Changelog of Azure APIs

2025/01/17 • 24 updated methods

GetDeletedKeys (updated)

Description

: Retrieves a list of the keys in the Key Vault as JSON Web Key structures that contain the public part of a deleted key. This operation includes deletion-specific information. The Get Deleted Keys operation is applicable for vaults enabled for soft-delete. While the operation can be invoked on any vault, it will return an error if invoked on a non soft-delete enabled vault. This operation requires the keys/list permission.

Reference

: Link ¶

⚶ Changes

{
  "#id": "GetDeletedKeys",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    }
  ],
  "$responses": {
    "200": {
      "$properties": [
        {
          "#name": "value",
          "Description": {
            "new": "A response message containing a list of deleted keys in the key vault along with a link to the next page of deleted keys.",
            "old": "A response message containing a list of deleted keys in the vault along with a link to the next page of deleted keys"
          },
          "$items": {
            "$properties": {
              "@added_259550533bd84e38ad4913b3c7d80413": {
                "#name": "kid",
                "Description": "Key identifier.",
                "Required": false,
                "Type": "string"
              },
              "@added_b81ccf40c8f44890b2fd6eaf048ce775": {
                "#name": "attributes",
                "Description": "The key management attributes.",
                "Required": false,
                "Type": "object",
                "$properties": [
                  {
                    "#name": "enabled",
                    "Description": "Determines whether the object is enabled.",
                    "Required": false,
                    "Type": "boolean"
                  },
                  {
                    "#name": "nbf",
                    "Description": "Not before date in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  },
                  {
                    "#name": "exp",
                    "Description": "Expiry date in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  },
                  {
                    "#name": "created",
                    "Description": "Creation time in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  },
                  {
                    "#name": "updated",
                    "Description": "Last updated time in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  },
                  {
                    "#name": "recoverableDays",
                    "Description": "softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0.",
                    "Format": "int32",
                    "Required": false,
                    "Type": "integer"
                  },
                  {
                    "#name": "recoveryLevel",
                    "Description": "Reflects the deletion recovery level currently in effect for keys in the current vault. If it contains 'Purgeable' the key can be permanently deleted by a privileged user; otherwise, only the system can purge the key, at the end of the retention interval.",
                    "Enum": [
                      [
                        "Purgeable",
                        "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                      ],
                      [
                        "Recoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "CustomizedRecoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                      ],
                      [
                        "CustomizedRecoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                      ],
                      [
                        "CustomizedRecoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                      ]
                    ],
                    "Required": false,
                    "Type": "string"
                  },
                  {
                    "#name": "exportable",
                    "Description": "Indicates if the private key can be exported. Release policy must be provided when creating the first version of an exportable key.",
                    "Required": false,
                    "Type": "boolean"
                  },
                  {
                    "#name": "hsmPlatform",
                    "Description": "The underlying HSM Platform.",
                    "Required": false,
                    "Type": "string"
                  }
                ]
              },
              "@added_f6776b8fa51641908e65e73413493556": {
                "#name": "tags",
                "Description": "Application specific metadata in the form of key-value pairs.",
                "Required": false,
                "Type": "object"
              },
              "@added_690e62af7a324b55b28a5db4a6d65e51": {
                "#name": "managed",
                "Description": "True if the key's lifetime is managed by key vault. If this is a key backing a certificate, then managed will be true.",
                "Required": false,
                "Type": "boolean"
              }
            }
          }
        }
      ]
    }
  }
}

⚼ Request

GET: /deletedkeys

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

maxresults:

{

Description: Maximum number of results to return in a page. If not specified the service will return up to 25 results. ,

Format: int32 ,

Required: False ,

}

integer ,

}

⚐ Response (200)

{

value:

{

Description: A response message containing a list of deleted keys in the key vault along with a link to the next page of deleted keys. ,

Required: False ,

}

[

{

kid:

{

Description: Key identifier. ,

Required: False ,

}

string ,

attributes:

{

Description: The key management attributes. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Description: Reflects the deletion recovery level currently in effect for keys in the current vault. If it contains 'Purgeable' the key can be permanently deleted by a privileged user; otherwise, only the system can purge the key, at the end of the retention interval. ,

Enum:

{

Purgeable: Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.) ,

Recoverable+Purgeable: Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered ,

Recoverable: Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered ,

Recoverable+ProtectedSubscription: Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered ,

CustomizedRecoverable+Purgeable: Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled. ,

CustomizedRecoverable: Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available. ,

CustomizedRecoverable+ProtectedSubscription: Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled. ,

}

Required: False ,

}

enum ,

exportable:

{

Description: Indicates if the private key can be exported. Release policy must be provided when creating the first version of an exportable key. ,

Required: False ,

}

boolean ,

hsmPlatform:

{

Description: The underlying HSM Platform. ,

Required: False ,

}

string ,

}

tags:

{

Description: Application specific metadata in the form of key-value pairs. ,

Required: False ,

}

object ,

managed:

{

Description: True if the key's lifetime is managed by key vault. If this is a key backing a certificate, then managed will be true. ,

Required: False ,

}

boolean ,

recoveryId:

{

Description: The url of the recovery object, used to identify and recover the deleted key. ,

Required: False ,

}

string ,

scheduledPurgeDate:

{

Description: The time when the key is scheduled to be purged, in UTC ,

Format: unixtime ,

Required: False ,

}

integer ,

deletedDate:

{

Description: The time when the key was deleted, in UTC ,

Format: unixtime ,

Required: False ,

}

integer ,

}

]

nextLink:

{

Description: The URL to get the next set of deleted keys. ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

GetDeletedKey (updated)

Description	: The Get Deleted Key operation is applicable for soft-delete enabled vaults. While the operation can be invoked on any vault, it will return an error if invoked on a non soft-delete enabled vault. This operation requires the keys/get permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "GetDeletedKey",
  "Description": {
    "new": "The Get Deleted Key operation is applicable for soft-delete enabled vaults. While the operation can be invoked on any vault, it will return an error if invoked on a non soft-delete enabled vault. This operation requires the keys/get permission.",
    "old": "The Get Deleted Key operation is applicable for soft-delete enabled vaults. While the operation can be invoked on any vault, it will return an error if invoked on a non soft-delete enabled vault. This operation requires the keys/get permission. "
  },
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    }
  ],
  "$responses": {
    "200": {
      "$properties": {
        "@added_736ada8d57a1446291205b3e71e01b7c": {
          "#name": "key",
          "Description": "The Json web key.",
          "Required": false,
          "Type": "object",
          "$properties": [
            {
              "#name": "kid",
              "Description": "Key identifier.",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "kty",
              "Description": "JsonWebKey Key Type (kty), as defined in https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40.",
              "Enum": [
                [
                  "EC",
                  "Elliptic Curve."
                ],
                [
                  "EC-HSM",
                  "Elliptic Curve with a private key which is stored in the HSM."
                ],
                [
                  "RSA",
                  "RSA (https://tools.ietf.org/html/rfc3447)"
                ],
                [
                  "RSA-HSM",
                  "RSA with a private key which is stored in the HSM."
                ],
                [
                  "oct",
                  "Octet sequence (used to represent symmetric keys)"
                ],
                [
                  "oct-HSM",
                  "Octet sequence (used to represent symmetric keys) which is stored the HSM."
                ]
              ],
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "key_ops",
              "Description": "Json web key operations. For more information on possible key operations, see JsonWebKeyOperation.",
              "Required": false,
              "Type": "array",
              "$items": {
                "Type": "string"
              }
            },
            {
              "#name": "n",
              "Description": "RSA modulus.",
              "Format": "base64url",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "e",
              "Description": "RSA public exponent.",
              "Format": "base64url",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "d",
              "Description": "RSA private exponent, or the D component of an EC private key.",
              "Format": "base64url",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "dp",
              "Description": "RSA private key parameter.",
              "Format": "base64url",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "dq",
              "Description": "RSA private key parameter.",
              "Format": "base64url",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "qi",
              "Description": "RSA private key parameter.",
              "Format": "base64url",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "p",
              "Description": "RSA secret prime.",
              "Format": "base64url",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "q",
              "Description": "RSA secret prime, with p < q.",
              "Format": "base64url",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "k",
              "Description": "Symmetric key.",
              "Format": "base64url",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "key_hsm",
              "Description": "Protected Key, used with 'Bring Your Own Key'.",
              "Format": "base64url",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "crv",
              "Description": "Elliptic curve name. For valid values, see JsonWebKeyCurveName.",
              "Enum": [
                [
                  "P-256",
                  "The NIST P-256 elliptic curve, AKA SECG curve SECP256R1."
                ],
                [
                  "P-384",
                  "The NIST P-384 elliptic curve, AKA SECG curve SECP384R1."
                ],
                [
                  "P-521",
                  "The NIST P-521 elliptic curve, AKA SECG curve SECP521R1."
                ],
                [
                  "P-256K",
                  "The SECG SECP256K1 elliptic curve."
                ]
              ],
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "x",
              "Description": "X component of an EC public key.",
              "Format": "base64url",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "y",
              "Description": "Y component of an EC public key.",
              "Format": "base64url",
              "Required": false,
              "Type": "string"
            }
          ]
        },
        "@added_7707130e81044b7eacdb681fd722b308": {
          "#name": "attributes",
          "Description": "The key management attributes.",
          "Required": false,
          "Type": "object",
          "$properties": [
            {
              "#name": "enabled",
              "Description": "Determines whether the object is enabled.",
              "Required": false,
              "Type": "boolean"
            },
            {
              "#name": "nbf",
              "Description": "Not before date in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            },
            {
              "#name": "exp",
              "Description": "Expiry date in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            },
            {
              "#name": "created",
              "Description": "Creation time in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            },
            {
              "#name": "updated",
              "Description": "Last updated time in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            },
            {
              "#name": "recoverableDays",
              "Description": "softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0.",
              "Format": "int32",
              "Required": false,
              "Type": "integer"
            },
            {
              "#name": "recoveryLevel",
              "Description": "Reflects the deletion recovery level currently in effect for keys in the current vault. If it contains 'Purgeable' the key can be permanently deleted by a privileged user; otherwise, only the system can purge the key, at the end of the retention interval.",
              "Enum": [
                [
                  "Purgeable",
                  "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                ],
                [
                  "Recoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "CustomizedRecoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                ],
                [
                  "CustomizedRecoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                ],
                [
                  "CustomizedRecoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                ]
              ],
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "exportable",
              "Description": "Indicates if the private key can be exported. Release policy must be provided when creating the first version of an exportable key.",
              "Required": false,
              "Type": "boolean"
            },
            {
              "#name": "hsmPlatform",
              "Description": "The underlying HSM Platform.",
              "Required": false,
              "Type": "string"
            }
          ]
        },
        "@added_b25cd4f4903a45f190ebf9f89685911e": {
          "#name": "tags",
          "Description": "Application specific metadata in the form of key-value pairs.",
          "Required": false,
          "Type": "object"
        },
        "@added_1f2504237c1a49399da3c4087400ce92": {
          "#name": "managed",
          "Description": "True if the key's lifetime is managed by key vault. If this is a key backing a certificate, then managed will be true.",
          "Required": false,
          "Type": "boolean"
        },
        "@added_b03324ffa710450994f1edd07d40c543": {
          "#name": "release_policy",
          "Description": "The policy rules under which the key can be exported.",
          "Required": false,
          "Type": "object",
          "$properties": [
            {
              "#name": "contentType",
              "Description": "Content type and version of key release policy",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "immutable",
              "Description": "Defines the mutability state of the policy. Once marked immutable, this flag cannot be reset and the policy cannot be changed under any circumstances.",
              "Required": false,
              "Type": "boolean"
            },
            {
              "#name": "data",
              "Description": "Blob encoding the policy rules under which the key can be released. Blob must be base64 URL encoded.",
              "Format": "base64url",
              "Required": false,
              "Type": "string"
            }
          ]
        }
      }
    }
  }
}

⚼ Request

GET: /deletedkeys/{key-name}

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

key-name:

{

Description: The name of the key. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

key:

{

Description: The Json web key. ,

Required: False ,

}

{

kid:

{

Description: Key identifier. ,

Required: False ,

}

string ,

kty:

{

Description: JsonWebKey Key Type (kty), as defined in https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40. ,

Enum:

{

EC: Elliptic Curve. ,

EC-HSM: Elliptic Curve with a private key which is stored in the HSM. ,

RSA: RSA (https://tools.ietf.org/html/rfc3447) ,

RSA-HSM: RSA with a private key which is stored in the HSM. ,

oct: Octet sequence (used to represent symmetric keys) ,

oct-HSM: Octet sequence (used to represent symmetric keys) which is stored the HSM. ,

}

Required: False ,

}

enum ,

key_ops:

{

Description: Json web key operations. For more information on possible key operations, see JsonWebKeyOperation. ,

Required: False ,

}

[

string ,

]

{

Description: RSA modulus. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA public exponent. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA private exponent, or the D component of an EC private key. ,

Format: base64url ,

Required: False ,

}

string ,

dp:

{

Description: RSA private key parameter. ,

Format: base64url ,

Required: False ,

}

string ,

dq:

{

Description: RSA private key parameter. ,

Format: base64url ,

Required: False ,

}

string ,

qi:

{

Description: RSA private key parameter. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA secret prime. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA secret prime, with p < q. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: Symmetric key. ,

Format: base64url ,

Required: False ,

}

string ,

key_hsm:

{

Description: Protected Key, used with 'Bring Your Own Key'. ,

Format: base64url ,

Required: False ,

}

string ,

crv:

{

Description: Elliptic curve name. For valid values, see JsonWebKeyCurveName. ,

Enum:

{

P-256: The NIST P-256 elliptic curve, AKA SECG curve SECP256R1. ,

P-384: The NIST P-384 elliptic curve, AKA SECG curve SECP384R1. ,

P-521: The NIST P-521 elliptic curve, AKA SECG curve SECP521R1. ,

P-256K: The SECG SECP256K1 elliptic curve. ,

}

Required: False ,

}

enum ,

{

Description: X component of an EC public key. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: Y component of an EC public key. ,

Format: base64url ,

Required: False ,

}

string ,

}

attributes:

{

Description: The key management attributes. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

exportable:

{

Description: Indicates if the private key can be exported. Release policy must be provided when creating the first version of an exportable key. ,

Required: False ,

}

boolean ,

hsmPlatform:

{

Description: The underlying HSM Platform. ,

Required: False ,

}

string ,

}

tags:

{

Description: Application specific metadata in the form of key-value pairs. ,

Required: False ,

}

object ,

managed:

{

Description: True if the key's lifetime is managed by key vault. If this is a key backing a certificate, then managed will be true. ,

Required: False ,

}

boolean ,

release_policy:

{

Description: The policy rules under which the key can be exported. ,

Required: False ,

}

{

contentType:

{

Description: Content type and version of key release policy ,

Required: False ,

}

string ,

immutable:

{

Description: Defines the mutability state of the policy. Once marked immutable, this flag cannot be reset and the policy cannot be changed under any circumstances. ,

Required: False ,

}

boolean ,

data:

{

Description: Blob encoding the policy rules under which the key can be released. Blob must be base64 URL encoded. ,

Format: base64url ,

Required: False ,

}

string ,

}

recoveryId:

{

Description: The url of the recovery object, used to identify and recover the deleted key. ,

Required: False ,

}

string ,

scheduledPurgeDate:

{

Description: The time when the key is scheduled to be purged, in UTC ,

Format: unixtime ,

Required: False ,

}

integer ,

deletedDate:

{

Description: The time when the key was deleted, in UTC ,

Format: unixtime ,

Required: False ,

}

integer ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

PurgeDeletedKey (updated)

Description	: The Purge Deleted Key operation is applicable for soft-delete enabled vaults. While the operation can be invoked on any vault, it will return an error if invoked on a non soft-delete enabled vault. This operation requires the keys/purge permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "PurgeDeletedKey",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    }
  ]
}

⚼ Request

DELETE: /deletedkeys/{key-name}

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

key-name:

{

Description: The name of the key ,

Required: True ,

}

string ,

}

⚐ Response (204)

{}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

RecoverDeletedKey (updated)

Description	: The Recover Deleted Key operation is applicable for deleted keys in soft-delete enabled vaults. It recovers the deleted key back to its latest version under /keys. An attempt to recover an non-deleted key will return an error. Consider this the inverse of the delete operation on soft-delete enabled vaults. This operation requires the keys/recover permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "RecoverDeletedKey",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    }
  ],
  "$responses": {
    "200": {
      "$properties": {
        "attributes": [
          {
            "@added_f93e5f5a62b44b4aac35d08b8dd457ee": {
              "#name": "enabled",
              "Description": "Determines whether the object is enabled.",
              "Required": false,
              "Type": "boolean"
            }
          },
          {
            "@added_1105dc8ee40349d990f09f62af7e83e2": {
              "#name": "nbf",
              "Description": "Not before date in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            }
          },
          {
            "@added_8d3e9712bbe14a18b9178539810e62e2": {
              "#name": "exp",
              "Description": "Expiry date in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            }
          },
          {
            "@added_1ba325747d794eed90c7fdf94dd171f0": {
              "#name": "created",
              "Description": "Creation time in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            }
          },
          {
            "@added_a01530e4ead44f4bae4a36b33fe635a9": {
              "#name": "updated",
              "Description": "Last updated time in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            }
          },
          {
            "#name": "recoveryLevel",
            "Enum": {
              "new": [
                [
                  "Purgeable",
                  "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                ],
                [
                  "Recoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "CustomizedRecoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                ],
                [
                  "CustomizedRecoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                ],
                [
                  "CustomizedRecoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                ]
              ],
              "old": [
                [
                  "Purgeable",
                  "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                ],
                [
                  "Recoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "CustomizedRecoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                ],
                [
                  "CustomizedRecoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                ],
                [
                  "CustomizedRecoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7<= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                ]
              ]
            }
          }
        ]
      }
    }
  }
}

⚼ Request

POST: /deletedkeys/{key-name}/recover

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

key-name:

{

Description: The name of the deleted key. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

key:

{

Description: The Json web key. ,

Required: False ,

}

{

kid:

{

Description: Key identifier. ,

Required: False ,

}

string ,

kty:

{

Description: JsonWebKey Key Type (kty), as defined in https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40. ,

Enum:

{

EC: Elliptic Curve. ,

EC-HSM: Elliptic Curve with a private key which is stored in the HSM. ,

RSA: RSA (https://tools.ietf.org/html/rfc3447) ,

RSA-HSM: RSA with a private key which is stored in the HSM. ,

oct: Octet sequence (used to represent symmetric keys) ,

oct-HSM: Octet sequence (used to represent symmetric keys) which is stored the HSM. ,

}

Required: False ,

}

enum ,

key_ops:

{

Description: Json web key operations. For more information on possible key operations, see JsonWebKeyOperation. ,

Required: False ,

}

[

string ,

]

{

Description: RSA modulus. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA public exponent. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA private exponent, or the D component of an EC private key. ,

Format: base64url ,

Required: False ,

}

string ,

dp:

{

Description: RSA private key parameter. ,

Format: base64url ,

Required: False ,

}

string ,

dq:

{

Description: RSA private key parameter. ,

Format: base64url ,

Required: False ,

}

string ,

qi:

{

Description: RSA private key parameter. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA secret prime. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA secret prime, with p < q. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: Symmetric key. ,

Format: base64url ,

Required: False ,

}

string ,

key_hsm:

{

Description: Protected Key, used with 'Bring Your Own Key'. ,

Format: base64url ,

Required: False ,

}

string ,

crv:

{

Description: Elliptic curve name. For valid values, see JsonWebKeyCurveName. ,

Enum:

{

P-256: The NIST P-256 elliptic curve, AKA SECG curve SECP256R1. ,

P-384: The NIST P-384 elliptic curve, AKA SECG curve SECP384R1. ,

P-521: The NIST P-521 elliptic curve, AKA SECG curve SECP521R1. ,

P-256K: The SECG SECP256K1 elliptic curve. ,

}

Required: False ,

}

enum ,

{

Description: X component of an EC public key. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: Y component of an EC public key. ,

Format: base64url ,

Required: False ,

}

string ,

}

attributes:

{

Description: The key management attributes. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

exportable:

{

Description: Indicates if the private key can be exported. Release policy must be provided when creating the first version of an exportable key. ,

Required: False ,

}

boolean ,

hsmPlatform:

{

Description: The underlying HSM Platform. ,

Required: False ,

}

string ,

}

tags:

{

Description: Application specific metadata in the form of key-value pairs. ,

Required: False ,

}

object ,

managed:

{

Description: True if the key's lifetime is managed by key vault. If this is a key backing a certificate, then managed will be true. ,

Required: False ,

}

boolean ,

release_policy:

{

Description: The policy rules under which the key can be exported. ,

Required: False ,

}

{

contentType:

{

Description: Content type and version of key release policy ,

Required: False ,

}

string ,

immutable:

{

Description: Defines the mutability state of the policy. Once marked immutable, this flag cannot be reset and the policy cannot be changed under any circumstances. ,

Required: False ,

}

boolean ,

data:

{

Description: Blob encoding the policy rules under which the key can be released. Blob must be base64 URL encoded. ,

Format: base64url ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

GetKeys (updated)

Description	: Retrieves a list of the keys in the Key Vault as JSON Web Key structures that contain the public part of a stored key. The LIST operation is applicable to all key types, however only the base key identifier, attributes, and tags are provided in the response. Individual versions of a key are not listed in the response. This operation requires the keys/list permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "GetKeys",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    }
  ],
  "$responses": {
    "200": {
      "$properties": {
        "value": {
          "$properties": {
            "attributes": [
              {
                "@added_a62b55e8c02f465ebd1cd0a568417464": {
                  "#name": "enabled",
                  "Description": "Determines whether the object is enabled.",
                  "Required": false,
                  "Type": "boolean"
                }
              },
              {
                "@added_6fe6330ad5cb4344b1bbd1b6cc6cd65b": {
                  "#name": "nbf",
                  "Description": "Not before date in UTC.",
                  "Format": "unixtime",
                  "Required": false,
                  "Type": "integer"
                }
              },
              {
                "@added_4fdc0e93e89142c78558525d51625357": {
                  "#name": "exp",
                  "Description": "Expiry date in UTC.",
                  "Format": "unixtime",
                  "Required": false,
                  "Type": "integer"
                }
              },
              {
                "@added_c3bfdf77d7a94955b303e42be14fdda6": {
                  "#name": "created",
                  "Description": "Creation time in UTC.",
                  "Format": "unixtime",
                  "Required": false,
                  "Type": "integer"
                }
              },
              {
                "@added_2e570914f98a45e4a87e3549674fd71b": {
                  "#name": "updated",
                  "Description": "Last updated time in UTC.",
                  "Format": "unixtime",
                  "Required": false,
                  "Type": "integer"
                }
              },
              {
                "#name": "recoveryLevel",
                "Enum": {
                  "new": [
                    [
                      "Purgeable",
                      "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                    ],
                    [
                      "Recoverable+Purgeable",
                      "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                    ],
                    [
                      "Recoverable",
                      "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                    ],
                    [
                      "Recoverable+ProtectedSubscription",
                      "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                    ],
                    [
                      "CustomizedRecoverable+Purgeable",
                      "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                    ],
                    [
                      "CustomizedRecoverable",
                      "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                    ],
                    [
                      "CustomizedRecoverable+ProtectedSubscription",
                      "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                    ]
                  ],
                  "old": [
                    [
                      "Purgeable",
                      "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                    ],
                    [
                      "Recoverable+Purgeable",
                      "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                    ],
                    [
                      "Recoverable",
                      "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                    ],
                    [
                      "Recoverable+ProtectedSubscription",
                      "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                    ],
                    [
                      "CustomizedRecoverable+Purgeable",
                      "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                    ],
                    [
                      "CustomizedRecoverable",
                      "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                    ],
                    [
                      "CustomizedRecoverable+ProtectedSubscription",
                      "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7<= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                    ]
                  ]
                }
              }
            ]
          }
        }
      }
    }
  }
}

⚼ Request

GET: /keys

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

maxresults:

{

Description: Maximum number of results to return in a page. If not specified the service will return up to 25 results. ,

Format: int32 ,

Required: False ,

}

integer ,

}

⚐ Response (200)

{

value:

{

Description: A response message containing a list of keys in the key vault along with a link to the next page of keys. ,

Required: False ,

}

[

{

kid:

{

Description: Key identifier. ,

Required: False ,

}

string ,

attributes:

{

Description: The key management attributes. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

exportable:

{

Description: Indicates if the private key can be exported. Release policy must be provided when creating the first version of an exportable key. ,

Required: False ,

}

boolean ,

hsmPlatform:

{

Description: The underlying HSM Platform. ,

Required: False ,

}

string ,

}

tags:

{

Description: Application specific metadata in the form of key-value pairs. ,

Required: False ,

}

object ,

managed:

{

Description: True if the key's lifetime is managed by key vault. If this is a key backing a certificate, then managed will be true. ,

Required: False ,

}

boolean ,

}

]

nextLink:

{

Description: The URL to get the next set of keys. ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

ImportKey (updated)

Description	: The import key operation may be used to import any key type into an Azure Key Vault. If the named key already exists, Azure Key Vault creates a new version of the key. This operation requires the keys/import permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "ImportKey",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    },
    {
      "parameters": {
        "$properties": {
          "attributes": [
            {
              "@added_6ffbe33db1e64412bcea889f35e1e6ad": {
                "#name": "enabled",
                "Description": "Determines whether the object is enabled.",
                "Required": false,
                "Type": "boolean"
              }
            },
            {
              "@added_e8a05796ab5e4c91b37ec9dfd9d73ddd": {
                "#name": "nbf",
                "Description": "Not before date in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_a03f763573014527ba10a595b097c894": {
                "#name": "exp",
                "Description": "Expiry date in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_cb199e6e383c4313a88bf0952e6b4076": {
                "#name": "created",
                "Description": "Creation time in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_9d7a6f47b0d14c18a65086dece4095f1": {
                "#name": "updated",
                "Description": "Last updated time in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "#name": "recoveryLevel",
              "Enum": {
                "new": [
                  [
                    "Purgeable",
                    "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                  ],
                  [
                    "Recoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "CustomizedRecoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                  ],
                  [
                    "CustomizedRecoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                  ],
                  [
                    "CustomizedRecoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                  ]
                ],
                "old": [
                  [
                    "Purgeable",
                    "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                  ],
                  [
                    "Recoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "CustomizedRecoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                  ],
                  [
                    "CustomizedRecoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                  ],
                  [
                    "CustomizedRecoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7<= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                  ]
                ]
              }
            }
          ]
        }
      }
    }
  ],
  "$responses": {
    "200": {
      "$properties": {
        "attributes": [
          {
            "@added_62094c63a9a64b2b9f6a704d85d63bec": {
              "#name": "enabled",
              "Description": "Determines whether the object is enabled.",
              "Required": false,
              "Type": "boolean"
            }
          },
          {
            "@added_5f38ab6926a54b4292e57d84ba2ca2e5": {
              "#name": "nbf",
              "Description": "Not before date in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            }
          },
          {
            "@added_8675bd266c7c4d59b31833eb5cc9b458": {
              "#name": "exp",
              "Description": "Expiry date in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            }
          },
          {
            "@added_0a4980efdf4d46e082e26e2662097d0d": {
              "#name": "created",
              "Description": "Creation time in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            }
          },
          {
            "@added_1104a50dfcbf4eacb3393c148942c9b7": {
              "#name": "updated",
              "Description": "Last updated time in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            }
          },
          {
            "#name": "recoveryLevel",
            "Enum": {
              "new": [
                [
                  "Purgeable",
                  "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                ],
                [
                  "Recoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "CustomizedRecoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                ],
                [
                  "CustomizedRecoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                ],
                [
                  "CustomizedRecoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                ]
              ],
              "old": [
                [
                  "Purgeable",
                  "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                ],
                [
                  "Recoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "CustomizedRecoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                ],
                [
                  "CustomizedRecoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                ],
                [
                  "CustomizedRecoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7<= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                ]
              ]
            }
          }
        ]
      }
    }
  }
}

⚼ Request

PUT: /keys/{key-name}

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

key-name:

{

Description: Name for the imported key. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information. ,

Required: True ,

}

string ,

parameters:

{

Description: The parameters to import a key. ,

Required: True ,

}

{

Hsm:

{

Description: Whether to import as a hardware key (HSM) or software key. ,

Required: False ,

}

boolean ,

key:

{

Description: The Json web key ,

Required: True ,

}

{

kid:

{

Description: Key identifier. ,

Required: False ,

}

string ,

kty:

{

Description: JsonWebKey Key Type (kty), as defined in https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40. ,

Enum:

{

EC: Elliptic Curve. ,

EC-HSM: Elliptic Curve with a private key which is stored in the HSM. ,

RSA: RSA (https://tools.ietf.org/html/rfc3447) ,

RSA-HSM: RSA with a private key which is stored in the HSM. ,

oct: Octet sequence (used to represent symmetric keys) ,

oct-HSM: Octet sequence (used to represent symmetric keys) which is stored the HSM. ,

}

Required: False ,

}

enum ,

key_ops:

{

Description: Json web key operations. For more information on possible key operations, see JsonWebKeyOperation. ,

Required: False ,

}

[

string ,

]

{

Description: RSA modulus. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA public exponent. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA private exponent, or the D component of an EC private key. ,

Format: base64url ,

Required: False ,

}

string ,

dp:

{

Description: RSA private key parameter. ,

Format: base64url ,

Required: False ,

}

string ,

dq:

{

Description: RSA private key parameter. ,

Format: base64url ,

Required: False ,

}

string ,

qi:

{

Description: RSA private key parameter. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA secret prime. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA secret prime, with p < q. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: Symmetric key. ,

Format: base64url ,

Required: False ,

}

string ,

key_hsm:

{

Description: Protected Key, used with 'Bring Your Own Key'. ,

Format: base64url ,

Required: False ,

}

string ,

crv:

{

Description: Elliptic curve name. For valid values, see JsonWebKeyCurveName. ,

Enum:

{

P-256: The NIST P-256 elliptic curve, AKA SECG curve SECP256R1. ,

P-384: The NIST P-384 elliptic curve, AKA SECG curve SECP384R1. ,

P-521: The NIST P-521 elliptic curve, AKA SECG curve SECP521R1. ,

P-256K: The SECG SECP256K1 elliptic curve. ,

}

Required: False ,

}

enum ,

{

Description: X component of an EC public key. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: Y component of an EC public key. ,

Format: base64url ,

Required: False ,

}

string ,

}

attributes:

{

Description: The key management attributes. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

exportable:

{

Description: Indicates if the private key can be exported. Release policy must be provided when creating the first version of an exportable key. ,

Required: False ,

}

boolean ,

hsmPlatform:

{

Description: The underlying HSM Platform. ,

Required: False ,

}

string ,

}

tags:

{

Description: Application specific metadata in the form of key-value pairs. ,

Required: False ,

}

object ,

release_policy:

{

Description: The policy rules under which the key can be exported. ,

Required: False ,

}

{

contentType:

{

Description: Content type and version of key release policy ,

Required: False ,

}

string ,

immutable:

{

Description: Defines the mutability state of the policy. Once marked immutable, this flag cannot be reset and the policy cannot be changed under any circumstances. ,

Required: False ,

}

boolean ,

data:

{

Description: Blob encoding the policy rules under which the key can be released. Blob must be base64 URL encoded. ,

Format: base64url ,

Required: False ,

}

string ,

}

⚐ Response (200)

{

key:

{

Description: The Json web key. ,

Required: False ,

}

{

kid:

{

Description: Key identifier. ,

Required: False ,

}

string ,

kty:

{

Description: JsonWebKey Key Type (kty), as defined in https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40. ,

Enum:

{

EC: Elliptic Curve. ,

EC-HSM: Elliptic Curve with a private key which is stored in the HSM. ,

RSA: RSA (https://tools.ietf.org/html/rfc3447) ,

RSA-HSM: RSA with a private key which is stored in the HSM. ,

oct: Octet sequence (used to represent symmetric keys) ,

oct-HSM: Octet sequence (used to represent symmetric keys) which is stored the HSM. ,

}

Required: False ,

}

enum ,

key_ops:

{

Description: Json web key operations. For more information on possible key operations, see JsonWebKeyOperation. ,

Required: False ,

}

[

string ,

]

{

Description: RSA modulus. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA public exponent. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA private exponent, or the D component of an EC private key. ,

Format: base64url ,

Required: False ,

}

string ,

dp:

{

Description: RSA private key parameter. ,

Format: base64url ,

Required: False ,

}

string ,

dq:

{

Description: RSA private key parameter. ,

Format: base64url ,

Required: False ,

}

string ,

qi:

{

Description: RSA private key parameter. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA secret prime. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA secret prime, with p < q. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: Symmetric key. ,

Format: base64url ,

Required: False ,

}

string ,

key_hsm:

{

Description: Protected Key, used with 'Bring Your Own Key'. ,

Format: base64url ,

Required: False ,

}

string ,

crv:

{

Description: Elliptic curve name. For valid values, see JsonWebKeyCurveName. ,

Enum:

{

P-256: The NIST P-256 elliptic curve, AKA SECG curve SECP256R1. ,

P-384: The NIST P-384 elliptic curve, AKA SECG curve SECP384R1. ,

P-521: The NIST P-521 elliptic curve, AKA SECG curve SECP521R1. ,

P-256K: The SECG SECP256K1 elliptic curve. ,

}

Required: False ,

}

enum ,

{

Description: X component of an EC public key. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: Y component of an EC public key. ,

Format: base64url ,

Required: False ,

}

string ,

}

attributes:

{

Description: The key management attributes. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

exportable:

{

Description: Indicates if the private key can be exported. Release policy must be provided when creating the first version of an exportable key. ,

Required: False ,

}

boolean ,

hsmPlatform:

{

Description: The underlying HSM Platform. ,

Required: False ,

}

string ,

}

tags:

{

Description: Application specific metadata in the form of key-value pairs. ,

Required: False ,

}

object ,

managed:

{

Description: True if the key's lifetime is managed by key vault. If this is a key backing a certificate, then managed will be true. ,

Required: False ,

}

boolean ,

release_policy:

{

Description: The policy rules under which the key can be exported. ,

Required: False ,

}

{

contentType:

{

Description: Content type and version of key release policy ,

Required: False ,

}

string ,

immutable:

{

Description: Defines the mutability state of the policy. Once marked immutable, this flag cannot be reset and the policy cannot be changed under any circumstances. ,

Required: False ,

}

boolean ,

data:

{

Description: Blob encoding the policy rules under which the key can be released. Blob must be base64 URL encoded. ,

Format: base64url ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

DeleteKey (updated)

Description	: The delete key operation cannot be used to remove individual versions of a key. This operation removes the cryptographic material associated with the key, which means the key is not usable for Sign/Verify, Wrap/Unwrap or Encrypt/Decrypt operations. This operation requires the keys/delete permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "DeleteKey",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    }
  ],
  "$responses": {
    "200": {
      "$properties": {
        "@added_ff4efda36a2d431f984ebcd9a831abe9": {
          "#name": "key",
          "Description": "The Json web key.",
          "Required": false,
          "Type": "object",
          "$properties": [
            {
              "#name": "kid",
              "Description": "Key identifier.",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "kty",
              "Description": "JsonWebKey Key Type (kty), as defined in https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40.",
              "Enum": [
                [
                  "EC",
                  "Elliptic Curve."
                ],
                [
                  "EC-HSM",
                  "Elliptic Curve with a private key which is stored in the HSM."
                ],
                [
                  "RSA",
                  "RSA (https://tools.ietf.org/html/rfc3447)"
                ],
                [
                  "RSA-HSM",
                  "RSA with a private key which is stored in the HSM."
                ],
                [
                  "oct",
                  "Octet sequence (used to represent symmetric keys)"
                ],
                [
                  "oct-HSM",
                  "Octet sequence (used to represent symmetric keys) which is stored the HSM."
                ]
              ],
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "key_ops",
              "Description": "Json web key operations. For more information on possible key operations, see JsonWebKeyOperation.",
              "Required": false,
              "Type": "array",
              "$items": {
                "Type": "string"
              }
            },
            {
              "#name": "n",
              "Description": "RSA modulus.",
              "Format": "base64url",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "e",
              "Description": "RSA public exponent.",
              "Format": "base64url",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "d",
              "Description": "RSA private exponent, or the D component of an EC private key.",
              "Format": "base64url",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "dp",
              "Description": "RSA private key parameter.",
              "Format": "base64url",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "dq",
              "Description": "RSA private key parameter.",
              "Format": "base64url",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "qi",
              "Description": "RSA private key parameter.",
              "Format": "base64url",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "p",
              "Description": "RSA secret prime.",
              "Format": "base64url",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "q",
              "Description": "RSA secret prime, with p < q.",
              "Format": "base64url",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "k",
              "Description": "Symmetric key.",
              "Format": "base64url",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "key_hsm",
              "Description": "Protected Key, used with 'Bring Your Own Key'.",
              "Format": "base64url",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "crv",
              "Description": "Elliptic curve name. For valid values, see JsonWebKeyCurveName.",
              "Enum": [
                [
                  "P-256",
                  "The NIST P-256 elliptic curve, AKA SECG curve SECP256R1."
                ],
                [
                  "P-384",
                  "The NIST P-384 elliptic curve, AKA SECG curve SECP384R1."
                ],
                [
                  "P-521",
                  "The NIST P-521 elliptic curve, AKA SECG curve SECP521R1."
                ],
                [
                  "P-256K",
                  "The SECG SECP256K1 elliptic curve."
                ]
              ],
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "x",
              "Description": "X component of an EC public key.",
              "Format": "base64url",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "y",
              "Description": "Y component of an EC public key.",
              "Format": "base64url",
              "Required": false,
              "Type": "string"
            }
          ]
        },
        "@added_fc7cf1961c0c4990bf2417c199e00e9a": {
          "#name": "attributes",
          "Description": "The key management attributes.",
          "Required": false,
          "Type": "object",
          "$properties": [
            {
              "#name": "enabled",
              "Description": "Determines whether the object is enabled.",
              "Required": false,
              "Type": "boolean"
            },
            {
              "#name": "nbf",
              "Description": "Not before date in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            },
            {
              "#name": "exp",
              "Description": "Expiry date in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            },
            {
              "#name": "created",
              "Description": "Creation time in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            },
            {
              "#name": "updated",
              "Description": "Last updated time in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            },
            {
              "#name": "recoverableDays",
              "Description": "softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0.",
              "Format": "int32",
              "Required": false,
              "Type": "integer"
            },
            {
              "#name": "recoveryLevel",
              "Description": "Reflects the deletion recovery level currently in effect for keys in the current vault. If it contains 'Purgeable' the key can be permanently deleted by a privileged user; otherwise, only the system can purge the key, at the end of the retention interval.",
              "Enum": [
                [
                  "Purgeable",
                  "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                ],
                [
                  "Recoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "CustomizedRecoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                ],
                [
                  "CustomizedRecoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                ],
                [
                  "CustomizedRecoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                ]
              ],
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "exportable",
              "Description": "Indicates if the private key can be exported. Release policy must be provided when creating the first version of an exportable key.",
              "Required": false,
              "Type": "boolean"
            },
            {
              "#name": "hsmPlatform",
              "Description": "The underlying HSM Platform.",
              "Required": false,
              "Type": "string"
            }
          ]
        },
        "@added_cd5c537f48344d72b2fa4049d7774d45": {
          "#name": "tags",
          "Description": "Application specific metadata in the form of key-value pairs.",
          "Required": false,
          "Type": "object"
        },
        "@added_fcc8a675c1984fd08e230841f12c240f": {
          "#name": "managed",
          "Description": "True if the key's lifetime is managed by key vault. If this is a key backing a certificate, then managed will be true.",
          "Required": false,
          "Type": "boolean"
        },
        "@added_ee3430f4d6514371bf8f3950e2d4de62": {
          "#name": "release_policy",
          "Description": "The policy rules under which the key can be exported.",
          "Required": false,
          "Type": "object",
          "$properties": [
            {
              "#name": "contentType",
              "Description": "Content type and version of key release policy",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "immutable",
              "Description": "Defines the mutability state of the policy. Once marked immutable, this flag cannot be reset and the policy cannot be changed under any circumstances.",
              "Required": false,
              "Type": "boolean"
            },
            {
              "#name": "data",
              "Description": "Blob encoding the policy rules under which the key can be released. Blob must be base64 URL encoded.",
              "Format": "base64url",
              "Required": false,
              "Type": "string"
            }
          ]
        }
      }
    }
  }
}

⚼ Request

DELETE: /keys/{key-name}

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

key-name:

{

Description: The name of the key to delete. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

key:

{

Description: The Json web key. ,

Required: False ,

}

{

kid:

{

Description: Key identifier. ,

Required: False ,

}

string ,

kty:

{

Description: JsonWebKey Key Type (kty), as defined in https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40. ,

Enum:

{

EC: Elliptic Curve. ,

EC-HSM: Elliptic Curve with a private key which is stored in the HSM. ,

RSA: RSA (https://tools.ietf.org/html/rfc3447) ,

RSA-HSM: RSA with a private key which is stored in the HSM. ,

oct: Octet sequence (used to represent symmetric keys) ,

oct-HSM: Octet sequence (used to represent symmetric keys) which is stored the HSM. ,

}

Required: False ,

}

enum ,

key_ops:

{

Description: Json web key operations. For more information on possible key operations, see JsonWebKeyOperation. ,

Required: False ,

}

[

string ,

]

{

Description: RSA modulus. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA public exponent. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA private exponent, or the D component of an EC private key. ,

Format: base64url ,

Required: False ,

}

string ,

dp:

{

Description: RSA private key parameter. ,

Format: base64url ,

Required: False ,

}

string ,

dq:

{

Description: RSA private key parameter. ,

Format: base64url ,

Required: False ,

}

string ,

qi:

{

Description: RSA private key parameter. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA secret prime. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA secret prime, with p < q. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: Symmetric key. ,

Format: base64url ,

Required: False ,

}

string ,

key_hsm:

{

Description: Protected Key, used with 'Bring Your Own Key'. ,

Format: base64url ,

Required: False ,

}

string ,

crv:

{

Description: Elliptic curve name. For valid values, see JsonWebKeyCurveName. ,

Enum:

{

P-256: The NIST P-256 elliptic curve, AKA SECG curve SECP256R1. ,

P-384: The NIST P-384 elliptic curve, AKA SECG curve SECP384R1. ,

P-521: The NIST P-521 elliptic curve, AKA SECG curve SECP521R1. ,

P-256K: The SECG SECP256K1 elliptic curve. ,

}

Required: False ,

}

enum ,

{

Description: X component of an EC public key. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: Y component of an EC public key. ,

Format: base64url ,

Required: False ,

}

string ,

}

attributes:

{

Description: The key management attributes. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

exportable:

{

Description: Indicates if the private key can be exported. Release policy must be provided when creating the first version of an exportable key. ,

Required: False ,

}

boolean ,

hsmPlatform:

{

Description: The underlying HSM Platform. ,

Required: False ,

}

string ,

}

tags:

{

Description: Application specific metadata in the form of key-value pairs. ,

Required: False ,

}

object ,

managed:

{

Description: True if the key's lifetime is managed by key vault. If this is a key backing a certificate, then managed will be true. ,

Required: False ,

}

boolean ,

release_policy:

{

Description: The policy rules under which the key can be exported. ,

Required: False ,

}

{

contentType:

{

Description: Content type and version of key release policy ,

Required: False ,

}

string ,

immutable:

{

Description: Defines the mutability state of the policy. Once marked immutable, this flag cannot be reset and the policy cannot be changed under any circumstances. ,

Required: False ,

}

boolean ,

data:

{

Description: Blob encoding the policy rules under which the key can be released. Blob must be base64 URL encoded. ,

Format: base64url ,

Required: False ,

}

string ,

}

recoveryId:

{

Description: The url of the recovery object, used to identify and recover the deleted key. ,

Required: False ,

}

string ,

scheduledPurgeDate:

{

Description: The time when the key is scheduled to be purged, in UTC ,

Format: unixtime ,

Required: False ,

}

integer ,

deletedDate:

{

Description: The time when the key was deleted, in UTC ,

Format: unixtime ,

Required: False ,

}

integer ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

GetKey (updated)

Description	: The get key operation is applicable to all key types. If the requested key is symmetric, then no key material is released in the response. This operation requires the keys/get permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "GetKey",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    }
  ],
  "$responses": {
    "200": {
      "$properties": {
        "attributes": [
          {
            "@added_3e98330bfb004b34a95b6d9c0dc689e4": {
              "#name": "enabled",
              "Description": "Determines whether the object is enabled.",
              "Required": false,
              "Type": "boolean"
            }
          },
          {
            "@added_8deb516c29764e6aaf8e62bde21e2dba": {
              "#name": "nbf",
              "Description": "Not before date in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            }
          },
          {
            "@added_bdf9e15959fd474da259f076839f0cf2": {
              "#name": "exp",
              "Description": "Expiry date in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            }
          },
          {
            "@added_024d8d00c16d43a097e24d96dc80c1b6": {
              "#name": "created",
              "Description": "Creation time in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            }
          },
          {
            "@added_6ade7b7d26e949da905b69cbc6e8a887": {
              "#name": "updated",
              "Description": "Last updated time in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            }
          },
          {
            "#name": "recoveryLevel",
            "Enum": {
              "new": [
                [
                  "Purgeable",
                  "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                ],
                [
                  "Recoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "CustomizedRecoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                ],
                [
                  "CustomizedRecoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                ],
                [
                  "CustomizedRecoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                ]
              ],
              "old": [
                [
                  "Purgeable",
                  "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                ],
                [
                  "Recoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "CustomizedRecoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                ],
                [
                  "CustomizedRecoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                ],
                [
                  "CustomizedRecoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7<= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                ]
              ]
            }
          }
        ]
      }
    }
  }
}

⚼ Request

GET: /keys/{key-name}/{key-version}

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

key-name:

{

Description: The name of the key to get. ,

Required: True ,

}

string ,

key-version:

{

Description: Adding the version parameter retrieves a specific version of a key. This URI fragment is optional. If not specified, the latest version of the key is returned. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

key:

{

Description: The Json web key. ,

Required: False ,

}

{

kid:

{

Description: Key identifier. ,

Required: False ,

}

string ,

kty:

{

Description: JsonWebKey Key Type (kty), as defined in https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40. ,

Enum:

{

EC: Elliptic Curve. ,

EC-HSM: Elliptic Curve with a private key which is stored in the HSM. ,

RSA: RSA (https://tools.ietf.org/html/rfc3447) ,

RSA-HSM: RSA with a private key which is stored in the HSM. ,

oct: Octet sequence (used to represent symmetric keys) ,

oct-HSM: Octet sequence (used to represent symmetric keys) which is stored the HSM. ,

}

Required: False ,

}

enum ,

key_ops:

{

Description: Json web key operations. For more information on possible key operations, see JsonWebKeyOperation. ,

Required: False ,

}

[

string ,

]

{

Description: RSA modulus. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA public exponent. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA private exponent, or the D component of an EC private key. ,

Format: base64url ,

Required: False ,

}

string ,

dp:

{

Description: RSA private key parameter. ,

Format: base64url ,

Required: False ,

}

string ,

dq:

{

Description: RSA private key parameter. ,

Format: base64url ,

Required: False ,

}

string ,

qi:

{

Description: RSA private key parameter. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA secret prime. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA secret prime, with p < q. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: Symmetric key. ,

Format: base64url ,

Required: False ,

}

string ,

key_hsm:

{

Description: Protected Key, used with 'Bring Your Own Key'. ,

Format: base64url ,

Required: False ,

}

string ,

crv:

{

Description: Elliptic curve name. For valid values, see JsonWebKeyCurveName. ,

Enum:

{

P-256: The NIST P-256 elliptic curve, AKA SECG curve SECP256R1. ,

P-384: The NIST P-384 elliptic curve, AKA SECG curve SECP384R1. ,

P-521: The NIST P-521 elliptic curve, AKA SECG curve SECP521R1. ,

P-256K: The SECG SECP256K1 elliptic curve. ,

}

Required: False ,

}

enum ,

{

Description: X component of an EC public key. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: Y component of an EC public key. ,

Format: base64url ,

Required: False ,

}

string ,

}

attributes:

{

Description: The key management attributes. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

exportable:

{

Description: Indicates if the private key can be exported. Release policy must be provided when creating the first version of an exportable key. ,

Required: False ,

}

boolean ,

hsmPlatform:

{

Description: The underlying HSM Platform. ,

Required: False ,

}

string ,

}

tags:

{

Description: Application specific metadata in the form of key-value pairs. ,

Required: False ,

}

object ,

managed:

{

Description: True if the key's lifetime is managed by key vault. If this is a key backing a certificate, then managed will be true. ,

Required: False ,

}

boolean ,

release_policy:

{

Description: The policy rules under which the key can be exported. ,

Required: False ,

}

{

contentType:

{

Description: Content type and version of key release policy ,

Required: False ,

}

string ,

immutable:

{

Description: Defines the mutability state of the policy. Once marked immutable, this flag cannot be reset and the policy cannot be changed under any circumstances. ,

Required: False ,

}

boolean ,

data:

{

Description: Blob encoding the policy rules under which the key can be released. Blob must be base64 URL encoded. ,

Format: base64url ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

UpdateKey (updated)

Description	: In order to perform this operation, the key must already exist in the Key Vault. Note: The cryptographic material of a key itself cannot be changed. This operation requires the keys/update permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "UpdateKey",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    },
    {
      "parameters": {
        "$properties": {
          "key_ops": {
            "Enum": {
              "new": [
                [
                  "encrypt",
                  "Indicates that the key can be used to encrypt."
                ],
                [
                  "decrypt",
                  "Indicates that the key can be used to decrypt."
                ],
                [
                  "sign",
                  "Indicates that the key can be used to sign."
                ],
                [
                  "verify",
                  "Indicates that the key can be used to verify."
                ],
                [
                  "wrapKey",
                  "Indicates that the key can be used to wrap another key."
                ],
                [
                  "unwrapKey",
                  "Indicates that the key can be used to unwrap another key."
                ],
                [
                  "import",
                  "Indicates that the key can be imported during creation."
                ],
                [
                  "export",
                  "Indicates that the private component of the key can be exported."
                ]
              ],
              "old": [
                [
                  "encrypt",
                  ""
                ],
                [
                  "decrypt",
                  ""
                ],
                [
                  "sign",
                  ""
                ],
                [
                  "verify",
                  ""
                ],
                [
                  "wrapKey",
                  ""
                ],
                [
                  "unwrapKey",
                  ""
                ],
                [
                  "import",
                  ""
                ],
                [
                  "export",
                  ""
                ]
              ]
            }
          },
          "attributes": [
            {
              "@added_890062059d6544eb818f4024c82e4461": {
                "#name": "enabled",
                "Description": "Determines whether the object is enabled.",
                "Required": false,
                "Type": "boolean"
              }
            },
            {
              "@added_dffa5ee3d48b4c7686c3f55690e278bc": {
                "#name": "nbf",
                "Description": "Not before date in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_baff61128538404ea971e2f4752d293e": {
                "#name": "exp",
                "Description": "Expiry date in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_741813e9f6634e448d6376916ed631cc": {
                "#name": "created",
                "Description": "Creation time in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_d68362f84dde49e2a1404f1839f0a9a5": {
                "#name": "updated",
                "Description": "Last updated time in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "#name": "recoveryLevel",
              "Enum": {
                "new": [
                  [
                    "Purgeable",
                    "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                  ],
                  [
                    "Recoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "CustomizedRecoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                  ],
                  [
                    "CustomizedRecoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                  ],
                  [
                    "CustomizedRecoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                  ]
                ],
                "old": [
                  [
                    "Purgeable",
                    "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                  ],
                  [
                    "Recoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "CustomizedRecoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                  ],
                  [
                    "CustomizedRecoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                  ],
                  [
                    "CustomizedRecoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7<= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                  ]
                ]
              }
            }
          ]
        }
      }
    }
  ],
  "$responses": {
    "200": {
      "$properties": {
        "attributes": [
          {
            "@added_7efa9ef297234b89b0a3b6d61461b564": {
              "#name": "enabled",
              "Description": "Determines whether the object is enabled.",
              "Required": false,
              "Type": "boolean"
            }
          },
          {
            "@added_d00491597d634324b4f2f0d9aa6a924c": {
              "#name": "nbf",
              "Description": "Not before date in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            }
          },
          {
            "@added_f8ab4d2baa064f41834cf462924170ae": {
              "#name": "exp",
              "Description": "Expiry date in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            }
          },
          {
            "@added_214a6a6b9e804d508143e90020d9a30e": {
              "#name": "created",
              "Description": "Creation time in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            }
          },
          {
            "@added_8f5c1a4fb3424a389597f6e8bcbe41e3": {
              "#name": "updated",
              "Description": "Last updated time in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            }
          },
          {
            "#name": "recoveryLevel",
            "Enum": {
              "new": [
                [
                  "Purgeable",
                  "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                ],
                [
                  "Recoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "CustomizedRecoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                ],
                [
                  "CustomizedRecoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                ],
                [
                  "CustomizedRecoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                ]
              ],
              "old": [
                [
                  "Purgeable",
                  "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                ],
                [
                  "Recoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "CustomizedRecoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                ],
                [
                  "CustomizedRecoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                ],
                [
                  "CustomizedRecoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7<= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                ]
              ]
            }
          }
        ]
      }
    }
  }
}

⚼ Request

PATCH: /keys/{key-name}/{key-version}

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

key-name:

{

Description: The name of key to update. ,

Required: True ,

}

string ,

key-version:

{

Description: The version of the key to update. ,

Required: True ,

}

string ,

parameters:

{

Description: The parameters of the key to update. ,

Required: True ,

}

{

key_ops:

{

Description: Json web key operations. For more information on possible key operations, see JsonWebKeyOperation. ,

Required: False ,

}

[

string ,

]

attributes:

{

Description: The attributes of a key managed by the key vault service. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

exportable:

{

Description: Indicates if the private key can be exported. Release policy must be provided when creating the first version of an exportable key. ,

Required: False ,

}

boolean ,

hsmPlatform:

{

Description: The underlying HSM Platform. ,

Required: False ,

}

string ,

}

tags:

{

Description: Application specific metadata in the form of key-value pairs. ,

Required: False ,

}

object ,

release_policy:

{

Description: The policy rules under which the key can be exported. ,

Required: False ,

}

{

contentType:

{

Description: Content type and version of key release policy ,

Required: False ,

}

string ,

immutable:

{

Description: Defines the mutability state of the policy. Once marked immutable, this flag cannot be reset and the policy cannot be changed under any circumstances. ,

Required: False ,

}

boolean ,

data:

{

Description: Blob encoding the policy rules under which the key can be released. Blob must be base64 URL encoded. ,

Format: base64url ,

Required: False ,

}

string ,

}

⚐ Response (200)

{

key:

{

Description: The Json web key. ,

Required: False ,

}

{

kid:

{

Description: Key identifier. ,

Required: False ,

}

string ,

kty:

{

Description: JsonWebKey Key Type (kty), as defined in https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40. ,

Enum:

{

EC: Elliptic Curve. ,

EC-HSM: Elliptic Curve with a private key which is stored in the HSM. ,

RSA: RSA (https://tools.ietf.org/html/rfc3447) ,

RSA-HSM: RSA with a private key which is stored in the HSM. ,

oct: Octet sequence (used to represent symmetric keys) ,

oct-HSM: Octet sequence (used to represent symmetric keys) which is stored the HSM. ,

}

Required: False ,

}

enum ,

key_ops:

{

Description: Json web key operations. For more information on possible key operations, see JsonWebKeyOperation. ,

Required: False ,

}

[

string ,

]

{

Description: RSA modulus. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA public exponent. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA private exponent, or the D component of an EC private key. ,

Format: base64url ,

Required: False ,

}

string ,

dp:

{

Description: RSA private key parameter. ,

Format: base64url ,

Required: False ,

}

string ,

dq:

{

Description: RSA private key parameter. ,

Format: base64url ,

Required: False ,

}

string ,

qi:

{

Description: RSA private key parameter. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA secret prime. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA secret prime, with p < q. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: Symmetric key. ,

Format: base64url ,

Required: False ,

}

string ,

key_hsm:

{

Description: Protected Key, used with 'Bring Your Own Key'. ,

Format: base64url ,

Required: False ,

}

string ,

crv:

{

Description: Elliptic curve name. For valid values, see JsonWebKeyCurveName. ,

Enum:

{

P-256: The NIST P-256 elliptic curve, AKA SECG curve SECP256R1. ,

P-384: The NIST P-384 elliptic curve, AKA SECG curve SECP384R1. ,

P-521: The NIST P-521 elliptic curve, AKA SECG curve SECP521R1. ,

P-256K: The SECG SECP256K1 elliptic curve. ,

}

Required: False ,

}

enum ,

{

Description: X component of an EC public key. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: Y component of an EC public key. ,

Format: base64url ,

Required: False ,

}

string ,

}

attributes:

{

Description: The key management attributes. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

exportable:

{

Description: Indicates if the private key can be exported. Release policy must be provided when creating the first version of an exportable key. ,

Required: False ,

}

boolean ,

hsmPlatform:

{

Description: The underlying HSM Platform. ,

Required: False ,

}

string ,

}

tags:

{

Description: Application specific metadata in the form of key-value pairs. ,

Required: False ,

}

object ,

managed:

{

Description: True if the key's lifetime is managed by key vault. If this is a key backing a certificate, then managed will be true. ,

Required: False ,

}

boolean ,

release_policy:

{

Description: The policy rules under which the key can be exported. ,

Required: False ,

}

{

contentType:

{

Description: Content type and version of key release policy ,

Required: False ,

}

string ,

immutable:

{

Description: Defines the mutability state of the policy. Once marked immutable, this flag cannot be reset and the policy cannot be changed under any circumstances. ,

Required: False ,

}

boolean ,

data:

{

Description: Blob encoding the policy rules under which the key can be released. Blob must be base64 URL encoded. ,

Format: base64url ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

decrypt (updated)

Description

: The DECRYPT operation decrypts a well-formed block of ciphertext using the target encryption key and specified algorithm. This operation is the reverse of the ENCRYPT operation; only a single block of data may be decrypted, the size of this block is dependent on the target key and the algorithm to be used. The DECRYPT operation applies to asymmetric and symmetric keys stored in Azure Key Vault since it uses the private portion of the key. This operation requires the keys/decrypt permission. Microsoft recommends not to use CBC algorithms for decryption without first ensuring the integrity of the ciphertext using an HMAC, for example. See https://docs.microsoft.com/dotnet/standard/security/vulnerabilities-cbc-mode for more information.

Reference

: Link ¶

⚶ Changes

{
  "#id": "decrypt",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    },
    {
      "parameters": {
        "$properties": [
          {
            "#name": "alg",
            "Enum": {
              "new": [
                [
                  "RSA-OAEP",
                  "RSAES using Optimal Asymmetric Encryption Padding (OAEP), as described in https://tools.ietf.org/html/rfc3447, with the default parameters specified by RFC 3447 in Section A.2.1. Those default parameters are using a hash function of SHA-1 and a mask generation function of MGF1 with SHA-1."
                ],
                [
                  "RSA-OAEP-256",
                  "RSAES using Optimal Asymmetric Encryption Padding with a hash function of SHA-256 and a mask generation function of MGF1 with SHA-256."
                ],
                [
                  "RSA1_5",
                  "RSAES-PKCS1-V1_5 key encryption, as described in https://tools.ietf.org/html/rfc3447."
                ],
                [
                  "A128GCM",
                  "128-bit AES-GCM."
                ],
                [
                  "A192GCM",
                  "192-bit AES-GCM."
                ],
                [
                  "A256GCM",
                  "256-bit AES-GCM."
                ],
                [
                  "A128KW",
                  "128-bit AES key wrap."
                ],
                [
                  "A192KW",
                  "192-bit AES key wrap."
                ],
                [
                  "A256KW",
                  "256-bit AES key wrap."
                ],
                [
                  "A128CBC",
                  "128-bit AES-CBC."
                ],
                [
                  "A192CBC",
                  "192-bit AES-CBC."
                ],
                [
                  "A256CBC",
                  "256-bit AES-CBC."
                ],
                [
                  "A128CBCPAD",
                  "128-bit AES-CBC with PKCS padding."
                ],
                [
                  "A192CBCPAD",
                  "192-bit AES-CBC with PKCS padding."
                ],
                [
                  "A256CBCPAD",
                  "256-bit AES-CBC with PKCS padding."
                ]
              ],
              "old": [
                [
                  "RSA-OAEP",
                  ""
                ],
                [
                  "RSA-OAEP-256",
                  ""
                ],
                [
                  "RSA1_5",
                  ""
                ],
                [
                  "A128GCM",
                  ""
                ],
                [
                  "A192GCM",
                  ""
                ],
                [
                  "A256GCM",
                  ""
                ],
                [
                  "A128KW",
                  ""
                ],
                [
                  "A192KW",
                  ""
                ],
                [
                  "A256KW",
                  ""
                ],
                [
                  "A128CBC",
                  ""
                ],
                [
                  "A192CBC",
                  ""
                ],
                [
                  "A256CBC",
                  ""
                ],
                [
                  "A128CBCPAD",
                  ""
                ],
                [
                  "A192CBCPAD",
                  ""
                ],
                [
                  "A256CBCPAD",
                  ""
                ]
              ]
            }
          }
        ]
      }
    }
  ]
}

⚼ Request

POST: /keys/{key-name}/{key-version}/decrypt

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

key-name:

{

Description: The name of the key. ,

Required: True ,

}

string ,

key-version:

{

Description: The version of the key. ,

Required: True ,

}

string ,

parameters:

{

Description: The parameters for the decryption operation. ,

Required: True ,

}

{

alg:

{

Description: algorithm identifier ,

Enum:

{

RSA-OAEP: RSAES using Optimal Asymmetric Encryption Padding (OAEP), as described in https://tools.ietf.org/html/rfc3447, with the default parameters specified by RFC 3447 in Section A.2.1. Those default parameters are using a hash function of SHA-1 and a mask generation function of MGF1 with SHA-1. ,

RSA-OAEP-256: RSAES using Optimal Asymmetric Encryption Padding with a hash function of SHA-256 and a mask generation function of MGF1 with SHA-256. ,

RSA1_5: RSAES-PKCS1-V1_5 key encryption, as described in https://tools.ietf.org/html/rfc3447. ,

A128GCM: 128-bit AES-GCM. ,

A192GCM: 192-bit AES-GCM. ,

A256GCM: 256-bit AES-GCM. ,

A128KW: 128-bit AES key wrap. ,

A192KW: 192-bit AES key wrap. ,

A256KW: 256-bit AES key wrap. ,

A128CBC: 128-bit AES-CBC. ,

A192CBC: 192-bit AES-CBC. ,

A256CBC: 256-bit AES-CBC. ,

A128CBCPAD: 128-bit AES-CBC with PKCS padding. ,

A192CBCPAD: 192-bit AES-CBC with PKCS padding. ,

A256CBCPAD: 256-bit AES-CBC with PKCS padding. ,

}

Required: True ,

}

enum ,

value:

{

Description: The value to operate on. ,

Format: base64url ,

Required: True ,

}

string ,

iv:

{

Description: Cryptographically random, non-repeating initialization vector for symmetric algorithms. ,

Format: base64url ,

Required: False ,

}

string ,

aad:

{

Description: Additional data to authenticate but not encrypt/decrypt when using authenticated crypto algorithms. ,

Format: base64url ,

Required: False ,

}

string ,

tag:

{

Description: The tag to authenticate when performing decryption with an authenticated algorithm. ,

Format: base64url ,

Required: False ,

}

string ,

}

⚐ Response (200)

{

kid:

{

Description: Key identifier ,

Required: False ,

}

string ,

value:

{

Description: The result of the operation. ,

Format: base64url ,

Required: False ,

}

string ,

iv:

{

Description: Cryptographically random, non-repeating initialization vector for symmetric algorithms. ,

Format: base64url ,

Required: False ,

}

string ,

tag:

{

Description: The tag to authenticate when performing decryption with an authenticated algorithm. ,

Format: base64url ,

Required: False ,

}

string ,

aad:

{

Description: Additional data to authenticate but not encrypt/decrypt when using authenticated crypto algorithms. ,

Format: base64url ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

encrypt (updated)

Description

: The ENCRYPT operation encrypts an arbitrary sequence of bytes using an encryption key that is stored in Azure Key Vault. Note that the ENCRYPT operation only supports a single block of data, the size of which is dependent on the target key and the encryption algorithm to be used. The ENCRYPT operation is only strictly necessary for symmetric keys stored in Azure Key Vault since protection with an asymmetric key can be performed using public portion of the key. This operation is supported for asymmetric keys as a convenience for callers that have a key-reference but do not have access to the public key material. This operation requires the keys/encrypt permission.

Reference

: Link ¶

⚶ Changes

{
  "#id": "encrypt",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    },
    {
      "parameters": {
        "$properties": [
          {
            "#name": "alg",
            "Enum": {
              "new": [
                [
                  "RSA-OAEP",
                  "RSAES using Optimal Asymmetric Encryption Padding (OAEP), as described in https://tools.ietf.org/html/rfc3447, with the default parameters specified by RFC 3447 in Section A.2.1. Those default parameters are using a hash function of SHA-1 and a mask generation function of MGF1 with SHA-1."
                ],
                [
                  "RSA-OAEP-256",
                  "RSAES using Optimal Asymmetric Encryption Padding with a hash function of SHA-256 and a mask generation function of MGF1 with SHA-256."
                ],
                [
                  "RSA1_5",
                  "RSAES-PKCS1-V1_5 key encryption, as described in https://tools.ietf.org/html/rfc3447."
                ],
                [
                  "A128GCM",
                  "128-bit AES-GCM."
                ],
                [
                  "A192GCM",
                  "192-bit AES-GCM."
                ],
                [
                  "A256GCM",
                  "256-bit AES-GCM."
                ],
                [
                  "A128KW",
                  "128-bit AES key wrap."
                ],
                [
                  "A192KW",
                  "192-bit AES key wrap."
                ],
                [
                  "A256KW",
                  "256-bit AES key wrap."
                ],
                [
                  "A128CBC",
                  "128-bit AES-CBC."
                ],
                [
                  "A192CBC",
                  "192-bit AES-CBC."
                ],
                [
                  "A256CBC",
                  "256-bit AES-CBC."
                ],
                [
                  "A128CBCPAD",
                  "128-bit AES-CBC with PKCS padding."
                ],
                [
                  "A192CBCPAD",
                  "192-bit AES-CBC with PKCS padding."
                ],
                [
                  "A256CBCPAD",
                  "256-bit AES-CBC with PKCS padding."
                ]
              ],
              "old": [
                [
                  "RSA-OAEP",
                  ""
                ],
                [
                  "RSA-OAEP-256",
                  ""
                ],
                [
                  "RSA1_5",
                  ""
                ],
                [
                  "A128GCM",
                  ""
                ],
                [
                  "A192GCM",
                  ""
                ],
                [
                  "A256GCM",
                  ""
                ],
                [
                  "A128KW",
                  ""
                ],
                [
                  "A192KW",
                  ""
                ],
                [
                  "A256KW",
                  ""
                ],
                [
                  "A128CBC",
                  ""
                ],
                [
                  "A192CBC",
                  ""
                ],
                [
                  "A256CBC",
                  ""
                ],
                [
                  "A128CBCPAD",
                  ""
                ],
                [
                  "A192CBCPAD",
                  ""
                ],
                [
                  "A256CBCPAD",
                  ""
                ]
              ]
            }
          }
        ]
      }
    }
  ]
}

⚼ Request

POST: /keys/{key-name}/{key-version}/encrypt

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

key-name:

{

Description: The name of the key. ,

Required: True ,

}

string ,

key-version:

{

Description: The version of the key. ,

Required: True ,

}

string ,

parameters:

{

Description: The parameters for the encryption operation. ,

Required: True ,

}

{

alg:

{

Description: algorithm identifier ,

Enum:

{

RSA-OAEP-256: RSAES using Optimal Asymmetric Encryption Padding with a hash function of SHA-256 and a mask generation function of MGF1 with SHA-256. ,

RSA1_5: RSAES-PKCS1-V1_5 key encryption, as described in https://tools.ietf.org/html/rfc3447. ,

A128GCM: 128-bit AES-GCM. ,

A192GCM: 192-bit AES-GCM. ,

A256GCM: 256-bit AES-GCM. ,

A128KW: 128-bit AES key wrap. ,

A192KW: 192-bit AES key wrap. ,

A256KW: 256-bit AES key wrap. ,

A128CBC: 128-bit AES-CBC. ,

A192CBC: 192-bit AES-CBC. ,

A256CBC: 256-bit AES-CBC. ,

A128CBCPAD: 128-bit AES-CBC with PKCS padding. ,

A192CBCPAD: 192-bit AES-CBC with PKCS padding. ,

A256CBCPAD: 256-bit AES-CBC with PKCS padding. ,

}

Required: True ,

}

enum ,

value:

{

Description: The value to operate on. ,

Format: base64url ,

Required: True ,

}

string ,

iv:

{

Description: Cryptographically random, non-repeating initialization vector for symmetric algorithms. ,

Format: base64url ,

Required: False ,

}

string ,

aad:

{

Description: Additional data to authenticate but not encrypt/decrypt when using authenticated crypto algorithms. ,

Format: base64url ,

Required: False ,

}

string ,

tag:

{

Description: The tag to authenticate when performing decryption with an authenticated algorithm. ,

Format: base64url ,

Required: False ,

}

string ,

}

⚐ Response (200)

{

kid:

{

Description: Key identifier ,

Required: False ,

}

string ,

value:

{

Description: The result of the operation. ,

Format: base64url ,

Required: False ,

}

string ,

iv:

{

Description: Cryptographically random, non-repeating initialization vector for symmetric algorithms. ,

Format: base64url ,

Required: False ,

}

string ,

tag:

{

Description: The tag to authenticate when performing decryption with an authenticated algorithm. ,

Format: base64url ,

Required: False ,

}

string ,

aad:

{

Description: Additional data to authenticate but not encrypt/decrypt when using authenticated crypto algorithms. ,

Format: base64url ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

release (updated)

Description	: The release key operation is applicable to all key types. The target key must be marked exportable. This operation requires the keys/release permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "release",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    },
    {
      "parameters": {
        "$properties": [
          {
            "#name": "enc",
            "Enum": {
              "new": [
                [
                  "CKM_RSA_AES_KEY_WRAP",
                  "The CKM_RSA_AES_KEY_WRAP key wrap mechanism."
                ],
                [
                  "RSA_AES_KEY_WRAP_256",
                  "The RSA_AES_KEY_WRAP_256 key wrap mechanism."
                ],
                [
                  "RSA_AES_KEY_WRAP_384",
                  "The RSA_AES_KEY_WRAP_384 key wrap mechanism."
                ]
              ],
              "old": [
                [
                  "CKM_RSA_AES_KEY_WRAP",
                  ""
                ],
                [
                  "RSA_AES_KEY_WRAP_256",
                  ""
                ],
                [
                  "RSA_AES_KEY_WRAP_384",
                  ""
                ]
              ]
            }
          }
        ]
      }
    }
  ]
}

⚼ Request

POST: /keys/{key-name}/{key-version}/release

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

key-name:

{

Description: The name of the key to get. ,

Required: True ,

}

string ,

key-version:

{

Description: Adding the version parameter retrieves a specific version of a key. ,

Required: True ,

}

string ,

parameters:

{

Description: The parameters for the key release operation. ,

Required: True ,

}

{

target:

{

Description: The attestation assertion for the target of the key release. ,

Required: True ,

}

string ,

nonce:

{

Description: A client provided nonce for freshness. ,

Required: False ,

}

string ,

enc:

{

Description: The encryption algorithm to use to protected the exported key material ,

Enum:

{

CKM_RSA_AES_KEY_WRAP: The CKM_RSA_AES_KEY_WRAP key wrap mechanism. ,

RSA_AES_KEY_WRAP_256: The RSA_AES_KEY_WRAP_256 key wrap mechanism. ,

RSA_AES_KEY_WRAP_384: The RSA_AES_KEY_WRAP_384 key wrap mechanism. ,

}

Required: False ,

}

enum ,

}

⚐ Response (200)

{

value:

{

Description: A signed object containing the released key. ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

sign (updated)

Description	: The SIGN operation is applicable to asymmetric and symmetric keys stored in Azure Key Vault since this operation uses the private portion of the key. This operation requires the keys/sign permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "sign",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    }
  ]
}

⚼ Request

POST: /keys/{key-name}/{key-version}/sign

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

key-name:

{

Description: The name of the key. ,

Required: True ,

}

string ,

key-version:

{

Description: The version of the key. ,

Required: True ,

}

string ,

parameters:

{

Description: The parameters for the signing operation. ,

Required: True ,

}

{

alg:

{

Description: The signing/verification algorithm identifier. For more information on possible algorithm types, see JsonWebKeySignatureAlgorithm. ,

Enum:

{

PS256: RSASSA-PSS using SHA-256 and MGF1 with SHA-256, as described in https://tools.ietf.org/html/rfc7518 ,

PS384: RSASSA-PSS using SHA-384 and MGF1 with SHA-384, as described in https://tools.ietf.org/html/rfc7518 ,

PS512: RSASSA-PSS using SHA-512 and MGF1 with SHA-512, as described in https://tools.ietf.org/html/rfc7518 ,

RS256: RSASSA-PKCS1-v1_5 using SHA-256, as described in https://tools.ietf.org/html/rfc7518 ,

RS384: RSASSA-PKCS1-v1_5 using SHA-384, as described in https://tools.ietf.org/html/rfc7518 ,

RS512: RSASSA-PKCS1-v1_5 using SHA-512, as described in https://tools.ietf.org/html/rfc7518 ,

RSNULL: Reserved ,

ES256: ECDSA using P-256 and SHA-256, as described in https://tools.ietf.org/html/rfc7518. ,

ES384: ECDSA using P-384 and SHA-384, as described in https://tools.ietf.org/html/rfc7518 ,

ES512: ECDSA using P-521 and SHA-512, as described in https://tools.ietf.org/html/rfc7518 ,

ES256K: ECDSA using P-256K and SHA-256, as described in https://tools.ietf.org/html/rfc7518 ,

}

Required: True ,

}

enum ,

value:

{

Description: The value to operate on. ,

Format: base64url ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

kid:

{

Description: Key identifier ,

Required: False ,

}

string ,

value:

{

Description: The result of the operation. ,

Format: base64url ,

Required: False ,

}

string ,

iv:

{

Description: Cryptographically random, non-repeating initialization vector for symmetric algorithms. ,

Format: base64url ,

Required: False ,

}

string ,

tag:

{

Description: The tag to authenticate when performing decryption with an authenticated algorithm. ,

Format: base64url ,

Required: False ,

}

string ,

aad:

{

Description: Additional data to authenticate but not encrypt/decrypt when using authenticated crypto algorithms. ,

Format: base64url ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

unwrapKey (updated)

Description	: The UNWRAP operation supports decryption of a symmetric key using the target key encryption key. This operation is the reverse of the WRAP operation. The UNWRAP operation applies to asymmetric and symmetric keys stored in Azure Key Vault since it uses the private portion of the key. This operation requires the keys/unwrapKey permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "unwrapKey",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    },
    {
      "parameters": {
        "$properties": [
          {
            "#name": "alg",
            "Enum": {
              "new": [
                [
                  "RSA-OAEP",
                  "RSAES using Optimal Asymmetric Encryption Padding (OAEP), as described in https://tools.ietf.org/html/rfc3447, with the default parameters specified by RFC 3447 in Section A.2.1. Those default parameters are using a hash function of SHA-1 and a mask generation function of MGF1 with SHA-1."
                ],
                [
                  "RSA-OAEP-256",
                  "RSAES using Optimal Asymmetric Encryption Padding with a hash function of SHA-256 and a mask generation function of MGF1 with SHA-256."
                ],
                [
                  "RSA1_5",
                  "RSAES-PKCS1-V1_5 key encryption, as described in https://tools.ietf.org/html/rfc3447."
                ],
                [
                  "A128GCM",
                  "128-bit AES-GCM."
                ],
                [
                  "A192GCM",
                  "192-bit AES-GCM."
                ],
                [
                  "A256GCM",
                  "256-bit AES-GCM."
                ],
                [
                  "A128KW",
                  "128-bit AES key wrap."
                ],
                [
                  "A192KW",
                  "192-bit AES key wrap."
                ],
                [
                  "A256KW",
                  "256-bit AES key wrap."
                ],
                [
                  "A128CBC",
                  "128-bit AES-CBC."
                ],
                [
                  "A192CBC",
                  "192-bit AES-CBC."
                ],
                [
                  "A256CBC",
                  "256-bit AES-CBC."
                ],
                [
                  "A128CBCPAD",
                  "128-bit AES-CBC with PKCS padding."
                ],
                [
                  "A192CBCPAD",
                  "192-bit AES-CBC with PKCS padding."
                ],
                [
                  "A256CBCPAD",
                  "256-bit AES-CBC with PKCS padding."
                ]
              ],
              "old": [
                [
                  "RSA-OAEP",
                  ""
                ],
                [
                  "RSA-OAEP-256",
                  ""
                ],
                [
                  "RSA1_5",
                  ""
                ],
                [
                  "A128GCM",
                  ""
                ],
                [
                  "A192GCM",
                  ""
                ],
                [
                  "A256GCM",
                  ""
                ],
                [
                  "A128KW",
                  ""
                ],
                [
                  "A192KW",
                  ""
                ],
                [
                  "A256KW",
                  ""
                ],
                [
                  "A128CBC",
                  ""
                ],
                [
                  "A192CBC",
                  ""
                ],
                [
                  "A256CBC",
                  ""
                ],
                [
                  "A128CBCPAD",
                  ""
                ],
                [
                  "A192CBCPAD",
                  ""
                ],
                [
                  "A256CBCPAD",
                  ""
                ]
              ]
            }
          }
        ]
      }
    }
  ]
}

⚼ Request

POST: /keys/{key-name}/{key-version}/unwrapkey

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

key-name:

{

Description: The name of the key. ,

Required: True ,

}

string ,

key-version:

{

Description: The version of the key. ,

Required: True ,

}

string ,

parameters:

{

Description: The parameters for the key operation. ,

Required: True ,

}

{

alg:

{

Description: algorithm identifier ,

Enum:

{

RSA-OAEP-256: RSAES using Optimal Asymmetric Encryption Padding with a hash function of SHA-256 and a mask generation function of MGF1 with SHA-256. ,

RSA1_5: RSAES-PKCS1-V1_5 key encryption, as described in https://tools.ietf.org/html/rfc3447. ,

A128GCM: 128-bit AES-GCM. ,

A192GCM: 192-bit AES-GCM. ,

A256GCM: 256-bit AES-GCM. ,

A128KW: 128-bit AES key wrap. ,

A192KW: 192-bit AES key wrap. ,

A256KW: 256-bit AES key wrap. ,

A128CBC: 128-bit AES-CBC. ,

A192CBC: 192-bit AES-CBC. ,

A256CBC: 256-bit AES-CBC. ,

A128CBCPAD: 128-bit AES-CBC with PKCS padding. ,

A192CBCPAD: 192-bit AES-CBC with PKCS padding. ,

A256CBCPAD: 256-bit AES-CBC with PKCS padding. ,

}

Required: True ,

}

enum ,

value:

{

Description: The value to operate on. ,

Format: base64url ,

Required: True ,

}

string ,

iv:

{

Description: Cryptographically random, non-repeating initialization vector for symmetric algorithms. ,

Format: base64url ,

Required: False ,

}

string ,

aad:

{

Description: Additional data to authenticate but not encrypt/decrypt when using authenticated crypto algorithms. ,

Format: base64url ,

Required: False ,

}

string ,

tag:

{

Description: The tag to authenticate when performing decryption with an authenticated algorithm. ,

Format: base64url ,

Required: False ,

}

string ,

}

⚐ Response (200)

{

kid:

{

Description: Key identifier ,

Required: False ,

}

string ,

value:

{

Description: The result of the operation. ,

Format: base64url ,

Required: False ,

}

string ,

iv:

{

Description: Cryptographically random, non-repeating initialization vector for symmetric algorithms. ,

Format: base64url ,

Required: False ,

}

string ,

tag:

{

Description: The tag to authenticate when performing decryption with an authenticated algorithm. ,

Format: base64url ,

Required: False ,

}

string ,

aad:

{

Description: Additional data to authenticate but not encrypt/decrypt when using authenticated crypto algorithms. ,

Format: base64url ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

verify (updated)

Description

: The VERIFY operation is applicable to symmetric keys stored in Azure Key Vault. VERIFY is not strictly necessary for asymmetric keys stored in Azure Key Vault since signature verification can be performed using the public portion of the key but this operation is supported as a convenience for callers that only have a key-reference and not the public portion of the key. This operation requires the keys/verify permission.

Reference

: Link ¶

⚶ Changes

{
  "#id": "verify",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    },
    {
      "parameters": {
        "$properties": [
          {
            "#name": "alg",
            "Enum": {
              "new": [
                [
                  "PS256",
                  "RSASSA-PSS using SHA-256 and MGF1 with SHA-256, as described in https://tools.ietf.org/html/rfc7518"
                ],
                [
                  "PS384",
                  "RSASSA-PSS using SHA-384 and MGF1 with SHA-384, as described in https://tools.ietf.org/html/rfc7518"
                ],
                [
                  "PS512",
                  "RSASSA-PSS using SHA-512 and MGF1 with SHA-512, as described in https://tools.ietf.org/html/rfc7518"
                ],
                [
                  "RS256",
                  "RSASSA-PKCS1-v1_5 using SHA-256, as described in https://tools.ietf.org/html/rfc7518"
                ],
                [
                  "RS384",
                  "RSASSA-PKCS1-v1_5 using SHA-384, as described in https://tools.ietf.org/html/rfc7518"
                ],
                [
                  "RS512",
                  "RSASSA-PKCS1-v1_5 using SHA-512, as described in https://tools.ietf.org/html/rfc7518"
                ],
                [
                  "RSNULL",
                  "Reserved"
                ],
                [
                  "ES256",
                  "ECDSA using P-256 and SHA-256, as described in https://tools.ietf.org/html/rfc7518."
                ],
                [
                  "ES384",
                  "ECDSA using P-384 and SHA-384, as described in https://tools.ietf.org/html/rfc7518"
                ],
                [
                  "ES512",
                  "ECDSA using P-521 and SHA-512, as described in https://tools.ietf.org/html/rfc7518"
                ],
                [
                  "ES256K",
                  "ECDSA using P-256K and SHA-256, as described in https://tools.ietf.org/html/rfc7518"
                ]
              ],
              "old": [
                [
                  "PS256",
                  ""
                ],
                [
                  "PS384",
                  ""
                ],
                [
                  "PS512",
                  ""
                ],
                [
                  "RS256",
                  ""
                ],
                [
                  "RS384",
                  ""
                ],
                [
                  "RS512",
                  ""
                ],
                [
                  "RSNULL",
                  ""
                ],
                [
                  "ES256",
                  ""
                ],
                [
                  "ES384",
                  ""
                ],
                [
                  "ES512",
                  ""
                ],
                [
                  "ES256K",
                  ""
                ]
              ]
            }
          }
        ]
      }
    }
  ]
}

⚼ Request

POST: /keys/{key-name}/{key-version}/verify

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

key-name:

{

Description: The name of the key. ,

Required: True ,

}

string ,

key-version:

{

Description: The version of the key. ,

Required: True ,

}

string ,

parameters:

{

Description: The parameters for verify operations. ,

Required: True ,

}

{

alg:

{

Description: The signing/verification algorithm. For more information on possible algorithm types, see JsonWebKeySignatureAlgorithm. ,

Enum:

{

PS256: RSASSA-PSS using SHA-256 and MGF1 with SHA-256, as described in https://tools.ietf.org/html/rfc7518 ,

PS384: RSASSA-PSS using SHA-384 and MGF1 with SHA-384, as described in https://tools.ietf.org/html/rfc7518 ,

PS512: RSASSA-PSS using SHA-512 and MGF1 with SHA-512, as described in https://tools.ietf.org/html/rfc7518 ,

RS256: RSASSA-PKCS1-v1_5 using SHA-256, as described in https://tools.ietf.org/html/rfc7518 ,

RS384: RSASSA-PKCS1-v1_5 using SHA-384, as described in https://tools.ietf.org/html/rfc7518 ,

RS512: RSASSA-PKCS1-v1_5 using SHA-512, as described in https://tools.ietf.org/html/rfc7518 ,

RSNULL: Reserved ,

ES256: ECDSA using P-256 and SHA-256, as described in https://tools.ietf.org/html/rfc7518. ,

ES384: ECDSA using P-384 and SHA-384, as described in https://tools.ietf.org/html/rfc7518 ,

ES512: ECDSA using P-521 and SHA-512, as described in https://tools.ietf.org/html/rfc7518 ,

ES256K: ECDSA using P-256K and SHA-256, as described in https://tools.ietf.org/html/rfc7518 ,

}

Required: True ,

}

enum ,

digest:

{

Description: The digest used for signing. ,

Format: base64url ,

Required: True ,

}

string ,

value:

{

Description: The signature to be verified. ,

Format: base64url ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

value:

{

Description: True if the signature is verified, otherwise false. ,

Required: False ,

}

boolean ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

wrapKey (updated)

Description

: The WRAP operation supports encryption of a symmetric key using a key encryption key that has previously been stored in an Azure Key Vault. The WRAP operation is only strictly necessary for symmetric keys stored in Azure Key Vault since protection with an asymmetric key can be performed using the public portion of the key. This operation is supported for asymmetric keys as a convenience for callers that have a key-reference but do not have access to the public key material. This operation requires the keys/wrapKey permission.

Reference

: Link ¶

⚶ Changes

{
  "#id": "wrapKey",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    },
    {
      "parameters": {
        "$properties": [
          {
            "#name": "alg",
            "Enum": {
              "new": [
                [
                  "RSA-OAEP",
                  "RSAES using Optimal Asymmetric Encryption Padding (OAEP), as described in https://tools.ietf.org/html/rfc3447, with the default parameters specified by RFC 3447 in Section A.2.1. Those default parameters are using a hash function of SHA-1 and a mask generation function of MGF1 with SHA-1."
                ],
                [
                  "RSA-OAEP-256",
                  "RSAES using Optimal Asymmetric Encryption Padding with a hash function of SHA-256 and a mask generation function of MGF1 with SHA-256."
                ],
                [
                  "RSA1_5",
                  "RSAES-PKCS1-V1_5 key encryption, as described in https://tools.ietf.org/html/rfc3447."
                ],
                [
                  "A128GCM",
                  "128-bit AES-GCM."
                ],
                [
                  "A192GCM",
                  "192-bit AES-GCM."
                ],
                [
                  "A256GCM",
                  "256-bit AES-GCM."
                ],
                [
                  "A128KW",
                  "128-bit AES key wrap."
                ],
                [
                  "A192KW",
                  "192-bit AES key wrap."
                ],
                [
                  "A256KW",
                  "256-bit AES key wrap."
                ],
                [
                  "A128CBC",
                  "128-bit AES-CBC."
                ],
                [
                  "A192CBC",
                  "192-bit AES-CBC."
                ],
                [
                  "A256CBC",
                  "256-bit AES-CBC."
                ],
                [
                  "A128CBCPAD",
                  "128-bit AES-CBC with PKCS padding."
                ],
                [
                  "A192CBCPAD",
                  "192-bit AES-CBC with PKCS padding."
                ],
                [
                  "A256CBCPAD",
                  "256-bit AES-CBC with PKCS padding."
                ]
              ],
              "old": [
                [
                  "RSA-OAEP",
                  ""
                ],
                [
                  "RSA-OAEP-256",
                  ""
                ],
                [
                  "RSA1_5",
                  ""
                ],
                [
                  "A128GCM",
                  ""
                ],
                [
                  "A192GCM",
                  ""
                ],
                [
                  "A256GCM",
                  ""
                ],
                [
                  "A128KW",
                  ""
                ],
                [
                  "A192KW",
                  ""
                ],
                [
                  "A256KW",
                  ""
                ],
                [
                  "A128CBC",
                  ""
                ],
                [
                  "A192CBC",
                  ""
                ],
                [
                  "A256CBC",
                  ""
                ],
                [
                  "A128CBCPAD",
                  ""
                ],
                [
                  "A192CBCPAD",
                  ""
                ],
                [
                  "A256CBCPAD",
                  ""
                ]
              ]
            }
          }
        ]
      }
    }
  ]
}

⚼ Request

POST: /keys/{key-name}/{key-version}/wrapkey

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

key-name:

{

Description: The name of the key. ,

Required: True ,

}

string ,

key-version:

{

Description: The version of the key. ,

Required: True ,

}

string ,

parameters:

{

Description: The parameters for wrap operation. ,

Required: True ,

}

{

alg:

{

Description: algorithm identifier ,

Enum:

{

RSA-OAEP-256: RSAES using Optimal Asymmetric Encryption Padding with a hash function of SHA-256 and a mask generation function of MGF1 with SHA-256. ,

RSA1_5: RSAES-PKCS1-V1_5 key encryption, as described in https://tools.ietf.org/html/rfc3447. ,

A128GCM: 128-bit AES-GCM. ,

A192GCM: 192-bit AES-GCM. ,

A256GCM: 256-bit AES-GCM. ,

A128KW: 128-bit AES key wrap. ,

A192KW: 192-bit AES key wrap. ,

A256KW: 256-bit AES key wrap. ,

A128CBC: 128-bit AES-CBC. ,

A192CBC: 192-bit AES-CBC. ,

A256CBC: 256-bit AES-CBC. ,

A128CBCPAD: 128-bit AES-CBC with PKCS padding. ,

A192CBCPAD: 192-bit AES-CBC with PKCS padding. ,

A256CBCPAD: 256-bit AES-CBC with PKCS padding. ,

}

Required: True ,

}

enum ,

value:

{

Description: The value to operate on. ,

Format: base64url ,

Required: True ,

}

string ,

iv:

{

Description: Cryptographically random, non-repeating initialization vector for symmetric algorithms. ,

Format: base64url ,

Required: False ,

}

string ,

aad:

{

Description: Additional data to authenticate but not encrypt/decrypt when using authenticated crypto algorithms. ,

Format: base64url ,

Required: False ,

}

string ,

tag:

{

Description: The tag to authenticate when performing decryption with an authenticated algorithm. ,

Format: base64url ,

Required: False ,

}

string ,

}

⚐ Response (200)

{

kid:

{

Description: Key identifier ,

Required: False ,

}

string ,

value:

{

Description: The result of the operation. ,

Format: base64url ,

Required: False ,

}

string ,

iv:

{

Description: Cryptographically random, non-repeating initialization vector for symmetric algorithms. ,

Format: base64url ,

Required: False ,

}

string ,

tag:

{

Description: The tag to authenticate when performing decryption with an authenticated algorithm. ,

Format: base64url ,

Required: False ,

}

string ,

aad:

{

Description: Additional data to authenticate but not encrypt/decrypt when using authenticated crypto algorithms. ,

Format: base64url ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

BackupKey (updated)

Description

: The Key Backup operation exports a key from Azure Key Vault in a protected form. Note that this operation does NOT return key material in a form that can be used outside the Azure Key Vault system, the returned key material is either protected to a Azure Key Vault HSM or to Azure Key Vault itself. The intent of this operation is to allow a client to GENERATE a key in one Azure Key Vault instance, BACKUP the key, and then RESTORE it into another Azure Key Vault instance. The BACKUP operation may be used to export, in protected form, any key type from Azure Key Vault. Individual versions of a key cannot be backed up. BACKUP / RESTORE can be performed within geographical boundaries only; meaning that a BACKUP from one geographical area cannot be restored to another geographical area. For example, a backup from the US geographical area cannot be restored in an EU geographical area. This operation requires the key/backup permission.

Reference

: Link ¶

⚶ Changes

{
  "#id": "BackupKey",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    }
  ]
}

⚼ Request

POST: /keys/{key-name}/backup

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

key-name:

{

Description: The name of the key. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

value:

{

Description: The backup blob containing the backed up key. ,

Format: base64url ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

CreateKey (updated)

Description	: The create key operation can be used to create any key type in Azure Key Vault. If the named key already exists, Azure Key Vault creates a new version of the key. It requires the keys/create permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "CreateKey",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    },
    {
      "parameters": {
        "$properties": [
          {
            "#name": "kty",
            "Enum": {
              "new": [
                [
                  "EC",
                  "Elliptic Curve."
                ],
                [
                  "EC-HSM",
                  "Elliptic Curve with a private key which is stored in the HSM."
                ],
                [
                  "RSA",
                  "RSA (https://tools.ietf.org/html/rfc3447)"
                ],
                [
                  "RSA-HSM",
                  "RSA with a private key which is stored in the HSM."
                ],
                [
                  "oct",
                  "Octet sequence (used to represent symmetric keys)"
                ],
                [
                  "oct-HSM",
                  "Octet sequence (used to represent symmetric keys) which is stored the HSM."
                ]
              ],
              "old": [
                [
                  "EC",
                  ""
                ],
                [
                  "EC-HSM",
                  ""
                ],
                [
                  "RSA",
                  ""
                ],
                [
                  "RSA-HSM",
                  ""
                ],
                [
                  "oct",
                  ""
                ],
                [
                  "oct-HSM",
                  ""
                ]
              ]
            }
          },
          {
            "key_ops": {
              "Enum": {
                "new": [
                  [
                    "encrypt",
                    "Indicates that the key can be used to encrypt."
                  ],
                  [
                    "decrypt",
                    "Indicates that the key can be used to decrypt."
                  ],
                  [
                    "sign",
                    "Indicates that the key can be used to sign."
                  ],
                  [
                    "verify",
                    "Indicates that the key can be used to verify."
                  ],
                  [
                    "wrapKey",
                    "Indicates that the key can be used to wrap another key."
                  ],
                  [
                    "unwrapKey",
                    "Indicates that the key can be used to unwrap another key."
                  ],
                  [
                    "import",
                    "Indicates that the key can be imported during creation."
                  ],
                  [
                    "export",
                    "Indicates that the private component of the key can be exported."
                  ]
                ],
                "old": [
                  [
                    "encrypt",
                    ""
                  ],
                  [
                    "decrypt",
                    ""
                  ],
                  [
                    "sign",
                    ""
                  ],
                  [
                    "verify",
                    ""
                  ],
                  [
                    "wrapKey",
                    ""
                  ],
                  [
                    "unwrapKey",
                    ""
                  ],
                  [
                    "import",
                    ""
                  ],
                  [
                    "export",
                    ""
                  ]
                ]
              }
            }
          },
          {
            "attributes": [
              {
                "@added_8eb168da3d284f3198193f98d2070a5b": {
                  "#name": "enabled",
                  "Description": "Determines whether the object is enabled.",
                  "Required": false,
                  "Type": "boolean"
                }
              },
              {
                "@added_98ff810e948e4872b6a03372e88c583c": {
                  "#name": "nbf",
                  "Description": "Not before date in UTC.",
                  "Format": "unixtime",
                  "Required": false,
                  "Type": "integer"
                }
              },
              {
                "@added_f19f890462ff42a7aadcc6722f98fa0f": {
                  "#name": "exp",
                  "Description": "Expiry date in UTC.",
                  "Format": "unixtime",
                  "Required": false,
                  "Type": "integer"
                }
              },
              {
                "@added_0d7e431838ba4c0f8caa0b555c28fc3b": {
                  "#name": "created",
                  "Description": "Creation time in UTC.",
                  "Format": "unixtime",
                  "Required": false,
                  "Type": "integer"
                }
              },
              {
                "@added_2a5e891697064447956075ecc5a01c9a": {
                  "#name": "updated",
                  "Description": "Last updated time in UTC.",
                  "Format": "unixtime",
                  "Required": false,
                  "Type": "integer"
                }
              },
              {
                "#name": "recoveryLevel",
                "Enum": {
                  "new": [
                    [
                      "Purgeable",
                      "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                    ],
                    [
                      "Recoverable+Purgeable",
                      "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                    ],
                    [
                      "Recoverable",
                      "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                    ],
                    [
                      "Recoverable+ProtectedSubscription",
                      "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                    ],
                    [
                      "CustomizedRecoverable+Purgeable",
                      "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                    ],
                    [
                      "CustomizedRecoverable",
                      "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                    ],
                    [
                      "CustomizedRecoverable+ProtectedSubscription",
                      "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                    ]
                  ],
                  "old": [
                    [
                      "Purgeable",
                      "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                    ],
                    [
                      "Recoverable+Purgeable",
                      "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                    ],
                    [
                      "Recoverable",
                      "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                    ],
                    [
                      "Recoverable+ProtectedSubscription",
                      "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                    ],
                    [
                      "CustomizedRecoverable+Purgeable",
                      "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                    ],
                    [
                      "CustomizedRecoverable",
                      "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                    ],
                    [
                      "CustomizedRecoverable+ProtectedSubscription",
                      "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7<= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                    ]
                  ]
                }
              }
            ]
          },
          {
            "#name": "crv",
            "Enum": {
              "new": [
                [
                  "P-256",
                  "The NIST P-256 elliptic curve, AKA SECG curve SECP256R1."
                ],
                [
                  "P-384",
                  "The NIST P-384 elliptic curve, AKA SECG curve SECP384R1."
                ],
                [
                  "P-521",
                  "The NIST P-521 elliptic curve, AKA SECG curve SECP521R1."
                ],
                [
                  "P-256K",
                  "The SECG SECP256K1 elliptic curve."
                ]
              ],
              "old": [
                [
                  "P-256",
                  ""
                ],
                [
                  "P-384",
                  ""
                ],
                [
                  "P-521",
                  ""
                ],
                [
                  "P-256K",
                  ""
                ]
              ]
            }
          }
        ]
      }
    }
  ],
  "$responses": {
    "200": {
      "$properties": {
        "attributes": [
          {
            "@added_e73ee5f264084efc8b4b0b4a5004f30f": {
              "#name": "enabled",
              "Description": "Determines whether the object is enabled.",
              "Required": false,
              "Type": "boolean"
            }
          },
          {
            "@added_240dc49ce43a422ab67d66540ac8a863": {
              "#name": "nbf",
              "Description": "Not before date in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            }
          },
          {
            "@added_9ac495d766dd457ca4b25da4b5e2060e": {
              "#name": "exp",
              "Description": "Expiry date in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            }
          },
          {
            "@added_1ceb59fd0df04e27997c0656d4282b36": {
              "#name": "created",
              "Description": "Creation time in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            }
          },
          {
            "@added_673b0c3e53314fcf9e9356f7df5e3f08": {
              "#name": "updated",
              "Description": "Last updated time in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            }
          },
          {
            "#name": "recoveryLevel",
            "Enum": {
              "new": [
                [
                  "Purgeable",
                  "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                ],
                [
                  "Recoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "CustomizedRecoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                ],
                [
                  "CustomizedRecoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                ],
                [
                  "CustomizedRecoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                ]
              ],
              "old": [
                [
                  "Purgeable",
                  "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                ],
                [
                  "Recoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "CustomizedRecoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                ],
                [
                  "CustomizedRecoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                ],
                [
                  "CustomizedRecoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7<= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                ]
              ]
            }
          }
        ]
      }
    }
  }
}

⚼ Request

POST: /keys/{key-name}/create

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

key-name:

{

Description: The name for the new key. The system will generate the version name for the new key. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information. ,

Required: True ,

}

string ,

parameters:

{

Description: The parameters to create a key. ,

Required: True ,

}

{

kty:

{

Description: The type of key to create. For valid values, see JsonWebKeyType. ,

Enum:

{

EC: Elliptic Curve. ,

EC-HSM: Elliptic Curve with a private key which is stored in the HSM. ,

RSA: RSA (https://tools.ietf.org/html/rfc3447) ,

RSA-HSM: RSA with a private key which is stored in the HSM. ,

oct: Octet sequence (used to represent symmetric keys) ,

oct-HSM: Octet sequence (used to represent symmetric keys) which is stored the HSM. ,

}

Required: True ,

}

enum ,

key_size:

{

Description: The key size in bits. For example: 2048, 3072, or 4096 for RSA. ,

Format: int32 ,

Required: False ,

}

integer ,

public_exponent:

{

Description: The public exponent for a RSA key. ,

Format: int32 ,

Required: False ,

}

integer ,

key_ops:

{

Description: Json web key operations. For more information on possible key operations, see JsonWebKeyOperation. ,

Required: False ,

}

[

string ,

]

attributes:

{

Description: The attributes of a key managed by the key vault service. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

exportable:

{

Description: Indicates if the private key can be exported. Release policy must be provided when creating the first version of an exportable key. ,

Required: False ,

}

boolean ,

hsmPlatform:

{

Description: The underlying HSM Platform. ,

Required: False ,

}

string ,

}

tags:

{

Description: Application specific metadata in the form of key-value pairs. ,

Required: False ,

}

object ,

crv:

{

Description: Elliptic curve name. For valid values, see JsonWebKeyCurveName. ,

Enum:

{

P-256: The NIST P-256 elliptic curve, AKA SECG curve SECP256R1. ,

P-384: The NIST P-384 elliptic curve, AKA SECG curve SECP384R1. ,

P-521: The NIST P-521 elliptic curve, AKA SECG curve SECP521R1. ,

P-256K: The SECG SECP256K1 elliptic curve. ,

}

Required: False ,

}

enum ,

release_policy:

{

Description: The policy rules under which the key can be exported. ,

Required: False ,

}

{

contentType:

{

Description: Content type and version of key release policy ,

Required: False ,

}

string ,

immutable:

{

Description: Defines the mutability state of the policy. Once marked immutable, this flag cannot be reset and the policy cannot be changed under any circumstances. ,

Required: False ,

}

boolean ,

data:

{

Description: Blob encoding the policy rules under which the key can be released. Blob must be base64 URL encoded. ,

Format: base64url ,

Required: False ,

}

string ,

}

⚐ Response (200)

{

key:

{

Description: The Json web key. ,

Required: False ,

}

{

kid:

{

Description: Key identifier. ,

Required: False ,

}

string ,

kty:

{

Description: JsonWebKey Key Type (kty), as defined in https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40. ,

Enum:

{

EC: Elliptic Curve. ,

EC-HSM: Elliptic Curve with a private key which is stored in the HSM. ,

RSA: RSA (https://tools.ietf.org/html/rfc3447) ,

RSA-HSM: RSA with a private key which is stored in the HSM. ,

oct: Octet sequence (used to represent symmetric keys) ,

oct-HSM: Octet sequence (used to represent symmetric keys) which is stored the HSM. ,

}

Required: False ,

}

enum ,

key_ops:

{

Description: Json web key operations. For more information on possible key operations, see JsonWebKeyOperation. ,

Required: False ,

}

[

string ,

]

{

Description: RSA modulus. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA public exponent. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA private exponent, or the D component of an EC private key. ,

Format: base64url ,

Required: False ,

}

string ,

dp:

{

Description: RSA private key parameter. ,

Format: base64url ,

Required: False ,

}

string ,

dq:

{

Description: RSA private key parameter. ,

Format: base64url ,

Required: False ,

}

string ,

qi:

{

Description: RSA private key parameter. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA secret prime. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA secret prime, with p < q. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: Symmetric key. ,

Format: base64url ,

Required: False ,

}

string ,

key_hsm:

{

Description: Protected Key, used with 'Bring Your Own Key'. ,

Format: base64url ,

Required: False ,

}

string ,

crv:

{

Description: Elliptic curve name. For valid values, see JsonWebKeyCurveName. ,

Enum:

{

P-256: The NIST P-256 elliptic curve, AKA SECG curve SECP256R1. ,

P-384: The NIST P-384 elliptic curve, AKA SECG curve SECP384R1. ,

P-521: The NIST P-521 elliptic curve, AKA SECG curve SECP521R1. ,

P-256K: The SECG SECP256K1 elliptic curve. ,

}

Required: False ,

}

enum ,

{

Description: X component of an EC public key. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: Y component of an EC public key. ,

Format: base64url ,

Required: False ,

}

string ,

}

attributes:

{

Description: The key management attributes. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

exportable:

{

Description: Indicates if the private key can be exported. Release policy must be provided when creating the first version of an exportable key. ,

Required: False ,

}

boolean ,

hsmPlatform:

{

Description: The underlying HSM Platform. ,

Required: False ,

}

string ,

}

tags:

{

Description: Application specific metadata in the form of key-value pairs. ,

Required: False ,

}

object ,

managed:

{

Description: True if the key's lifetime is managed by key vault. If this is a key backing a certificate, then managed will be true. ,

Required: False ,

}

boolean ,

release_policy:

{

Description: The policy rules under which the key can be exported. ,

Required: False ,

}

{

contentType:

{

Description: Content type and version of key release policy ,

Required: False ,

}

string ,

immutable:

{

Description: Defines the mutability state of the policy. Once marked immutable, this flag cannot be reset and the policy cannot be changed under any circumstances. ,

Required: False ,

}

boolean ,

data:

{

Description: Blob encoding the policy rules under which the key can be released. Blob must be base64 URL encoded. ,

Format: base64url ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

RotateKey (updated)

Description	: The operation will rotate the key based on the key policy. It requires the keys/rotate permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "RotateKey",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    }
  ],
  "$responses": {
    "200": {
      "$properties": {
        "attributes": [
          {
            "@added_7c97e40fda2f40bd8fe4ebdfcb7ba7b5": {
              "#name": "enabled",
              "Description": "Determines whether the object is enabled.",
              "Required": false,
              "Type": "boolean"
            }
          },
          {
            "@added_7de735cf724b405c8004848a343289c8": {
              "#name": "nbf",
              "Description": "Not before date in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            }
          },
          {
            "@added_aadee68dda414f80aecd452b781cdb04": {
              "#name": "exp",
              "Description": "Expiry date in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            }
          },
          {
            "@added_5c33b245874149f99b0045e43562b1db": {
              "#name": "created",
              "Description": "Creation time in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            }
          },
          {
            "@added_067ac055a99b4c5184a14f8d2be1454d": {
              "#name": "updated",
              "Description": "Last updated time in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            }
          },
          {
            "#name": "recoveryLevel",
            "Enum": {
              "new": [
                [
                  "Purgeable",
                  "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                ],
                [
                  "Recoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "CustomizedRecoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                ],
                [
                  "CustomizedRecoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                ],
                [
                  "CustomizedRecoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                ]
              ],
              "old": [
                [
                  "Purgeable",
                  "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                ],
                [
                  "Recoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "CustomizedRecoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                ],
                [
                  "CustomizedRecoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                ],
                [
                  "CustomizedRecoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7<= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                ]
              ]
            }
          }
        ]
      }
    }
  }
}

⚼ Request

POST: /keys/{key-name}/rotate

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

key-name:

{

Description: The name of key to be rotated. The system will generate a new version in the specified key. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

key:

{

Description: The Json web key. ,

Required: False ,

}

{

kid:

{

Description: Key identifier. ,

Required: False ,

}

string ,

kty:

{

Description: JsonWebKey Key Type (kty), as defined in https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40. ,

Enum:

{

EC: Elliptic Curve. ,

EC-HSM: Elliptic Curve with a private key which is stored in the HSM. ,

RSA: RSA (https://tools.ietf.org/html/rfc3447) ,

RSA-HSM: RSA with a private key which is stored in the HSM. ,

oct: Octet sequence (used to represent symmetric keys) ,

oct-HSM: Octet sequence (used to represent symmetric keys) which is stored the HSM. ,

}

Required: False ,

}

enum ,

key_ops:

{

Description: Json web key operations. For more information on possible key operations, see JsonWebKeyOperation. ,

Required: False ,

}

[

string ,

]

{

Description: RSA modulus. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA public exponent. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA private exponent, or the D component of an EC private key. ,

Format: base64url ,

Required: False ,

}

string ,

dp:

{

Description: RSA private key parameter. ,

Format: base64url ,

Required: False ,

}

string ,

dq:

{

Description: RSA private key parameter. ,

Format: base64url ,

Required: False ,

}

string ,

qi:

{

Description: RSA private key parameter. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA secret prime. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA secret prime, with p < q. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: Symmetric key. ,

Format: base64url ,

Required: False ,

}

string ,

key_hsm:

{

Description: Protected Key, used with 'Bring Your Own Key'. ,

Format: base64url ,

Required: False ,

}

string ,

crv:

{

Description: Elliptic curve name. For valid values, see JsonWebKeyCurveName. ,

Enum:

{

P-256: The NIST P-256 elliptic curve, AKA SECG curve SECP256R1. ,

P-384: The NIST P-384 elliptic curve, AKA SECG curve SECP384R1. ,

P-521: The NIST P-521 elliptic curve, AKA SECG curve SECP521R1. ,

P-256K: The SECG SECP256K1 elliptic curve. ,

}

Required: False ,

}

enum ,

{

Description: X component of an EC public key. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: Y component of an EC public key. ,

Format: base64url ,

Required: False ,

}

string ,

}

attributes:

{

Description: The key management attributes. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

exportable:

{

Description: Indicates if the private key can be exported. Release policy must be provided when creating the first version of an exportable key. ,

Required: False ,

}

boolean ,

hsmPlatform:

{

Description: The underlying HSM Platform. ,

Required: False ,

}

string ,

}

tags:

{

Description: Application specific metadata in the form of key-value pairs. ,

Required: False ,

}

object ,

managed:

{

Description: True if the key's lifetime is managed by key vault. If this is a key backing a certificate, then managed will be true. ,

Required: False ,

}

boolean ,

release_policy:

{

Description: The policy rules under which the key can be exported. ,

Required: False ,

}

{

contentType:

{

Description: Content type and version of key release policy ,

Required: False ,

}

string ,

immutable:

{

Description: Defines the mutability state of the policy. Once marked immutable, this flag cannot be reset and the policy cannot be changed under any circumstances. ,

Required: False ,

}

boolean ,

data:

{

Description: Blob encoding the policy rules under which the key can be released. Blob must be base64 URL encoded. ,

Format: base64url ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

GetKeyRotationPolicy (updated)

Description	: The GetKeyRotationPolicy operation returns the specified key policy resources in the specified key vault. This operation requires the keys/get permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "GetKeyRotationPolicy",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    }
  ],
  "$responses": {
    "200": {
      "$properties": {
        "lifetimeActions": {
          "$properties": {
            "trigger": [
              {
                "#name": "timeAfterCreate",
                "Description": {
                  "new": "Time after creation to attempt to rotate. It only applies to rotate. It will be in ISO 8601 duration format. Example: 90 days : \"P90D\"",
                  "old": "Time after creation to attempt to rotate. It only applies to rotate. It will be in ISO 8601 duration format. Example: 90 days : \"P90D\"  "
                }
              }
            ]
          }
        }
      }
    }
  }
}

⚼ Request

GET: /keys/{key-name}/rotationpolicy

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

key-name:

{

Description: The name of the key in a given key vault. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

id:

{

Description: The key policy id. ,

Required: False ,

}

string ,

lifetimeActions:

{

Description: Actions that will be performed by Key Vault over the lifetime of a key. For preview, lifetimeActions can only have two items at maximum: one for rotate, one for notify. Notification time would be default to 30 days before expiry and it is not configurable. ,

Required: False ,

}

[

{

trigger:

{

Description: The condition that will execute the action. ,

Required: False ,

}

{

timeAfterCreate:

{

Description: Time after creation to attempt to rotate. It only applies to rotate. It will be in ISO 8601 duration format. Example: 90 days : "P90D" ,

Required: False ,

}

string ,

timeBeforeExpiry:

{

Description: Time before expiry to attempt to rotate or notify. It will be in ISO 8601 duration format. Example: 90 days : "P90D" ,

Required: False ,

}

string ,

}

action:

{

Description: The action that will be executed. ,

Required: False ,

}

{

type:

{

Description: The type of the action. The value should be compared case-insensitively. ,

Enum:

{

Rotate: Rotate the key based on the key policy. ,

Notify: Trigger Event Grid events. Defaults to 30 days before expiry. Key Vault only. ,

}

Required: False ,

}

enum ,

}

]

attributes:

{

Description: The key rotation policy attributes. ,

Required: False ,

}

{

expiryTime:

{

Description: The expiryTime will be applied on the new key version. It should be at least 28 days. It will be in ISO 8601 Format. Examples: 90 days: P90D, 3 months: P3M, 48 hours: PT48H, 1 year and 10 days: P1Y10D ,

Required: False ,

}

string ,

created:

{

Description: The key rotation policy created time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: The key rotation policy's last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

UpdateKeyRotationPolicy (updated)

Description	: Set specified members in the key policy. Leave others as undefined. This operation requires the keys/update permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "UpdateKeyRotationPolicy",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    },
    {
      "keyRotationPolicy": {
        "$properties": {
          "lifetimeActions": {
            "$properties": {
              "trigger": [
                {
                  "#name": "timeAfterCreate",
                  "Description": {
                    "new": "Time after creation to attempt to rotate. It only applies to rotate. It will be in ISO 8601 duration format. Example: 90 days : \"P90D\"",
                    "old": "Time after creation to attempt to rotate. It only applies to rotate. It will be in ISO 8601 duration format. Example: 90 days : \"P90D\"  "
                  }
                }
              ]
            }
          }
        }
      }
    }
  ],
  "$responses": {
    "200": {
      "$properties": {
        "lifetimeActions": {
          "$properties": {
            "trigger": [
              {
                "#name": "timeAfterCreate",
                "Description": {
                  "new": "Time after creation to attempt to rotate. It only applies to rotate. It will be in ISO 8601 duration format. Example: 90 days : \"P90D\"",
                  "old": "Time after creation to attempt to rotate. It only applies to rotate. It will be in ISO 8601 duration format. Example: 90 days : \"P90D\"  "
                }
              }
            ]
          }
        }
      }
    }
  }
}

⚼ Request

PUT: /keys/{key-name}/rotationpolicy

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

key-name:

{

Description: The name of the key in the given vault. ,

Required: True ,

}

string ,

keyRotationPolicy:

{

Description: The policy for the key. ,

Required: True ,

}

{

id:

{

Description: The key policy id. ,

Required: False ,

}

string ,

lifetimeActions:

{

Required: False ,

}

[

{

trigger:

{

Description: The condition that will execute the action. ,

Required: False ,

}

{

timeAfterCreate:

{

Description: Time after creation to attempt to rotate. It only applies to rotate. It will be in ISO 8601 duration format. Example: 90 days : "P90D" ,

Required: False ,

}

string ,

timeBeforeExpiry:

{

Description: Time before expiry to attempt to rotate or notify. It will be in ISO 8601 duration format. Example: 90 days : "P90D" ,

Required: False ,

}

string ,

}

action:

{

Description: The action that will be executed. ,

Required: False ,

}

{

type:

{

Description: The type of the action. The value should be compared case-insensitively. ,

Enum:

{

Rotate: Rotate the key based on the key policy. ,

Notify: Trigger Event Grid events. Defaults to 30 days before expiry. Key Vault only. ,

}

Required: False ,

}

enum ,

}

]

attributes:

{

Description: The key rotation policy attributes. ,

Required: False ,

}

{

expiryTime:

{

Required: False ,

}

string ,

created:

{

Description: The key rotation policy created time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: The key rotation policy's last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

}

⚐ Response (200)

{

id:

{

Description: The key policy id. ,

Required: False ,

}

string ,

lifetimeActions:

{

Required: False ,

}

[

{

trigger:

{

Description: The condition that will execute the action. ,

Required: False ,

}

{

timeAfterCreate:

{

Description: Time after creation to attempt to rotate. It only applies to rotate. It will be in ISO 8601 duration format. Example: 90 days : "P90D" ,

Required: False ,

}

string ,

timeBeforeExpiry:

{

Description: Time before expiry to attempt to rotate or notify. It will be in ISO 8601 duration format. Example: 90 days : "P90D" ,

Required: False ,

}

string ,

}

action:

{

Description: The action that will be executed. ,

Required: False ,

}

{

type:

{

Description: The type of the action. The value should be compared case-insensitively. ,

Enum:

{

Rotate: Rotate the key based on the key policy. ,

Notify: Trigger Event Grid events. Defaults to 30 days before expiry. Key Vault only. ,

}

Required: False ,

}

enum ,

}

]

attributes:

{

Description: The key rotation policy attributes. ,

Required: False ,

}

{

expiryTime:

{

Required: False ,

}

string ,

created:

{

Description: The key rotation policy created time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: The key rotation policy's last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

GetKeyVersions (updated)

Description	: The full key identifier, attributes, and tags are provided in the response. This operation requires the keys/list permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "GetKeyVersions",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    }
  ],
  "$responses": {
    "200": {
      "$properties": {
        "value": {
          "$properties": {
            "attributes": [
              {
                "@added_2839e2446c2b4fd894a622bc40fd572b": {
                  "#name": "enabled",
                  "Description": "Determines whether the object is enabled.",
                  "Required": false,
                  "Type": "boolean"
                }
              },
              {
                "@added_6f446c9daf2e420db70add4e4c19e177": {
                  "#name": "nbf",
                  "Description": "Not before date in UTC.",
                  "Format": "unixtime",
                  "Required": false,
                  "Type": "integer"
                }
              },
              {
                "@added_d99d40fa9eed444d868176e16e227a5a": {
                  "#name": "exp",
                  "Description": "Expiry date in UTC.",
                  "Format": "unixtime",
                  "Required": false,
                  "Type": "integer"
                }
              },
              {
                "@added_1679d8ad83034a34a8ef2f8bcc9e78a3": {
                  "#name": "created",
                  "Description": "Creation time in UTC.",
                  "Format": "unixtime",
                  "Required": false,
                  "Type": "integer"
                }
              },
              {
                "@added_1cc1013bf7394047960b6b56ed4fbea0": {
                  "#name": "updated",
                  "Description": "Last updated time in UTC.",
                  "Format": "unixtime",
                  "Required": false,
                  "Type": "integer"
                }
              },
              {
                "#name": "recoveryLevel",
                "Enum": {
                  "new": [
                    [
                      "Purgeable",
                      "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                    ],
                    [
                      "Recoverable+Purgeable",
                      "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                    ],
                    [
                      "Recoverable",
                      "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                    ],
                    [
                      "Recoverable+ProtectedSubscription",
                      "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                    ],
                    [
                      "CustomizedRecoverable+Purgeable",
                      "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                    ],
                    [
                      "CustomizedRecoverable",
                      "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                    ],
                    [
                      "CustomizedRecoverable+ProtectedSubscription",
                      "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                    ]
                  ],
                  "old": [
                    [
                      "Purgeable",
                      "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                    ],
                    [
                      "Recoverable+Purgeable",
                      "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                    ],
                    [
                      "Recoverable",
                      "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                    ],
                    [
                      "Recoverable+ProtectedSubscription",
                      "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                    ],
                    [
                      "CustomizedRecoverable+Purgeable",
                      "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                    ],
                    [
                      "CustomizedRecoverable",
                      "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                    ],
                    [
                      "CustomizedRecoverable+ProtectedSubscription",
                      "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7<= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                    ]
                  ]
                }
              }
            ]
          }
        }
      }
    }
  }
}

⚼ Request

GET: /keys/{key-name}/versions

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

key-name:

{

Description: The name of the key. ,

Required: True ,

}

string ,

maxresults:

{

Description: Maximum number of results to return in a page. If not specified the service will return up to 25 results. ,

Format: int32 ,

Required: False ,

}

integer ,

}

⚐ Response (200)

{

value:

{

Description: A response message containing a list of keys in the key vault along with a link to the next page of keys. ,

Required: False ,

}

[

{

kid:

{

Description: Key identifier. ,

Required: False ,

}

string ,

attributes:

{

Description: The key management attributes. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

exportable:

{

Description: Indicates if the private key can be exported. Release policy must be provided when creating the first version of an exportable key. ,

Required: False ,

}

boolean ,

hsmPlatform:

{

Description: The underlying HSM Platform. ,

Required: False ,

}

string ,

}

tags:

{

Description: Application specific metadata in the form of key-value pairs. ,

Required: False ,

}

object ,

managed:

{

Description: True if the key's lifetime is managed by key vault. If this is a key backing a certificate, then managed will be true. ,

Required: False ,

}

boolean ,

}

]

nextLink:

{

Description: The URL to get the next set of keys. ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

RestoreKey (updated)

Description

: Imports a previously backed up key into Azure Key Vault, restoring the key, its key identifier, attributes and access control policies. The RESTORE operation may be used to import a previously backed up key. Individual versions of a key cannot be restored. The key is restored in its entirety with the same key name as it had when it was backed up. If the key name is not available in the target Key Vault, the RESTORE operation will be rejected. While the key name is retained during restore, the final key identifier will change if the key is restored to a different vault. Restore will restore all versions and preserve version identifiers. The RESTORE operation is subject to security constraints: The target Key Vault must be owned by the same Microsoft Azure Subscription as the source Key Vault The user must have RESTORE permission in the target Key Vault. This operation requires the keys/restore permission.

Reference

: Link ¶

⚶ Changes

{
  "#id": "RestoreKey",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    }
  ],
  "$responses": {
    "200": {
      "$properties": {
        "attributes": [
          {
            "@added_37e693b3a2194e79b1722ea6e81fb3f2": {
              "#name": "enabled",
              "Description": "Determines whether the object is enabled.",
              "Required": false,
              "Type": "boolean"
            }
          },
          {
            "@added_afa1370c7d234d95895c45189582a6a7": {
              "#name": "nbf",
              "Description": "Not before date in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            }
          },
          {
            "@added_6ae71a0c00e24e7b8c984d6d4065658e": {
              "#name": "exp",
              "Description": "Expiry date in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            }
          },
          {
            "@added_e403e230868c43128a01efddfcb989fa": {
              "#name": "created",
              "Description": "Creation time in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            }
          },
          {
            "@added_8bb43f5b51e64e4aae52d8aa67bc927d": {
              "#name": "updated",
              "Description": "Last updated time in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            }
          },
          {
            "#name": "recoveryLevel",
            "Enum": {
              "new": [
                [
                  "Purgeable",
                  "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                ],
                [
                  "Recoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "CustomizedRecoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                ],
                [
                  "CustomizedRecoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                ],
                [
                  "CustomizedRecoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                ]
              ],
              "old": [
                [
                  "Purgeable",
                  "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                ],
                [
                  "Recoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "CustomizedRecoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                ],
                [
                  "CustomizedRecoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                ],
                [
                  "CustomizedRecoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7<= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                ]
              ]
            }
          }
        ]
      }
    }
  }
}

⚼ Request

POST: /keys/restore

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

parameters:

{

Description: The parameters to restore the key. ,

Required: True ,

}

{

value:

{

Description: The backup blob associated with a key bundle. ,

Format: base64url ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

key:

{

Description: The Json web key. ,

Required: False ,

}

{

kid:

{

Description: Key identifier. ,

Required: False ,

}

string ,

kty:

{

Description: JsonWebKey Key Type (kty), as defined in https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40. ,

Enum:

{

EC: Elliptic Curve. ,

EC-HSM: Elliptic Curve with a private key which is stored in the HSM. ,

RSA: RSA (https://tools.ietf.org/html/rfc3447) ,

RSA-HSM: RSA with a private key which is stored in the HSM. ,

oct: Octet sequence (used to represent symmetric keys) ,

oct-HSM: Octet sequence (used to represent symmetric keys) which is stored the HSM. ,

}

Required: False ,

}

enum ,

key_ops:

{

Description: Json web key operations. For more information on possible key operations, see JsonWebKeyOperation. ,

Required: False ,

}

[

string ,

]

{

Description: RSA modulus. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA public exponent. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA private exponent, or the D component of an EC private key. ,

Format: base64url ,

Required: False ,

}

string ,

dp:

{

Description: RSA private key parameter. ,

Format: base64url ,

Required: False ,

}

string ,

dq:

{

Description: RSA private key parameter. ,

Format: base64url ,

Required: False ,

}

string ,

qi:

{

Description: RSA private key parameter. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA secret prime. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: RSA secret prime, with p < q. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: Symmetric key. ,

Format: base64url ,

Required: False ,

}

string ,

key_hsm:

{

Description: Protected Key, used with 'Bring Your Own Key'. ,

Format: base64url ,

Required: False ,

}

string ,

crv:

{

Description: Elliptic curve name. For valid values, see JsonWebKeyCurveName. ,

Enum:

{

P-256: The NIST P-256 elliptic curve, AKA SECG curve SECP256R1. ,

P-384: The NIST P-384 elliptic curve, AKA SECG curve SECP384R1. ,

P-521: The NIST P-521 elliptic curve, AKA SECG curve SECP521R1. ,

P-256K: The SECG SECP256K1 elliptic curve. ,

}

Required: False ,

}

enum ,

{

Description: X component of an EC public key. ,

Format: base64url ,

Required: False ,

}

string ,

{

Description: Y component of an EC public key. ,

Format: base64url ,

Required: False ,

}

string ,

}

attributes:

{

Description: The key management attributes. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

exportable:

{

Description: Indicates if the private key can be exported. Release policy must be provided when creating the first version of an exportable key. ,

Required: False ,

}

boolean ,

hsmPlatform:

{

Description: The underlying HSM Platform. ,

Required: False ,

}

string ,

}

tags:

{

Description: Application specific metadata in the form of key-value pairs. ,

Required: False ,

}

object ,

managed:

{

Description: True if the key's lifetime is managed by key vault. If this is a key backing a certificate, then managed will be true. ,

Required: False ,

}

boolean ,

release_policy:

{

Description: The policy rules under which the key can be exported. ,

Required: False ,

}

{

contentType:

{

Description: Content type and version of key release policy ,

Required: False ,

}

string ,

immutable:

{

Description: Defines the mutability state of the policy. Once marked immutable, this flag cannot be reset and the policy cannot be changed under any circumstances. ,

Required: False ,

}

boolean ,

data:

{

Description: Blob encoding the policy rules under which the key can be released. Blob must be base64 URL encoded. ,

Format: base64url ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

GetRandomBytes (updated)

Description	: Get the requested number of bytes containing random values from a managed HSM.
Reference	: Link ¶

⚶ Changes

{
  "#id": "GetRandomBytes",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    }
  ]
}

⚼ Request

POST: /rng

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

parameters:

{

Description: The request object to get random bytes. ,

Required: True ,

}

{

count:

{

Description: The requested number of random bytes. ,

Format: int32 ,

Required: True ,

}

integer ,

}

⚐ Response (200)

{

value:

{

Description: The bytes encoded as a base64url string. ,

Format: base64url ,

Required: True ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

Microsoft.KeyVault (stable:7.5)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (204)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)