properties of the managed HSM ,

Required: False ,

}

{

tenantId:

{

Description: The Azure Active Directory tenant ID that should be used for authenticating requests to the managed HSM pool. ,

Format: uuid ,

Required: False ,

}

string ,

initialAdminObjectIds:

{

Description: Array of initial administrators object ids for this managed hsm pool. ,

Required: False ,

}

[

string ,

]

,

hsmUri:

{

Description: The URI of the managed hsm pool for performing operations on keys. ,

Required: False ,

}

string ,

enableSoftDelete:

{

Description: Property to specify whether the 'soft delete' functionality is enabled for this managed HSM pool. Soft delete is enabled by default for all managed HSMs and is immutable. ,

Required: False ,

}

boolean ,

softDeleteRetentionInDays:

{

Description: Soft deleted data retention days. When you delete an HSM or a key, it will remain recoverable for the configured retention period or for a default period of 90 days. It accepts values between 7 and 90. ,

Format: int32 ,

Required: False ,

}

integer ,

enablePurgeProtection:

{

Description: Property specifying whether protection against purge is enabled for this managed HSM pool. Setting this property to true activates protection against purge for this managed HSM pool and its content - only the Managed HSM service may initiate a hard, irrecoverable deletion. Enabling this functionality is irreversible. ,

Required: False ,

}

boolean ,

createMode:

{

Description: The create mode to indicate whether the resource is being created or is being recovered from a deleted resource. ,

Enum:

{

recover: Recover the managed HSM pool from a soft-deleted resource. ,

default: Create a new managed HSM pool. This is the default option. ,

}

,

Required: False ,

}

enum ,

statusMessage:

{

Description: Resource Status Message. ,

Required: False ,

}

string ,

provisioningState:

{

Description: Provisioning state. ,

Enum:

{

Succeeded: The managed HSM Pool has been full provisioned. ,

Provisioning: The managed HSM Pool is currently being provisioned. ,

Failed: Provisioning of the managed HSM Pool has failed. ,

Updating: The managed HSM Pool is currently being updated. ,

Deleting: The managed HSM Pool is currently being deleted. ,

Activated: The managed HSM pool is ready for normal use. ,

SecurityDomainRestore: The managed HSM pool is waiting for a security domain restore action. ,

Restoring: The managed HSM pool is being restored from full HSM backup. ,

}

,

Required: False ,

}

enum ,

networkAcls:

{

Description: Rules governing the accessibility of the key vault from specific network locations. ,

Required: False ,

}

{

bypass:

{

Description: Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'. ,

Enum:

{

AzureServices: No description available. ,

None: No description available. ,

}

,

Required: False ,

}

enum ,

defaultAction:

{

Description: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. ,

Enum:

{

Allow: No description available. ,

Deny: No description available. ,

}

,

Required: False ,

}

enum ,

ipRules:

{

Description: The list of IP address rules. ,

Required: False ,

}

[

{

value:

{

Description: An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78). ,

Required: True ,

}

string ,

}

,

]

,

virtualNetworkRules:

{

Description: The list of virtual network rules. ,

Required: False ,

}

[

{

id:

{

Description: Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'. ,

Required: True ,

}

string ,

}

,

]

,

}

,

regions:

{

Description: List of all regions associated with the managed hsm pool. ,

Required: False ,

}

[

{

name:

{

Description: Name of the geo replicated region. ,

Required: False ,

}

string ,

provisioningState:

{

Description: Provisioning state of the geo replicated region. ,

Enum:

{

Preprovisioning: No description available. ,

Provisioning: No description available. ,

Succeeded: No description available. ,

Failed: No description available. ,

Deleting: No description available. ,

Cleanup: No description available. ,

}

,

Required: False ,

}

enum ,

isPrimary:

{

Description: A boolean value that indicates whether the region is the primary region or a secondary region. ,

Required: False ,

}

boolean ,

}

,

]

,

privateEndpointConnections:

{

Description: List of private endpoint connections associated with the managed hsm pool. ,

Required: False ,

}

[

{

id:

{

Description: Id of private endpoint connection. ,

Required: False ,

}

string ,

etag:

{

Description: Modified whenever there is a change in the state of private endpoint connection. ,

Required: False ,

}

string ,

properties:

{

Description: Private endpoint connection properties. ,

Required: False ,

}

{

privateEndpoint:

{

Description: Properties of the private endpoint object. ,

Required: False ,

}

{

id:

{

Description: Full identifier of the private endpoint resource. ,

Required: False ,

}

string ,

}

,

privateLinkServiceConnectionState:

{

Description: Approval state of the private link connection. ,

Required: False ,

}

{

status:

{

Description: Indicates whether the connection has been approved, rejected or removed by the key vault owner. ,

Enum:

{

Pending: No description available. ,

Approved: No description available. ,

Rejected: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

description:

{

Description: The reason for approval or rejection. ,

Required: False ,

}

string ,

actionsRequired:

{

Description: A message indicating if changes on the service provider require any updates on the consumer. ,

Enum:

{

None: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

provisioningState:

{

Description: Provisioning state of the private endpoint connection. ,

Enum:

{

Succeeded: No description available. ,

Creating: No description available. ,

Updating: No description available. ,

Deleting: No description available. ,

Failed: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

}

,

]

,

publicNetworkAccess:

{

Description: Control permission to the managed HSM from public networks. ,

Enum:

{

Enabled: No description available. ,

Disabled: No description available. ,

}

,

Required: False ,

}

enum ,

scheduledPurgeDate:

{

Description: The scheduled purge date in UTC. ,

Format: date-time ,

Required: False ,

}

string ,

securityDomainProperties:

{

Description: Managed HSM security domain properties. ,

Required: False ,

}

{

activationStatus:

{

Description: Activation Status ,

Enum:

{

Active: The managed HSM Pool is active. ,

NotActivated: The managed HSM Pool is not yet activated. ,

Unknown: An unknown error occurred while activating managed hsm. ,

Failed: Failed to activate managed hsm. ,

}

,

Required: False ,

}

enum ,

activationStatusMessage:

{

Description: Activation Status Message. ,

Required: False ,

}

string ,

}

,

}

,

}

---

⚐ Response (204)

{}

---

⚐ Response (default)

{

error:

{

Description: The server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

,

}

ManagedHsms_ListByResourceGroup (new)

Description	:  The List operation gets information about the managed HSM Pools associated with the subscription and within the specified resource group.
Reference	:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/managedHSMs

{

resourceGroupName:

{

Description: Name of the resource group that contains the managed HSM pool. ,

Required: True ,

}

string ,

$top:

{

Description: Maximum number of results to return. ,

Format: int32 ,

Required: False ,

}

integer ,

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

value:

{

Description: The list of managed HSM Pools. ,

Required: False ,

}

[

{

properties:

{

Description: Properties of the managed HSM ,

Required: False ,

}

{

tenantId:

{

Description: The Azure Active Directory tenant ID that should be used for authenticating requests to the managed HSM pool. ,

Format: uuid ,

Required: False ,

}

string ,

initialAdminObjectIds:

{

Description: Array of initial administrators object ids for this managed hsm pool. ,

Required: False ,

}

[

string ,

]

,

hsmUri:

{

Description: The URI of the managed hsm pool for performing operations on keys. ,

Required: False ,

}

string ,

enableSoftDelete:

{

Description: Property to specify whether the 'soft delete' functionality is enabled for this managed HSM pool. Soft delete is enabled by default for all managed HSMs and is immutable. ,

Required: False ,

}

boolean ,

softDeleteRetentionInDays:

{

Description: Soft deleted data retention days. When you delete an HSM or a key, it will remain recoverable for the configured retention period or for a default period of 90 days. It accepts values between 7 and 90. ,

Format: int32 ,

Required: False ,

}

integer ,

enablePurgeProtection:

{

Description: Property specifying whether protection against purge is enabled for this managed HSM pool. Setting this property to true activates protection against purge for this managed HSM pool and its content - only the Managed HSM service may initiate a hard, irrecoverable deletion. Enabling this functionality is irreversible. ,

Required: False ,

}

boolean ,

createMode:

{

Description: The create mode to indicate whether the resource is being created or is being recovered from a deleted resource. ,

Enum:

{

recover: Recover the managed HSM pool from a soft-deleted resource. ,

default: Create a new managed HSM pool. This is the default option. ,

}

,

Required: False ,

}

enum ,

statusMessage:

{

Description: Resource Status Message. ,

Required: False ,

}

string ,

provisioningState:

{

Description: Provisioning state. ,

Enum:

{

Succeeded: The managed HSM Pool has been full provisioned. ,

Provisioning: The managed HSM Pool is currently being provisioned. ,

Failed: Provisioning of the managed HSM Pool has failed. ,

Updating: The managed HSM Pool is currently being updated. ,

Deleting: The managed HSM Pool is currently being deleted. ,

Activated: The managed HSM pool is ready for normal use. ,

SecurityDomainRestore: The managed HSM pool is waiting for a security domain restore action. ,

Restoring: The managed HSM pool is being restored from full HSM backup. ,

}

,

Required: False ,

}

enum ,

networkAcls:

{

Description: Rules governing the accessibility of the key vault from specific network locations. ,

Required: False ,

}

{

bypass:

{

Description: Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'. ,

Enum:

{

AzureServices: No description available. ,

None: No description available. ,

}

,

Required: False ,

}

enum ,

defaultAction:

{

Description: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. ,

Enum:

{

Allow: No description available. ,

Deny: No description available. ,

}

,

Required: False ,

}

enum ,

ipRules:

{

Description: The list of IP address rules. ,

Required: False ,

}

[

{

value:

{

Description: An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78). ,

Required: True ,

}

string ,

}

,

]

,

virtualNetworkRules:

{

Description: The list of virtual network rules. ,

Required: False ,

}

[

{

id:

{

Description: Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'. ,

Required: True ,

}

string ,

}

,

]

,

}

,

regions:

{

Description: List of all regions associated with the managed hsm pool. ,

Required: False ,

}

[

{

name:

{

Description: Name of the geo replicated region. ,

Required: False ,

}

string ,

provisioningState:

{

Description: Provisioning state of the geo replicated region. ,

Enum:

{

Preprovisioning: No description available. ,

Provisioning: No description available. ,

Succeeded: No description available. ,

Failed: No description available. ,

Deleting: No description available. ,

Cleanup: No description available. ,

}

,

Required: False ,

}

enum ,

isPrimary:

{

Description: A boolean value that indicates whether the region is the primary region or a secondary region. ,

Required: False ,

}

boolean ,

}

,

]

,

privateEndpointConnections:

{

Description: List of private endpoint connections associated with the managed hsm pool. ,

Required: False ,

}

[

{

id:

{

Description: Id of private endpoint connection. ,

Required: False ,

}

string ,

etag:

{

Description: Modified whenever there is a change in the state of private endpoint connection. ,

Required: False ,

}

string ,

properties:

{

Description: Private endpoint connection properties. ,

Required: False ,

}

{

privateEndpoint:

{

Description: Properties of the private endpoint object. ,

Required: False ,

}

{

id:

{

Description: Full identifier of the private endpoint resource. ,

Required: False ,

}

string ,

}

,

privateLinkServiceConnectionState:

{

Description: Approval state of the private link connection. ,

Required: False ,

}

{

status:

{

Description: Indicates whether the connection has been approved, rejected or removed by the key vault owner. ,

Enum:

{

Pending: No description available. ,

Approved: No description available. ,

Rejected: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

description:

{

Description: The reason for approval or rejection. ,

Required: False ,

}

string ,

actionsRequired:

{

Description: A message indicating if changes on the service provider require any updates on the consumer. ,

Enum:

{

None: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

provisioningState:

{

Description: Provisioning state of the private endpoint connection. ,

Enum:

{

Succeeded: No description available. ,

Creating: No description available. ,

Updating: No description available. ,

Deleting: No description available. ,

Failed: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

}

,

]

,

publicNetworkAccess:

{

Description: Control permission to the managed HSM from public networks. ,

Enum:

{

Enabled: No description available. ,

Disabled: No description available. ,

}

,

Required: False ,

}

enum ,

scheduledPurgeDate:

{

Description: The scheduled purge date in UTC. ,

Format: date-time ,

Required: False ,

}

string ,

securityDomainProperties:

{

Description: Managed HSM security domain properties. ,

Required: False ,

}

{

activationStatus:

{

Description: Activation Status ,

Enum:

{

Active: The managed HSM Pool is active. ,

NotActivated: The managed HSM Pool is not yet activated. ,

Unknown: An unknown error occurred while activating managed hsm. ,

Failed: Failed to activate managed hsm. ,

}

,

Required: False ,

}

enum ,

activationStatusMessage:

{

Description: Activation Status Message. ,

Required: False ,

}

string ,

}

,

}

,

}

,

]

,

nextLink:

{

Description: The URL to get the next set of managed HSM Pools. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: The server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

,

}

ManagedHsms_ListBySubscription (new)

Description	:  The List operation gets information about the managed HSM Pools associated with the subscription.
Reference	:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/providers/Microsoft.KeyVault/managedHSMs

{

$top:

{

Description: Maximum number of results to return. ,

Format: int32 ,

Required: False ,

}

integer ,

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

value:

{

Description: The list of managed HSM Pools. ,

Required: False ,

}

[

{

properties:

{

Description: Properties of the managed HSM ,

Required: False ,

}

{

tenantId:

{

Description: The Azure Active Directory tenant ID that should be used for authenticating requests to the managed HSM pool. ,

Format: uuid ,

Required: False ,

}

string ,

initialAdminObjectIds:

{

Description: Array of initial administrators object ids for this managed hsm pool. ,

Required: False ,

}

[

string ,

]

,

hsmUri:

{

Description: The URI of the managed hsm pool for performing operations on keys. ,

Required: False ,

}

string ,

enableSoftDelete:

{

Description: Property to specify whether the 'soft delete' functionality is enabled for this managed HSM pool. Soft delete is enabled by default for all managed HSMs and is immutable. ,

Required: False ,

}

boolean ,

softDeleteRetentionInDays:

{

Description: Soft deleted data retention days. When you delete an HSM or a key, it will remain recoverable for the configured retention period or for a default period of 90 days. It accepts values between 7 and 90. ,

Format: int32 ,

Required: False ,

}

integer ,

enablePurgeProtection:

{

Description: Property specifying whether protection against purge is enabled for this managed HSM pool. Setting this property to true activates protection against purge for this managed HSM pool and its content - only the Managed HSM service may initiate a hard, irrecoverable deletion. Enabling this functionality is irreversible. ,

Required: False ,

}

boolean ,

createMode:

{

Description: The create mode to indicate whether the resource is being created or is being recovered from a deleted resource. ,

Enum:

{

recover: Recover the managed HSM pool from a soft-deleted resource. ,

default: Create a new managed HSM pool. This is the default option. ,

}

,

Required: False ,

}

enum ,

statusMessage:

{

Description: Resource Status Message. ,

Required: False ,

}

string ,

provisioningState:

{

Description: Provisioning state. ,

Enum:

{

Succeeded: The managed HSM Pool has been full provisioned. ,

Provisioning: The managed HSM Pool is currently being provisioned. ,

Failed: Provisioning of the managed HSM Pool has failed. ,

Updating: The managed HSM Pool is currently being updated. ,

Deleting: The managed HSM Pool is currently being deleted. ,

Activated: The managed HSM pool is ready for normal use. ,

SecurityDomainRestore: The managed HSM pool is waiting for a security domain restore action. ,

Restoring: The managed HSM pool is being restored from full HSM backup. ,

}

,

Required: False ,

}

enum ,

networkAcls:

{

Description: Rules governing the accessibility of the key vault from specific network locations. ,

Required: False ,

}

{

bypass:

{

Description: Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'. ,

Enum:

{

AzureServices: No description available. ,

None: No description available. ,

}

,

Required: False ,

}

enum ,

defaultAction:

{

Description: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. ,

Enum:

{

Allow: No description available. ,

Deny: No description available. ,

}

,

Required: False ,

}

enum ,

ipRules:

{

Description: The list of IP address rules. ,

Required: False ,

}

[

{

value:

{

Description: An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78). ,

Required: True ,

}

string ,

}

,

]

,

virtualNetworkRules:

{

Description: The list of virtual network rules. ,

Required: False ,

}

[

{

id:

{

Description: Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'. ,

Required: True ,

}

string ,

}

,

]

,

}

,

regions:

{

Description: List of all regions associated with the managed hsm pool. ,

Required: False ,

}

[

{

name:

{

Description: Name of the geo replicated region. ,

Required: False ,

}

string ,

provisioningState:

{

Description: Provisioning state of the geo replicated region. ,

Enum:

{

Preprovisioning: No description available. ,

Provisioning: No description available. ,

Succeeded: No description available. ,

Failed: No description available. ,

Deleting: No description available. ,

Cleanup: No description available. ,

}

,

Required: False ,

}

enum ,

isPrimary:

{

Description: A boolean value that indicates whether the region is the primary region or a secondary region. ,

Required: False ,

}

boolean ,

}

,

]

,

privateEndpointConnections:

{

Description: List of private endpoint connections associated with the managed hsm pool. ,

Required: False ,

}

[

{

id:

{

Description: Id of private endpoint connection. ,

Required: False ,

}

string ,

etag:

{

Description: Modified whenever there is a change in the state of private endpoint connection. ,

Required: False ,

}

string ,

properties:

{

Description: Private endpoint connection properties. ,

Required: False ,

}

{

privateEndpoint:

{

Description: Properties of the private endpoint object. ,

Required: False ,

}

{

id:

{

Description: Full identifier of the private endpoint resource. ,

Required: False ,

}

string ,

}

,

privateLinkServiceConnectionState:

{

Description: Approval state of the private link connection. ,

Required: False ,

}

{

status:

{

Description: Indicates whether the connection has been approved, rejected or removed by the key vault owner. ,

Enum:

{

Pending: No description available. ,

Approved: No description available. ,

Rejected: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

description:

{

Description: The reason for approval or rejection. ,

Required: False ,

}

string ,

actionsRequired:

{

Description: A message indicating if changes on the service provider require any updates on the consumer. ,

Enum:

{

None: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

provisioningState:

{

Description: Provisioning state of the private endpoint connection. ,

Enum:

{

Succeeded: No description available. ,

Creating: No description available. ,

Updating: No description available. ,

Deleting: No description available. ,

Failed: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

}

,

]

,

publicNetworkAccess:

{

Description: Control permission to the managed HSM from public networks. ,

Enum:

{

Enabled: No description available. ,

Disabled: No description available. ,

}

,

Required: False ,

}

enum ,

scheduledPurgeDate:

{

Description: The scheduled purge date in UTC. ,

Format: date-time ,

Required: False ,

}

string ,

securityDomainProperties:

{

Description: Managed HSM security domain properties. ,

Required: False ,

}

{

activationStatus:

{

Description: Activation Status ,

Enum:

{

Active: The managed HSM Pool is active. ,

NotActivated: The managed HSM Pool is not yet activated. ,

Unknown: An unknown error occurred while activating managed hsm. ,

Failed: Failed to activate managed hsm. ,

}

,

Required: False ,

}

enum ,

activationStatusMessage:

{

Description: Activation Status Message. ,

Required: False ,

}

string ,

}

,

}

,

}

,

]

,

nextLink:

{

Description: The URL to get the next set of managed HSM Pools. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: The server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

,

}

MHSMPrivateEndpointConnections_ListByResource (new)

Description	:  The List operation gets information about the private endpoint connections associated with the managed HSM Pool.
Reference	:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/managedHSMs/{name}/privateEndpointConnections

{

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: Name of the resource group that contains the managed HSM pool. ,

Required: True ,

}

string ,

name:

{

Description: Name of the managed HSM Pool ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

value:

{

Description: The private endpoint connection associated with a managed HSM Pools. ,

Required: False ,

}

[

{

properties:

{

Description: Resource properties. ,

Required: False ,

}

{

privateEndpoint:

{

Description: Properties of the private endpoint object. ,

Required: False ,

}

{

id:

{

Description: Full identifier of the private endpoint resource. ,

Required: False ,

}

string ,

}

,

privateLinkServiceConnectionState:

{

Description: Approval state of the private link connection. ,

Required: False ,

}

{

status:

{

Description: Indicates whether the connection has been approved, rejected or removed by the key vault owner. ,

Enum:

{

Pending: No description available. ,

Approved: No description available. ,

Rejected: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

description:

{

Description: The reason for approval or rejection. ,

Required: False ,

}

string ,

actionsRequired:

{

Description: A message indicating if changes on the service provider require any updates on the consumer. ,

Enum:

{

None: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

provisioningState:

{

Description: Provisioning state of the private endpoint connection. ,

Enum:

{

Succeeded: No description available. ,

Creating: No description available. ,

Updating: No description available. ,

Deleting: No description available. ,

Failed: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

etag:

{

Description: Modified whenever there is a change in the state of private endpoint connection. ,

Required: False ,

}

string ,

}

,

]

,

nextLink:

{

Description: The URL to get the next set of managed HSM Pools. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: The server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

,

}

ManagedHsms_ListDeleted (new)

Description	:  The List operation gets information about the deleted managed HSMs associated with the subscription.
Reference	:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/providers/Microsoft.KeyVault/deletedManagedHSMs

{

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

value:

{

Description: The list of deleted managed HSM Pools. ,

Required: False ,

}

[

{

id:

{

Description: The Azure Resource Manager resource ID for the deleted managed HSM Pool. ,

Required: False ,

}

string ,

name:

{

Description: The name of the managed HSM Pool. ,

Required: False ,

}

string ,

type:

{

Description: The resource type of the managed HSM Pool. ,

Required: False ,

}

string ,

properties:

{

Description: Properties of the deleted managed HSM ,

Required: False ,

}

{

mhsmId:

{

Description: The resource id of the original managed HSM. ,

Required: False ,

}

string ,

location:

{

Description: The location of the original managed HSM. ,

Required: False ,

}

string ,

deletionDate:

{

Description: The deleted date. ,

Format: date-time ,

Required: False ,

}

string ,

scheduledPurgeDate:

{

Description: The scheduled purged date. ,

Format: date-time ,

Required: False ,

}

string ,

purgeProtectionEnabled:

{

Description: Purge protection status of the original managed HSM. ,

Required: False ,

}

boolean ,

tags:

{

Description: Tags of the original managed HSM. ,

Required: False ,

}

object ,

}

,

}

,

]

,

nextLink:

{

Description: The URL to get the next set of deleted managed HSM Pools. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: The server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

,

}

ManagedHsms_GetDeleted (new)

Description	:  Gets the specified deleted managed HSM.
Reference	:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/providers/Microsoft.KeyVault/locations/{location}/deletedManagedHSMs/{name}

{

name:

{

Description: The name of the deleted managed HSM. ,

Required: True ,

}

string ,

location:

{

Description: The location of the deleted managed HSM. ,

Required: True ,

}

string ,

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

id:

{

Description: The Azure Resource Manager resource ID for the deleted managed HSM Pool. ,

Required: False ,

}

string ,

name:

{

Description: The name of the managed HSM Pool. ,

Required: False ,

}

string ,

type:

{

Description: The resource type of the managed HSM Pool. ,

Required: False ,

}

string ,

properties:

{

Description: Properties of the deleted managed HSM ,

Required: False ,

}

{

mhsmId:

{

Description: The resource id of the original managed HSM. ,

Required: False ,

}

string ,

location:

{

Description: The location of the original managed HSM. ,

Required: False ,

}

string ,

deletionDate:

{

Description: The deleted date. ,

Format: date-time ,

Required: False ,

}

string ,

scheduledPurgeDate:

{

Description: The scheduled purged date. ,

Format: date-time ,

Required: False ,

}

string ,

purgeProtectionEnabled:

{

Description: Purge protection status of the original managed HSM. ,

Required: False ,

}

boolean ,

tags:

{

Description: Tags of the original managed HSM. ,

Required: False ,

}

object ,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: The server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

,

}

ManagedHsms_PurgeDeleted (new)

Description	:  Permanently deletes the specified managed HSM.
Reference	:  Link ¶

---

⚼ Request

POST:  /subscriptions/{subscriptionId}/providers/Microsoft.KeyVault/locations/{location}/deletedManagedHSMs/{name}/purge

{

name:

{

Description: The name of the soft-deleted managed HSM. ,

Required: True ,

}

string ,

location:

{

Description: The location of the soft-deleted managed HSM. ,

Required: True ,

}

string ,

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

}

---

⚐ Response (202)

{

location:

{

Description: The URI to poll for completion status. ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: The server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

,

}

MHSMPrivateEndpointConnections_Get (new)

Description	:  Gets the specified private endpoint connection associated with the managed HSM Pool.
Reference	:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/managedHSMs/{name}/privateEndpointConnections/{privateEndpointConnectionName}

{

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: Name of the resource group that contains the managed HSM pool. ,

Required: True ,

}

string ,

name:

{

Description: Name of the managed HSM Pool ,

Required: True ,

}

string ,

privateEndpointConnectionName:

{

Description: Name of the private endpoint connection associated with the managed hsm pool. ,

Required: True ,

}

string ,

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

properties:

{

Description: Resource properties. ,

Required: False ,

}

{

privateEndpoint:

{

Description: Properties of the private endpoint object. ,

Required: False ,

}

{

id:

{

Description: Full identifier of the private endpoint resource. ,

Required: False ,

}

string ,

}

,

privateLinkServiceConnectionState:

{

Description: Approval state of the private link connection. ,

Required: False ,

}

{

status:

{

Description: Indicates whether the connection has been approved, rejected or removed by the key vault owner. ,

Enum:

{

Pending: No description available. ,

Approved: No description available. ,

Rejected: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

description:

{

Description: The reason for approval or rejection. ,

Required: False ,

}

string ,

actionsRequired:

{

Description: A message indicating if changes on the service provider require any updates on the consumer. ,

Enum:

{

None: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

provisioningState:

{

Description: Provisioning state of the private endpoint connection. ,

Enum:

{

Succeeded: No description available. ,

Creating: No description available. ,

Updating: No description available. ,

Deleting: No description available. ,

Failed: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

etag:

{

Description: Modified whenever there is a change in the state of private endpoint connection. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: The server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

,

}

MHSMPrivateEndpointConnections_Put (new)

Description	:  Updates the specified private endpoint connection associated with the managed hsm pool.
Reference	:  Link ¶

---

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/managedHSMs/{name}/privateEndpointConnections/{privateEndpointConnectionName}

{

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: Name of the resource group that contains the managed HSM pool. ,

Required: True ,

}

string ,

name:

{

Description: Name of the managed HSM Pool ,

Required: True ,

}

string ,

privateEndpointConnectionName:

{

Description: Name of the private endpoint connection associated with the managed hsm pool. ,

Required: True ,

}

string ,

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

properties:

{

Description: The intended state of private endpoint connection. ,

Required: True ,

}

{

properties:

{

Description: Resource properties. ,

Required: False ,

}

{

privateEndpoint:

{

Description: Properties of the private endpoint object. ,

Required: False ,

}

{

id:

{

Description: Full identifier of the private endpoint resource. ,

Required: False ,

}

string ,

}

,

privateLinkServiceConnectionState:

{

Description: Approval state of the private link connection. ,

Required: False ,

}

{

status:

{

Description: Indicates whether the connection has been approved, rejected or removed by the key vault owner. ,

Enum:

{

Pending: No description available. ,

Approved: No description available. ,

Rejected: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

description:

{

Description: The reason for approval or rejection. ,

Required: False ,

}

string ,

actionsRequired:

{

Description: A message indicating if changes on the service provider require any updates on the consumer. ,

Enum:

{

None: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

provisioningState:

{

Description: Provisioning state of the private endpoint connection. ,

Enum:

{

Succeeded: No description available. ,

Creating: No description available. ,

Updating: No description available. ,

Deleting: No description available. ,

Failed: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

etag:

{

Description: Modified whenever there is a change in the state of private endpoint connection. ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (200)

{

$headers:

{

retry-after:

{

Description: (specified only if operation does not finish synchronously) The recommended number of seconds to wait before calling the URI specified in Azure-AsyncOperation. ,

}

integer ,

azure-asyncoperation:

{

Description: (specified only if operation does not finish synchronously) The URI to poll for completion status. The response of this URI may be synchronous or asynchronous. ,

}

string ,

}

,

$schema:

{

Description: Private endpoint connection resource. ,

}

{

properties:

{

Description: Resource properties. ,

Required: False ,

}

{

privateEndpoint:

{

Description: Properties of the private endpoint object. ,

Required: False ,

}

{

id:

{

Description: Full identifier of the private endpoint resource. ,

Required: False ,

}

string ,

}

,

privateLinkServiceConnectionState:

{

Description: Approval state of the private link connection. ,

Required: False ,

}

{

status:

{

Description: Indicates whether the connection has been approved, rejected or removed by the key vault owner. ,

Enum:

{

Pending: No description available. ,

Approved: No description available. ,

Rejected: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

description:

{

Description: The reason for approval or rejection. ,

Required: False ,

}

string ,

actionsRequired:

{

Description: A message indicating if changes on the service provider require any updates on the consumer. ,

Enum:

{

None: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

provisioningState:

{

Description: Provisioning state of the private endpoint connection. ,

Enum:

{

Succeeded: No description available. ,

Creating: No description available. ,

Updating: No description available. ,

Deleting: No description available. ,

Failed: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

etag:

{

Description: Modified whenever there is a change in the state of private endpoint connection. ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: An error response from Key Vault resource provider ,

Required: False ,

}

{

code:

{

Description: Error code. This is a mnemonic that can be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: User friendly error message. The message is typically localized and may vary with service version. ,

Required: False ,

}

string ,

}

,

}

MHSMPrivateEndpointConnections_Delete (new)

Description	:  Deletes the specified private endpoint connection associated with the managed hsm pool.
Reference	:  Link ¶

---

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/managedHSMs/{name}/privateEndpointConnections/{privateEndpointConnectionName}

{

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: Name of the resource group that contains the managed HSM pool. ,

Required: True ,

}

string ,

name:

{

Description: Name of the managed HSM Pool ,

Required: True ,

}

string ,

privateEndpointConnectionName:

{

Description: Name of the private endpoint connection associated with the managed hsm pool. ,

Required: True ,

}

string ,

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

properties:

{

Description: Resource properties. ,

Required: False ,

}

{

privateEndpoint:

{

Description: Properties of the private endpoint object. ,

Required: False ,

}

{

id:

{

Description: Full identifier of the private endpoint resource. ,

Required: False ,

}

string ,

}

,

privateLinkServiceConnectionState:

{

Description: Approval state of the private link connection. ,

Required: False ,

}

{

status:

{

Description: Indicates whether the connection has been approved, rejected or removed by the key vault owner. ,

Enum:

{

Pending: No description available. ,

Approved: No description available. ,

Rejected: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

description:

{

Description: The reason for approval or rejection. ,

Required: False ,

}

string ,

actionsRequired:

{

Description: A message indicating if changes on the service provider require any updates on the consumer. ,

Enum:

{

None: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

provisioningState:

{

Description: Provisioning state of the private endpoint connection. ,

Enum:

{

Succeeded: No description available. ,

Creating: No description available. ,

Updating: No description available. ,

Deleting: No description available. ,

Failed: No description available. ,

Disconnected: No description available. ,

}

,

Required: False ,

}

enum ,

}

,

etag:

{

Description: Modified whenever there is a change in the state of private endpoint connection. ,

Required: False ,

}

string ,

}

---

⚐ Response (202)

{

location:

{

Description: The URI to poll for completion status. ,

}

string ,

}

---

⚐ Response (204)

{}

---

⚐ Response (default)

{

error:

{

Description: An error response from Key Vault resource provider ,

Required: False ,

}

{

code:

{

Description: Error code. This is a mnemonic that can be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: User friendly error message. The message is typically localized and may vary with service version. ,

Required: False ,

}

string ,

}

,

}

MHSMPrivateLinkResources_ListByMHSMResource (new)

Description	:  Gets the private link resources supported for the managed hsm pool.
Reference	:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/managedHSMs/{name}/privateLinkResources

{

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: Name of the resource group that contains the managed HSM pool. ,

Required: True ,

}

string ,

name:

{

Description: Name of the managed HSM Pool ,

Required: True ,

}

string ,

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

value:

{

Description: Array of private link resources ,

Required: False ,

}

[

{

properties:

{

Description: Resource properties. ,

Required: False ,

}

{

groupId:

{

Description: Group identifier of private link resource. ,

Required: False ,

}

string ,

requiredMembers:

{

Description: Required member names of private link resource. ,

Required: False ,

}

[

string ,

]

,

requiredZoneNames:

{

Description: Required DNS zone names of the the private link resource. ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

]

,

}

---

⚐ Response (default)

{

error:

{

Description: An error response from Key Vault resource provider ,

Required: False ,

}

{

code:

{

Description: Error code. This is a mnemonic that can be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: User friendly error message. The message is typically localized and may vary with service version. ,

Required: False ,

}

string ,

}

,

}

MHSMRegions_ListByResource (new)

Description	:  The List operation gets information about the regions associated with the managed HSM Pool.
Reference	:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/managedHSMs/{name}/regions

{

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: Name of the resource group that contains the managed HSM pool. ,

Required: True ,

}

string ,

name:

{

Description: Name of the managed HSM Pool ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

value:

{

Description: The region associated with a managed HSM Pools. ,

Required: False ,

}

[

{

name:

{

Description: Name of the geo replicated region. ,

Required: False ,

}

string ,

provisioningState:

{

Description: Provisioning state of the geo replicated region. ,

Enum:

{

Preprovisioning: No description available. ,

Provisioning: No description available. ,

Succeeded: No description available. ,

Failed: No description available. ,

Deleting: No description available. ,

Cleanup: No description available. ,

}

,

Required: False ,

}

enum ,

isPrimary:

{

Description: A boolean value that indicates whether the region is the primary region or a secondary region. ,

Required: False ,

}

boolean ,

}

,

]

,

nextLink:

{

Description: The URL to get the next set of managed HSM Pools. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: The server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

,

}

ManagedHsms_CheckMhsmNameAvailability (new)

Description	:  Checks that the managed hsm name is valid and is not already in use.
Reference	:  Link ¶

---

⚼ Request

POST:  /subscriptions/{subscriptionId}/providers/Microsoft.KeyVault/checkMhsmNameAvailability

{

mhsmName:

{

Description: The name of the managed hsm. ,

Required: True ,

}

{

name:

{

Description: The managed hsm name. ,

Required: True ,

}

string ,

}

,

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

nameAvailable:

{

Description: A boolean value that indicates whether the name is available for you to use. If true, the name is available. If false, the name has already been taken or is invalid and cannot be used. ,

Required: False ,

}

boolean ,

reason:

{

Description: The reason that a managed hsm name could not be used. The reason element is only returned if NameAvailable is false. ,

Enum:

{

AccountNameInvalid: No description available. ,

AlreadyExists: No description available. ,

}

,

Required: False ,

}

enum ,

message:

{

Description: An error message explaining the Reason value in more detail. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: An error response from Key Vault resource provider ,

Required: False ,

}

{

code:

{

Description: Error code. This is a mnemonic that can be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: User friendly error message. The message is typically localized and may vary with service version. ,

Required: False ,

}

string ,

}

,

}

Operations_List (new)

Description	:  Lists all of the available Key Vault Rest API operations.
Reference	:  Link ¶

---

⚼ Request

GET:  /providers/Microsoft.KeyVault/operations

{

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

value:

{

Description: List of Storage operations supported by the Storage resource provider. ,

Required: False ,

}

[

{

name:

{

Description: Operation name: {provider}/{resource}/{operation} ,

Required: False ,

}

string ,

display:

{

Description: Display metadata associated with the operation. ,

Required: False ,

}

{

provider:

{

Description: Service provider: Microsoft Key Vault. ,

Required: False ,

}

string ,

resource:

{

Description: Resource on which the operation is performed etc. ,

Required: False ,

}

string ,

operation:

{

Description: Type of operation: get, read, delete, etc. ,

Required: False ,

}

string ,

description:

{

Description: Description of operation. ,

Required: False ,

}

string ,

}

,

origin:

{

Description: The origin of operations. ,

Required: False ,

}

string ,

properties:

{

Description: Properties of operation, include metric specifications. ,

Required: False ,

}

{

serviceSpecification:

{

Description: One property of operation, include metric specifications. ,

Required: False ,

}

{

logSpecifications:

{

Description: Log specifications of operation. ,

Required: False ,

}

[

{

name:

{

Description: Name of log specification. ,

Required: False ,

}

string ,

displayName:

{

Description: Display name of log specification. ,

Required: False ,

}

string ,

blobDuration:

{

Description: Blob duration of specification. ,

Required: False ,

}

string ,

}

,

]

,

metricSpecifications:

{

Description: Metric specifications of operation. ,

Required: False ,

}

[

{

name:

{

Description: Name of metric specification. ,

Required: False ,

}

string ,

displayName:

{

Description: Display name of metric specification. ,

Required: False ,

}

string ,

displayDescription:

{

Description: Display description of metric specification. ,

Required: False ,

}

string ,

unit:

{

Description: The metric unit. Possible values include: 'Bytes', 'Count', 'Milliseconds'. ,

Required: False ,

}

string ,

aggregationType:

{

Description: The metric aggregation type. Possible values include: 'Average', 'Count', 'Total'. ,

Required: False ,

}

string ,

supportedAggregationTypes:

{

Description: The supported aggregation types for the metrics. ,

Required: False ,

}

[

string ,

]

,

supportedTimeGrainTypes:

{

Description: The supported time grain types for the metrics. ,

Required: False ,

}

[

string ,

]

,

lockAggregationType:

{

Description: The metric lock aggregation type. ,

Required: False ,

}

string ,

dimensions:

{

Description: The dimensions of metric ,

Required: False ,

}

[

{

name:

{

Description: Name of dimension. ,

Required: False ,

}

string ,

displayName:

{

Description: Display name of dimension. ,

Required: False ,

}

string ,

toBeExportedForShoebox:

{

Description: Property to specify whether the dimension should be exported for Shoebox. ,

Required: False ,

}

boolean ,

}

,

]

,

fillGapWithZero:

{

Description: Property to specify whether to fill gap with zero. ,

Required: False ,

}

boolean ,

internalMetricName:

{

Description: The internal metric name. ,

Required: False ,

}

string ,

}

,

]

,

}

,

}

,

isDataAction:

{

Description: Property to specify whether the action is a data action. ,

Required: False ,

}

boolean ,

}

,

]

,

nextLink:

{

Description: The URL to get the next set of operations. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: An error response from Key Vault resource provider ,

Required: False ,

}

{

code:

{

Description: Error code. This is a mnemonic that can be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: User friendly error message. The message is typically localized and may vary with service version. ,

Required: False ,

}

string ,

}

,

}

Secrets_CreateOrUpdate (new)

Description	:  Create or update a secret in a key vault in the specified subscription. NOTE: This API is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.
Reference	:  Link ¶

---

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}/secrets/{secretName}

{

resourceGroupName:

{

Description: The name of the Resource Group to which the vault belongs. ,

Required: True ,

}

string ,

vaultName:

{

Description: Name of the vault ,

Required: True ,

}

string ,

secretName:

{

Description: Name of the secret. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information. ,

Required: True ,

}

string ,

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

parameters:

{

Description: Parameters to create or update the secret ,

Required: True ,

}

{

tags:

{

Description: The tags that will be assigned to the secret. ,

Required: False ,

}

object ,

properties:

{

Description: Properties of the secret ,

Required: True ,

}

{

value:

{

Description: The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets. ,

Required: False ,

}

string ,

contentType:

{

Description: The content type of the secret. ,

Required: False ,

}

string ,

attributes:

{

Description: The attributes of the secret. ,

Required: False ,

}

object ,

secretUri:

{

Description: The URI to retrieve the current version of the secret. ,

Required: False ,

}

string ,

secretUriWithVersion:

{

Description: The URI to retrieve the specific version of the secret. ,

Required: False ,

}

string ,

}

,

}

,

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

}

---

⚐ Response (201)

{

properties:

{

Description: Properties of the secret ,

Required: True ,

}

{

value:

{

Description: The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets. ,

Required: False ,

}

string ,

contentType:

{

Description: The content type of the secret. ,

Required: False ,

}

string ,

attributes:

{

Description: The attributes of the secret. ,

Required: False ,

}

object ,

secretUri:

{

Description: The URI to retrieve the current version of the secret. ,

Required: False ,

}

string ,

secretUriWithVersion:

{

Description: The URI to retrieve the specific version of the secret. ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (200)

{

properties:

{

Description: Properties of the secret ,

Required: True ,

}

{

value:

{

Description: The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets. ,

Required: False ,

}

string ,

contentType:

{

Description: The content type of the secret. ,

Required: False ,

}

string ,

attributes:

{

Description: The attributes of the secret. ,

Required: False ,

}

object ,

secretUri:

{

Description: The URI to retrieve the current version of the secret. ,

Required: False ,

}

string ,

secretUriWithVersion:

{

Description: The URI to retrieve the specific version of the secret. ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: An error response from Key Vault resource provider ,

Required: False ,

}

{

code:

{

Description: Error code. This is a mnemonic that can be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: User friendly error message. The message is typically localized and may vary with service version. ,

Required: False ,

}

string ,

}

,

}

Secrets_Update (new)

Description	:  Update a secret in the specified subscription. NOTE: This API is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.
Reference	:  Link ¶

---

⚼ Request

PATCH:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}/secrets/{secretName}

{

resourceGroupName:

{

Description: The name of the Resource Group to which the vault belongs. ,

Required: True ,

}

string ,

vaultName:

{

Description: Name of the vault ,

Required: True ,

}

string ,

secretName:

{

Description: Name of the secret ,

Required: True ,

}

string ,

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

parameters:

{

Description: Parameters to patch the secret ,

Required: True ,

}

{

tags:

{

Description: The tags that will be assigned to the secret. ,

Required: False ,

}

object ,

properties:

{

Description: Properties of the secret ,

Required: False ,

}

{

value:

{

Description: The value of the secret. ,

Required: False ,

}

string ,

contentType:

{

Description: The content type of the secret. ,

Required: False ,

}

string ,

attributes:

{

Description: The attributes of the secret. ,

Required: False ,

}

object ,

}

,

}

,

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

}

---

⚐ Response (201)

{

properties:

{

Description: Properties of the secret ,

Required: True ,

}

{

value:

{

Description: The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets. ,

Required: False ,

}

string ,

contentType:

{

Description: The content type of the secret. ,

Required: False ,

}

string ,

attributes:

{

Description: The attributes of the secret. ,

Required: False ,

}

object ,

secretUri:

{

Description: The URI to retrieve the current version of the secret. ,

Required: False ,

}

string ,

secretUriWithVersion:

{

Description: The URI to retrieve the specific version of the secret. ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (200)

{

properties:

{

Description: Properties of the secret ,

Required: True ,

}

{

value:

{

Description: The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets. ,

Required: False ,

}

string ,

contentType:

{

Description: The content type of the secret. ,

Required: False ,

}

string ,

attributes:

{

Description: The attributes of the secret. ,

Required: False ,

}

object ,

secretUri:

{

Description: The URI to retrieve the current version of the secret. ,

Required: False ,

}

string ,

secretUriWithVersion:

{

Description: The URI to retrieve the specific version of the secret. ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: An error response from Key Vault resource provider ,

Required: False ,

}

{

code:

{

Description: Error code. This is a mnemonic that can be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: User friendly error message. The message is typically localized and may vary with service version. ,

Required: False ,

}

string ,

}

,

}

Secrets_Get (new)

Description	:  Gets the specified secret. NOTE: This API is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.
Reference	:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}/secrets/{secretName}

{

resourceGroupName:

{

Description: The name of the Resource Group to which the vault belongs. ,

Required: True ,

}

string ,

vaultName:

{

Description: The name of the vault. ,

Required: True ,

}

string ,

secretName:

{

Description: The name of the secret. ,

Required: True ,

}

string ,

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

properties:

{

Description: Properties of the secret ,

Required: True ,

}

{

value:

{

Description: The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets. ,

Required: False ,

}

string ,

contentType:

{

Description: The content type of the secret. ,

Required: False ,

}

string ,

attributes:

{

Description: The attributes of the secret. ,

Required: False ,

}

object ,

secretUri:

{

Description: The URI to retrieve the current version of the secret. ,

Required: False ,

}

string ,

secretUriWithVersion:

{

Description: The URI to retrieve the specific version of the secret. ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: An error response from Key Vault resource provider ,

Required: False ,

}

{

code:

{

Description: Error code. This is a mnemonic that can be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: User friendly error message. The message is typically localized and may vary with service version. ,

Required: False ,

}

string ,

}

,

}

Secrets_List (new)

Description	:  The List operation gets information about the secrets in a vault. NOTE: This API is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.
Reference	:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}/secrets

{

resourceGroupName:

{

Description: The name of the Resource Group to which the vault belongs. ,

Required: True ,

}

string ,

vaultName:

{

Description: The name of the vault. ,

Required: True ,

}

string ,

$top:

{

Description: Maximum number of results to return. ,

Format: int32 ,

Required: False ,

}

integer ,

api-version:

{

Description: Client Api Version. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

value:

{

Description: The list of secrets. ,

Required: False ,

}

[

{

properties:

{

Description: Properties of the secret ,

Required: True ,

}

{

value:

{

Description: The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets. ,

Required: False ,

}

string ,

contentType:

{

Description: The content type of the secret. ,

Required: False ,

}

string ,

attributes:

{

Description: The attributes of the secret. ,

Required: False ,

}

object ,

secretUri:

{

Description: The URI to retrieve the current version of the secret. ,

Required: False ,

}

string ,

secretUriWithVersion:

{

Description: The URI to retrieve the specific version of the secret. ,

Required: False ,

}

string ,

}

,

}

,

]

,

nextLink:

{

Description: The URL to get the next set of secrets. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: An error response from Key Vault resource provider ,

Required: False ,

}

{

code:

{

Description: Error code. This is a mnemonic that can be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: User friendly error message. The message is typically localized and may vary with service version. ,

Required: False ,

}

string ,

}

,

}