Changelog of Azure APIs

2025/01/16 • 27 updated methods

GetCertificates (updated)

Description	: The GetCertificates operation returns the set of certificates resources in the specified key vault. This operation requires the certificates/list permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "GetCertificates",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    }
  ],
  "$responses": {
    "200": {
      "$properties": {
        "value": {
          "$properties": {
            "attributes": [
              {
                "@added_e7efe416acf647abaa11d12216719934": {
                  "#name": "enabled",
                  "Description": "Determines whether the object is enabled.",
                  "Required": false,
                  "Type": "boolean"
                }
              },
              {
                "@added_efd976acbdfe464fa452d3015bb17b3e": {
                  "#name": "nbf",
                  "Description": "Not before date in UTC.",
                  "Format": "unixtime",
                  "Required": false,
                  "Type": "integer"
                }
              },
              {
                "@added_defb064e73604ec5866ba484104743a5": {
                  "#name": "exp",
                  "Description": "Expiry date in UTC.",
                  "Format": "unixtime",
                  "Required": false,
                  "Type": "integer"
                }
              },
              {
                "@added_732a7af494674d7ab4f28e1bc2e7a616": {
                  "#name": "created",
                  "Description": "Creation time in UTC.",
                  "Format": "unixtime",
                  "Required": false,
                  "Type": "integer"
                }
              },
              {
                "@added_ef6b6ffb4bc64141b48922ffba3648f0": {
                  "#name": "updated",
                  "Description": "Last updated time in UTC.",
                  "Format": "unixtime",
                  "Required": false,
                  "Type": "integer"
                }
              },
              {
                "#name": "recoveryLevel",
                "Enum": {
                  "new": [
                    [
                      "Purgeable",
                      "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                    ],
                    [
                      "Recoverable+Purgeable",
                      "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                    ],
                    [
                      "Recoverable",
                      "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                    ],
                    [
                      "Recoverable+ProtectedSubscription",
                      "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                    ],
                    [
                      "CustomizedRecoverable+Purgeable",
                      "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                    ],
                    [
                      "CustomizedRecoverable",
                      "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                    ],
                    [
                      "CustomizedRecoverable+ProtectedSubscription",
                      "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                    ]
                  ],
                  "old": [
                    [
                      "Purgeable",
                      "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                    ],
                    [
                      "Recoverable+Purgeable",
                      "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                    ],
                    [
                      "Recoverable",
                      "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                    ],
                    [
                      "Recoverable+ProtectedSubscription",
                      "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                    ],
                    [
                      "CustomizedRecoverable+Purgeable",
                      "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                    ],
                    [
                      "CustomizedRecoverable",
                      "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                    ],
                    [
                      "CustomizedRecoverable+ProtectedSubscription",
                      "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7<= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                    ]
                  ]
                }
              }
            ]
          }
        }
      }
    }
  }
}

⚼ Request

GET: /certificates

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

maxresults:

{

Description: Maximum number of results to return in a page. If not specified the service will return up to 25 results. ,

Format: int32 ,

Required: False ,

}

integer ,

includePending:

{

Description: Specifies whether to include certificates which are not completely provisioned. ,

Required: False ,

}

boolean ,

}

⚐ Response (200)

{

value:

{

Description: A response message containing a list of certificates in the key vault along with a link to the next page of certificates. ,

Required: False ,

}

[

{

id:

{

Description: Certificate identifier. ,

Required: False ,

}

string ,

attributes:

{

Description: The certificate management attributes. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Description: Reflects the deletion recovery level currently in effect for certificates in the current vault. If it contains 'Purgeable', the certificate can be permanently deleted by a privileged user; otherwise, only the system can purge the certificate, at the end of the retention interval. ,

Enum:

{

Purgeable: Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.) ,

Recoverable+Purgeable: Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered ,

Recoverable: Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered ,

Recoverable+ProtectedSubscription: Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered ,

CustomizedRecoverable+Purgeable: Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled. ,

CustomizedRecoverable: Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available. ,

CustomizedRecoverable+ProtectedSubscription: Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled. ,

}

Required: False ,

}

enum ,

}

tags:

{

Description: Application specific metadata in the form of key-value pairs. ,

Required: False ,

}

object ,

x5t:

{

Description: Thumbprint of the certificate. ,

Format: base64url ,

Required: False ,

}

string ,

}

]

nextLink:

{

Description: The URL to get the next set of certificates. ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

DeleteCertificate (updated)

Description	: Deletes all versions of a certificate object along with its associated policy. Delete certificate cannot be used to remove individual versions of a certificate object. This operation requires the certificates/delete permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "DeleteCertificate",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    }
  ],
  "$responses": {
    "200": {
      "$properties": {
        "@added_ebe7d06a9c12443f8bf4994171dcd206": {
          "#name": "id",
          "Description": "The certificate id.",
          "Required": false,
          "Type": "string"
        },
        "@added_20718008c14b4c189c6043ce83f5f7d3": {
          "#name": "kid",
          "Description": "The key id.",
          "Required": false,
          "Type": "string"
        },
        "@added_72079bffdd2c4be1bdda6600593f99e9": {
          "#name": "sid",
          "Description": "The secret id.",
          "Required": false,
          "Type": "string"
        },
        "@added_df697da100b74059a380738179bd46f7": {
          "#name": "x5t",
          "Description": "Thumbprint of the certificate.",
          "Format": "base64url",
          "Required": false,
          "Type": "string"
        },
        "@added_482faceb952a48969269b8b4364110a6": {
          "#name": "policy",
          "Description": "The management policy.",
          "Required": false,
          "Type": "object",
          "$properties": [
            {
              "#name": "id",
              "Description": "The certificate id.",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "key_props",
              "Description": "Properties of the key backing a certificate.",
              "Required": false,
              "Type": "object",
              "$properties": [
                {
                  "#name": "exportable",
                  "Description": "Indicates if the private key can be exported. Release policy must be provided when creating the first version of an exportable key.",
                  "Required": false,
                  "Type": "boolean"
                },
                {
                  "#name": "kty",
                  "Description": "The type of key pair to be used for the certificate.",
                  "Enum": [
                    [
                      "EC",
                      "Elliptic Curve."
                    ],
                    [
                      "EC-HSM",
                      "Elliptic Curve with a private key which is not exportable from the HSM."
                    ],
                    [
                      "RSA",
                      "RSA (https://tools.ietf.org/html/rfc3447)."
                    ],
                    [
                      "RSA-HSM",
                      "RSA with a private key which is not exportable from the HSM."
                    ],
                    [
                      "oct",
                      "Octet sequence (used to represent symmetric keys)."
                    ],
                    [
                      "oct-HSM",
                      "Octet sequence with a private key which is not exportable from the HSM."
                    ]
                  ],
                  "Required": false,
                  "Type": "string"
                },
                {
                  "#name": "key_size",
                  "Description": "The key size in bits. For example: 2048, 3072, or 4096 for RSA.",
                  "Format": "int32",
                  "Required": false,
                  "Type": "integer"
                },
                {
                  "#name": "reuse_key",
                  "Description": "Indicates if the same key pair will be used on certificate renewal.",
                  "Required": false,
                  "Type": "boolean"
                },
                {
                  "#name": "crv",
                  "Description": "Elliptic curve name. For valid values, see JsonWebKeyCurveName.",
                  "Enum": [
                    [
                      "P-256",
                      "The NIST P-256 elliptic curve, AKA SECG curve SECP256R1."
                    ],
                    [
                      "P-384",
                      "The NIST P-384 elliptic curve, AKA SECG curve SECP384R1."
                    ],
                    [
                      "P-521",
                      "The NIST P-521 elliptic curve, AKA SECG curve SECP521R1."
                    ],
                    [
                      "P-256K",
                      "The SECG SECP256K1 elliptic curve."
                    ]
                  ],
                  "Required": false,
                  "Type": "string"
                }
              ]
            },
            {
              "#name": "secret_props",
              "Description": "Properties of the secret backing a certificate.",
              "Required": false,
              "Type": "object",
              "$properties": [
                {
                  "#name": "contentType",
                  "Description": "The media type (MIME type).",
                  "Required": false,
                  "Type": "string"
                }
              ]
            },
            {
              "#name": "x509_props",
              "Description": "Properties of the X509 component of a certificate.",
              "Required": false,
              "Type": "object",
              "$properties": [
                {
                  "#name": "subject",
                  "Description": "The subject name. Should be a valid X509 distinguished Name.",
                  "Required": false,
                  "Type": "string"
                },
                {
                  "#name": "ekus",
                  "Description": "The enhanced key usage.",
                  "Required": false,
                  "Type": "array",
                  "$items": {
                    "Type": "string"
                  }
                },
                {
                  "#name": "sans",
                  "Description": "The subject alternative names.",
                  "Required": false,
                  "Type": "object",
                  "$properties": [
                    {
                      "#name": "emails",
                      "Description": "Email addresses.",
                      "Required": false,
                      "Type": "array",
                      "$items": {
                        "Type": "string"
                      }
                    },
                    {
                      "#name": "dns_names",
                      "Description": "Domain names.",
                      "Required": false,
                      "Type": "array",
                      "$items": {
                        "Type": "string"
                      }
                    },
                    {
                      "#name": "upns",
                      "Description": "User principal names.",
                      "Required": false,
                      "Type": "array",
                      "$items": {
                        "Type": "string"
                      }
                    }
                  ]
                },
                {
                  "#name": "key_usage",
                  "Description": "Defines how the certificate's key may be used.",
                  "Required": false,
                  "Type": "array",
                  "$items": {
                    "Description": "Supported usages of a certificate key.",
                    "Enum": [
                      [
                        "digitalSignature",
                        "Indicates that the certificate key can be used as a digital signature."
                      ],
                      [
                        "nonRepudiation",
                        "Indicates that the certificate key can be used for authentication."
                      ],
                      [
                        "keyEncipherment",
                        "Indicates that the certificate key can be used for key encryption."
                      ],
                      [
                        "dataEncipherment",
                        "Indicates that the certificate key can be used for data encryption."
                      ],
                      [
                        "keyAgreement",
                        "Indicates that the certificate key can be used to determine key agreement, such as a key created using the Diffie-Hellman key agreement algorithm."
                      ],
                      [
                        "keyCertSign",
                        "Indicates that the certificate key can be used to sign certificates."
                      ],
                      [
                        "cRLSign",
                        "Indicates that the certificate key can be used to sign a certificate revocation list."
                      ],
                      [
                        "encipherOnly",
                        "Indicates that the certificate key can be used for encryption only."
                      ],
                      [
                        "decipherOnly",
                        "Indicates that the certificate key can be used for decryption only."
                      ]
                    ],
                    "Type": "string"
                  }
                },
                {
                  "#name": "validity_months",
                  "Description": "The duration that the certificate is valid in months.",
                  "Format": "int32",
                  "Required": false,
                  "Type": "integer"
                }
              ]
            },
            {
              "#name": "lifetime_actions",
              "Description": "Actions that will be performed by Key Vault over the lifetime of a certificate.",
              "Required": false,
              "Type": "array",
              "$items": {
                "Description": "Action and its trigger that will be performed by Key Vault over the lifetime of a certificate.",
                "Type": "object",
                "$properties": [
                  {
                    "#name": "trigger",
                    "Description": "The condition that will execute the action.",
                    "Required": false,
                    "Type": "object",
                    "$properties": [
                      {
                        "#name": "lifetime_percentage",
                        "Description": "Percentage of lifetime at which to trigger. Value should be between 1 and 99.",
                        "Format": "int32",
                        "Required": false,
                        "Type": "integer"
                      },
                      {
                        "#name": "days_before_expiry",
                        "Description": "Days before expiry to attempt renewal. Value should be between 1 and validity_in_months multiplied by 27. If validity_in_months is 36, then value should be between 1 and 972 (36 * 27).",
                        "Format": "int32",
                        "Required": false,
                        "Type": "integer"
                      }
                    ]
                  },
                  {
                    "#name": "action",
                    "Description": "The action that will be executed.",
                    "Required": false,
                    "Type": "object",
                    "$properties": [
                      {
                        "#name": "action_type",
                        "Description": "The type of the action.",
                        "Enum": [
                          [
                            "EmailContacts",
                            "A certificate policy that will email certificate contacts."
                          ],
                          [
                            "AutoRenew",
                            "A certificate policy that will auto-renew a certificate."
                          ]
                        ],
                        "Required": false,
                        "Type": "string"
                      }
                    ]
                  }
                ]
              }
            },
            {
              "#name": "issuer",
              "Description": "Parameters for the issuer of the X509 component of a certificate.",
              "Required": false,
              "Type": "object",
              "$properties": [
                {
                  "#name": "name",
                  "Description": "Name of the referenced issuer object or reserved names; for example, 'Self' or 'Unknown'.",
                  "Required": false,
                  "Type": "string"
                },
                {
                  "#name": "cty",
                  "Description": "Certificate type as supported by the provider (optional); for example 'OV-SSL', 'EV-SSL'",
                  "Required": false,
                  "Type": "string"
                },
                {
                  "#name": "cert_transparency",
                  "Description": "Indicates if the certificates generated under this policy should be published to certificate transparency logs.",
                  "Required": false,
                  "Type": "boolean"
                }
              ]
            },
            {
              "#name": "attributes",
              "Description": "The certificate attributes.",
              "Required": false,
              "Type": "object",
              "$properties": [
                {
                  "#name": "enabled",
                  "Description": "Determines whether the object is enabled.",
                  "Required": false,
                  "Type": "boolean"
                },
                {
                  "#name": "nbf",
                  "Description": "Not before date in UTC.",
                  "Format": "unixtime",
                  "Required": false,
                  "Type": "integer"
                },
                {
                  "#name": "exp",
                  "Description": "Expiry date in UTC.",
                  "Format": "unixtime",
                  "Required": false,
                  "Type": "integer"
                },
                {
                  "#name": "created",
                  "Description": "Creation time in UTC.",
                  "Format": "unixtime",
                  "Required": false,
                  "Type": "integer"
                },
                {
                  "#name": "updated",
                  "Description": "Last updated time in UTC.",
                  "Format": "unixtime",
                  "Required": false,
                  "Type": "integer"
                },
                {
                  "#name": "recoverableDays",
                  "Description": "softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0.",
                  "Format": "int32",
                  "Required": false,
                  "Type": "integer"
                },
                {
                  "#name": "recoveryLevel",
                  "Description": "Reflects the deletion recovery level currently in effect for certificates in the current vault. If it contains 'Purgeable', the certificate can be permanently deleted by a privileged user; otherwise, only the system can purge the certificate, at the end of the retention interval.",
                  "Enum": [
                    [
                      "Purgeable",
                      "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                    ],
                    [
                      "Recoverable+Purgeable",
                      "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                    ],
                    [
                      "Recoverable",
                      "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                    ],
                    [
                      "Recoverable+ProtectedSubscription",
                      "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                    ],
                    [
                      "CustomizedRecoverable+Purgeable",
                      "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                    ],
                    [
                      "CustomizedRecoverable",
                      "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                    ],
                    [
                      "CustomizedRecoverable+ProtectedSubscription",
                      "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                    ]
                  ],
                  "Required": false,
                  "Type": "string"
                }
              ]
            }
          ]
        },
        "@added_5a5baf7bb8de472c888b7737f0e8e9c2": {
          "#name": "cer",
          "Description": "CER contents of x509 certificate.",
          "Format": "byte",
          "Required": false,
          "Type": "string"
        },
        "@added_7258aaed8d164b31a7d9591983cc771a": {
          "#name": "contentType",
          "Description": "The content type of the secret. eg. 'application/x-pem-file' or 'application/x-pkcs12',",
          "Required": false,
          "Type": "string"
        },
        "@added_17b60757e72845aebf72a18d6ecf9af4": {
          "#name": "attributes",
          "Description": "The certificate attributes.",
          "Required": false,
          "Type": "object",
          "$properties": [
            {
              "#name": "enabled",
              "Description": "Determines whether the object is enabled.",
              "Required": false,
              "Type": "boolean"
            },
            {
              "#name": "nbf",
              "Description": "Not before date in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            },
            {
              "#name": "exp",
              "Description": "Expiry date in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            },
            {
              "#name": "created",
              "Description": "Creation time in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            },
            {
              "#name": "updated",
              "Description": "Last updated time in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            },
            {
              "#name": "recoverableDays",
              "Description": "softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0.",
              "Format": "int32",
              "Required": false,
              "Type": "integer"
            },
            {
              "#name": "recoveryLevel",
              "Description": "Reflects the deletion recovery level currently in effect for certificates in the current vault. If it contains 'Purgeable', the certificate can be permanently deleted by a privileged user; otherwise, only the system can purge the certificate, at the end of the retention interval.",
              "Enum": [
                [
                  "Purgeable",
                  "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                ],
                [
                  "Recoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "CustomizedRecoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                ],
                [
                  "CustomizedRecoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                ],
                [
                  "CustomizedRecoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                ]
              ],
              "Required": false,
              "Type": "string"
            }
          ]
        },
        "@added_e9f033681ef34c1c9edac9c954ef455f": {
          "#name": "tags",
          "Description": "Application specific metadata in the form of key-value pairs",
          "Required": false,
          "Type": "object"
        }
      }
    }
  }
}

⚼ Request

DELETE: /certificates/{certificate-name}

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

certificate-name:

{

Description: The name of the certificate. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

id:

{

Description: The certificate id. ,

Required: False ,

}

string ,

kid:

{

Description: The key id. ,

Required: False ,

}

string ,

sid:

{

Description: The secret id. ,

Required: False ,

}

string ,

x5t:

{

Description: Thumbprint of the certificate. ,

Format: base64url ,

Required: False ,

}

string ,

policy:

{

Description: The management policy. ,

Required: False ,

}

{

id:

{

Description: The certificate id. ,

Required: False ,

}

string ,

key_props:

{

Description: Properties of the key backing a certificate. ,

Required: False ,

}

{

exportable:

{

Description: Indicates if the private key can be exported. Release policy must be provided when creating the first version of an exportable key. ,

Required: False ,

}

boolean ,

kty:

{

Description: The type of key pair to be used for the certificate. ,

Enum:

{

EC: Elliptic Curve. ,

EC-HSM: Elliptic Curve with a private key which is not exportable from the HSM. ,

RSA: RSA (https://tools.ietf.org/html/rfc3447). ,

RSA-HSM: RSA with a private key which is not exportable from the HSM. ,

oct: Octet sequence (used to represent symmetric keys). ,

oct-HSM: Octet sequence with a private key which is not exportable from the HSM. ,

}

Required: False ,

}

enum ,

key_size:

{

Description: The key size in bits. For example: 2048, 3072, or 4096 for RSA. ,

Format: int32 ,

Required: False ,

}

integer ,

reuse_key:

{

Description: Indicates if the same key pair will be used on certificate renewal. ,

Required: False ,

}

boolean ,

crv:

{

Description: Elliptic curve name. For valid values, see JsonWebKeyCurveName. ,

Enum:

{

P-256: The NIST P-256 elliptic curve, AKA SECG curve SECP256R1. ,

P-384: The NIST P-384 elliptic curve, AKA SECG curve SECP384R1. ,

P-521: The NIST P-521 elliptic curve, AKA SECG curve SECP521R1. ,

P-256K: The SECG SECP256K1 elliptic curve. ,

}

Required: False ,

}

enum ,

}

secret_props:

{

Description: Properties of the secret backing a certificate. ,

Required: False ,

}

{

contentType:

{

Description: The media type (MIME type). ,

Required: False ,

}

string ,

}

x509_props:

{

Description: Properties of the X509 component of a certificate. ,

Required: False ,

}

{

subject:

{

Description: The subject name. Should be a valid X509 distinguished Name. ,

Required: False ,

}

string ,

ekus:

{

Description: The enhanced key usage. ,

Required: False ,

}

[

string ,

]

sans:

{

Description: The subject alternative names. ,

Required: False ,

}

{

emails:

{

Description: Email addresses. ,

Required: False ,

}

[

string ,

]

dns_names:

{

Description: Domain names. ,

Required: False ,

}

[

string ,

]

upns:

{

Description: User principal names. ,

Required: False ,

}

[

string ,

]

}

key_usage:

{

Description: Defines how the certificate's key may be used. ,

Required: False ,

}

[

string ,

]

validity_months:

{

Description: The duration that the certificate is valid in months. ,

Format: int32 ,

Required: False ,

}

integer ,

}

lifetime_actions:

{

Description: Actions that will be performed by Key Vault over the lifetime of a certificate. ,

Required: False ,

}

[

{

trigger:

{

Description: The condition that will execute the action. ,

Required: False ,

}

{

lifetime_percentage:

{

Description: Percentage of lifetime at which to trigger. Value should be between 1 and 99. ,

Format: int32 ,

Required: False ,

}

integer ,

days_before_expiry:

{

Description: Days before expiry to attempt renewal. Value should be between 1 and validity_in_months multiplied by 27. If validity_in_months is 36, then value should be between 1 and 972 (36 * 27). ,

Format: int32 ,

Required: False ,

}

integer ,

}

action:

{

Description: The action that will be executed. ,

Required: False ,

}

{

action_type:

{

Description: The type of the action. ,

Enum:

{

EmailContacts: A certificate policy that will email certificate contacts. ,

AutoRenew: A certificate policy that will auto-renew a certificate. ,

}

Required: False ,

}

enum ,

}

]

issuer:

{

Description: Parameters for the issuer of the X509 component of a certificate. ,

Required: False ,

}

{

name:

{

Description: Name of the referenced issuer object or reserved names; for example, 'Self' or 'Unknown'. ,

Required: False ,

}

string ,

cty:

{

Description: Certificate type as supported by the provider (optional); for example 'OV-SSL', 'EV-SSL' ,

Required: False ,

}

string ,

cert_transparency:

{

Description: Indicates if the certificates generated under this policy should be published to certificate transparency logs. ,

Required: False ,

}

boolean ,

}

attributes:

{

Description: The certificate attributes. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

}

cer:

{

Description: CER contents of x509 certificate. ,

Format: byte ,

Required: False ,

}

string ,

contentType:

{

Description: The content type of the secret. eg. 'application/x-pem-file' or 'application/x-pkcs12', ,

Required: False ,

}

string ,

attributes:

{

Description: The certificate attributes. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

}

tags:

{

Description: Application specific metadata in the form of key-value pairs ,

Required: False ,

}

object ,

recoveryId:

{

Description: The url of the recovery object, used to identify and recover the deleted certificate. ,

Required: False ,

}

string ,

scheduledPurgeDate:

{

Description: The time when the certificate is scheduled to be purged, in UTC ,

Format: unixtime ,

Required: False ,

}

integer ,

deletedDate:

{

Description: The time when the certificate was deleted, in UTC ,

Format: unixtime ,

Required: False ,

}

integer ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

GetCertificate (updated)

Description	: Gets information about a specific certificate. This operation requires the certificates/get permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "GetCertificate",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    }
  ],
  "$responses": {
    "200": {
      "$properties": [
        {
          "policy": [
            {
              "key_props": [
                {
                  "#name": "kty",
                  "Enum": {
                    "new": [
                      [
                        "EC",
                        "Elliptic Curve."
                      ],
                      [
                        "EC-HSM",
                        "Elliptic Curve with a private key which is not exportable from the HSM."
                      ],
                      [
                        "RSA",
                        "RSA (https://tools.ietf.org/html/rfc3447)."
                      ],
                      [
                        "RSA-HSM",
                        "RSA with a private key which is not exportable from the HSM."
                      ],
                      [
                        "oct",
                        "Octet sequence (used to represent symmetric keys)."
                      ],
                      [
                        "oct-HSM",
                        "Octet sequence with a private key which is not exportable from the HSM."
                      ]
                    ],
                    "old": [
                      [
                        "EC",
                        ""
                      ],
                      [
                        "EC-HSM",
                        ""
                      ],
                      [
                        "RSA",
                        ""
                      ],
                      [
                        "RSA-HSM",
                        ""
                      ],
                      [
                        "oct",
                        ""
                      ],
                      [
                        "oct-HSM",
                        ""
                      ]
                    ]
                  }
                },
                {
                  "#name": "crv",
                  "Enum": {
                    "new": [
                      [
                        "P-256",
                        "The NIST P-256 elliptic curve, AKA SECG curve SECP256R1."
                      ],
                      [
                        "P-384",
                        "The NIST P-384 elliptic curve, AKA SECG curve SECP384R1."
                      ],
                      [
                        "P-521",
                        "The NIST P-521 elliptic curve, AKA SECG curve SECP521R1."
                      ],
                      [
                        "P-256K",
                        "The SECG SECP256K1 elliptic curve."
                      ]
                    ],
                    "old": [
                      [
                        "P-256",
                        ""
                      ],
                      [
                        "P-384",
                        ""
                      ],
                      [
                        "P-521",
                        ""
                      ],
                      [
                        "P-256K",
                        ""
                      ]
                    ]
                  }
                }
              ]
            },
            {
              "x509_props": [
                {
                  "key_usage": {
                    "Enum": {
                      "new": [
                        [
                          "digitalSignature",
                          "Indicates that the certificate key can be used as a digital signature."
                        ],
                        [
                          "nonRepudiation",
                          "Indicates that the certificate key can be used for authentication."
                        ],
                        [
                          "keyEncipherment",
                          "Indicates that the certificate key can be used for key encryption."
                        ],
                        [
                          "dataEncipherment",
                          "Indicates that the certificate key can be used for data encryption."
                        ],
                        [
                          "keyAgreement",
                          "Indicates that the certificate key can be used to determine key agreement, such as a key created using the Diffie-Hellman key agreement algorithm."
                        ],
                        [
                          "keyCertSign",
                          "Indicates that the certificate key can be used to sign certificates."
                        ],
                        [
                          "cRLSign",
                          "Indicates that the certificate key can be used to sign a certificate revocation list."
                        ],
                        [
                          "encipherOnly",
                          "Indicates that the certificate key can be used for encryption only."
                        ],
                        [
                          "decipherOnly",
                          "Indicates that the certificate key can be used for decryption only."
                        ]
                      ],
                      "old": [
                        [
                          "digitalSignature",
                          ""
                        ],
                        [
                          "nonRepudiation",
                          ""
                        ],
                        [
                          "keyEncipherment",
                          ""
                        ],
                        [
                          "dataEncipherment",
                          ""
                        ],
                        [
                          "keyAgreement",
                          ""
                        ],
                        [
                          "keyCertSign",
                          ""
                        ],
                        [
                          "cRLSign",
                          ""
                        ],
                        [
                          "encipherOnly",
                          ""
                        ],
                        [
                          "decipherOnly",
                          ""
                        ]
                      ]
                    }
                  }
                }
              ]
            },
            {
              "lifetime_actions": {
                "$properties": {
                  "action": [
                    {
                      "#name": "action_type",
                      "Enum": {
                        "new": [
                          [
                            "EmailContacts",
                            "A certificate policy that will email certificate contacts."
                          ],
                          [
                            "AutoRenew",
                            "A certificate policy that will auto-renew a certificate."
                          ]
                        ],
                        "old": [
                          [
                            "EmailContacts",
                            ""
                          ],
                          [
                            "AutoRenew",
                            ""
                          ]
                        ]
                      }
                    }
                  ]
                }
              }
            },
            {
              "attributes": [
                {
                  "@added_c3f4d9db0980430fa025f72f1cf3ad63": {
                    "#name": "enabled",
                    "Description": "Determines whether the object is enabled.",
                    "Required": false,
                    "Type": "boolean"
                  }
                },
                {
                  "@added_ab6ac9d211c546c4bc03687d69e88bec": {
                    "#name": "nbf",
                    "Description": "Not before date in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  }
                },
                {
                  "@added_3cf39947561d40f89aa0dcc19ec78f88": {
                    "#name": "exp",
                    "Description": "Expiry date in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  }
                },
                {
                  "@added_60e9bdba0f85474da33e182a1626d9f0": {
                    "#name": "created",
                    "Description": "Creation time in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  }
                },
                {
                  "@added_8eb2be070991426097d86ac10b2be35b": {
                    "#name": "updated",
                    "Description": "Last updated time in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  }
                },
                {
                  "#name": "recoveryLevel",
                  "Enum": {
                    "new": [
                      [
                        "Purgeable",
                        "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                      ],
                      [
                        "Recoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "CustomizedRecoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                      ],
                      [
                        "CustomizedRecoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                      ],
                      [
                        "CustomizedRecoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                      ]
                    ],
                    "old": [
                      [
                        "Purgeable",
                        "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                      ],
                      [
                        "Recoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "CustomizedRecoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                      ],
                      [
                        "CustomizedRecoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                      ],
                      [
                        "CustomizedRecoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7<= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                      ]
                    ]
                  }
                }
              ]
            }
          ]
        },
        {
          "#name": "contentType",
          "Description": {
            "new": "The content type of the secret. eg. 'application/x-pem-file' or 'application/x-pkcs12',",
            "old": "The content type of the secret. eg. 'application/x-pem-file' or 'application/x-pkcs12', "
          }
        },
        {
          "attributes": [
            {
              "@added_35743fd746c44f858c19cf5b5c659f2d": {
                "#name": "enabled",
                "Description": "Determines whether the object is enabled.",
                "Required": false,
                "Type": "boolean"
              }
            },
            {
              "@added_dcdaaedd4757415080e6a77cc234dab8": {
                "#name": "nbf",
                "Description": "Not before date in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_13da259019964a34b739a16116faa56e": {
                "#name": "exp",
                "Description": "Expiry date in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_752e40969b0043169457c3431f4fd15c": {
                "#name": "created",
                "Description": "Creation time in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_7223b2c00ee4450ab230c6a9854237cb": {
                "#name": "updated",
                "Description": "Last updated time in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "#name": "recoveryLevel",
              "Enum": {
                "new": [
                  [
                    "Purgeable",
                    "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                  ],
                  [
                    "Recoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "CustomizedRecoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                  ],
                  [
                    "CustomizedRecoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                  ],
                  [
                    "CustomizedRecoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                  ]
                ],
                "old": [
                  [
                    "Purgeable",
                    "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                  ],
                  [
                    "Recoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "CustomizedRecoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                  ],
                  [
                    "CustomizedRecoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                  ],
                  [
                    "CustomizedRecoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7<= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                  ]
                ]
              }
            }
          ]
        }
      ]
    }
  }
}

⚼ Request

GET: /certificates/{certificate-name}/{certificate-version}

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

certificate-name:

{

Description: The name of the certificate in the given vault. ,

Required: True ,

}

string ,

certificate-version:

{

Description: The version of the certificate. This URI fragment is optional. If not specified, the latest version of the certificate is returned. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

id:

{

Description: The certificate id. ,

Required: False ,

}

string ,

kid:

{

Description: The key id. ,

Required: False ,

}

string ,

sid:

{

Description: The secret id. ,

Required: False ,

}

string ,

x5t:

{

Description: Thumbprint of the certificate. ,

Format: base64url ,

Required: False ,

}

string ,

policy:

{

Description: The management policy. ,

Required: False ,

}

{

id:

{

Description: The certificate id. ,

Required: False ,

}

string ,

key_props:

{

Description: Properties of the key backing a certificate. ,

Required: False ,

}

{

exportable:

{

Description: Indicates if the private key can be exported. Release policy must be provided when creating the first version of an exportable key. ,

Required: False ,

}

boolean ,

kty:

{

Description: The type of key pair to be used for the certificate. ,

Enum:

{

EC: Elliptic Curve. ,

EC-HSM: Elliptic Curve with a private key which is not exportable from the HSM. ,

RSA: RSA (https://tools.ietf.org/html/rfc3447). ,

RSA-HSM: RSA with a private key which is not exportable from the HSM. ,

oct: Octet sequence (used to represent symmetric keys). ,

oct-HSM: Octet sequence with a private key which is not exportable from the HSM. ,

}

Required: False ,

}

enum ,

key_size:

{

Description: The key size in bits. For example: 2048, 3072, or 4096 for RSA. ,

Format: int32 ,

Required: False ,

}

integer ,

reuse_key:

{

Description: Indicates if the same key pair will be used on certificate renewal. ,

Required: False ,

}

boolean ,

crv:

{

Description: Elliptic curve name. For valid values, see JsonWebKeyCurveName. ,

Enum:

{

P-256: The NIST P-256 elliptic curve, AKA SECG curve SECP256R1. ,

P-384: The NIST P-384 elliptic curve, AKA SECG curve SECP384R1. ,

P-521: The NIST P-521 elliptic curve, AKA SECG curve SECP521R1. ,

P-256K: The SECG SECP256K1 elliptic curve. ,

}

Required: False ,

}

enum ,

}

secret_props:

{

Description: Properties of the secret backing a certificate. ,

Required: False ,

}

{

contentType:

{

Description: The media type (MIME type). ,

Required: False ,

}

string ,

}

x509_props:

{

Description: Properties of the X509 component of a certificate. ,

Required: False ,

}

{

subject:

{

Description: The subject name. Should be a valid X509 distinguished Name. ,

Required: False ,

}

string ,

ekus:

{

Description: The enhanced key usage. ,

Required: False ,

}

[

string ,

]

sans:

{

Description: The subject alternative names. ,

Required: False ,

}

{

emails:

{

Description: Email addresses. ,

Required: False ,

}

[

string ,

]

dns_names:

{

Description: Domain names. ,

Required: False ,

}

[

string ,

]

upns:

{

Description: User principal names. ,

Required: False ,

}

[

string ,

]

}

key_usage:

{

Description: Defines how the certificate's key may be used. ,

Required: False ,

}

[

string ,

]

validity_months:

{

Description: The duration that the certificate is valid in months. ,

Format: int32 ,

Required: False ,

}

integer ,

}

lifetime_actions:

{

Description: Actions that will be performed by Key Vault over the lifetime of a certificate. ,

Required: False ,

}

[

{

trigger:

{

Description: The condition that will execute the action. ,

Required: False ,

}

{

lifetime_percentage:

{

Description: Percentage of lifetime at which to trigger. Value should be between 1 and 99. ,

Format: int32 ,

Required: False ,

}

integer ,

days_before_expiry:

{

Description: Days before expiry to attempt renewal. Value should be between 1 and validity_in_months multiplied by 27. If validity_in_months is 36, then value should be between 1 and 972 (36 * 27). ,

Format: int32 ,

Required: False ,

}

integer ,

}

action:

{

Description: The action that will be executed. ,

Required: False ,

}

{

action_type:

{

Description: The type of the action. ,

Enum:

{

EmailContacts: A certificate policy that will email certificate contacts. ,

AutoRenew: A certificate policy that will auto-renew a certificate. ,

}

Required: False ,

}

enum ,

}

]

issuer:

{

Description: Parameters for the issuer of the X509 component of a certificate. ,

Required: False ,

}

{

name:

{

Description: Name of the referenced issuer object or reserved names; for example, 'Self' or 'Unknown'. ,

Required: False ,

}

string ,

cty:

{

Description: Certificate type as supported by the provider (optional); for example 'OV-SSL', 'EV-SSL' ,

Required: False ,

}

string ,

cert_transparency:

{

Description: Indicates if the certificates generated under this policy should be published to certificate transparency logs. ,

Required: False ,

}

boolean ,

}

attributes:

{

Description: The certificate attributes. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

}

cer:

{

Description: CER contents of x509 certificate. ,

Format: byte ,

Required: False ,

}

string ,

contentType:

{

Description: The content type of the secret. eg. 'application/x-pem-file' or 'application/x-pkcs12', ,

Required: False ,

}

string ,

attributes:

{

Description: The certificate attributes. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

}

tags:

{

Description: Application specific metadata in the form of key-value pairs ,

Required: False ,

}

object ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

UpdateCertificate (updated)

Description	: The UpdateCertificate operation applies the specified update on the given certificate; the only elements updated are the certificate's attributes. This operation requires the certificates/update permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "UpdateCertificate",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    },
    {
      "parameters": {
        "$properties": {
          "policy": [
            {
              "key_props": [
                {
                  "#name": "kty",
                  "Enum": {
                    "new": [
                      [
                        "EC",
                        "Elliptic Curve."
                      ],
                      [
                        "EC-HSM",
                        "Elliptic Curve with a private key which is not exportable from the HSM."
                      ],
                      [
                        "RSA",
                        "RSA (https://tools.ietf.org/html/rfc3447)."
                      ],
                      [
                        "RSA-HSM",
                        "RSA with a private key which is not exportable from the HSM."
                      ],
                      [
                        "oct",
                        "Octet sequence (used to represent symmetric keys)."
                      ],
                      [
                        "oct-HSM",
                        "Octet sequence with a private key which is not exportable from the HSM."
                      ]
                    ],
                    "old": [
                      [
                        "EC",
                        ""
                      ],
                      [
                        "EC-HSM",
                        ""
                      ],
                      [
                        "RSA",
                        ""
                      ],
                      [
                        "RSA-HSM",
                        ""
                      ],
                      [
                        "oct",
                        ""
                      ],
                      [
                        "oct-HSM",
                        ""
                      ]
                    ]
                  }
                },
                {
                  "#name": "crv",
                  "Enum": {
                    "new": [
                      [
                        "P-256",
                        "The NIST P-256 elliptic curve, AKA SECG curve SECP256R1."
                      ],
                      [
                        "P-384",
                        "The NIST P-384 elliptic curve, AKA SECG curve SECP384R1."
                      ],
                      [
                        "P-521",
                        "The NIST P-521 elliptic curve, AKA SECG curve SECP521R1."
                      ],
                      [
                        "P-256K",
                        "The SECG SECP256K1 elliptic curve."
                      ]
                    ],
                    "old": [
                      [
                        "P-256",
                        ""
                      ],
                      [
                        "P-384",
                        ""
                      ],
                      [
                        "P-521",
                        ""
                      ],
                      [
                        "P-256K",
                        ""
                      ]
                    ]
                  }
                }
              ]
            },
            {
              "x509_props": [
                {
                  "key_usage": {
                    "Enum": {
                      "new": [
                        [
                          "digitalSignature",
                          "Indicates that the certificate key can be used as a digital signature."
                        ],
                        [
                          "nonRepudiation",
                          "Indicates that the certificate key can be used for authentication."
                        ],
                        [
                          "keyEncipherment",
                          "Indicates that the certificate key can be used for key encryption."
                        ],
                        [
                          "dataEncipherment",
                          "Indicates that the certificate key can be used for data encryption."
                        ],
                        [
                          "keyAgreement",
                          "Indicates that the certificate key can be used to determine key agreement, such as a key created using the Diffie-Hellman key agreement algorithm."
                        ],
                        [
                          "keyCertSign",
                          "Indicates that the certificate key can be used to sign certificates."
                        ],
                        [
                          "cRLSign",
                          "Indicates that the certificate key can be used to sign a certificate revocation list."
                        ],
                        [
                          "encipherOnly",
                          "Indicates that the certificate key can be used for encryption only."
                        ],
                        [
                          "decipherOnly",
                          "Indicates that the certificate key can be used for decryption only."
                        ]
                      ],
                      "old": [
                        [
                          "digitalSignature",
                          ""
                        ],
                        [
                          "nonRepudiation",
                          ""
                        ],
                        [
                          "keyEncipherment",
                          ""
                        ],
                        [
                          "dataEncipherment",
                          ""
                        ],
                        [
                          "keyAgreement",
                          ""
                        ],
                        [
                          "keyCertSign",
                          ""
                        ],
                        [
                          "cRLSign",
                          ""
                        ],
                        [
                          "encipherOnly",
                          ""
                        ],
                        [
                          "decipherOnly",
                          ""
                        ]
                      ]
                    }
                  }
                }
              ]
            },
            {
              "lifetime_actions": {
                "$properties": {
                  "action": [
                    {
                      "#name": "action_type",
                      "Enum": {
                        "new": [
                          [
                            "EmailContacts",
                            "A certificate policy that will email certificate contacts."
                          ],
                          [
                            "AutoRenew",
                            "A certificate policy that will auto-renew a certificate."
                          ]
                        ],
                        "old": [
                          [
                            "EmailContacts",
                            ""
                          ],
                          [
                            "AutoRenew",
                            ""
                          ]
                        ]
                      }
                    }
                  ]
                }
              }
            },
            {
              "attributes": [
                {
                  "@added_f464404b570e4771b9977bdba6ec0885": {
                    "#name": "enabled",
                    "Description": "Determines whether the object is enabled.",
                    "Required": false,
                    "Type": "boolean"
                  }
                },
                {
                  "@added_17358a2c619b45698144972e877262d7": {
                    "#name": "nbf",
                    "Description": "Not before date in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  }
                },
                {
                  "@added_34a18bbe632441f98a9d324c5bf52dd8": {
                    "#name": "exp",
                    "Description": "Expiry date in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  }
                },
                {
                  "@added_f0c29e55c8c74b7fabeb131412daaabc": {
                    "#name": "created",
                    "Description": "Creation time in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  }
                },
                {
                  "@added_2ddf864f2acf49e9b48e83d7aadaeffc": {
                    "#name": "updated",
                    "Description": "Last updated time in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  }
                },
                {
                  "#name": "recoveryLevel",
                  "Enum": {
                    "new": [
                      [
                        "Purgeable",
                        "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                      ],
                      [
                        "Recoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "CustomizedRecoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                      ],
                      [
                        "CustomizedRecoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                      ],
                      [
                        "CustomizedRecoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                      ]
                    ],
                    "old": [
                      [
                        "Purgeable",
                        "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                      ],
                      [
                        "Recoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "CustomizedRecoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                      ],
                      [
                        "CustomizedRecoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                      ],
                      [
                        "CustomizedRecoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7<= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                      ]
                    ]
                  }
                }
              ]
            }
          ],
          "attributes": [
            {
              "@added_dd63fc1834004fd3bb97d41d7a0c81fc": {
                "#name": "enabled",
                "Description": "Determines whether the object is enabled.",
                "Required": false,
                "Type": "boolean"
              }
            },
            {
              "@added_6dca69e4be99493dbe9214ab6eaee8a8": {
                "#name": "nbf",
                "Description": "Not before date in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_cfe72bad1d3e40478f492eaaf3e82b5f": {
                "#name": "exp",
                "Description": "Expiry date in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_505d2ca1e03e4597b26f00eb5c096124": {
                "#name": "created",
                "Description": "Creation time in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_2716793616704d1b9454660cb10d31fe": {
                "#name": "updated",
                "Description": "Last updated time in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "#name": "recoveryLevel",
              "Enum": {
                "new": [
                  [
                    "Purgeable",
                    "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                  ],
                  [
                    "Recoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "CustomizedRecoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                  ],
                  [
                    "CustomizedRecoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                  ],
                  [
                    "CustomizedRecoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                  ]
                ],
                "old": [
                  [
                    "Purgeable",
                    "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                  ],
                  [
                    "Recoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "CustomizedRecoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                  ],
                  [
                    "CustomizedRecoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                  ],
                  [
                    "CustomizedRecoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7<= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                  ]
                ]
              }
            }
          ]
        }
      }
    }
  ],
  "$responses": {
    "200": {
      "$properties": [
        {
          "policy": [
            {
              "key_props": [
                {
                  "#name": "kty",
                  "Enum": {
                    "new": [
                      [
                        "EC",
                        "Elliptic Curve."
                      ],
                      [
                        "EC-HSM",
                        "Elliptic Curve with a private key which is not exportable from the HSM."
                      ],
                      [
                        "RSA",
                        "RSA (https://tools.ietf.org/html/rfc3447)."
                      ],
                      [
                        "RSA-HSM",
                        "RSA with a private key which is not exportable from the HSM."
                      ],
                      [
                        "oct",
                        "Octet sequence (used to represent symmetric keys)."
                      ],
                      [
                        "oct-HSM",
                        "Octet sequence with a private key which is not exportable from the HSM."
                      ]
                    ],
                    "old": [
                      [
                        "EC",
                        ""
                      ],
                      [
                        "EC-HSM",
                        ""
                      ],
                      [
                        "RSA",
                        ""
                      ],
                      [
                        "RSA-HSM",
                        ""
                      ],
                      [
                        "oct",
                        ""
                      ],
                      [
                        "oct-HSM",
                        ""
                      ]
                    ]
                  }
                },
                {
                  "#name": "crv",
                  "Enum": {
                    "new": [
                      [
                        "P-256",
                        "The NIST P-256 elliptic curve, AKA SECG curve SECP256R1."
                      ],
                      [
                        "P-384",
                        "The NIST P-384 elliptic curve, AKA SECG curve SECP384R1."
                      ],
                      [
                        "P-521",
                        "The NIST P-521 elliptic curve, AKA SECG curve SECP521R1."
                      ],
                      [
                        "P-256K",
                        "The SECG SECP256K1 elliptic curve."
                      ]
                    ],
                    "old": [
                      [
                        "P-256",
                        ""
                      ],
                      [
                        "P-384",
                        ""
                      ],
                      [
                        "P-521",
                        ""
                      ],
                      [
                        "P-256K",
                        ""
                      ]
                    ]
                  }
                }
              ]
            },
            {
              "x509_props": [
                {
                  "key_usage": {
                    "Enum": {
                      "new": [
                        [
                          "digitalSignature",
                          "Indicates that the certificate key can be used as a digital signature."
                        ],
                        [
                          "nonRepudiation",
                          "Indicates that the certificate key can be used for authentication."
                        ],
                        [
                          "keyEncipherment",
                          "Indicates that the certificate key can be used for key encryption."
                        ],
                        [
                          "dataEncipherment",
                          "Indicates that the certificate key can be used for data encryption."
                        ],
                        [
                          "keyAgreement",
                          "Indicates that the certificate key can be used to determine key agreement, such as a key created using the Diffie-Hellman key agreement algorithm."
                        ],
                        [
                          "keyCertSign",
                          "Indicates that the certificate key can be used to sign certificates."
                        ],
                        [
                          "cRLSign",
                          "Indicates that the certificate key can be used to sign a certificate revocation list."
                        ],
                        [
                          "encipherOnly",
                          "Indicates that the certificate key can be used for encryption only."
                        ],
                        [
                          "decipherOnly",
                          "Indicates that the certificate key can be used for decryption only."
                        ]
                      ],
                      "old": [
                        [
                          "digitalSignature",
                          ""
                        ],
                        [
                          "nonRepudiation",
                          ""
                        ],
                        [
                          "keyEncipherment",
                          ""
                        ],
                        [
                          "dataEncipherment",
                          ""
                        ],
                        [
                          "keyAgreement",
                          ""
                        ],
                        [
                          "keyCertSign",
                          ""
                        ],
                        [
                          "cRLSign",
                          ""
                        ],
                        [
                          "encipherOnly",
                          ""
                        ],
                        [
                          "decipherOnly",
                          ""
                        ]
                      ]
                    }
                  }
                }
              ]
            },
            {
              "lifetime_actions": {
                "$properties": {
                  "action": [
                    {
                      "#name": "action_type",
                      "Enum": {
                        "new": [
                          [
                            "EmailContacts",
                            "A certificate policy that will email certificate contacts."
                          ],
                          [
                            "AutoRenew",
                            "A certificate policy that will auto-renew a certificate."
                          ]
                        ],
                        "old": [
                          [
                            "EmailContacts",
                            ""
                          ],
                          [
                            "AutoRenew",
                            ""
                          ]
                        ]
                      }
                    }
                  ]
                }
              }
            },
            {
              "attributes": [
                {
                  "@added_14bf562866f842c88d1de726f78fb621": {
                    "#name": "enabled",
                    "Description": "Determines whether the object is enabled.",
                    "Required": false,
                    "Type": "boolean"
                  }
                },
                {
                  "@added_7ed2f59a3d3542c09dd62a2010416bfb": {
                    "#name": "nbf",
                    "Description": "Not before date in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  }
                },
                {
                  "@added_ec2182adf37044bebc213f40e9df2688": {
                    "#name": "exp",
                    "Description": "Expiry date in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  }
                },
                {
                  "@added_00325b5368ad41cfb9e36bcdc334b2bf": {
                    "#name": "created",
                    "Description": "Creation time in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  }
                },
                {
                  "@added_350baa0563b345749bfd9768633d644f": {
                    "#name": "updated",
                    "Description": "Last updated time in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  }
                },
                {
                  "#name": "recoveryLevel",
                  "Enum": {
                    "new": [
                      [
                        "Purgeable",
                        "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                      ],
                      [
                        "Recoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "CustomizedRecoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                      ],
                      [
                        "CustomizedRecoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                      ],
                      [
                        "CustomizedRecoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                      ]
                    ],
                    "old": [
                      [
                        "Purgeable",
                        "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                      ],
                      [
                        "Recoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "CustomizedRecoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                      ],
                      [
                        "CustomizedRecoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                      ],
                      [
                        "CustomizedRecoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7<= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                      ]
                    ]
                  }
                }
              ]
            }
          ]
        },
        {
          "#name": "contentType",
          "Description": {
            "new": "The content type of the secret. eg. 'application/x-pem-file' or 'application/x-pkcs12',",
            "old": "The content type of the secret. eg. 'application/x-pem-file' or 'application/x-pkcs12', "
          }
        },
        {
          "attributes": [
            {
              "@added_4a55fdd91b1a4459a31933255cd915bc": {
                "#name": "enabled",
                "Description": "Determines whether the object is enabled.",
                "Required": false,
                "Type": "boolean"
              }
            },
            {
              "@added_7d7f34b5d3854c4798d8b32cba03ed6f": {
                "#name": "nbf",
                "Description": "Not before date in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_9f4bdc0ec52f4284b69715ca9d01b5c9": {
                "#name": "exp",
                "Description": "Expiry date in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_601f8108b8884d3289b1d3827f783173": {
                "#name": "created",
                "Description": "Creation time in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_8df17e53593f4d8f8792a47c8930827d": {
                "#name": "updated",
                "Description": "Last updated time in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "#name": "recoveryLevel",
              "Enum": {
                "new": [
                  [
                    "Purgeable",
                    "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                  ],
                  [
                    "Recoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "CustomizedRecoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                  ],
                  [
                    "CustomizedRecoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                  ],
                  [
                    "CustomizedRecoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                  ]
                ],
                "old": [
                  [
                    "Purgeable",
                    "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                  ],
                  [
                    "Recoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "CustomizedRecoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                  ],
                  [
                    "CustomizedRecoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                  ],
                  [
                    "CustomizedRecoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7<= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                  ]
                ]
              }
            }
          ]
        }
      ]
    }
  }
}

⚼ Request

PATCH: /certificates/{certificate-name}/{certificate-version}

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

certificate-name:

{

Description: The name of the certificate in the given key vault. ,

Required: True ,

}

string ,

certificate-version:

{

Description: The version of the certificate. ,

Required: True ,

}

string ,

parameters:

{

Description: The parameters for certificate update. ,

Required: True ,

}

{

policy:

{

Description: The management policy for the certificate. ,

Required: False ,

}

{

id:

{

Description: The certificate id. ,

Required: False ,

}

string ,

key_props:

{

Description: Properties of the key backing a certificate. ,

Required: False ,

}

{

exportable:

{

Description: Indicates if the private key can be exported. Release policy must be provided when creating the first version of an exportable key. ,

Required: False ,

}

boolean ,

kty:

{

Description: The type of key pair to be used for the certificate. ,

Enum:

{

EC: Elliptic Curve. ,

EC-HSM: Elliptic Curve with a private key which is not exportable from the HSM. ,

RSA: RSA (https://tools.ietf.org/html/rfc3447). ,

RSA-HSM: RSA with a private key which is not exportable from the HSM. ,

oct: Octet sequence (used to represent symmetric keys). ,

oct-HSM: Octet sequence with a private key which is not exportable from the HSM. ,

}

Required: False ,

}

enum ,

key_size:

{

Description: The key size in bits. For example: 2048, 3072, or 4096 for RSA. ,

Format: int32 ,

Required: False ,

}

integer ,

reuse_key:

{

Description: Indicates if the same key pair will be used on certificate renewal. ,

Required: False ,

}

boolean ,

crv:

{

Description: Elliptic curve name. For valid values, see JsonWebKeyCurveName. ,

Enum:

{

P-256: The NIST P-256 elliptic curve, AKA SECG curve SECP256R1. ,

P-384: The NIST P-384 elliptic curve, AKA SECG curve SECP384R1. ,

P-521: The NIST P-521 elliptic curve, AKA SECG curve SECP521R1. ,

P-256K: The SECG SECP256K1 elliptic curve. ,

}

Required: False ,

}

enum ,

}

secret_props:

{

Description: Properties of the secret backing a certificate. ,

Required: False ,

}

{

contentType:

{

Description: The media type (MIME type). ,

Required: False ,

}

string ,

}

x509_props:

{

Description: Properties of the X509 component of a certificate. ,

Required: False ,

}

{

subject:

{

Description: The subject name. Should be a valid X509 distinguished Name. ,

Required: False ,

}

string ,

ekus:

{

Description: The enhanced key usage. ,

Required: False ,

}

[

string ,

]

sans:

{

Description: The subject alternative names. ,

Required: False ,

}

{

emails:

{

Description: Email addresses. ,

Required: False ,

}

[

string ,

]

dns_names:

{

Description: Domain names. ,

Required: False ,

}

[

string ,

]

upns:

{

Description: User principal names. ,

Required: False ,

}

[

string ,

]

}

key_usage:

{

Description: Defines how the certificate's key may be used. ,

Required: False ,

}

[

string ,

]

validity_months:

{

Description: The duration that the certificate is valid in months. ,

Format: int32 ,

Required: False ,

}

integer ,

}

lifetime_actions:

{

Description: Actions that will be performed by Key Vault over the lifetime of a certificate. ,

Required: False ,

}

[

{

trigger:

{

Description: The condition that will execute the action. ,

Required: False ,

}

{

lifetime_percentage:

{

Description: Percentage of lifetime at which to trigger. Value should be between 1 and 99. ,

Format: int32 ,

Required: False ,

}

integer ,

days_before_expiry:

{

Description: Days before expiry to attempt renewal. Value should be between 1 and validity_in_months multiplied by 27. If validity_in_months is 36, then value should be between 1 and 972 (36 * 27). ,

Format: int32 ,

Required: False ,

}

integer ,

}

action:

{

Description: The action that will be executed. ,

Required: False ,

}

{

action_type:

{

Description: The type of the action. ,

Enum:

{

EmailContacts: A certificate policy that will email certificate contacts. ,

AutoRenew: A certificate policy that will auto-renew a certificate. ,

}

Required: False ,

}

enum ,

}

]

issuer:

{

Description: Parameters for the issuer of the X509 component of a certificate. ,

Required: False ,

}

{

name:

{

Description: Name of the referenced issuer object or reserved names; for example, 'Self' or 'Unknown'. ,

Required: False ,

}

string ,

cty:

{

Description: Certificate type as supported by the provider (optional); for example 'OV-SSL', 'EV-SSL' ,

Required: False ,

}

string ,

cert_transparency:

{

Description: Indicates if the certificates generated under this policy should be published to certificate transparency logs. ,

Required: False ,

}

boolean ,

}

attributes:

{

Description: The certificate attributes. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

}

attributes:

{

Description: The attributes of the certificate (optional). ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

}

tags:

{

Description: Application specific metadata in the form of key-value pairs. ,

Required: False ,

}

object ,

}

⚐ Response (200)

{

id:

{

Description: The certificate id. ,

Required: False ,

}

string ,

kid:

{

Description: The key id. ,

Required: False ,

}

string ,

sid:

{

Description: The secret id. ,

Required: False ,

}

string ,

x5t:

{

Description: Thumbprint of the certificate. ,

Format: base64url ,

Required: False ,

}

string ,

policy:

{

Description: The management policy. ,

Required: False ,

}

{

id:

{

Description: The certificate id. ,

Required: False ,

}

string ,

key_props:

{

Description: Properties of the key backing a certificate. ,

Required: False ,

}

{

exportable:

{

Description: Indicates if the private key can be exported. Release policy must be provided when creating the first version of an exportable key. ,

Required: False ,

}

boolean ,

kty:

{

Description: The type of key pair to be used for the certificate. ,

Enum:

{

EC: Elliptic Curve. ,

EC-HSM: Elliptic Curve with a private key which is not exportable from the HSM. ,

RSA: RSA (https://tools.ietf.org/html/rfc3447). ,

RSA-HSM: RSA with a private key which is not exportable from the HSM. ,

oct: Octet sequence (used to represent symmetric keys). ,

oct-HSM: Octet sequence with a private key which is not exportable from the HSM. ,

}

Required: False ,

}

enum ,

key_size:

{

Description: The key size in bits. For example: 2048, 3072, or 4096 for RSA. ,

Format: int32 ,

Required: False ,

}

integer ,

reuse_key:

{

Description: Indicates if the same key pair will be used on certificate renewal. ,

Required: False ,

}

boolean ,

crv:

{

Description: Elliptic curve name. For valid values, see JsonWebKeyCurveName. ,

Enum:

{

P-256: The NIST P-256 elliptic curve, AKA SECG curve SECP256R1. ,

P-384: The NIST P-384 elliptic curve, AKA SECG curve SECP384R1. ,

P-521: The NIST P-521 elliptic curve, AKA SECG curve SECP521R1. ,

P-256K: The SECG SECP256K1 elliptic curve. ,

}

Required: False ,

}

enum ,

}

secret_props:

{

Description: Properties of the secret backing a certificate. ,

Required: False ,

}

{

contentType:

{

Description: The media type (MIME type). ,

Required: False ,

}

string ,

}

x509_props:

{

Description: Properties of the X509 component of a certificate. ,

Required: False ,

}

{

subject:

{

Description: The subject name. Should be a valid X509 distinguished Name. ,

Required: False ,

}

string ,

ekus:

{

Description: The enhanced key usage. ,

Required: False ,

}

[

string ,

]

sans:

{

Description: The subject alternative names. ,

Required: False ,

}

{

emails:

{

Description: Email addresses. ,

Required: False ,

}

[

string ,

]

dns_names:

{

Description: Domain names. ,

Required: False ,

}

[

string ,

]

upns:

{

Description: User principal names. ,

Required: False ,

}

[

string ,

]

}

key_usage:

{

Description: Defines how the certificate's key may be used. ,

Required: False ,

}

[

string ,

]

validity_months:

{

Description: The duration that the certificate is valid in months. ,

Format: int32 ,

Required: False ,

}

integer ,

}

lifetime_actions:

{

Description: Actions that will be performed by Key Vault over the lifetime of a certificate. ,

Required: False ,

}

[

{

trigger:

{

Description: The condition that will execute the action. ,

Required: False ,

}

{

lifetime_percentage:

{

Description: Percentage of lifetime at which to trigger. Value should be between 1 and 99. ,

Format: int32 ,

Required: False ,

}

integer ,

days_before_expiry:

{

Description: Days before expiry to attempt renewal. Value should be between 1 and validity_in_months multiplied by 27. If validity_in_months is 36, then value should be between 1 and 972 (36 * 27). ,

Format: int32 ,

Required: False ,

}

integer ,

}

action:

{

Description: The action that will be executed. ,

Required: False ,

}

{

action_type:

{

Description: The type of the action. ,

Enum:

{

EmailContacts: A certificate policy that will email certificate contacts. ,

AutoRenew: A certificate policy that will auto-renew a certificate. ,

}

Required: False ,

}

enum ,

}

]

issuer:

{

Description: Parameters for the issuer of the X509 component of a certificate. ,

Required: False ,

}

{

name:

{

Description: Name of the referenced issuer object or reserved names; for example, 'Self' or 'Unknown'. ,

Required: False ,

}

string ,

cty:

{

Description: Certificate type as supported by the provider (optional); for example 'OV-SSL', 'EV-SSL' ,

Required: False ,

}

string ,

cert_transparency:

{

Description: Indicates if the certificates generated under this policy should be published to certificate transparency logs. ,

Required: False ,

}

boolean ,

}

attributes:

{

Description: The certificate attributes. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

}

cer:

{

Description: CER contents of x509 certificate. ,

Format: byte ,

Required: False ,

}

string ,

contentType:

{

Description: The content type of the secret. eg. 'application/x-pem-file' or 'application/x-pkcs12', ,

Required: False ,

}

string ,

attributes:

{

Description: The certificate attributes. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

}

tags:

{

Description: Application specific metadata in the form of key-value pairs ,

Required: False ,

}

object ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

BackupCertificate (updated)

Description	: Requests that a backup of the specified certificate be downloaded to the client. All versions of the certificate will be downloaded. This operation requires the certificates/backup permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "BackupCertificate",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    }
  ]
}

⚼ Request

POST: /certificates/{certificate-name}/backup

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

certificate-name:

{

Description: The name of the certificate. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

value:

{

Description: The backup blob containing the backed up certificate. ,

Format: base64url ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

CreateCertificate (updated)

Description	: If this is the first version, the certificate resource is created. This operation requires the certificates/create permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "CreateCertificate",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    },
    {
      "parameters": {
        "$properties": {
          "policy": [
            {
              "key_props": [
                {
                  "#name": "kty",
                  "Enum": {
                    "new": [
                      [
                        "EC",
                        "Elliptic Curve."
                      ],
                      [
                        "EC-HSM",
                        "Elliptic Curve with a private key which is not exportable from the HSM."
                      ],
                      [
                        "RSA",
                        "RSA (https://tools.ietf.org/html/rfc3447)."
                      ],
                      [
                        "RSA-HSM",
                        "RSA with a private key which is not exportable from the HSM."
                      ],
                      [
                        "oct",
                        "Octet sequence (used to represent symmetric keys)."
                      ],
                      [
                        "oct-HSM",
                        "Octet sequence with a private key which is not exportable from the HSM."
                      ]
                    ],
                    "old": [
                      [
                        "EC",
                        ""
                      ],
                      [
                        "EC-HSM",
                        ""
                      ],
                      [
                        "RSA",
                        ""
                      ],
                      [
                        "RSA-HSM",
                        ""
                      ],
                      [
                        "oct",
                        ""
                      ],
                      [
                        "oct-HSM",
                        ""
                      ]
                    ]
                  }
                },
                {
                  "#name": "crv",
                  "Enum": {
                    "new": [
                      [
                        "P-256",
                        "The NIST P-256 elliptic curve, AKA SECG curve SECP256R1."
                      ],
                      [
                        "P-384",
                        "The NIST P-384 elliptic curve, AKA SECG curve SECP384R1."
                      ],
                      [
                        "P-521",
                        "The NIST P-521 elliptic curve, AKA SECG curve SECP521R1."
                      ],
                      [
                        "P-256K",
                        "The SECG SECP256K1 elliptic curve."
                      ]
                    ],
                    "old": [
                      [
                        "P-256",
                        ""
                      ],
                      [
                        "P-384",
                        ""
                      ],
                      [
                        "P-521",
                        ""
                      ],
                      [
                        "P-256K",
                        ""
                      ]
                    ]
                  }
                }
              ]
            },
            {
              "x509_props": [
                {
                  "key_usage": {
                    "Enum": {
                      "new": [
                        [
                          "digitalSignature",
                          "Indicates that the certificate key can be used as a digital signature."
                        ],
                        [
                          "nonRepudiation",
                          "Indicates that the certificate key can be used for authentication."
                        ],
                        [
                          "keyEncipherment",
                          "Indicates that the certificate key can be used for key encryption."
                        ],
                        [
                          "dataEncipherment",
                          "Indicates that the certificate key can be used for data encryption."
                        ],
                        [
                          "keyAgreement",
                          "Indicates that the certificate key can be used to determine key agreement, such as a key created using the Diffie-Hellman key agreement algorithm."
                        ],
                        [
                          "keyCertSign",
                          "Indicates that the certificate key can be used to sign certificates."
                        ],
                        [
                          "cRLSign",
                          "Indicates that the certificate key can be used to sign a certificate revocation list."
                        ],
                        [
                          "encipherOnly",
                          "Indicates that the certificate key can be used for encryption only."
                        ],
                        [
                          "decipherOnly",
                          "Indicates that the certificate key can be used for decryption only."
                        ]
                      ],
                      "old": [
                        [
                          "digitalSignature",
                          ""
                        ],
                        [
                          "nonRepudiation",
                          ""
                        ],
                        [
                          "keyEncipherment",
                          ""
                        ],
                        [
                          "dataEncipherment",
                          ""
                        ],
                        [
                          "keyAgreement",
                          ""
                        ],
                        [
                          "keyCertSign",
                          ""
                        ],
                        [
                          "cRLSign",
                          ""
                        ],
                        [
                          "encipherOnly",
                          ""
                        ],
                        [
                          "decipherOnly",
                          ""
                        ]
                      ]
                    }
                  }
                }
              ]
            },
            {
              "lifetime_actions": {
                "$properties": {
                  "action": [
                    {
                      "#name": "action_type",
                      "Enum": {
                        "new": [
                          [
                            "EmailContacts",
                            "A certificate policy that will email certificate contacts."
                          ],
                          [
                            "AutoRenew",
                            "A certificate policy that will auto-renew a certificate."
                          ]
                        ],
                        "old": [
                          [
                            "EmailContacts",
                            ""
                          ],
                          [
                            "AutoRenew",
                            ""
                          ]
                        ]
                      }
                    }
                  ]
                }
              }
            },
            {
              "attributes": [
                {
                  "@added_8328f9e0dcfc48d2b474b429ef140fd7": {
                    "#name": "enabled",
                    "Description": "Determines whether the object is enabled.",
                    "Required": false,
                    "Type": "boolean"
                  }
                },
                {
                  "@added_52c488b45507475ebbc844a5fa680a2f": {
                    "#name": "nbf",
                    "Description": "Not before date in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  }
                },
                {
                  "@added_bb64bcbf789348a69cee18a90e681b96": {
                    "#name": "exp",
                    "Description": "Expiry date in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  }
                },
                {
                  "@added_e6fd0d7c436e424e876d9c57ad45ecf1": {
                    "#name": "created",
                    "Description": "Creation time in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  }
                },
                {
                  "@added_e7251e22ad0b4c1199c7b0fe4321dc64": {
                    "#name": "updated",
                    "Description": "Last updated time in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  }
                },
                {
                  "#name": "recoveryLevel",
                  "Enum": {
                    "new": [
                      [
                        "Purgeable",
                        "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                      ],
                      [
                        "Recoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "CustomizedRecoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                      ],
                      [
                        "CustomizedRecoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                      ],
                      [
                        "CustomizedRecoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                      ]
                    ],
                    "old": [
                      [
                        "Purgeable",
                        "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                      ],
                      [
                        "Recoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "CustomizedRecoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                      ],
                      [
                        "CustomizedRecoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                      ],
                      [
                        "CustomizedRecoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7<= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                      ]
                    ]
                  }
                }
              ]
            }
          ],
          "attributes": [
            {
              "@added_3d508a6d86be4be48cfcee8c860a8135": {
                "#name": "enabled",
                "Description": "Determines whether the object is enabled.",
                "Required": false,
                "Type": "boolean"
              }
            },
            {
              "@added_88565170ab884fefa49b79d527be28d8": {
                "#name": "nbf",
                "Description": "Not before date in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_d76340b1f6ec4e9baea18aa1bf19fcfe": {
                "#name": "exp",
                "Description": "Expiry date in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_43ac2e1bc7ae4e52b200c6db804fd913": {
                "#name": "created",
                "Description": "Creation time in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_47f0c61d9f4f4af5af4acccc687cf905": {
                "#name": "updated",
                "Description": "Last updated time in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "#name": "recoveryLevel",
              "Enum": {
                "new": [
                  [
                    "Purgeable",
                    "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                  ],
                  [
                    "Recoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "CustomizedRecoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                  ],
                  [
                    "CustomizedRecoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                  ],
                  [
                    "CustomizedRecoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                  ]
                ],
                "old": [
                  [
                    "Purgeable",
                    "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                  ],
                  [
                    "Recoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "CustomizedRecoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                  ],
                  [
                    "CustomizedRecoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                  ],
                  [
                    "CustomizedRecoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7<= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                  ]
                ]
              }
            }
          ]
        }
      }
    }
  ]
}

⚼ Request

POST: /certificates/{certificate-name}/create

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

certificate-name:

{

Description: The name of the certificate. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information. ,

Required: True ,

}

string ,

parameters:

{

Description: The parameters to create a certificate. ,

Required: True ,

}

{

policy:

{

Description: The management policy for the certificate. ,

Required: False ,

}

{

id:

{

Description: The certificate id. ,

Required: False ,

}

string ,

key_props:

{

Description: Properties of the key backing a certificate. ,

Required: False ,

}

{

exportable:

{

Description: Indicates if the private key can be exported. Release policy must be provided when creating the first version of an exportable key. ,

Required: False ,

}

boolean ,

kty:

{

Description: The type of key pair to be used for the certificate. ,

Enum:

{

EC: Elliptic Curve. ,

EC-HSM: Elliptic Curve with a private key which is not exportable from the HSM. ,

RSA: RSA (https://tools.ietf.org/html/rfc3447). ,

RSA-HSM: RSA with a private key which is not exportable from the HSM. ,

oct: Octet sequence (used to represent symmetric keys). ,

oct-HSM: Octet sequence with a private key which is not exportable from the HSM. ,

}

Required: False ,

}

enum ,

key_size:

{

Description: The key size in bits. For example: 2048, 3072, or 4096 for RSA. ,

Format: int32 ,

Required: False ,

}

integer ,

reuse_key:

{

Description: Indicates if the same key pair will be used on certificate renewal. ,

Required: False ,

}

boolean ,

crv:

{

Description: Elliptic curve name. For valid values, see JsonWebKeyCurveName. ,

Enum:

{

P-256: The NIST P-256 elliptic curve, AKA SECG curve SECP256R1. ,

P-384: The NIST P-384 elliptic curve, AKA SECG curve SECP384R1. ,

P-521: The NIST P-521 elliptic curve, AKA SECG curve SECP521R1. ,

P-256K: The SECG SECP256K1 elliptic curve. ,

}

Required: False ,

}

enum ,

}

secret_props:

{

Description: Properties of the secret backing a certificate. ,

Required: False ,

}

{

contentType:

{

Description: The media type (MIME type). ,

Required: False ,

}

string ,

}

x509_props:

{

Description: Properties of the X509 component of a certificate. ,

Required: False ,

}

{

subject:

{

Description: The subject name. Should be a valid X509 distinguished Name. ,

Required: False ,

}

string ,

ekus:

{

Description: The enhanced key usage. ,

Required: False ,

}

[

string ,

]

sans:

{

Description: The subject alternative names. ,

Required: False ,

}

{

emails:

{

Description: Email addresses. ,

Required: False ,

}

[

string ,

]

dns_names:

{

Description: Domain names. ,

Required: False ,

}

[

string ,

]

upns:

{

Description: User principal names. ,

Required: False ,

}

[

string ,

]

}

key_usage:

{

Description: Defines how the certificate's key may be used. ,

Required: False ,

}

[

string ,

]

validity_months:

{

Description: The duration that the certificate is valid in months. ,

Format: int32 ,

Required: False ,

}

integer ,

}

lifetime_actions:

{

Description: Actions that will be performed by Key Vault over the lifetime of a certificate. ,

Required: False ,

}

[

{

trigger:

{

Description: The condition that will execute the action. ,

Required: False ,

}

{

lifetime_percentage:

{

Description: Percentage of lifetime at which to trigger. Value should be between 1 and 99. ,

Format: int32 ,

Required: False ,

}

integer ,

days_before_expiry:

{

Description: Days before expiry to attempt renewal. Value should be between 1 and validity_in_months multiplied by 27. If validity_in_months is 36, then value should be between 1 and 972 (36 * 27). ,

Format: int32 ,

Required: False ,

}

integer ,

}

action:

{

Description: The action that will be executed. ,

Required: False ,

}

{

action_type:

{

Description: The type of the action. ,

Enum:

{

EmailContacts: A certificate policy that will email certificate contacts. ,

AutoRenew: A certificate policy that will auto-renew a certificate. ,

}

Required: False ,

}

enum ,

}

]

issuer:

{

Description: Parameters for the issuer of the X509 component of a certificate. ,

Required: False ,

}

{

name:

{

Description: Name of the referenced issuer object or reserved names; for example, 'Self' or 'Unknown'. ,

Required: False ,

}

string ,

cty:

{

Description: Certificate type as supported by the provider (optional); for example 'OV-SSL', 'EV-SSL' ,

Required: False ,

}

string ,

cert_transparency:

{

Description: Indicates if the certificates generated under this policy should be published to certificate transparency logs. ,

Required: False ,

}

boolean ,

}

attributes:

{

Description: The certificate attributes. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

}

attributes:

{

Description: The attributes of the certificate (optional). ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

}

tags:

{

Description: Application specific metadata in the form of key-value pairs. ,

Required: False ,

}

object ,

}

⚐ Response (202)

{

id:

{

Description: The certificate id. ,

Required: False ,

}

string ,

issuer:

{

Description: Parameters for the issuer of the X509 component of a certificate. ,

Required: False ,

}

{

name:

{

Description: Name of the referenced issuer object or reserved names; for example, 'Self' or 'Unknown'. ,

Required: False ,

}

string ,

cty:

{

Description: Certificate type as supported by the provider (optional); for example 'OV-SSL', 'EV-SSL' ,

Required: False ,

}

string ,

cert_transparency:

{

Description: Indicates if the certificates generated under this policy should be published to certificate transparency logs. ,

Required: False ,

}

boolean ,

}

csr:

{

Description: The certificate signing request (CSR) that is being used in the certificate operation. ,

Format: byte ,

Required: False ,

}

string ,

cancellation_requested:

{

Description: Indicates if cancellation was requested on the certificate operation. ,

Required: False ,

}

boolean ,

status:

{

Description: Status of the certificate operation. ,

Required: False ,

}

string ,

status_details:

{

Description: The status details of the certificate operation. ,

Required: False ,

}

string ,

error:

{

Description: Error encountered, if any, during the certificate operation. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

target:

{

Description: Location which contains the result of the certificate operation. ,

Required: False ,

}

string ,

request_id:

{

Description: Identifier for the certificate operation. ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

ImportCertificate (updated)

Description	: Imports an existing valid certificate, containing a private key, into Azure Key Vault. This operation requires the certificates/import permission. The certificate to be imported can be in either PFX or PEM format. If the certificate is in PEM format the PEM file must contain the key as well as x509 certificates. Key Vault will only accept a key in PKCS#8 format.
Reference	: Link ¶

⚶ Changes

{
  "#id": "ImportCertificate",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    },
    {
      "parameters": {
        "$properties": {
          "policy": [
            {
              "key_props": [
                {
                  "#name": "kty",
                  "Enum": {
                    "new": [
                      [
                        "EC",
                        "Elliptic Curve."
                      ],
                      [
                        "EC-HSM",
                        "Elliptic Curve with a private key which is not exportable from the HSM."
                      ],
                      [
                        "RSA",
                        "RSA (https://tools.ietf.org/html/rfc3447)."
                      ],
                      [
                        "RSA-HSM",
                        "RSA with a private key which is not exportable from the HSM."
                      ],
                      [
                        "oct",
                        "Octet sequence (used to represent symmetric keys)."
                      ],
                      [
                        "oct-HSM",
                        "Octet sequence with a private key which is not exportable from the HSM."
                      ]
                    ],
                    "old": [
                      [
                        "EC",
                        ""
                      ],
                      [
                        "EC-HSM",
                        ""
                      ],
                      [
                        "RSA",
                        ""
                      ],
                      [
                        "RSA-HSM",
                        ""
                      ],
                      [
                        "oct",
                        ""
                      ],
                      [
                        "oct-HSM",
                        ""
                      ]
                    ]
                  }
                },
                {
                  "#name": "crv",
                  "Enum": {
                    "new": [
                      [
                        "P-256",
                        "The NIST P-256 elliptic curve, AKA SECG curve SECP256R1."
                      ],
                      [
                        "P-384",
                        "The NIST P-384 elliptic curve, AKA SECG curve SECP384R1."
                      ],
                      [
                        "P-521",
                        "The NIST P-521 elliptic curve, AKA SECG curve SECP521R1."
                      ],
                      [
                        "P-256K",
                        "The SECG SECP256K1 elliptic curve."
                      ]
                    ],
                    "old": [
                      [
                        "P-256",
                        ""
                      ],
                      [
                        "P-384",
                        ""
                      ],
                      [
                        "P-521",
                        ""
                      ],
                      [
                        "P-256K",
                        ""
                      ]
                    ]
                  }
                }
              ]
            },
            {
              "x509_props": [
                {
                  "key_usage": {
                    "Enum": {
                      "new": [
                        [
                          "digitalSignature",
                          "Indicates that the certificate key can be used as a digital signature."
                        ],
                        [
                          "nonRepudiation",
                          "Indicates that the certificate key can be used for authentication."
                        ],
                        [
                          "keyEncipherment",
                          "Indicates that the certificate key can be used for key encryption."
                        ],
                        [
                          "dataEncipherment",
                          "Indicates that the certificate key can be used for data encryption."
                        ],
                        [
                          "keyAgreement",
                          "Indicates that the certificate key can be used to determine key agreement, such as a key created using the Diffie-Hellman key agreement algorithm."
                        ],
                        [
                          "keyCertSign",
                          "Indicates that the certificate key can be used to sign certificates."
                        ],
                        [
                          "cRLSign",
                          "Indicates that the certificate key can be used to sign a certificate revocation list."
                        ],
                        [
                          "encipherOnly",
                          "Indicates that the certificate key can be used for encryption only."
                        ],
                        [
                          "decipherOnly",
                          "Indicates that the certificate key can be used for decryption only."
                        ]
                      ],
                      "old": [
                        [
                          "digitalSignature",
                          ""
                        ],
                        [
                          "nonRepudiation",
                          ""
                        ],
                        [
                          "keyEncipherment",
                          ""
                        ],
                        [
                          "dataEncipherment",
                          ""
                        ],
                        [
                          "keyAgreement",
                          ""
                        ],
                        [
                          "keyCertSign",
                          ""
                        ],
                        [
                          "cRLSign",
                          ""
                        ],
                        [
                          "encipherOnly",
                          ""
                        ],
                        [
                          "decipherOnly",
                          ""
                        ]
                      ]
                    }
                  }
                }
              ]
            },
            {
              "lifetime_actions": {
                "$properties": {
                  "action": [
                    {
                      "#name": "action_type",
                      "Enum": {
                        "new": [
                          [
                            "EmailContacts",
                            "A certificate policy that will email certificate contacts."
                          ],
                          [
                            "AutoRenew",
                            "A certificate policy that will auto-renew a certificate."
                          ]
                        ],
                        "old": [
                          [
                            "EmailContacts",
                            ""
                          ],
                          [
                            "AutoRenew",
                            ""
                          ]
                        ]
                      }
                    }
                  ]
                }
              }
            },
            {
              "attributes": [
                {
                  "@added_cc2a2c6946a547b0be99cc07406db2cd": {
                    "#name": "enabled",
                    "Description": "Determines whether the object is enabled.",
                    "Required": false,
                    "Type": "boolean"
                  }
                },
                {
                  "@added_a32e27103da046b2b463ba636211f18b": {
                    "#name": "nbf",
                    "Description": "Not before date in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  }
                },
                {
                  "@added_b26c422e4994445abfba5cedf70a93e9": {
                    "#name": "exp",
                    "Description": "Expiry date in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  }
                },
                {
                  "@added_da11aa4eaaf84c4d972e982796def6bd": {
                    "#name": "created",
                    "Description": "Creation time in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  }
                },
                {
                  "@added_b63f0766657b4453ad4cdc8c5fabff06": {
                    "#name": "updated",
                    "Description": "Last updated time in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  }
                },
                {
                  "#name": "recoveryLevel",
                  "Enum": {
                    "new": [
                      [
                        "Purgeable",
                        "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                      ],
                      [
                        "Recoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "CustomizedRecoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                      ],
                      [
                        "CustomizedRecoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                      ],
                      [
                        "CustomizedRecoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                      ]
                    ],
                    "old": [
                      [
                        "Purgeable",
                        "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                      ],
                      [
                        "Recoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "CustomizedRecoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                      ],
                      [
                        "CustomizedRecoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                      ],
                      [
                        "CustomizedRecoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7<= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                      ]
                    ]
                  }
                }
              ]
            }
          ],
          "attributes": [
            {
              "@added_a81942a115384090af676f601bfce12e": {
                "#name": "enabled",
                "Description": "Determines whether the object is enabled.",
                "Required": false,
                "Type": "boolean"
              }
            },
            {
              "@added_66e69b3a0dcf45c48d1352a879201856": {
                "#name": "nbf",
                "Description": "Not before date in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_630613d0729547cc83ad5b2c6147187c": {
                "#name": "exp",
                "Description": "Expiry date in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_29cbd05d4738429aa9df10a64986baeb": {
                "#name": "created",
                "Description": "Creation time in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_f25ac36922b448308b4d9e03172a1649": {
                "#name": "updated",
                "Description": "Last updated time in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "#name": "recoveryLevel",
              "Enum": {
                "new": [
                  [
                    "Purgeable",
                    "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                  ],
                  [
                    "Recoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "CustomizedRecoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                  ],
                  [
                    "CustomizedRecoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                  ],
                  [
                    "CustomizedRecoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                  ]
                ],
                "old": [
                  [
                    "Purgeable",
                    "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                  ],
                  [
                    "Recoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "CustomizedRecoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                  ],
                  [
                    "CustomizedRecoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                  ],
                  [
                    "CustomizedRecoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7<= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                  ]
                ]
              }
            }
          ]
        }
      }
    }
  ],
  "$responses": {
    "200": {
      "$properties": [
        {
          "policy": [
            {
              "key_props": [
                {
                  "#name": "kty",
                  "Enum": {
                    "new": [
                      [
                        "EC",
                        "Elliptic Curve."
                      ],
                      [
                        "EC-HSM",
                        "Elliptic Curve with a private key which is not exportable from the HSM."
                      ],
                      [
                        "RSA",
                        "RSA (https://tools.ietf.org/html/rfc3447)."
                      ],
                      [
                        "RSA-HSM",
                        "RSA with a private key which is not exportable from the HSM."
                      ],
                      [
                        "oct",
                        "Octet sequence (used to represent symmetric keys)."
                      ],
                      [
                        "oct-HSM",
                        "Octet sequence with a private key which is not exportable from the HSM."
                      ]
                    ],
                    "old": [
                      [
                        "EC",
                        ""
                      ],
                      [
                        "EC-HSM",
                        ""
                      ],
                      [
                        "RSA",
                        ""
                      ],
                      [
                        "RSA-HSM",
                        ""
                      ],
                      [
                        "oct",
                        ""
                      ],
                      [
                        "oct-HSM",
                        ""
                      ]
                    ]
                  }
                },
                {
                  "#name": "crv",
                  "Enum": {
                    "new": [
                      [
                        "P-256",
                        "The NIST P-256 elliptic curve, AKA SECG curve SECP256R1."
                      ],
                      [
                        "P-384",
                        "The NIST P-384 elliptic curve, AKA SECG curve SECP384R1."
                      ],
                      [
                        "P-521",
                        "The NIST P-521 elliptic curve, AKA SECG curve SECP521R1."
                      ],
                      [
                        "P-256K",
                        "The SECG SECP256K1 elliptic curve."
                      ]
                    ],
                    "old": [
                      [
                        "P-256",
                        ""
                      ],
                      [
                        "P-384",
                        ""
                      ],
                      [
                        "P-521",
                        ""
                      ],
                      [
                        "P-256K",
                        ""
                      ]
                    ]
                  }
                }
              ]
            },
            {
              "x509_props": [
                {
                  "key_usage": {
                    "Enum": {
                      "new": [
                        [
                          "digitalSignature",
                          "Indicates that the certificate key can be used as a digital signature."
                        ],
                        [
                          "nonRepudiation",
                          "Indicates that the certificate key can be used for authentication."
                        ],
                        [
                          "keyEncipherment",
                          "Indicates that the certificate key can be used for key encryption."
                        ],
                        [
                          "dataEncipherment",
                          "Indicates that the certificate key can be used for data encryption."
                        ],
                        [
                          "keyAgreement",
                          "Indicates that the certificate key can be used to determine key agreement, such as a key created using the Diffie-Hellman key agreement algorithm."
                        ],
                        [
                          "keyCertSign",
                          "Indicates that the certificate key can be used to sign certificates."
                        ],
                        [
                          "cRLSign",
                          "Indicates that the certificate key can be used to sign a certificate revocation list."
                        ],
                        [
                          "encipherOnly",
                          "Indicates that the certificate key can be used for encryption only."
                        ],
                        [
                          "decipherOnly",
                          "Indicates that the certificate key can be used for decryption only."
                        ]
                      ],
                      "old": [
                        [
                          "digitalSignature",
                          ""
                        ],
                        [
                          "nonRepudiation",
                          ""
                        ],
                        [
                          "keyEncipherment",
                          ""
                        ],
                        [
                          "dataEncipherment",
                          ""
                        ],
                        [
                          "keyAgreement",
                          ""
                        ],
                        [
                          "keyCertSign",
                          ""
                        ],
                        [
                          "cRLSign",
                          ""
                        ],
                        [
                          "encipherOnly",
                          ""
                        ],
                        [
                          "decipherOnly",
                          ""
                        ]
                      ]
                    }
                  }
                }
              ]
            },
            {
              "lifetime_actions": {
                "$properties": {
                  "action": [
                    {
                      "#name": "action_type",
                      "Enum": {
                        "new": [
                          [
                            "EmailContacts",
                            "A certificate policy that will email certificate contacts."
                          ],
                          [
                            "AutoRenew",
                            "A certificate policy that will auto-renew a certificate."
                          ]
                        ],
                        "old": [
                          [
                            "EmailContacts",
                            ""
                          ],
                          [
                            "AutoRenew",
                            ""
                          ]
                        ]
                      }
                    }
                  ]
                }
              }
            },
            {
              "attributes": [
                {
                  "@added_1608744684cf47578621ea08b24e638c": {
                    "#name": "enabled",
                    "Description": "Determines whether the object is enabled.",
                    "Required": false,
                    "Type": "boolean"
                  }
                },
                {
                  "@added_7dcb67942f8c4c24a300005e476164e8": {
                    "#name": "nbf",
                    "Description": "Not before date in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  }
                },
                {
                  "@added_4fd875bd699d40498e28a9eb8ec59b59": {
                    "#name": "exp",
                    "Description": "Expiry date in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  }
                },
                {
                  "@added_6e49159554db40959c7197386d8355aa": {
                    "#name": "created",
                    "Description": "Creation time in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  }
                },
                {
                  "@added_d63aaf9ccc60408988ace1a0dea2ae2a": {
                    "#name": "updated",
                    "Description": "Last updated time in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  }
                },
                {
                  "#name": "recoveryLevel",
                  "Enum": {
                    "new": [
                      [
                        "Purgeable",
                        "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                      ],
                      [
                        "Recoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "CustomizedRecoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                      ],
                      [
                        "CustomizedRecoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                      ],
                      [
                        "CustomizedRecoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                      ]
                    ],
                    "old": [
                      [
                        "Purgeable",
                        "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                      ],
                      [
                        "Recoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "CustomizedRecoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                      ],
                      [
                        "CustomizedRecoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                      ],
                      [
                        "CustomizedRecoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7<= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                      ]
                    ]
                  }
                }
              ]
            }
          ]
        },
        {
          "#name": "contentType",
          "Description": {
            "new": "The content type of the secret. eg. 'application/x-pem-file' or 'application/x-pkcs12',",
            "old": "The content type of the secret. eg. 'application/x-pem-file' or 'application/x-pkcs12', "
          }
        },
        {
          "attributes": [
            {
              "@added_12a2e325f0984b2fa7356fbe42f8b3a4": {
                "#name": "enabled",
                "Description": "Determines whether the object is enabled.",
                "Required": false,
                "Type": "boolean"
              }
            },
            {
              "@added_0b1f3f90e06e492891b982998d7dca2b": {
                "#name": "nbf",
                "Description": "Not before date in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_5efd0e6201f84b78859c44513d559704": {
                "#name": "exp",
                "Description": "Expiry date in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_a1946d9368904f9f90124ef811f59cf0": {
                "#name": "created",
                "Description": "Creation time in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_9a51bec680114c5595075b32b9998a86": {
                "#name": "updated",
                "Description": "Last updated time in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "#name": "recoveryLevel",
              "Enum": {
                "new": [
                  [
                    "Purgeable",
                    "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                  ],
                  [
                    "Recoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "CustomizedRecoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                  ],
                  [
                    "CustomizedRecoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                  ],
                  [
                    "CustomizedRecoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                  ]
                ],
                "old": [
                  [
                    "Purgeable",
                    "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                  ],
                  [
                    "Recoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "CustomizedRecoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                  ],
                  [
                    "CustomizedRecoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                  ],
                  [
                    "CustomizedRecoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7<= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                  ]
                ]
              }
            }
          ]
        }
      ]
    }
  }
}

⚼ Request

POST: /certificates/{certificate-name}/import

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

certificate-name:

{

Required: True ,

}

string ,

parameters:

{

Description: The parameters to import the certificate. ,

Required: True ,

}

{

value:

{

Description: Base64 encoded representation of the certificate object to import. This certificate needs to contain the private key. ,

Required: True ,

}

string ,

pwd:

{

Description: If the private key in base64EncodedCertificate is encrypted, the password used for encryption. ,

Required: False ,

}

string ,

policy:

{

Description: The management policy for the certificate. ,

Required: False ,

}

{

id:

{

Description: The certificate id. ,

Required: False ,

}

string ,

key_props:

{

Description: Properties of the key backing a certificate. ,

Required: False ,

}

{

exportable:

{

Description: Indicates if the private key can be exported. Release policy must be provided when creating the first version of an exportable key. ,

Required: False ,

}

boolean ,

kty:

{

Description: The type of key pair to be used for the certificate. ,

Enum:

{

EC: Elliptic Curve. ,

EC-HSM: Elliptic Curve with a private key which is not exportable from the HSM. ,

RSA: RSA (https://tools.ietf.org/html/rfc3447). ,

RSA-HSM: RSA with a private key which is not exportable from the HSM. ,

oct: Octet sequence (used to represent symmetric keys). ,

oct-HSM: Octet sequence with a private key which is not exportable from the HSM. ,

}

Required: False ,

}

enum ,

key_size:

{

Description: The key size in bits. For example: 2048, 3072, or 4096 for RSA. ,

Format: int32 ,

Required: False ,

}

integer ,

reuse_key:

{

Description: Indicates if the same key pair will be used on certificate renewal. ,

Required: False ,

}

boolean ,

crv:

{

Description: Elliptic curve name. For valid values, see JsonWebKeyCurveName. ,

Enum:

{

P-256: The NIST P-256 elliptic curve, AKA SECG curve SECP256R1. ,

P-384: The NIST P-384 elliptic curve, AKA SECG curve SECP384R1. ,

P-521: The NIST P-521 elliptic curve, AKA SECG curve SECP521R1. ,

P-256K: The SECG SECP256K1 elliptic curve. ,

}

Required: False ,

}

enum ,

}

secret_props:

{

Description: Properties of the secret backing a certificate. ,

Required: False ,

}

{

contentType:

{

Description: The media type (MIME type). ,

Required: False ,

}

string ,

}

x509_props:

{

Description: Properties of the X509 component of a certificate. ,

Required: False ,

}

{

subject:

{

Description: The subject name. Should be a valid X509 distinguished Name. ,

Required: False ,

}

string ,

ekus:

{

Description: The enhanced key usage. ,

Required: False ,

}

[

string ,

]

sans:

{

Description: The subject alternative names. ,

Required: False ,

}

{

emails:

{

Description: Email addresses. ,

Required: False ,

}

[

string ,

]

dns_names:

{

Description: Domain names. ,

Required: False ,

}

[

string ,

]

upns:

{

Description: User principal names. ,

Required: False ,

}

[

string ,

]

}

key_usage:

{

Description: Defines how the certificate's key may be used. ,

Required: False ,

}

[

string ,

]

validity_months:

{

Description: The duration that the certificate is valid in months. ,

Format: int32 ,

Required: False ,

}

integer ,

}

lifetime_actions:

{

Description: Actions that will be performed by Key Vault over the lifetime of a certificate. ,

Required: False ,

}

[

{

trigger:

{

Description: The condition that will execute the action. ,

Required: False ,

}

{

lifetime_percentage:

{

Description: Percentage of lifetime at which to trigger. Value should be between 1 and 99. ,

Format: int32 ,

Required: False ,

}

integer ,

days_before_expiry:

{

Description: Days before expiry to attempt renewal. Value should be between 1 and validity_in_months multiplied by 27. If validity_in_months is 36, then value should be between 1 and 972 (36 * 27). ,

Format: int32 ,

Required: False ,

}

integer ,

}

action:

{

Description: The action that will be executed. ,

Required: False ,

}

{

action_type:

{

Description: The type of the action. ,

Enum:

{

EmailContacts: A certificate policy that will email certificate contacts. ,

AutoRenew: A certificate policy that will auto-renew a certificate. ,

}

Required: False ,

}

enum ,

}

]

issuer:

{

Description: Parameters for the issuer of the X509 component of a certificate. ,

Required: False ,

}

{

name:

{

Description: Name of the referenced issuer object or reserved names; for example, 'Self' or 'Unknown'. ,

Required: False ,

}

string ,

cty:

{

Description: Certificate type as supported by the provider (optional); for example 'OV-SSL', 'EV-SSL' ,

Required: False ,

}

string ,

cert_transparency:

{

Description: Indicates if the certificates generated under this policy should be published to certificate transparency logs. ,

Required: False ,

}

boolean ,

}

attributes:

{

Description: The certificate attributes. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

}

attributes:

{

Description: The attributes of the certificate (optional). ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

}

tags:

{

Description: Application specific metadata in the form of key-value pairs. ,

Required: False ,

}

object ,

}

⚐ Response (200)

{

id:

{

Description: The certificate id. ,

Required: False ,

}

string ,

kid:

{

Description: The key id. ,

Required: False ,

}

string ,

sid:

{

Description: The secret id. ,

Required: False ,

}

string ,

x5t:

{

Description: Thumbprint of the certificate. ,

Format: base64url ,

Required: False ,

}

string ,

policy:

{

Description: The management policy. ,

Required: False ,

}

{

id:

{

Description: The certificate id. ,

Required: False ,

}

string ,

key_props:

{

Description: Properties of the key backing a certificate. ,

Required: False ,

}

{

exportable:

{

Description: Indicates if the private key can be exported. Release policy must be provided when creating the first version of an exportable key. ,

Required: False ,

}

boolean ,

kty:

{

Description: The type of key pair to be used for the certificate. ,

Enum:

{

EC: Elliptic Curve. ,

EC-HSM: Elliptic Curve with a private key which is not exportable from the HSM. ,

RSA: RSA (https://tools.ietf.org/html/rfc3447). ,

RSA-HSM: RSA with a private key which is not exportable from the HSM. ,

oct: Octet sequence (used to represent symmetric keys). ,

oct-HSM: Octet sequence with a private key which is not exportable from the HSM. ,

}

Required: False ,

}

enum ,

key_size:

{

Description: The key size in bits. For example: 2048, 3072, or 4096 for RSA. ,

Format: int32 ,

Required: False ,

}

integer ,

reuse_key:

{

Description: Indicates if the same key pair will be used on certificate renewal. ,

Required: False ,

}

boolean ,

crv:

{

Description: Elliptic curve name. For valid values, see JsonWebKeyCurveName. ,

Enum:

{

P-256: The NIST P-256 elliptic curve, AKA SECG curve SECP256R1. ,

P-384: The NIST P-384 elliptic curve, AKA SECG curve SECP384R1. ,

P-521: The NIST P-521 elliptic curve, AKA SECG curve SECP521R1. ,

P-256K: The SECG SECP256K1 elliptic curve. ,

}

Required: False ,

}

enum ,

}

secret_props:

{

Description: Properties of the secret backing a certificate. ,

Required: False ,

}

{

contentType:

{

Description: The media type (MIME type). ,

Required: False ,

}

string ,

}

x509_props:

{

Description: Properties of the X509 component of a certificate. ,

Required: False ,

}

{

subject:

{

Description: The subject name. Should be a valid X509 distinguished Name. ,

Required: False ,

}

string ,

ekus:

{

Description: The enhanced key usage. ,

Required: False ,

}

[

string ,

]

sans:

{

Description: The subject alternative names. ,

Required: False ,

}

{

emails:

{

Description: Email addresses. ,

Required: False ,

}

[

string ,

]

dns_names:

{

Description: Domain names. ,

Required: False ,

}

[

string ,

]

upns:

{

Description: User principal names. ,

Required: False ,

}

[

string ,

]

}

key_usage:

{

Description: Defines how the certificate's key may be used. ,

Required: False ,

}

[

string ,

]

validity_months:

{

Description: The duration that the certificate is valid in months. ,

Format: int32 ,

Required: False ,

}

integer ,

}

lifetime_actions:

{

Description: Actions that will be performed by Key Vault over the lifetime of a certificate. ,

Required: False ,

}

[

{

trigger:

{

Description: The condition that will execute the action. ,

Required: False ,

}

{

lifetime_percentage:

{

Description: Percentage of lifetime at which to trigger. Value should be between 1 and 99. ,

Format: int32 ,

Required: False ,

}

integer ,

days_before_expiry:

{

Description: Days before expiry to attempt renewal. Value should be between 1 and validity_in_months multiplied by 27. If validity_in_months is 36, then value should be between 1 and 972 (36 * 27). ,

Format: int32 ,

Required: False ,

}

integer ,

}

action:

{

Description: The action that will be executed. ,

Required: False ,

}

{

action_type:

{

Description: The type of the action. ,

Enum:

{

EmailContacts: A certificate policy that will email certificate contacts. ,

AutoRenew: A certificate policy that will auto-renew a certificate. ,

}

Required: False ,

}

enum ,

}

]

issuer:

{

Description: Parameters for the issuer of the X509 component of a certificate. ,

Required: False ,

}

{

name:

{

Description: Name of the referenced issuer object or reserved names; for example, 'Self' or 'Unknown'. ,

Required: False ,

}

string ,

cty:

{

Description: Certificate type as supported by the provider (optional); for example 'OV-SSL', 'EV-SSL' ,

Required: False ,

}

string ,

cert_transparency:

{

Description: Indicates if the certificates generated under this policy should be published to certificate transparency logs. ,

Required: False ,

}

boolean ,

}

attributes:

{

Description: The certificate attributes. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

}

cer:

{

Description: CER contents of x509 certificate. ,

Format: byte ,

Required: False ,

}

string ,

contentType:

{

Description: The content type of the secret. eg. 'application/x-pem-file' or 'application/x-pkcs12', ,

Required: False ,

}

string ,

attributes:

{

Description: The certificate attributes. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

}

tags:

{

Description: Application specific metadata in the form of key-value pairs ,

Required: False ,

}

object ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

GetCertificateOperation (updated)

Description	: Gets the creation operation associated with a specified certificate. This operation requires the certificates/get permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "GetCertificateOperation",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    }
  ]
}

⚼ Request

GET: /certificates/{certificate-name}/pending

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

certificate-name:

{

Description: The name of the certificate. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

id:

{

Description: The certificate id. ,

Required: False ,

}

string ,

issuer:

{

Description: Parameters for the issuer of the X509 component of a certificate. ,

Required: False ,

}

{

name:

{

Description: Name of the referenced issuer object or reserved names; for example, 'Self' or 'Unknown'. ,

Required: False ,

}

string ,

cty:

{

Description: Certificate type as supported by the provider (optional); for example 'OV-SSL', 'EV-SSL' ,

Required: False ,

}

string ,

cert_transparency:

{

Description: Indicates if the certificates generated under this policy should be published to certificate transparency logs. ,

Required: False ,

}

boolean ,

}

csr:

{

Description: The certificate signing request (CSR) that is being used in the certificate operation. ,

Format: byte ,

Required: False ,

}

string ,

cancellation_requested:

{

Description: Indicates if cancellation was requested on the certificate operation. ,

Required: False ,

}

boolean ,

status:

{

Description: Status of the certificate operation. ,

Required: False ,

}

string ,

status_details:

{

Description: The status details of the certificate operation. ,

Required: False ,

}

string ,

error:

{

Description: Error encountered, if any, during the certificate operation. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

target:

{

Description: Location which contains the result of the certificate operation. ,

Required: False ,

}

string ,

request_id:

{

Description: Identifier for the certificate operation. ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

UpdateCertificateOperation (updated)

Description	: Updates a certificate creation operation that is already in progress. This operation requires the certificates/update permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "UpdateCertificateOperation",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    }
  ]
}

⚼ Request

PATCH: /certificates/{certificate-name}/pending

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

certificate-name:

{

Description: The name of the certificate. ,

Required: True ,

}

string ,

certificateOperation:

{

Description: The certificate operation response. ,

Required: True ,

}

{

cancellation_requested:

{

Description: Indicates if cancellation was requested on the certificate operation. ,

Required: True ,

}

boolean ,

}

⚐ Response (200)

{

id:

{

Description: The certificate id. ,

Required: False ,

}

string ,

issuer:

{

Description: Parameters for the issuer of the X509 component of a certificate. ,

Required: False ,

}

{

name:

{

Description: Name of the referenced issuer object or reserved names; for example, 'Self' or 'Unknown'. ,

Required: False ,

}

string ,

cty:

{

Description: Certificate type as supported by the provider (optional); for example 'OV-SSL', 'EV-SSL' ,

Required: False ,

}

string ,

cert_transparency:

{

Description: Indicates if the certificates generated under this policy should be published to certificate transparency logs. ,

Required: False ,

}

boolean ,

}

csr:

{

Description: The certificate signing request (CSR) that is being used in the certificate operation. ,

Format: byte ,

Required: False ,

}

string ,

cancellation_requested:

{

Description: Indicates if cancellation was requested on the certificate operation. ,

Required: False ,

}

boolean ,

status:

{

Description: Status of the certificate operation. ,

Required: False ,

}

string ,

status_details:

{

Description: The status details of the certificate operation. ,

Required: False ,

}

string ,

error:

{

Description: Error encountered, if any, during the certificate operation. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

target:

{

Description: Location which contains the result of the certificate operation. ,

Required: False ,

}

string ,

request_id:

{

Description: Identifier for the certificate operation. ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

DeleteCertificateOperation (updated)

Description	: Deletes the creation operation for a specified certificate that is in the process of being created. The certificate is no longer created. This operation requires the certificates/update permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "DeleteCertificateOperation",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    }
  ]
}

⚼ Request

DELETE: /certificates/{certificate-name}/pending

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

certificate-name:

{

Description: The name of the certificate. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

id:

{

Description: The certificate id. ,

Required: False ,

}

string ,

issuer:

{

Description: Parameters for the issuer of the X509 component of a certificate. ,

Required: False ,

}

{

name:

{

Description: Name of the referenced issuer object or reserved names; for example, 'Self' or 'Unknown'. ,

Required: False ,

}

string ,

cty:

{

Description: Certificate type as supported by the provider (optional); for example 'OV-SSL', 'EV-SSL' ,

Required: False ,

}

string ,

cert_transparency:

{

Description: Indicates if the certificates generated under this policy should be published to certificate transparency logs. ,

Required: False ,

}

boolean ,

}

csr:

{

Description: The certificate signing request (CSR) that is being used in the certificate operation. ,

Format: byte ,

Required: False ,

}

string ,

cancellation_requested:

{

Description: Indicates if cancellation was requested on the certificate operation. ,

Required: False ,

}

boolean ,

status:

{

Description: Status of the certificate operation. ,

Required: False ,

}

string ,

status_details:

{

Description: The status details of the certificate operation. ,

Required: False ,

}

string ,

error:

{

Description: Error encountered, if any, during the certificate operation. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

target:

{

Description: Location which contains the result of the certificate operation. ,

Required: False ,

}

string ,

request_id:

{

Description: Identifier for the certificate operation. ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

MergeCertificate (updated)

Description	: The MergeCertificate operation performs the merging of a certificate or certificate chain with a key pair currently available in the service. This operation requires the certificates/create permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "MergeCertificate",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    },
    {
      "parameters": {
        "$properties": {
          "attributes": [
            {
              "@added_91144aa31e144f6eb2fdfc905f09874e": {
                "#name": "enabled",
                "Description": "Determines whether the object is enabled.",
                "Required": false,
                "Type": "boolean"
              }
            },
            {
              "@added_52525af409794ff48c24df4780d54a35": {
                "#name": "nbf",
                "Description": "Not before date in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_5ed1673ae5ef4158ac9faa991fa6df08": {
                "#name": "exp",
                "Description": "Expiry date in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_71592d780378470d9ce66b7324eb4be0": {
                "#name": "created",
                "Description": "Creation time in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_0c3ba71ff4b24b939cc59bc4ada33448": {
                "#name": "updated",
                "Description": "Last updated time in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "#name": "recoveryLevel",
              "Enum": {
                "new": [
                  [
                    "Purgeable",
                    "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                  ],
                  [
                    "Recoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "CustomizedRecoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                  ],
                  [
                    "CustomizedRecoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                  ],
                  [
                    "CustomizedRecoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                  ]
                ],
                "old": [
                  [
                    "Purgeable",
                    "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                  ],
                  [
                    "Recoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "CustomizedRecoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                  ],
                  [
                    "CustomizedRecoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                  ],
                  [
                    "CustomizedRecoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7<= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                  ]
                ]
              }
            }
          ]
        }
      }
    }
  ],
  "$responses": {
    "201": {
      "$properties": [
        {
          "policy": [
            {
              "key_props": [
                {
                  "#name": "kty",
                  "Enum": {
                    "new": [
                      [
                        "EC",
                        "Elliptic Curve."
                      ],
                      [
                        "EC-HSM",
                        "Elliptic Curve with a private key which is not exportable from the HSM."
                      ],
                      [
                        "RSA",
                        "RSA (https://tools.ietf.org/html/rfc3447)."
                      ],
                      [
                        "RSA-HSM",
                        "RSA with a private key which is not exportable from the HSM."
                      ],
                      [
                        "oct",
                        "Octet sequence (used to represent symmetric keys)."
                      ],
                      [
                        "oct-HSM",
                        "Octet sequence with a private key which is not exportable from the HSM."
                      ]
                    ],
                    "old": [
                      [
                        "EC",
                        ""
                      ],
                      [
                        "EC-HSM",
                        ""
                      ],
                      [
                        "RSA",
                        ""
                      ],
                      [
                        "RSA-HSM",
                        ""
                      ],
                      [
                        "oct",
                        ""
                      ],
                      [
                        "oct-HSM",
                        ""
                      ]
                    ]
                  }
                },
                {
                  "#name": "crv",
                  "Enum": {
                    "new": [
                      [
                        "P-256",
                        "The NIST P-256 elliptic curve, AKA SECG curve SECP256R1."
                      ],
                      [
                        "P-384",
                        "The NIST P-384 elliptic curve, AKA SECG curve SECP384R1."
                      ],
                      [
                        "P-521",
                        "The NIST P-521 elliptic curve, AKA SECG curve SECP521R1."
                      ],
                      [
                        "P-256K",
                        "The SECG SECP256K1 elliptic curve."
                      ]
                    ],
                    "old": [
                      [
                        "P-256",
                        ""
                      ],
                      [
                        "P-384",
                        ""
                      ],
                      [
                        "P-521",
                        ""
                      ],
                      [
                        "P-256K",
                        ""
                      ]
                    ]
                  }
                }
              ]
            },
            {
              "x509_props": [
                {
                  "key_usage": {
                    "Enum": {
                      "new": [
                        [
                          "digitalSignature",
                          "Indicates that the certificate key can be used as a digital signature."
                        ],
                        [
                          "nonRepudiation",
                          "Indicates that the certificate key can be used for authentication."
                        ],
                        [
                          "keyEncipherment",
                          "Indicates that the certificate key can be used for key encryption."
                        ],
                        [
                          "dataEncipherment",
                          "Indicates that the certificate key can be used for data encryption."
                        ],
                        [
                          "keyAgreement",
                          "Indicates that the certificate key can be used to determine key agreement, such as a key created using the Diffie-Hellman key agreement algorithm."
                        ],
                        [
                          "keyCertSign",
                          "Indicates that the certificate key can be used to sign certificates."
                        ],
                        [
                          "cRLSign",
                          "Indicates that the certificate key can be used to sign a certificate revocation list."
                        ],
                        [
                          "encipherOnly",
                          "Indicates that the certificate key can be used for encryption only."
                        ],
                        [
                          "decipherOnly",
                          "Indicates that the certificate key can be used for decryption only."
                        ]
                      ],
                      "old": [
                        [
                          "digitalSignature",
                          ""
                        ],
                        [
                          "nonRepudiation",
                          ""
                        ],
                        [
                          "keyEncipherment",
                          ""
                        ],
                        [
                          "dataEncipherment",
                          ""
                        ],
                        [
                          "keyAgreement",
                          ""
                        ],
                        [
                          "keyCertSign",
                          ""
                        ],
                        [
                          "cRLSign",
                          ""
                        ],
                        [
                          "encipherOnly",
                          ""
                        ],
                        [
                          "decipherOnly",
                          ""
                        ]
                      ]
                    }
                  }
                }
              ]
            },
            {
              "lifetime_actions": {
                "$properties": {
                  "action": [
                    {
                      "#name": "action_type",
                      "Enum": {
                        "new": [
                          [
                            "EmailContacts",
                            "A certificate policy that will email certificate contacts."
                          ],
                          [
                            "AutoRenew",
                            "A certificate policy that will auto-renew a certificate."
                          ]
                        ],
                        "old": [
                          [
                            "EmailContacts",
                            ""
                          ],
                          [
                            "AutoRenew",
                            ""
                          ]
                        ]
                      }
                    }
                  ]
                }
              }
            },
            {
              "attributes": [
                {
                  "@added_a72b1e8782524372a4261fa8dd80e6f5": {
                    "#name": "enabled",
                    "Description": "Determines whether the object is enabled.",
                    "Required": false,
                    "Type": "boolean"
                  }
                },
                {
                  "@added_4442b242db76456884a178c71c69eeda": {
                    "#name": "nbf",
                    "Description": "Not before date in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  }
                },
                {
                  "@added_b3a19b4fc88342d3b88c3aa4bfd9b801": {
                    "#name": "exp",
                    "Description": "Expiry date in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  }
                },
                {
                  "@added_a4e0057594f34a69aadf77cee5fae5f8": {
                    "#name": "created",
                    "Description": "Creation time in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  }
                },
                {
                  "@added_353a397be71141919c36e8ed25b4d995": {
                    "#name": "updated",
                    "Description": "Last updated time in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  }
                },
                {
                  "#name": "recoveryLevel",
                  "Enum": {
                    "new": [
                      [
                        "Purgeable",
                        "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                      ],
                      [
                        "Recoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "CustomizedRecoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                      ],
                      [
                        "CustomizedRecoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                      ],
                      [
                        "CustomizedRecoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                      ]
                    ],
                    "old": [
                      [
                        "Purgeable",
                        "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                      ],
                      [
                        "Recoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "CustomizedRecoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                      ],
                      [
                        "CustomizedRecoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                      ],
                      [
                        "CustomizedRecoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7<= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                      ]
                    ]
                  }
                }
              ]
            }
          ]
        },
        {
          "#name": "contentType",
          "Description": {
            "new": "The content type of the secret. eg. 'application/x-pem-file' or 'application/x-pkcs12',",
            "old": "The content type of the secret. eg. 'application/x-pem-file' or 'application/x-pkcs12', "
          }
        },
        {
          "attributes": [
            {
              "@added_a5e176bbf510426ba754fda2dc537668": {
                "#name": "enabled",
                "Description": "Determines whether the object is enabled.",
                "Required": false,
                "Type": "boolean"
              }
            },
            {
              "@added_aab472892f254d44a0699f65aa5d2c1e": {
                "#name": "nbf",
                "Description": "Not before date in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_b1749248ca3541dd8b96ffc94f5cecee": {
                "#name": "exp",
                "Description": "Expiry date in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_0123782a654444fb9fdd26170d5cd8ef": {
                "#name": "created",
                "Description": "Creation time in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_1c9d6579797549fe9c41d195adac313c": {
                "#name": "updated",
                "Description": "Last updated time in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "#name": "recoveryLevel",
              "Enum": {
                "new": [
                  [
                    "Purgeable",
                    "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                  ],
                  [
                    "Recoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "CustomizedRecoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                  ],
                  [
                    "CustomizedRecoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                  ],
                  [
                    "CustomizedRecoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                  ]
                ],
                "old": [
                  [
                    "Purgeable",
                    "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                  ],
                  [
                    "Recoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "CustomizedRecoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                  ],
                  [
                    "CustomizedRecoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                  ],
                  [
                    "CustomizedRecoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7<= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                  ]
                ]
              }
            }
          ]
        }
      ]
    }
  }
}

⚼ Request

POST: /certificates/{certificate-name}/pending/merge

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

certificate-name:

{

Description: The name of the certificate. ,

Required: True ,

}

string ,

parameters:

{

Description: The parameters to merge certificate. ,

Required: True ,

}

{

x5c:

{

Description: The certificate or the certificate chain to merge. ,

Required: True ,

}

[

string ,

]

attributes:

{

Description: The attributes of the certificate (optional). ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

}

tags:

{

Description: Application specific metadata in the form of key-value pairs. ,

Required: False ,

}

object ,

}

⚐ Response (201)

{

id:

{

Description: The certificate id. ,

Required: False ,

}

string ,

kid:

{

Description: The key id. ,

Required: False ,

}

string ,

sid:

{

Description: The secret id. ,

Required: False ,

}

string ,

x5t:

{

Description: Thumbprint of the certificate. ,

Format: base64url ,

Required: False ,

}

string ,

policy:

{

Description: The management policy. ,

Required: False ,

}

{

id:

{

Description: The certificate id. ,

Required: False ,

}

string ,

key_props:

{

Description: Properties of the key backing a certificate. ,

Required: False ,

}

{

exportable:

{

Description: Indicates if the private key can be exported. Release policy must be provided when creating the first version of an exportable key. ,

Required: False ,

}

boolean ,

kty:

{

Description: The type of key pair to be used for the certificate. ,

Enum:

{

EC: Elliptic Curve. ,

EC-HSM: Elliptic Curve with a private key which is not exportable from the HSM. ,

RSA: RSA (https://tools.ietf.org/html/rfc3447). ,

RSA-HSM: RSA with a private key which is not exportable from the HSM. ,

oct: Octet sequence (used to represent symmetric keys). ,

oct-HSM: Octet sequence with a private key which is not exportable from the HSM. ,

}

Required: False ,

}

enum ,

key_size:

{

Description: The key size in bits. For example: 2048, 3072, or 4096 for RSA. ,

Format: int32 ,

Required: False ,

}

integer ,

reuse_key:

{

Description: Indicates if the same key pair will be used on certificate renewal. ,

Required: False ,

}

boolean ,

crv:

{

Description: Elliptic curve name. For valid values, see JsonWebKeyCurveName. ,

Enum:

{

P-256: The NIST P-256 elliptic curve, AKA SECG curve SECP256R1. ,

P-384: The NIST P-384 elliptic curve, AKA SECG curve SECP384R1. ,

P-521: The NIST P-521 elliptic curve, AKA SECG curve SECP521R1. ,

P-256K: The SECG SECP256K1 elliptic curve. ,

}

Required: False ,

}

enum ,

}

secret_props:

{

Description: Properties of the secret backing a certificate. ,

Required: False ,

}

{

contentType:

{

Description: The media type (MIME type). ,

Required: False ,

}

string ,

}

x509_props:

{

Description: Properties of the X509 component of a certificate. ,

Required: False ,

}

{

subject:

{

Description: The subject name. Should be a valid X509 distinguished Name. ,

Required: False ,

}

string ,

ekus:

{

Description: The enhanced key usage. ,

Required: False ,

}

[

string ,

]

sans:

{

Description: The subject alternative names. ,

Required: False ,

}

{

emails:

{

Description: Email addresses. ,

Required: False ,

}

[

string ,

]

dns_names:

{

Description: Domain names. ,

Required: False ,

}

[

string ,

]

upns:

{

Description: User principal names. ,

Required: False ,

}

[

string ,

]

}

key_usage:

{

Description: Defines how the certificate's key may be used. ,

Required: False ,

}

[

string ,

]

validity_months:

{

Description: The duration that the certificate is valid in months. ,

Format: int32 ,

Required: False ,

}

integer ,

}

lifetime_actions:

{

Description: Actions that will be performed by Key Vault over the lifetime of a certificate. ,

Required: False ,

}

[

{

trigger:

{

Description: The condition that will execute the action. ,

Required: False ,

}

{

lifetime_percentage:

{

Description: Percentage of lifetime at which to trigger. Value should be between 1 and 99. ,

Format: int32 ,

Required: False ,

}

integer ,

days_before_expiry:

{

Description: Days before expiry to attempt renewal. Value should be between 1 and validity_in_months multiplied by 27. If validity_in_months is 36, then value should be between 1 and 972 (36 * 27). ,

Format: int32 ,

Required: False ,

}

integer ,

}

action:

{

Description: The action that will be executed. ,

Required: False ,

}

{

action_type:

{

Description: The type of the action. ,

Enum:

{

EmailContacts: A certificate policy that will email certificate contacts. ,

AutoRenew: A certificate policy that will auto-renew a certificate. ,

}

Required: False ,

}

enum ,

}

]

issuer:

{

Description: Parameters for the issuer of the X509 component of a certificate. ,

Required: False ,

}

{

name:

{

Description: Name of the referenced issuer object or reserved names; for example, 'Self' or 'Unknown'. ,

Required: False ,

}

string ,

cty:

{

Description: Certificate type as supported by the provider (optional); for example 'OV-SSL', 'EV-SSL' ,

Required: False ,

}

string ,

cert_transparency:

{

Description: Indicates if the certificates generated under this policy should be published to certificate transparency logs. ,

Required: False ,

}

boolean ,

}

attributes:

{

Description: The certificate attributes. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

}

cer:

{

Description: CER contents of x509 certificate. ,

Format: byte ,

Required: False ,

}

string ,

contentType:

{

Description: The content type of the secret. eg. 'application/x-pem-file' or 'application/x-pkcs12', ,

Required: False ,

}

string ,

attributes:

{

Description: The certificate attributes. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

}

tags:

{

Description: Application specific metadata in the form of key-value pairs ,

Required: False ,

}

object ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

GetCertificatePolicy (updated)

Description	: The GetCertificatePolicy operation returns the specified certificate policy resources in the specified key vault. This operation requires the certificates/get permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "GetCertificatePolicy",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    }
  ],
  "$responses": {
    "200": {
      "$properties": {
        "key_props": [
          {
            "#name": "kty",
            "Enum": {
              "new": [
                [
                  "EC",
                  "Elliptic Curve."
                ],
                [
                  "EC-HSM",
                  "Elliptic Curve with a private key which is not exportable from the HSM."
                ],
                [
                  "RSA",
                  "RSA (https://tools.ietf.org/html/rfc3447)."
                ],
                [
                  "RSA-HSM",
                  "RSA with a private key which is not exportable from the HSM."
                ],
                [
                  "oct",
                  "Octet sequence (used to represent symmetric keys)."
                ],
                [
                  "oct-HSM",
                  "Octet sequence with a private key which is not exportable from the HSM."
                ]
              ],
              "old": [
                [
                  "EC",
                  ""
                ],
                [
                  "EC-HSM",
                  ""
                ],
                [
                  "RSA",
                  ""
                ],
                [
                  "RSA-HSM",
                  ""
                ],
                [
                  "oct",
                  ""
                ],
                [
                  "oct-HSM",
                  ""
                ]
              ]
            }
          },
          {
            "#name": "crv",
            "Enum": {
              "new": [
                [
                  "P-256",
                  "The NIST P-256 elliptic curve, AKA SECG curve SECP256R1."
                ],
                [
                  "P-384",
                  "The NIST P-384 elliptic curve, AKA SECG curve SECP384R1."
                ],
                [
                  "P-521",
                  "The NIST P-521 elliptic curve, AKA SECG curve SECP521R1."
                ],
                [
                  "P-256K",
                  "The SECG SECP256K1 elliptic curve."
                ]
              ],
              "old": [
                [
                  "P-256",
                  ""
                ],
                [
                  "P-384",
                  ""
                ],
                [
                  "P-521",
                  ""
                ],
                [
                  "P-256K",
                  ""
                ]
              ]
            }
          }
        ],
        "x509_props": [
          {
            "key_usage": {
              "Enum": {
                "new": [
                  [
                    "digitalSignature",
                    "Indicates that the certificate key can be used as a digital signature."
                  ],
                  [
                    "nonRepudiation",
                    "Indicates that the certificate key can be used for authentication."
                  ],
                  [
                    "keyEncipherment",
                    "Indicates that the certificate key can be used for key encryption."
                  ],
                  [
                    "dataEncipherment",
                    "Indicates that the certificate key can be used for data encryption."
                  ],
                  [
                    "keyAgreement",
                    "Indicates that the certificate key can be used to determine key agreement, such as a key created using the Diffie-Hellman key agreement algorithm."
                  ],
                  [
                    "keyCertSign",
                    "Indicates that the certificate key can be used to sign certificates."
                  ],
                  [
                    "cRLSign",
                    "Indicates that the certificate key can be used to sign a certificate revocation list."
                  ],
                  [
                    "encipherOnly",
                    "Indicates that the certificate key can be used for encryption only."
                  ],
                  [
                    "decipherOnly",
                    "Indicates that the certificate key can be used for decryption only."
                  ]
                ],
                "old": [
                  [
                    "digitalSignature",
                    ""
                  ],
                  [
                    "nonRepudiation",
                    ""
                  ],
                  [
                    "keyEncipherment",
                    ""
                  ],
                  [
                    "dataEncipherment",
                    ""
                  ],
                  [
                    "keyAgreement",
                    ""
                  ],
                  [
                    "keyCertSign",
                    ""
                  ],
                  [
                    "cRLSign",
                    ""
                  ],
                  [
                    "encipherOnly",
                    ""
                  ],
                  [
                    "decipherOnly",
                    ""
                  ]
                ]
              }
            }
          }
        ],
        "lifetime_actions": {
          "$properties": {
            "action": [
              {
                "#name": "action_type",
                "Enum": {
                  "new": [
                    [
                      "EmailContacts",
                      "A certificate policy that will email certificate contacts."
                    ],
                    [
                      "AutoRenew",
                      "A certificate policy that will auto-renew a certificate."
                    ]
                  ],
                  "old": [
                    [
                      "EmailContacts",
                      ""
                    ],
                    [
                      "AutoRenew",
                      ""
                    ]
                  ]
                }
              }
            ]
          }
        },
        "attributes": [
          {
            "@added_8d5b3c98f1fa41b2adcb6293496fcfd5": {
              "#name": "enabled",
              "Description": "Determines whether the object is enabled.",
              "Required": false,
              "Type": "boolean"
            }
          },
          {
            "@added_4f2de676c11f46afa8a3f241197c64ed": {
              "#name": "nbf",
              "Description": "Not before date in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            }
          },
          {
            "@added_fcbf096423df409ca7289d3d17b1d204": {
              "#name": "exp",
              "Description": "Expiry date in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            }
          },
          {
            "@added_57f8e4e2f1244aed818b2700835e9955": {
              "#name": "created",
              "Description": "Creation time in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            }
          },
          {
            "@added_ffcb9e312da64ebebf213209dd4393f0": {
              "#name": "updated",
              "Description": "Last updated time in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            }
          },
          {
            "#name": "recoveryLevel",
            "Enum": {
              "new": [
                [
                  "Purgeable",
                  "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                ],
                [
                  "Recoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "CustomizedRecoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                ],
                [
                  "CustomizedRecoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                ],
                [
                  "CustomizedRecoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                ]
              ],
              "old": [
                [
                  "Purgeable",
                  "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                ],
                [
                  "Recoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "CustomizedRecoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                ],
                [
                  "CustomizedRecoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                ],
                [
                  "CustomizedRecoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7<= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                ]
              ]
            }
          }
        ]
      }
    }
  }
}

⚼ Request

GET: /certificates/{certificate-name}/policy

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

certificate-name:

{

Description: The name of the certificate in a given key vault. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

id:

{

Description: The certificate id. ,

Required: False ,

}

string ,

key_props:

{

Description: Properties of the key backing a certificate. ,

Required: False ,

}

{

exportable:

{

Description: Indicates if the private key can be exported. Release policy must be provided when creating the first version of an exportable key. ,

Required: False ,

}

boolean ,

kty:

{

Description: The type of key pair to be used for the certificate. ,

Enum:

{

EC: Elliptic Curve. ,

EC-HSM: Elliptic Curve with a private key which is not exportable from the HSM. ,

RSA: RSA (https://tools.ietf.org/html/rfc3447). ,

RSA-HSM: RSA with a private key which is not exportable from the HSM. ,

oct: Octet sequence (used to represent symmetric keys). ,

oct-HSM: Octet sequence with a private key which is not exportable from the HSM. ,

}

Required: False ,

}

enum ,

key_size:

{

Description: The key size in bits. For example: 2048, 3072, or 4096 for RSA. ,

Format: int32 ,

Required: False ,

}

integer ,

reuse_key:

{

Description: Indicates if the same key pair will be used on certificate renewal. ,

Required: False ,

}

boolean ,

crv:

{

Description: Elliptic curve name. For valid values, see JsonWebKeyCurveName. ,

Enum:

{

P-256: The NIST P-256 elliptic curve, AKA SECG curve SECP256R1. ,

P-384: The NIST P-384 elliptic curve, AKA SECG curve SECP384R1. ,

P-521: The NIST P-521 elliptic curve, AKA SECG curve SECP521R1. ,

P-256K: The SECG SECP256K1 elliptic curve. ,

}

Required: False ,

}

enum ,

}

secret_props:

{

Description: Properties of the secret backing a certificate. ,

Required: False ,

}

{

contentType:

{

Description: The media type (MIME type). ,

Required: False ,

}

string ,

}

x509_props:

{

Description: Properties of the X509 component of a certificate. ,

Required: False ,

}

{

subject:

{

Description: The subject name. Should be a valid X509 distinguished Name. ,

Required: False ,

}

string ,

ekus:

{

Description: The enhanced key usage. ,

Required: False ,

}

[

string ,

]

sans:

{

Description: The subject alternative names. ,

Required: False ,

}

{

emails:

{

Description: Email addresses. ,

Required: False ,

}

[

string ,

]

dns_names:

{

Description: Domain names. ,

Required: False ,

}

[

string ,

]

upns:

{

Description: User principal names. ,

Required: False ,

}

[

string ,

]

}

key_usage:

{

Description: Defines how the certificate's key may be used. ,

Required: False ,

}

[

string ,

]

validity_months:

{

Description: The duration that the certificate is valid in months. ,

Format: int32 ,

Required: False ,

}

integer ,

}

lifetime_actions:

{

Description: Actions that will be performed by Key Vault over the lifetime of a certificate. ,

Required: False ,

}

[

{

trigger:

{

Description: The condition that will execute the action. ,

Required: False ,

}

{

lifetime_percentage:

{

Description: Percentage of lifetime at which to trigger. Value should be between 1 and 99. ,

Format: int32 ,

Required: False ,

}

integer ,

days_before_expiry:

{

Description: Days before expiry to attempt renewal. Value should be between 1 and validity_in_months multiplied by 27. If validity_in_months is 36, then value should be between 1 and 972 (36 * 27). ,

Format: int32 ,

Required: False ,

}

integer ,

}

action:

{

Description: The action that will be executed. ,

Required: False ,

}

{

action_type:

{

Description: The type of the action. ,

Enum:

{

EmailContacts: A certificate policy that will email certificate contacts. ,

AutoRenew: A certificate policy that will auto-renew a certificate. ,

}

Required: False ,

}

enum ,

}

]

issuer:

{

Description: Parameters for the issuer of the X509 component of a certificate. ,

Required: False ,

}

{

name:

{

Description: Name of the referenced issuer object or reserved names; for example, 'Self' or 'Unknown'. ,

Required: False ,

}

string ,

cty:

{

Description: Certificate type as supported by the provider (optional); for example 'OV-SSL', 'EV-SSL' ,

Required: False ,

}

string ,

cert_transparency:

{

Description: Indicates if the certificates generated under this policy should be published to certificate transparency logs. ,

Required: False ,

}

boolean ,

}

attributes:

{

Description: The certificate attributes. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

UpdateCertificatePolicy (updated)

Description	: Set specified members in the certificate policy. Leave others as null. This operation requires the certificates/update permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "UpdateCertificatePolicy",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    },
    {
      "certificatePolicy": {
        "$properties": {
          "key_props": [
            {
              "#name": "kty",
              "Enum": {
                "new": [
                  [
                    "EC",
                    "Elliptic Curve."
                  ],
                  [
                    "EC-HSM",
                    "Elliptic Curve with a private key which is not exportable from the HSM."
                  ],
                  [
                    "RSA",
                    "RSA (https://tools.ietf.org/html/rfc3447)."
                  ],
                  [
                    "RSA-HSM",
                    "RSA with a private key which is not exportable from the HSM."
                  ],
                  [
                    "oct",
                    "Octet sequence (used to represent symmetric keys)."
                  ],
                  [
                    "oct-HSM",
                    "Octet sequence with a private key which is not exportable from the HSM."
                  ]
                ],
                "old": [
                  [
                    "EC",
                    ""
                  ],
                  [
                    "EC-HSM",
                    ""
                  ],
                  [
                    "RSA",
                    ""
                  ],
                  [
                    "RSA-HSM",
                    ""
                  ],
                  [
                    "oct",
                    ""
                  ],
                  [
                    "oct-HSM",
                    ""
                  ]
                ]
              }
            },
            {
              "#name": "crv",
              "Enum": {
                "new": [
                  [
                    "P-256",
                    "The NIST P-256 elliptic curve, AKA SECG curve SECP256R1."
                  ],
                  [
                    "P-384",
                    "The NIST P-384 elliptic curve, AKA SECG curve SECP384R1."
                  ],
                  [
                    "P-521",
                    "The NIST P-521 elliptic curve, AKA SECG curve SECP521R1."
                  ],
                  [
                    "P-256K",
                    "The SECG SECP256K1 elliptic curve."
                  ]
                ],
                "old": [
                  [
                    "P-256",
                    ""
                  ],
                  [
                    "P-384",
                    ""
                  ],
                  [
                    "P-521",
                    ""
                  ],
                  [
                    "P-256K",
                    ""
                  ]
                ]
              }
            }
          ],
          "x509_props": [
            {
              "key_usage": {
                "Enum": {
                  "new": [
                    [
                      "digitalSignature",
                      "Indicates that the certificate key can be used as a digital signature."
                    ],
                    [
                      "nonRepudiation",
                      "Indicates that the certificate key can be used for authentication."
                    ],
                    [
                      "keyEncipherment",
                      "Indicates that the certificate key can be used for key encryption."
                    ],
                    [
                      "dataEncipherment",
                      "Indicates that the certificate key can be used for data encryption."
                    ],
                    [
                      "keyAgreement",
                      "Indicates that the certificate key can be used to determine key agreement, such as a key created using the Diffie-Hellman key agreement algorithm."
                    ],
                    [
                      "keyCertSign",
                      "Indicates that the certificate key can be used to sign certificates."
                    ],
                    [
                      "cRLSign",
                      "Indicates that the certificate key can be used to sign a certificate revocation list."
                    ],
                    [
                      "encipherOnly",
                      "Indicates that the certificate key can be used for encryption only."
                    ],
                    [
                      "decipherOnly",
                      "Indicates that the certificate key can be used for decryption only."
                    ]
                  ],
                  "old": [
                    [
                      "digitalSignature",
                      ""
                    ],
                    [
                      "nonRepudiation",
                      ""
                    ],
                    [
                      "keyEncipherment",
                      ""
                    ],
                    [
                      "dataEncipherment",
                      ""
                    ],
                    [
                      "keyAgreement",
                      ""
                    ],
                    [
                      "keyCertSign",
                      ""
                    ],
                    [
                      "cRLSign",
                      ""
                    ],
                    [
                      "encipherOnly",
                      ""
                    ],
                    [
                      "decipherOnly",
                      ""
                    ]
                  ]
                }
              }
            }
          ],
          "lifetime_actions": {
            "$properties": {
              "action": [
                {
                  "#name": "action_type",
                  "Enum": {
                    "new": [
                      [
                        "EmailContacts",
                        "A certificate policy that will email certificate contacts."
                      ],
                      [
                        "AutoRenew",
                        "A certificate policy that will auto-renew a certificate."
                      ]
                    ],
                    "old": [
                      [
                        "EmailContacts",
                        ""
                      ],
                      [
                        "AutoRenew",
                        ""
                      ]
                    ]
                  }
                }
              ]
            }
          },
          "attributes": [
            {
              "@added_760475bd458445258270e1ea195f7ffe": {
                "#name": "enabled",
                "Description": "Determines whether the object is enabled.",
                "Required": false,
                "Type": "boolean"
              }
            },
            {
              "@added_1fcbf30b68b6431e8fb0dbcb1553f3c2": {
                "#name": "nbf",
                "Description": "Not before date in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_241a599b5da04a3e951155c2869dea16": {
                "#name": "exp",
                "Description": "Expiry date in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_bf0697903728402caea64b8177f97909": {
                "#name": "created",
                "Description": "Creation time in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_ced5462ce308400faffc32c5273c9abb": {
                "#name": "updated",
                "Description": "Last updated time in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "#name": "recoveryLevel",
              "Enum": {
                "new": [
                  [
                    "Purgeable",
                    "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                  ],
                  [
                    "Recoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "CustomizedRecoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                  ],
                  [
                    "CustomizedRecoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                  ],
                  [
                    "CustomizedRecoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                  ]
                ],
                "old": [
                  [
                    "Purgeable",
                    "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                  ],
                  [
                    "Recoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "CustomizedRecoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                  ],
                  [
                    "CustomizedRecoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                  ],
                  [
                    "CustomizedRecoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7<= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                  ]
                ]
              }
            }
          ]
        }
      }
    }
  ],
  "$responses": {
    "200": {
      "$properties": {
        "key_props": [
          {
            "#name": "kty",
            "Enum": {
              "new": [
                [
                  "EC",
                  "Elliptic Curve."
                ],
                [
                  "EC-HSM",
                  "Elliptic Curve with a private key which is not exportable from the HSM."
                ],
                [
                  "RSA",
                  "RSA (https://tools.ietf.org/html/rfc3447)."
                ],
                [
                  "RSA-HSM",
                  "RSA with a private key which is not exportable from the HSM."
                ],
                [
                  "oct",
                  "Octet sequence (used to represent symmetric keys)."
                ],
                [
                  "oct-HSM",
                  "Octet sequence with a private key which is not exportable from the HSM."
                ]
              ],
              "old": [
                [
                  "EC",
                  ""
                ],
                [
                  "EC-HSM",
                  ""
                ],
                [
                  "RSA",
                  ""
                ],
                [
                  "RSA-HSM",
                  ""
                ],
                [
                  "oct",
                  ""
                ],
                [
                  "oct-HSM",
                  ""
                ]
              ]
            }
          },
          {
            "#name": "crv",
            "Enum": {
              "new": [
                [
                  "P-256",
                  "The NIST P-256 elliptic curve, AKA SECG curve SECP256R1."
                ],
                [
                  "P-384",
                  "The NIST P-384 elliptic curve, AKA SECG curve SECP384R1."
                ],
                [
                  "P-521",
                  "The NIST P-521 elliptic curve, AKA SECG curve SECP521R1."
                ],
                [
                  "P-256K",
                  "The SECG SECP256K1 elliptic curve."
                ]
              ],
              "old": [
                [
                  "P-256",
                  ""
                ],
                [
                  "P-384",
                  ""
                ],
                [
                  "P-521",
                  ""
                ],
                [
                  "P-256K",
                  ""
                ]
              ]
            }
          }
        ],
        "x509_props": [
          {
            "key_usage": {
              "Enum": {
                "new": [
                  [
                    "digitalSignature",
                    "Indicates that the certificate key can be used as a digital signature."
                  ],
                  [
                    "nonRepudiation",
                    "Indicates that the certificate key can be used for authentication."
                  ],
                  [
                    "keyEncipherment",
                    "Indicates that the certificate key can be used for key encryption."
                  ],
                  [
                    "dataEncipherment",
                    "Indicates that the certificate key can be used for data encryption."
                  ],
                  [
                    "keyAgreement",
                    "Indicates that the certificate key can be used to determine key agreement, such as a key created using the Diffie-Hellman key agreement algorithm."
                  ],
                  [
                    "keyCertSign",
                    "Indicates that the certificate key can be used to sign certificates."
                  ],
                  [
                    "cRLSign",
                    "Indicates that the certificate key can be used to sign a certificate revocation list."
                  ],
                  [
                    "encipherOnly",
                    "Indicates that the certificate key can be used for encryption only."
                  ],
                  [
                    "decipherOnly",
                    "Indicates that the certificate key can be used for decryption only."
                  ]
                ],
                "old": [
                  [
                    "digitalSignature",
                    ""
                  ],
                  [
                    "nonRepudiation",
                    ""
                  ],
                  [
                    "keyEncipherment",
                    ""
                  ],
                  [
                    "dataEncipherment",
                    ""
                  ],
                  [
                    "keyAgreement",
                    ""
                  ],
                  [
                    "keyCertSign",
                    ""
                  ],
                  [
                    "cRLSign",
                    ""
                  ],
                  [
                    "encipherOnly",
                    ""
                  ],
                  [
                    "decipherOnly",
                    ""
                  ]
                ]
              }
            }
          }
        ],
        "lifetime_actions": {
          "$properties": {
            "action": [
              {
                "#name": "action_type",
                "Enum": {
                  "new": [
                    [
                      "EmailContacts",
                      "A certificate policy that will email certificate contacts."
                    ],
                    [
                      "AutoRenew",
                      "A certificate policy that will auto-renew a certificate."
                    ]
                  ],
                  "old": [
                    [
                      "EmailContacts",
                      ""
                    ],
                    [
                      "AutoRenew",
                      ""
                    ]
                  ]
                }
              }
            ]
          }
        },
        "attributes": [
          {
            "@added_5369a97a40b0427e90d1e534fb0ea643": {
              "#name": "enabled",
              "Description": "Determines whether the object is enabled.",
              "Required": false,
              "Type": "boolean"
            }
          },
          {
            "@added_97c40a34da6d450b936ba3619d10a5ea": {
              "#name": "nbf",
              "Description": "Not before date in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            }
          },
          {
            "@added_8808c633fe1f4685a1d974da71b46c0b": {
              "#name": "exp",
              "Description": "Expiry date in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            }
          },
          {
            "@added_104a40afa0134de8b2cbaaad69a1299c": {
              "#name": "created",
              "Description": "Creation time in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            }
          },
          {
            "@added_1bb41452cef240fb9d5656f4af8e6268": {
              "#name": "updated",
              "Description": "Last updated time in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            }
          },
          {
            "#name": "recoveryLevel",
            "Enum": {
              "new": [
                [
                  "Purgeable",
                  "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                ],
                [
                  "Recoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "CustomizedRecoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                ],
                [
                  "CustomizedRecoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                ],
                [
                  "CustomizedRecoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                ]
              ],
              "old": [
                [
                  "Purgeable",
                  "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                ],
                [
                  "Recoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "CustomizedRecoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                ],
                [
                  "CustomizedRecoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                ],
                [
                  "CustomizedRecoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7<= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                ]
              ]
            }
          }
        ]
      }
    }
  }
}

⚼ Request

PATCH: /certificates/{certificate-name}/policy

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

certificate-name:

{

Description: The name of the certificate in the given vault. ,

Required: True ,

}

string ,

certificatePolicy:

{

Description: The policy for the certificate. ,

Required: True ,

}

{

id:

{

Description: The certificate id. ,

Required: False ,

}

string ,

key_props:

{

Description: Properties of the key backing a certificate. ,

Required: False ,

}

{

exportable:

{

Description: Indicates if the private key can be exported. Release policy must be provided when creating the first version of an exportable key. ,

Required: False ,

}

boolean ,

kty:

{

Description: The type of key pair to be used for the certificate. ,

Enum:

{

EC: Elliptic Curve. ,

EC-HSM: Elliptic Curve with a private key which is not exportable from the HSM. ,

RSA: RSA (https://tools.ietf.org/html/rfc3447). ,

RSA-HSM: RSA with a private key which is not exportable from the HSM. ,

oct: Octet sequence (used to represent symmetric keys). ,

oct-HSM: Octet sequence with a private key which is not exportable from the HSM. ,

}

Required: False ,

}

enum ,

key_size:

{

Description: The key size in bits. For example: 2048, 3072, or 4096 for RSA. ,

Format: int32 ,

Required: False ,

}

integer ,

reuse_key:

{

Description: Indicates if the same key pair will be used on certificate renewal. ,

Required: False ,

}

boolean ,

crv:

{

Description: Elliptic curve name. For valid values, see JsonWebKeyCurveName. ,

Enum:

{

P-256: The NIST P-256 elliptic curve, AKA SECG curve SECP256R1. ,

P-384: The NIST P-384 elliptic curve, AKA SECG curve SECP384R1. ,

P-521: The NIST P-521 elliptic curve, AKA SECG curve SECP521R1. ,

P-256K: The SECG SECP256K1 elliptic curve. ,

}

Required: False ,

}

enum ,

}

secret_props:

{

Description: Properties of the secret backing a certificate. ,

Required: False ,

}

{

contentType:

{

Description: The media type (MIME type). ,

Required: False ,

}

string ,

}

x509_props:

{

Description: Properties of the X509 component of a certificate. ,

Required: False ,

}

{

subject:

{

Description: The subject name. Should be a valid X509 distinguished Name. ,

Required: False ,

}

string ,

ekus:

{

Description: The enhanced key usage. ,

Required: False ,

}

[

string ,

]

sans:

{

Description: The subject alternative names. ,

Required: False ,

}

{

emails:

{

Description: Email addresses. ,

Required: False ,

}

[

string ,

]

dns_names:

{

Description: Domain names. ,

Required: False ,

}

[

string ,

]

upns:

{

Description: User principal names. ,

Required: False ,

}

[

string ,

]

}

key_usage:

{

Description: Defines how the certificate's key may be used. ,

Required: False ,

}

[

string ,

]

validity_months:

{

Description: The duration that the certificate is valid in months. ,

Format: int32 ,

Required: False ,

}

integer ,

}

lifetime_actions:

{

Description: Actions that will be performed by Key Vault over the lifetime of a certificate. ,

Required: False ,

}

[

{

trigger:

{

Description: The condition that will execute the action. ,

Required: False ,

}

{

lifetime_percentage:

{

Description: Percentage of lifetime at which to trigger. Value should be between 1 and 99. ,

Format: int32 ,

Required: False ,

}

integer ,

days_before_expiry:

{

Description: Days before expiry to attempt renewal. Value should be between 1 and validity_in_months multiplied by 27. If validity_in_months is 36, then value should be between 1 and 972 (36 * 27). ,

Format: int32 ,

Required: False ,

}

integer ,

}

action:

{

Description: The action that will be executed. ,

Required: False ,

}

{

action_type:

{

Description: The type of the action. ,

Enum:

{

EmailContacts: A certificate policy that will email certificate contacts. ,

AutoRenew: A certificate policy that will auto-renew a certificate. ,

}

Required: False ,

}

enum ,

}

]

issuer:

{

Description: Parameters for the issuer of the X509 component of a certificate. ,

Required: False ,

}

{

name:

{

Description: Name of the referenced issuer object or reserved names; for example, 'Self' or 'Unknown'. ,

Required: False ,

}

string ,

cty:

{

Description: Certificate type as supported by the provider (optional); for example 'OV-SSL', 'EV-SSL' ,

Required: False ,

}

string ,

cert_transparency:

{

Description: Indicates if the certificates generated under this policy should be published to certificate transparency logs. ,

Required: False ,

}

boolean ,

}

attributes:

{

Description: The certificate attributes. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

}

⚐ Response (200)

{

id:

{

Description: The certificate id. ,

Required: False ,

}

string ,

key_props:

{

Description: Properties of the key backing a certificate. ,

Required: False ,

}

{

exportable:

{

Description: Indicates if the private key can be exported. Release policy must be provided when creating the first version of an exportable key. ,

Required: False ,

}

boolean ,

kty:

{

Description: The type of key pair to be used for the certificate. ,

Enum:

{

EC: Elliptic Curve. ,

EC-HSM: Elliptic Curve with a private key which is not exportable from the HSM. ,

RSA: RSA (https://tools.ietf.org/html/rfc3447). ,

RSA-HSM: RSA with a private key which is not exportable from the HSM. ,

oct: Octet sequence (used to represent symmetric keys). ,

oct-HSM: Octet sequence with a private key which is not exportable from the HSM. ,

}

Required: False ,

}

enum ,

key_size:

{

Description: The key size in bits. For example: 2048, 3072, or 4096 for RSA. ,

Format: int32 ,

Required: False ,

}

integer ,

reuse_key:

{

Description: Indicates if the same key pair will be used on certificate renewal. ,

Required: False ,

}

boolean ,

crv:

{

Description: Elliptic curve name. For valid values, see JsonWebKeyCurveName. ,

Enum:

{

P-256: The NIST P-256 elliptic curve, AKA SECG curve SECP256R1. ,

P-384: The NIST P-384 elliptic curve, AKA SECG curve SECP384R1. ,

P-521: The NIST P-521 elliptic curve, AKA SECG curve SECP521R1. ,

P-256K: The SECG SECP256K1 elliptic curve. ,

}

Required: False ,

}

enum ,

}

secret_props:

{

Description: Properties of the secret backing a certificate. ,

Required: False ,

}

{

contentType:

{

Description: The media type (MIME type). ,

Required: False ,

}

string ,

}

x509_props:

{

Description: Properties of the X509 component of a certificate. ,

Required: False ,

}

{

subject:

{

Description: The subject name. Should be a valid X509 distinguished Name. ,

Required: False ,

}

string ,

ekus:

{

Description: The enhanced key usage. ,

Required: False ,

}

[

string ,

]

sans:

{

Description: The subject alternative names. ,

Required: False ,

}

{

emails:

{

Description: Email addresses. ,

Required: False ,

}

[

string ,

]

dns_names:

{

Description: Domain names. ,

Required: False ,

}

[

string ,

]

upns:

{

Description: User principal names. ,

Required: False ,

}

[

string ,

]

}

key_usage:

{

Description: Defines how the certificate's key may be used. ,

Required: False ,

}

[

string ,

]

validity_months:

{

Description: The duration that the certificate is valid in months. ,

Format: int32 ,

Required: False ,

}

integer ,

}

lifetime_actions:

{

Description: Actions that will be performed by Key Vault over the lifetime of a certificate. ,

Required: False ,

}

[

{

trigger:

{

Description: The condition that will execute the action. ,

Required: False ,

}

{

lifetime_percentage:

{

Description: Percentage of lifetime at which to trigger. Value should be between 1 and 99. ,

Format: int32 ,

Required: False ,

}

integer ,

days_before_expiry:

{

Description: Days before expiry to attempt renewal. Value should be between 1 and validity_in_months multiplied by 27. If validity_in_months is 36, then value should be between 1 and 972 (36 * 27). ,

Format: int32 ,

Required: False ,

}

integer ,

}

action:

{

Description: The action that will be executed. ,

Required: False ,

}

{

action_type:

{

Description: The type of the action. ,

Enum:

{

EmailContacts: A certificate policy that will email certificate contacts. ,

AutoRenew: A certificate policy that will auto-renew a certificate. ,

}

Required: False ,

}

enum ,

}

]

issuer:

{

Description: Parameters for the issuer of the X509 component of a certificate. ,

Required: False ,

}

{

name:

{

Description: Name of the referenced issuer object or reserved names; for example, 'Self' or 'Unknown'. ,

Required: False ,

}

string ,

cty:

{

Description: Certificate type as supported by the provider (optional); for example 'OV-SSL', 'EV-SSL' ,

Required: False ,

}

string ,

cert_transparency:

{

Description: Indicates if the certificates generated under this policy should be published to certificate transparency logs. ,

Required: False ,

}

boolean ,

}

attributes:

{

Description: The certificate attributes. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

GetCertificateVersions (updated)

Description	: The GetCertificateVersions operation returns the versions of a certificate in the specified key vault. This operation requires the certificates/list permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "GetCertificateVersions",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    }
  ],
  "$responses": {
    "200": {
      "$properties": {
        "value": {
          "$properties": {
            "attributes": [
              {
                "@added_f09c4495a33e41d884a36f2e561eba24": {
                  "#name": "enabled",
                  "Description": "Determines whether the object is enabled.",
                  "Required": false,
                  "Type": "boolean"
                }
              },
              {
                "@added_738944399ec04cca8634f3839a5b44bf": {
                  "#name": "nbf",
                  "Description": "Not before date in UTC.",
                  "Format": "unixtime",
                  "Required": false,
                  "Type": "integer"
                }
              },
              {
                "@added_e4a98878d5bb421296c38c1b186512d7": {
                  "#name": "exp",
                  "Description": "Expiry date in UTC.",
                  "Format": "unixtime",
                  "Required": false,
                  "Type": "integer"
                }
              },
              {
                "@added_c0114bc68c08437398db97498f1dd6e4": {
                  "#name": "created",
                  "Description": "Creation time in UTC.",
                  "Format": "unixtime",
                  "Required": false,
                  "Type": "integer"
                }
              },
              {
                "@added_ca820692e6d24591a103c3b4032bf962": {
                  "#name": "updated",
                  "Description": "Last updated time in UTC.",
                  "Format": "unixtime",
                  "Required": false,
                  "Type": "integer"
                }
              },
              {
                "#name": "recoveryLevel",
                "Enum": {
                  "new": [
                    [
                      "Purgeable",
                      "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                    ],
                    [
                      "Recoverable+Purgeable",
                      "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                    ],
                    [
                      "Recoverable",
                      "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                    ],
                    [
                      "Recoverable+ProtectedSubscription",
                      "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                    ],
                    [
                      "CustomizedRecoverable+Purgeable",
                      "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                    ],
                    [
                      "CustomizedRecoverable",
                      "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                    ],
                    [
                      "CustomizedRecoverable+ProtectedSubscription",
                      "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                    ]
                  ],
                  "old": [
                    [
                      "Purgeable",
                      "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                    ],
                    [
                      "Recoverable+Purgeable",
                      "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                    ],
                    [
                      "Recoverable",
                      "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                    ],
                    [
                      "Recoverable+ProtectedSubscription",
                      "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                    ],
                    [
                      "CustomizedRecoverable+Purgeable",
                      "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                    ],
                    [
                      "CustomizedRecoverable",
                      "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                    ],
                    [
                      "CustomizedRecoverable+ProtectedSubscription",
                      "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7<= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                    ]
                  ]
                }
              }
            ]
          }
        }
      }
    }
  }
}

⚼ Request

GET: /certificates/{certificate-name}/versions

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

certificate-name:

{

Description: The name of the certificate. ,

Required: True ,

}

string ,

maxresults:

{

Description: Maximum number of results to return in a page. If not specified the service will return up to 25 results. ,

Format: int32 ,

Required: False ,

}

integer ,

}

⚐ Response (200)

{

value:

{

Description: A response message containing a list of certificates in the key vault along with a link to the next page of certificates. ,

Required: False ,

}

[

{

id:

{

Description: Certificate identifier. ,

Required: False ,

}

string ,

attributes:

{

Description: The certificate management attributes. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

}

tags:

{

Description: Application specific metadata in the form of key-value pairs. ,

Required: False ,

}

object ,

x5t:

{

Description: Thumbprint of the certificate. ,

Format: base64url ,

Required: False ,

}

string ,

}

]

nextLink:

{

Description: The URL to get the next set of certificates. ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

GetCertificateContacts (updated)

Description	: The GetCertificateContacts operation returns the set of certificate contact resources in the specified key vault. This operation requires the certificates/managecontacts permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "GetCertificateContacts",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    }
  ]
}

⚼ Request

GET: /certificates/contacts

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

id:

{

Description: Identifier for the contacts collection. ,

Required: False ,

}

string ,

contacts:

{

Description: The contact list for the vault certificates. ,

Required: False ,

}

[

{

email:

{

Description: Email address. ,

Required: False ,

}

string ,

name:

{

Description: Name. ,

Required: False ,

}

string ,

phone:

{

Description: Phone number. ,

Required: False ,

}

string ,

}

]

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

SetCertificateContacts (updated)

Description	: Sets the certificate contacts for the specified key vault. This operation requires the certificates/managecontacts permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "SetCertificateContacts",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    }
  ]
}

⚼ Request

PUT: /certificates/contacts

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

contacts:

{

Description: The contacts for the key vault certificate. ,

Required: True ,

}

{

id:

{

Description: Identifier for the contacts collection. ,

Required: False ,

}

string ,

contacts:

{

Description: The contact list for the vault certificates. ,

Required: False ,

}

[

{

email:

{

Description: Email address. ,

Required: False ,

}

string ,

name:

{

Description: Name. ,

Required: False ,

}

string ,

phone:

{

Description: Phone number. ,

Required: False ,

}

string ,

}

]

}

⚐ Response (200)

{

id:

{

Description: Identifier for the contacts collection. ,

Required: False ,

}

string ,

contacts:

{

Description: The contact list for the vault certificates. ,

Required: False ,

}

[

{

email:

{

Description: Email address. ,

Required: False ,

}

string ,

name:

{

Description: Name. ,

Required: False ,

}

string ,

phone:

{

Description: Phone number. ,

Required: False ,

}

string ,

}

]

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

DeleteCertificateContacts (updated)

Description	: Deletes the certificate contacts for a specified key vault certificate. This operation requires the certificates/managecontacts permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "DeleteCertificateContacts",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    }
  ]
}

⚼ Request

DELETE: /certificates/contacts

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

id:

{

Description: Identifier for the contacts collection. ,

Required: False ,

}

string ,

contacts:

{

Description: The contact list for the vault certificates. ,

Required: False ,

}

[

{

email:

{

Description: Email address. ,

Required: False ,

}

string ,

name:

{

Description: Name. ,

Required: False ,

}

string ,

phone:

{

Description: Phone number. ,

Required: False ,

}

string ,

}

]

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

GetCertificateIssuers (updated)

Description	: The GetCertificateIssuers operation returns the set of certificate issuer resources in the specified key vault. This operation requires the certificates/manageissuers/getissuers permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "GetCertificateIssuers",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    }
  ]
}

⚼ Request

GET: /certificates/issuers

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

maxresults:

{

Description: Maximum number of results to return in a page. If not specified the service will return up to 25 results. ,

Format: int32 ,

Required: False ,

}

integer ,

}

⚐ Response (200)

{

value:

{

Description: A response message containing a list of certificate issuers in the key vault along with a link to the next page of certificate issuers. ,

Required: False ,

}

[

{

id:

{

Description: Certificate Identifier. ,

Required: False ,

}

string ,

provider:

{

Description: The issuer provider. ,

Required: False ,

}

string ,

}

]

nextLink:

{

Description: The URL to get the next set of certificate issuers. ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

GetCertificateIssuer (updated)

Description	: The GetCertificateIssuer operation returns the specified certificate issuer resources in the specified key vault. This operation requires the certificates/manageissuers/getissuers permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "GetCertificateIssuer",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    }
  ]
}

⚼ Request

GET: /certificates/issuers/{issuer-name}

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

issuer-name:

{

Description: The name of the issuer. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

id:

{

Description: Identifier for the issuer object. ,

Required: False ,

}

string ,

provider:

{

Description: The issuer provider. ,

Required: False ,

}

string ,

credentials:

{

Description: The credentials to be used for the issuer. ,

Required: False ,

}

{

account_id:

{

Description: The user name/account name/account id. ,

Required: False ,

}

string ,

pwd:

{

Description: The password/secret/account key. ,

Required: False ,

}

string ,

}

org_details:

{

Description: Details of the organization as provided to the issuer. ,

Required: False ,

}

{

id:

{

Description: Id of the organization. ,

Required: False ,

}

string ,

admin_details:

{

Description: Details of the organization administrator. ,

Required: False ,

}

[

{

first_name:

{

Description: First name. ,

Required: False ,

}

string ,

last_name:

{

Description: Last name. ,

Required: False ,

}

string ,

email:

{

Description: Email address. ,

Required: False ,

}

string ,

phone:

{

Description: Phone number. ,

Required: False ,

}

string ,

}

]

}

attributes:

{

Description: Attributes of the issuer object. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the issuer is enabled. ,

Required: False ,

}

boolean ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

SetCertificateIssuer (updated)

Description	: The SetCertificateIssuer operation adds or updates the specified certificate issuer. This operation requires the certificates/setissuers permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "SetCertificateIssuer",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    }
  ]
}

⚼ Request

PUT: /certificates/issuers/{issuer-name}

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

issuer-name:

{

Description: The name of the issuer. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information. ,

Required: True ,

}

string ,

parameter:

{

Description: Certificate issuer set parameter. ,

Required: True ,

}

{

provider:

{

Description: The issuer provider. ,

Required: True ,

}

string ,

credentials:

{

Description: The credentials to be used for the issuer. ,

Required: False ,

}

{

account_id:

{

Description: The user name/account name/account id. ,

Required: False ,

}

string ,

pwd:

{

Description: The password/secret/account key. ,

Required: False ,

}

string ,

}

org_details:

{

Description: Details of the organization as provided to the issuer. ,

Required: False ,

}

{

id:

{

Description: Id of the organization. ,

Required: False ,

}

string ,

admin_details:

{

Description: Details of the organization administrator. ,

Required: False ,

}

[

{

first_name:

{

Description: First name. ,

Required: False ,

}

string ,

last_name:

{

Description: Last name. ,

Required: False ,

}

string ,

email:

{

Description: Email address. ,

Required: False ,

}

string ,

phone:

{

Description: Phone number. ,

Required: False ,

}

string ,

}

]

}

attributes:

{

Description: Attributes of the issuer object. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the issuer is enabled. ,

Required: False ,

}

boolean ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

}

⚐ Response (200)

{

id:

{

Description: Identifier for the issuer object. ,

Required: False ,

}

string ,

provider:

{

Description: The issuer provider. ,

Required: False ,

}

string ,

credentials:

{

Description: The credentials to be used for the issuer. ,

Required: False ,

}

{

account_id:

{

Description: The user name/account name/account id. ,

Required: False ,

}

string ,

pwd:

{

Description: The password/secret/account key. ,

Required: False ,

}

string ,

}

org_details:

{

Description: Details of the organization as provided to the issuer. ,

Required: False ,

}

{

id:

{

Description: Id of the organization. ,

Required: False ,

}

string ,

admin_details:

{

Description: Details of the organization administrator. ,

Required: False ,

}

[

{

first_name:

{

Description: First name. ,

Required: False ,

}

string ,

last_name:

{

Description: Last name. ,

Required: False ,

}

string ,

email:

{

Description: Email address. ,

Required: False ,

}

string ,

phone:

{

Description: Phone number. ,

Required: False ,

}

string ,

}

]

}

attributes:

{

Description: Attributes of the issuer object. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the issuer is enabled. ,

Required: False ,

}

boolean ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

UpdateCertificateIssuer (updated)

Description	: The UpdateCertificateIssuer operation performs an update on the specified certificate issuer entity. This operation requires the certificates/setissuers permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "UpdateCertificateIssuer",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    }
  ]
}

⚼ Request

PATCH: /certificates/issuers/{issuer-name}

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

issuer-name:

{

Description: The name of the issuer. ,

Required: True ,

}

string ,

parameter:

{

Description: Certificate issuer update parameter. ,

Required: True ,

}

{

provider:

{

Description: The issuer provider. ,

Required: False ,

}

string ,

credentials:

{

Description: The credentials to be used for the issuer. ,

Required: False ,

}

{

account_id:

{

Description: The user name/account name/account id. ,

Required: False ,

}

string ,

pwd:

{

Description: The password/secret/account key. ,

Required: False ,

}

string ,

}

org_details:

{

Description: Details of the organization as provided to the issuer. ,

Required: False ,

}

{

id:

{

Description: Id of the organization. ,

Required: False ,

}

string ,

admin_details:

{

Description: Details of the organization administrator. ,

Required: False ,

}

[

{

first_name:

{

Description: First name. ,

Required: False ,

}

string ,

last_name:

{

Description: Last name. ,

Required: False ,

}

string ,

email:

{

Description: Email address. ,

Required: False ,

}

string ,

phone:

{

Description: Phone number. ,

Required: False ,

}

string ,

}

]

}

attributes:

{

Description: Attributes of the issuer object. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the issuer is enabled. ,

Required: False ,

}

boolean ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

}

⚐ Response (200)

{

id:

{

Description: Identifier for the issuer object. ,

Required: False ,

}

string ,

provider:

{

Description: The issuer provider. ,

Required: False ,

}

string ,

credentials:

{

Description: The credentials to be used for the issuer. ,

Required: False ,

}

{

account_id:

{

Description: The user name/account name/account id. ,

Required: False ,

}

string ,

pwd:

{

Description: The password/secret/account key. ,

Required: False ,

}

string ,

}

org_details:

{

Description: Details of the organization as provided to the issuer. ,

Required: False ,

}

{

id:

{

Description: Id of the organization. ,

Required: False ,

}

string ,

admin_details:

{

Description: Details of the organization administrator. ,

Required: False ,

}

[

{

first_name:

{

Description: First name. ,

Required: False ,

}

string ,

last_name:

{

Description: Last name. ,

Required: False ,

}

string ,

email:

{

Description: Email address. ,

Required: False ,

}

string ,

phone:

{

Description: Phone number. ,

Required: False ,

}

string ,

}

]

}

attributes:

{

Description: Attributes of the issuer object. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the issuer is enabled. ,

Required: False ,

}

boolean ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

DeleteCertificateIssuer (updated)

Description	: The DeleteCertificateIssuer operation permanently removes the specified certificate issuer from the vault. This operation requires the certificates/manageissuers/deleteissuers permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "DeleteCertificateIssuer",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    }
  ]
}

⚼ Request

DELETE: /certificates/issuers/{issuer-name}

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

issuer-name:

{

Description: The name of the issuer. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

id:

{

Description: Identifier for the issuer object. ,

Required: False ,

}

string ,

provider:

{

Description: The issuer provider. ,

Required: False ,

}

string ,

credentials:

{

Description: The credentials to be used for the issuer. ,

Required: False ,

}

{

account_id:

{

Description: The user name/account name/account id. ,

Required: False ,

}

string ,

pwd:

{

Description: The password/secret/account key. ,

Required: False ,

}

string ,

}

org_details:

{

Description: Details of the organization as provided to the issuer. ,

Required: False ,

}

{

id:

{

Description: Id of the organization. ,

Required: False ,

}

string ,

admin_details:

{

Description: Details of the organization administrator. ,

Required: False ,

}

[

{

first_name:

{

Description: First name. ,

Required: False ,

}

string ,

last_name:

{

Description: Last name. ,

Required: False ,

}

string ,

email:

{

Description: Email address. ,

Required: False ,

}

string ,

phone:

{

Description: Phone number. ,

Required: False ,

}

string ,

}

]

}

attributes:

{

Description: Attributes of the issuer object. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the issuer is enabled. ,

Required: False ,

}

boolean ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

RestoreCertificate (updated)

Description	: Restores a backed up certificate, and all its versions, to a vault. This operation requires the certificates/restore permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "RestoreCertificate",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    }
  ],
  "$responses": {
    "200": {
      "$properties": [
        {
          "policy": [
            {
              "key_props": [
                {
                  "#name": "kty",
                  "Enum": {
                    "new": [
                      [
                        "EC",
                        "Elliptic Curve."
                      ],
                      [
                        "EC-HSM",
                        "Elliptic Curve with a private key which is not exportable from the HSM."
                      ],
                      [
                        "RSA",
                        "RSA (https://tools.ietf.org/html/rfc3447)."
                      ],
                      [
                        "RSA-HSM",
                        "RSA with a private key which is not exportable from the HSM."
                      ],
                      [
                        "oct",
                        "Octet sequence (used to represent symmetric keys)."
                      ],
                      [
                        "oct-HSM",
                        "Octet sequence with a private key which is not exportable from the HSM."
                      ]
                    ],
                    "old": [
                      [
                        "EC",
                        ""
                      ],
                      [
                        "EC-HSM",
                        ""
                      ],
                      [
                        "RSA",
                        ""
                      ],
                      [
                        "RSA-HSM",
                        ""
                      ],
                      [
                        "oct",
                        ""
                      ],
                      [
                        "oct-HSM",
                        ""
                      ]
                    ]
                  }
                },
                {
                  "#name": "crv",
                  "Enum": {
                    "new": [
                      [
                        "P-256",
                        "The NIST P-256 elliptic curve, AKA SECG curve SECP256R1."
                      ],
                      [
                        "P-384",
                        "The NIST P-384 elliptic curve, AKA SECG curve SECP384R1."
                      ],
                      [
                        "P-521",
                        "The NIST P-521 elliptic curve, AKA SECG curve SECP521R1."
                      ],
                      [
                        "P-256K",
                        "The SECG SECP256K1 elliptic curve."
                      ]
                    ],
                    "old": [
                      [
                        "P-256",
                        ""
                      ],
                      [
                        "P-384",
                        ""
                      ],
                      [
                        "P-521",
                        ""
                      ],
                      [
                        "P-256K",
                        ""
                      ]
                    ]
                  }
                }
              ]
            },
            {
              "x509_props": [
                {
                  "key_usage": {
                    "Enum": {
                      "new": [
                        [
                          "digitalSignature",
                          "Indicates that the certificate key can be used as a digital signature."
                        ],
                        [
                          "nonRepudiation",
                          "Indicates that the certificate key can be used for authentication."
                        ],
                        [
                          "keyEncipherment",
                          "Indicates that the certificate key can be used for key encryption."
                        ],
                        [
                          "dataEncipherment",
                          "Indicates that the certificate key can be used for data encryption."
                        ],
                        [
                          "keyAgreement",
                          "Indicates that the certificate key can be used to determine key agreement, such as a key created using the Diffie-Hellman key agreement algorithm."
                        ],
                        [
                          "keyCertSign",
                          "Indicates that the certificate key can be used to sign certificates."
                        ],
                        [
                          "cRLSign",
                          "Indicates that the certificate key can be used to sign a certificate revocation list."
                        ],
                        [
                          "encipherOnly",
                          "Indicates that the certificate key can be used for encryption only."
                        ],
                        [
                          "decipherOnly",
                          "Indicates that the certificate key can be used for decryption only."
                        ]
                      ],
                      "old": [
                        [
                          "digitalSignature",
                          ""
                        ],
                        [
                          "nonRepudiation",
                          ""
                        ],
                        [
                          "keyEncipherment",
                          ""
                        ],
                        [
                          "dataEncipherment",
                          ""
                        ],
                        [
                          "keyAgreement",
                          ""
                        ],
                        [
                          "keyCertSign",
                          ""
                        ],
                        [
                          "cRLSign",
                          ""
                        ],
                        [
                          "encipherOnly",
                          ""
                        ],
                        [
                          "decipherOnly",
                          ""
                        ]
                      ]
                    }
                  }
                }
              ]
            },
            {
              "lifetime_actions": {
                "$properties": {
                  "action": [
                    {
                      "#name": "action_type",
                      "Enum": {
                        "new": [
                          [
                            "EmailContacts",
                            "A certificate policy that will email certificate contacts."
                          ],
                          [
                            "AutoRenew",
                            "A certificate policy that will auto-renew a certificate."
                          ]
                        ],
                        "old": [
                          [
                            "EmailContacts",
                            ""
                          ],
                          [
                            "AutoRenew",
                            ""
                          ]
                        ]
                      }
                    }
                  ]
                }
              }
            },
            {
              "attributes": [
                {
                  "@added_700bba8c14064141baa219a86d74fdb7": {
                    "#name": "enabled",
                    "Description": "Determines whether the object is enabled.",
                    "Required": false,
                    "Type": "boolean"
                  }
                },
                {
                  "@added_f3859b9ae3554a01ba853ce705a73cbd": {
                    "#name": "nbf",
                    "Description": "Not before date in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  }
                },
                {
                  "@added_d4f5366c73354ba4ae0250427bd6f448": {
                    "#name": "exp",
                    "Description": "Expiry date in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  }
                },
                {
                  "@added_8a2beadf6bbe43fb9fd45174336389c1": {
                    "#name": "created",
                    "Description": "Creation time in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  }
                },
                {
                  "@added_ab018348df554a10be58e3ac79338fd1": {
                    "#name": "updated",
                    "Description": "Last updated time in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  }
                },
                {
                  "#name": "recoveryLevel",
                  "Enum": {
                    "new": [
                      [
                        "Purgeable",
                        "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                      ],
                      [
                        "Recoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "CustomizedRecoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                      ],
                      [
                        "CustomizedRecoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                      ],
                      [
                        "CustomizedRecoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                      ]
                    ],
                    "old": [
                      [
                        "Purgeable",
                        "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                      ],
                      [
                        "Recoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "CustomizedRecoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                      ],
                      [
                        "CustomizedRecoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                      ],
                      [
                        "CustomizedRecoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7<= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                      ]
                    ]
                  }
                }
              ]
            }
          ]
        },
        {
          "#name": "contentType",
          "Description": {
            "new": "The content type of the secret. eg. 'application/x-pem-file' or 'application/x-pkcs12',",
            "old": "The content type of the secret. eg. 'application/x-pem-file' or 'application/x-pkcs12', "
          }
        },
        {
          "attributes": [
            {
              "@added_d324ea34bf1b42e996fdd80280912131": {
                "#name": "enabled",
                "Description": "Determines whether the object is enabled.",
                "Required": false,
                "Type": "boolean"
              }
            },
            {
              "@added_0da07f2cccbe45158735c70e37e689b7": {
                "#name": "nbf",
                "Description": "Not before date in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_f44f109f9ebe42b08da35d8e5a9eeb4d": {
                "#name": "exp",
                "Description": "Expiry date in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_4977bd8027c34fc884ef9826da37a038": {
                "#name": "created",
                "Description": "Creation time in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_676d9f390b6a4d75b49530005b03061d": {
                "#name": "updated",
                "Description": "Last updated time in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "#name": "recoveryLevel",
              "Enum": {
                "new": [
                  [
                    "Purgeable",
                    "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                  ],
                  [
                    "Recoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "CustomizedRecoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                  ],
                  [
                    "CustomizedRecoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                  ],
                  [
                    "CustomizedRecoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                  ]
                ],
                "old": [
                  [
                    "Purgeable",
                    "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                  ],
                  [
                    "Recoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "CustomizedRecoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                  ],
                  [
                    "CustomizedRecoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                  ],
                  [
                    "CustomizedRecoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7<= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                  ]
                ]
              }
            }
          ]
        }
      ]
    }
  }
}

⚼ Request

POST: /certificates/restore

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

parameters:

{

Description: The parameters to restore the certificate. ,

Required: True ,

}

{

value:

{

Description: The backup blob associated with a certificate bundle. ,

Format: base64url ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

id:

{

Description: The certificate id. ,

Required: False ,

}

string ,

kid:

{

Description: The key id. ,

Required: False ,

}

string ,

sid:

{

Description: The secret id. ,

Required: False ,

}

string ,

x5t:

{

Description: Thumbprint of the certificate. ,

Format: base64url ,

Required: False ,

}

string ,

policy:

{

Description: The management policy. ,

Required: False ,

}

{

id:

{

Description: The certificate id. ,

Required: False ,

}

string ,

key_props:

{

Description: Properties of the key backing a certificate. ,

Required: False ,

}

{

exportable:

{

Description: Indicates if the private key can be exported. Release policy must be provided when creating the first version of an exportable key. ,

Required: False ,

}

boolean ,

kty:

{

Description: The type of key pair to be used for the certificate. ,

Enum:

{

EC: Elliptic Curve. ,

EC-HSM: Elliptic Curve with a private key which is not exportable from the HSM. ,

RSA: RSA (https://tools.ietf.org/html/rfc3447). ,

RSA-HSM: RSA with a private key which is not exportable from the HSM. ,

oct: Octet sequence (used to represent symmetric keys). ,

oct-HSM: Octet sequence with a private key which is not exportable from the HSM. ,

}

Required: False ,

}

enum ,

key_size:

{

Description: The key size in bits. For example: 2048, 3072, or 4096 for RSA. ,

Format: int32 ,

Required: False ,

}

integer ,

reuse_key:

{

Description: Indicates if the same key pair will be used on certificate renewal. ,

Required: False ,

}

boolean ,

crv:

{

Description: Elliptic curve name. For valid values, see JsonWebKeyCurveName. ,

Enum:

{

P-256: The NIST P-256 elliptic curve, AKA SECG curve SECP256R1. ,

P-384: The NIST P-384 elliptic curve, AKA SECG curve SECP384R1. ,

P-521: The NIST P-521 elliptic curve, AKA SECG curve SECP521R1. ,

P-256K: The SECG SECP256K1 elliptic curve. ,

}

Required: False ,

}

enum ,

}

secret_props:

{

Description: Properties of the secret backing a certificate. ,

Required: False ,

}

{

contentType:

{

Description: The media type (MIME type). ,

Required: False ,

}

string ,

}

x509_props:

{

Description: Properties of the X509 component of a certificate. ,

Required: False ,

}

{

subject:

{

Description: The subject name. Should be a valid X509 distinguished Name. ,

Required: False ,

}

string ,

ekus:

{

Description: The enhanced key usage. ,

Required: False ,

}

[

string ,

]

sans:

{

Description: The subject alternative names. ,

Required: False ,

}

{

emails:

{

Description: Email addresses. ,

Required: False ,

}

[

string ,

]

dns_names:

{

Description: Domain names. ,

Required: False ,

}

[

string ,

]

upns:

{

Description: User principal names. ,

Required: False ,

}

[

string ,

]

}

key_usage:

{

Description: Defines how the certificate's key may be used. ,

Required: False ,

}

[

string ,

]

validity_months:

{

Description: The duration that the certificate is valid in months. ,

Format: int32 ,

Required: False ,

}

integer ,

}

lifetime_actions:

{

Description: Actions that will be performed by Key Vault over the lifetime of a certificate. ,

Required: False ,

}

[

{

trigger:

{

Description: The condition that will execute the action. ,

Required: False ,

}

{

lifetime_percentage:

{

Description: Percentage of lifetime at which to trigger. Value should be between 1 and 99. ,

Format: int32 ,

Required: False ,

}

integer ,

days_before_expiry:

{

Description: Days before expiry to attempt renewal. Value should be between 1 and validity_in_months multiplied by 27. If validity_in_months is 36, then value should be between 1 and 972 (36 * 27). ,

Format: int32 ,

Required: False ,

}

integer ,

}

action:

{

Description: The action that will be executed. ,

Required: False ,

}

{

action_type:

{

Description: The type of the action. ,

Enum:

{

EmailContacts: A certificate policy that will email certificate contacts. ,

AutoRenew: A certificate policy that will auto-renew a certificate. ,

}

Required: False ,

}

enum ,

}

]

issuer:

{

Description: Parameters for the issuer of the X509 component of a certificate. ,

Required: False ,

}

{

name:

{

Description: Name of the referenced issuer object or reserved names; for example, 'Self' or 'Unknown'. ,

Required: False ,

}

string ,

cty:

{

Description: Certificate type as supported by the provider (optional); for example 'OV-SSL', 'EV-SSL' ,

Required: False ,

}

string ,

cert_transparency:

{

Description: Indicates if the certificates generated under this policy should be published to certificate transparency logs. ,

Required: False ,

}

boolean ,

}

attributes:

{

Description: The certificate attributes. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

}

cer:

{

Description: CER contents of x509 certificate. ,

Format: byte ,

Required: False ,

}

string ,

contentType:

{

Description: The content type of the secret. eg. 'application/x-pem-file' or 'application/x-pkcs12', ,

Required: False ,

}

string ,

attributes:

{

Description: The certificate attributes. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

}

tags:

{

Description: Application specific metadata in the form of key-value pairs ,

Required: False ,

}

object ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

GetDeletedCertificates (updated)

Description	: The GetDeletedCertificates operation retrieves the certificates in the current vault which are in a deleted state and ready for recovery or purging. This operation includes deletion-specific information. This operation requires the certificates/get/list permission. This operation can only be enabled on soft-delete enabled vaults.
Reference	: Link ¶

⚶ Changes

{
  "#id": "GetDeletedCertificates",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    }
  ],
  "$responses": {
    "200": {
      "$properties": [
        {
          "#name": "value",
          "Description": {
            "new": "A response message containing a list of deleted certificates in the vault along with a link to the next page of deleted certificates.",
            "old": "A response message containing a list of deleted certificates in the vault along with a link to the next page of deleted certificates"
          },
          "$items": {
            "$properties": {
              "@added_2a525f0e19f04d55a0b9db57ffac1fa9": {
                "#name": "id",
                "Description": "Certificate identifier.",
                "Required": false,
                "Type": "string"
              },
              "@added_078bb2d109934ee69670ba96f5967a36": {
                "#name": "attributes",
                "Description": "The certificate management attributes.",
                "Required": false,
                "Type": "object",
                "$properties": [
                  {
                    "#name": "enabled",
                    "Description": "Determines whether the object is enabled.",
                    "Required": false,
                    "Type": "boolean"
                  },
                  {
                    "#name": "nbf",
                    "Description": "Not before date in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  },
                  {
                    "#name": "exp",
                    "Description": "Expiry date in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  },
                  {
                    "#name": "created",
                    "Description": "Creation time in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  },
                  {
                    "#name": "updated",
                    "Description": "Last updated time in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  },
                  {
                    "#name": "recoverableDays",
                    "Description": "softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0.",
                    "Format": "int32",
                    "Required": false,
                    "Type": "integer"
                  },
                  {
                    "#name": "recoveryLevel",
                    "Description": "Reflects the deletion recovery level currently in effect for certificates in the current vault. If it contains 'Purgeable', the certificate can be permanently deleted by a privileged user; otherwise, only the system can purge the certificate, at the end of the retention interval.",
                    "Enum": [
                      [
                        "Purgeable",
                        "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                      ],
                      [
                        "Recoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "CustomizedRecoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                      ],
                      [
                        "CustomizedRecoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                      ],
                      [
                        "CustomizedRecoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                      ]
                    ],
                    "Required": false,
                    "Type": "string"
                  }
                ]
              },
              "@added_a1b9597241254cde94d92afa288dbc48": {
                "#name": "tags",
                "Description": "Application specific metadata in the form of key-value pairs.",
                "Required": false,
                "Type": "object"
              },
              "@added_8a4277041bc9417eab5c164f74d273b7": {
                "#name": "x5t",
                "Description": "Thumbprint of the certificate.",
                "Format": "base64url",
                "Required": false,
                "Type": "string"
              }
            }
          }
        }
      ]
    }
  }
}

⚼ Request

GET: /deletedcertificates

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

maxresults:

{

Description: Maximum number of results to return in a page. If not specified the service will return up to 25 results. ,

Format: int32 ,

Required: False ,

}

integer ,

includePending:

{

Description: Specifies whether to include certificates which are not completely provisioned. ,

Required: False ,

}

boolean ,

}

⚐ Response (200)

{

value:

{

Description: A response message containing a list of deleted certificates in the vault along with a link to the next page of deleted certificates. ,

Required: False ,

}

[

{

id:

{

Description: Certificate identifier. ,

Required: False ,

}

string ,

attributes:

{

Description: The certificate management attributes. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

}

tags:

{

Description: Application specific metadata in the form of key-value pairs. ,

Required: False ,

}

object ,

x5t:

{

Description: Thumbprint of the certificate. ,

Format: base64url ,

Required: False ,

}

string ,

recoveryId:

{

Description: The url of the recovery object, used to identify and recover the deleted certificate. ,

Required: False ,

}

string ,

scheduledPurgeDate:

{

Description: The time when the certificate is scheduled to be purged, in UTC ,

Format: unixtime ,

Required: False ,

}

integer ,

deletedDate:

{

Description: The time when the certificate was deleted, in UTC ,

Format: unixtime ,

Required: False ,

}

integer ,

}

]

nextLink:

{

Description: The URL to get the next set of deleted certificates. ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

GetDeletedCertificate (updated)

Description	: The GetDeletedCertificate operation retrieves the deleted certificate information plus its attributes, such as retention interval, scheduled permanent deletion and the current deletion recovery level. This operation requires the certificates/get permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "GetDeletedCertificate",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    }
  ],
  "$responses": {
    "200": {
      "$properties": {
        "@added_1de6ff6763be4bdfb8a2c226bbc2d320": {
          "#name": "id",
          "Description": "The certificate id.",
          "Required": false,
          "Type": "string"
        },
        "@added_d383b08595cf41e7bfa1d51cee85bf48": {
          "#name": "kid",
          "Description": "The key id.",
          "Required": false,
          "Type": "string"
        },
        "@added_ca23c74b0f9a405b99faa205b856361f": {
          "#name": "sid",
          "Description": "The secret id.",
          "Required": false,
          "Type": "string"
        },
        "@added_1407baf1d6ad4ea49525a3aef555876f": {
          "#name": "x5t",
          "Description": "Thumbprint of the certificate.",
          "Format": "base64url",
          "Required": false,
          "Type": "string"
        },
        "@added_a7056ce6230149418493305677190bb8": {
          "#name": "policy",
          "Description": "The management policy.",
          "Required": false,
          "Type": "object",
          "$properties": [
            {
              "#name": "id",
              "Description": "The certificate id.",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "key_props",
              "Description": "Properties of the key backing a certificate.",
              "Required": false,
              "Type": "object",
              "$properties": [
                {
                  "#name": "exportable",
                  "Description": "Indicates if the private key can be exported. Release policy must be provided when creating the first version of an exportable key.",
                  "Required": false,
                  "Type": "boolean"
                },
                {
                  "#name": "kty",
                  "Description": "The type of key pair to be used for the certificate.",
                  "Enum": [
                    [
                      "EC",
                      "Elliptic Curve."
                    ],
                    [
                      "EC-HSM",
                      "Elliptic Curve with a private key which is not exportable from the HSM."
                    ],
                    [
                      "RSA",
                      "RSA (https://tools.ietf.org/html/rfc3447)."
                    ],
                    [
                      "RSA-HSM",
                      "RSA with a private key which is not exportable from the HSM."
                    ],
                    [
                      "oct",
                      "Octet sequence (used to represent symmetric keys)."
                    ],
                    [
                      "oct-HSM",
                      "Octet sequence with a private key which is not exportable from the HSM."
                    ]
                  ],
                  "Required": false,
                  "Type": "string"
                },
                {
                  "#name": "key_size",
                  "Description": "The key size in bits. For example: 2048, 3072, or 4096 for RSA.",
                  "Format": "int32",
                  "Required": false,
                  "Type": "integer"
                },
                {
                  "#name": "reuse_key",
                  "Description": "Indicates if the same key pair will be used on certificate renewal.",
                  "Required": false,
                  "Type": "boolean"
                },
                {
                  "#name": "crv",
                  "Description": "Elliptic curve name. For valid values, see JsonWebKeyCurveName.",
                  "Enum": [
                    [
                      "P-256",
                      "The NIST P-256 elliptic curve, AKA SECG curve SECP256R1."
                    ],
                    [
                      "P-384",
                      "The NIST P-384 elliptic curve, AKA SECG curve SECP384R1."
                    ],
                    [
                      "P-521",
                      "The NIST P-521 elliptic curve, AKA SECG curve SECP521R1."
                    ],
                    [
                      "P-256K",
                      "The SECG SECP256K1 elliptic curve."
                    ]
                  ],
                  "Required": false,
                  "Type": "string"
                }
              ]
            },
            {
              "#name": "secret_props",
              "Description": "Properties of the secret backing a certificate.",
              "Required": false,
              "Type": "object",
              "$properties": [
                {
                  "#name": "contentType",
                  "Description": "The media type (MIME type).",
                  "Required": false,
                  "Type": "string"
                }
              ]
            },
            {
              "#name": "x509_props",
              "Description": "Properties of the X509 component of a certificate.",
              "Required": false,
              "Type": "object",
              "$properties": [
                {
                  "#name": "subject",
                  "Description": "The subject name. Should be a valid X509 distinguished Name.",
                  "Required": false,
                  "Type": "string"
                },
                {
                  "#name": "ekus",
                  "Description": "The enhanced key usage.",
                  "Required": false,
                  "Type": "array",
                  "$items": {
                    "Type": "string"
                  }
                },
                {
                  "#name": "sans",
                  "Description": "The subject alternative names.",
                  "Required": false,
                  "Type": "object",
                  "$properties": [
                    {
                      "#name": "emails",
                      "Description": "Email addresses.",
                      "Required": false,
                      "Type": "array",
                      "$items": {
                        "Type": "string"
                      }
                    },
                    {
                      "#name": "dns_names",
                      "Description": "Domain names.",
                      "Required": false,
                      "Type": "array",
                      "$items": {
                        "Type": "string"
                      }
                    },
                    {
                      "#name": "upns",
                      "Description": "User principal names.",
                      "Required": false,
                      "Type": "array",
                      "$items": {
                        "Type": "string"
                      }
                    }
                  ]
                },
                {
                  "#name": "key_usage",
                  "Description": "Defines how the certificate's key may be used.",
                  "Required": false,
                  "Type": "array",
                  "$items": {
                    "Description": "Supported usages of a certificate key.",
                    "Enum": [
                      [
                        "digitalSignature",
                        "Indicates that the certificate key can be used as a digital signature."
                      ],
                      [
                        "nonRepudiation",
                        "Indicates that the certificate key can be used for authentication."
                      ],
                      [
                        "keyEncipherment",
                        "Indicates that the certificate key can be used for key encryption."
                      ],
                      [
                        "dataEncipherment",
                        "Indicates that the certificate key can be used for data encryption."
                      ],
                      [
                        "keyAgreement",
                        "Indicates that the certificate key can be used to determine key agreement, such as a key created using the Diffie-Hellman key agreement algorithm."
                      ],
                      [
                        "keyCertSign",
                        "Indicates that the certificate key can be used to sign certificates."
                      ],
                      [
                        "cRLSign",
                        "Indicates that the certificate key can be used to sign a certificate revocation list."
                      ],
                      [
                        "encipherOnly",
                        "Indicates that the certificate key can be used for encryption only."
                      ],
                      [
                        "decipherOnly",
                        "Indicates that the certificate key can be used for decryption only."
                      ]
                    ],
                    "Type": "string"
                  }
                },
                {
                  "#name": "validity_months",
                  "Description": "The duration that the certificate is valid in months.",
                  "Format": "int32",
                  "Required": false,
                  "Type": "integer"
                }
              ]
            },
            {
              "#name": "lifetime_actions",
              "Description": "Actions that will be performed by Key Vault over the lifetime of a certificate.",
              "Required": false,
              "Type": "array",
              "$items": {
                "Description": "Action and its trigger that will be performed by Key Vault over the lifetime of a certificate.",
                "Type": "object",
                "$properties": [
                  {
                    "#name": "trigger",
                    "Description": "The condition that will execute the action.",
                    "Required": false,
                    "Type": "object",
                    "$properties": [
                      {
                        "#name": "lifetime_percentage",
                        "Description": "Percentage of lifetime at which to trigger. Value should be between 1 and 99.",
                        "Format": "int32",
                        "Required": false,
                        "Type": "integer"
                      },
                      {
                        "#name": "days_before_expiry",
                        "Description": "Days before expiry to attempt renewal. Value should be between 1 and validity_in_months multiplied by 27. If validity_in_months is 36, then value should be between 1 and 972 (36 * 27).",
                        "Format": "int32",
                        "Required": false,
                        "Type": "integer"
                      }
                    ]
                  },
                  {
                    "#name": "action",
                    "Description": "The action that will be executed.",
                    "Required": false,
                    "Type": "object",
                    "$properties": [
                      {
                        "#name": "action_type",
                        "Description": "The type of the action.",
                        "Enum": [
                          [
                            "EmailContacts",
                            "A certificate policy that will email certificate contacts."
                          ],
                          [
                            "AutoRenew",
                            "A certificate policy that will auto-renew a certificate."
                          ]
                        ],
                        "Required": false,
                        "Type": "string"
                      }
                    ]
                  }
                ]
              }
            },
            {
              "#name": "issuer",
              "Description": "Parameters for the issuer of the X509 component of a certificate.",
              "Required": false,
              "Type": "object",
              "$properties": [
                {
                  "#name": "name",
                  "Description": "Name of the referenced issuer object or reserved names; for example, 'Self' or 'Unknown'.",
                  "Required": false,
                  "Type": "string"
                },
                {
                  "#name": "cty",
                  "Description": "Certificate type as supported by the provider (optional); for example 'OV-SSL', 'EV-SSL'",
                  "Required": false,
                  "Type": "string"
                },
                {
                  "#name": "cert_transparency",
                  "Description": "Indicates if the certificates generated under this policy should be published to certificate transparency logs.",
                  "Required": false,
                  "Type": "boolean"
                }
              ]
            },
            {
              "#name": "attributes",
              "Description": "The certificate attributes.",
              "Required": false,
              "Type": "object",
              "$properties": [
                {
                  "#name": "enabled",
                  "Description": "Determines whether the object is enabled.",
                  "Required": false,
                  "Type": "boolean"
                },
                {
                  "#name": "nbf",
                  "Description": "Not before date in UTC.",
                  "Format": "unixtime",
                  "Required": false,
                  "Type": "integer"
                },
                {
                  "#name": "exp",
                  "Description": "Expiry date in UTC.",
                  "Format": "unixtime",
                  "Required": false,
                  "Type": "integer"
                },
                {
                  "#name": "created",
                  "Description": "Creation time in UTC.",
                  "Format": "unixtime",
                  "Required": false,
                  "Type": "integer"
                },
                {
                  "#name": "updated",
                  "Description": "Last updated time in UTC.",
                  "Format": "unixtime",
                  "Required": false,
                  "Type": "integer"
                },
                {
                  "#name": "recoverableDays",
                  "Description": "softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0.",
                  "Format": "int32",
                  "Required": false,
                  "Type": "integer"
                },
                {
                  "#name": "recoveryLevel",
                  "Description": "Reflects the deletion recovery level currently in effect for certificates in the current vault. If it contains 'Purgeable', the certificate can be permanently deleted by a privileged user; otherwise, only the system can purge the certificate, at the end of the retention interval.",
                  "Enum": [
                    [
                      "Purgeable",
                      "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                    ],
                    [
                      "Recoverable+Purgeable",
                      "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                    ],
                    [
                      "Recoverable",
                      "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                    ],
                    [
                      "Recoverable+ProtectedSubscription",
                      "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                    ],
                    [
                      "CustomizedRecoverable+Purgeable",
                      "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                    ],
                    [
                      "CustomizedRecoverable",
                      "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                    ],
                    [
                      "CustomizedRecoverable+ProtectedSubscription",
                      "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                    ]
                  ],
                  "Required": false,
                  "Type": "string"
                }
              ]
            }
          ]
        },
        "@added_b02d578dabbc41ffaeb91219341558b5": {
          "#name": "cer",
          "Description": "CER contents of x509 certificate.",
          "Format": "byte",
          "Required": false,
          "Type": "string"
        },
        "@added_50d63117da5e471cb058283490409722": {
          "#name": "contentType",
          "Description": "The content type of the secret. eg. 'application/x-pem-file' or 'application/x-pkcs12',",
          "Required": false,
          "Type": "string"
        },
        "@added_5c7dfa58d45a4df8b234a5edc129197b": {
          "#name": "attributes",
          "Description": "The certificate attributes.",
          "Required": false,
          "Type": "object",
          "$properties": [
            {
              "#name": "enabled",
              "Description": "Determines whether the object is enabled.",
              "Required": false,
              "Type": "boolean"
            },
            {
              "#name": "nbf",
              "Description": "Not before date in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            },
            {
              "#name": "exp",
              "Description": "Expiry date in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            },
            {
              "#name": "created",
              "Description": "Creation time in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            },
            {
              "#name": "updated",
              "Description": "Last updated time in UTC.",
              "Format": "unixtime",
              "Required": false,
              "Type": "integer"
            },
            {
              "#name": "recoverableDays",
              "Description": "softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0.",
              "Format": "int32",
              "Required": false,
              "Type": "integer"
            },
            {
              "#name": "recoveryLevel",
              "Description": "Reflects the deletion recovery level currently in effect for certificates in the current vault. If it contains 'Purgeable', the certificate can be permanently deleted by a privileged user; otherwise, only the system can purge the certificate, at the end of the retention interval.",
              "Enum": [
                [
                  "Purgeable",
                  "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                ],
                [
                  "Recoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "Recoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                ],
                [
                  "CustomizedRecoverable+Purgeable",
                  "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                ],
                [
                  "CustomizedRecoverable",
                  "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                ],
                [
                  "CustomizedRecoverable+ProtectedSubscription",
                  "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                ]
              ],
              "Required": false,
              "Type": "string"
            }
          ]
        },
        "@added_0a7457653a3b4d4fababc9b0354dff25": {
          "#name": "tags",
          "Description": "Application specific metadata in the form of key-value pairs",
          "Required": false,
          "Type": "object"
        }
      }
    }
  }
}

⚼ Request

GET: /deletedcertificates/{certificate-name}

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

certificate-name:

{

Description: The name of the certificate ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

id:

{

Description: The certificate id. ,

Required: False ,

}

string ,

kid:

{

Description: The key id. ,

Required: False ,

}

string ,

sid:

{

Description: The secret id. ,

Required: False ,

}

string ,

x5t:

{

Description: Thumbprint of the certificate. ,

Format: base64url ,

Required: False ,

}

string ,

policy:

{

Description: The management policy. ,

Required: False ,

}

{

id:

{

Description: The certificate id. ,

Required: False ,

}

string ,

key_props:

{

Description: Properties of the key backing a certificate. ,

Required: False ,

}

{

exportable:

{

Description: Indicates if the private key can be exported. Release policy must be provided when creating the first version of an exportable key. ,

Required: False ,

}

boolean ,

kty:

{

Description: The type of key pair to be used for the certificate. ,

Enum:

{

EC: Elliptic Curve. ,

EC-HSM: Elliptic Curve with a private key which is not exportable from the HSM. ,

RSA: RSA (https://tools.ietf.org/html/rfc3447). ,

RSA-HSM: RSA with a private key which is not exportable from the HSM. ,

oct: Octet sequence (used to represent symmetric keys). ,

oct-HSM: Octet sequence with a private key which is not exportable from the HSM. ,

}

Required: False ,

}

enum ,

key_size:

{

Description: The key size in bits. For example: 2048, 3072, or 4096 for RSA. ,

Format: int32 ,

Required: False ,

}

integer ,

reuse_key:

{

Description: Indicates if the same key pair will be used on certificate renewal. ,

Required: False ,

}

boolean ,

crv:

{

Description: Elliptic curve name. For valid values, see JsonWebKeyCurveName. ,

Enum:

{

P-256: The NIST P-256 elliptic curve, AKA SECG curve SECP256R1. ,

P-384: The NIST P-384 elliptic curve, AKA SECG curve SECP384R1. ,

P-521: The NIST P-521 elliptic curve, AKA SECG curve SECP521R1. ,

P-256K: The SECG SECP256K1 elliptic curve. ,

}

Required: False ,

}

enum ,

}

secret_props:

{

Description: Properties of the secret backing a certificate. ,

Required: False ,

}

{

contentType:

{

Description: The media type (MIME type). ,

Required: False ,

}

string ,

}

x509_props:

{

Description: Properties of the X509 component of a certificate. ,

Required: False ,

}

{

subject:

{

Description: The subject name. Should be a valid X509 distinguished Name. ,

Required: False ,

}

string ,

ekus:

{

Description: The enhanced key usage. ,

Required: False ,

}

[

string ,

]

sans:

{

Description: The subject alternative names. ,

Required: False ,

}

{

emails:

{

Description: Email addresses. ,

Required: False ,

}

[

string ,

]

dns_names:

{

Description: Domain names. ,

Required: False ,

}

[

string ,

]

upns:

{

Description: User principal names. ,

Required: False ,

}

[

string ,

]

}

key_usage:

{

Description: Defines how the certificate's key may be used. ,

Required: False ,

}

[

string ,

]

validity_months:

{

Description: The duration that the certificate is valid in months. ,

Format: int32 ,

Required: False ,

}

integer ,

}

lifetime_actions:

{

Description: Actions that will be performed by Key Vault over the lifetime of a certificate. ,

Required: False ,

}

[

{

trigger:

{

Description: The condition that will execute the action. ,

Required: False ,

}

{

lifetime_percentage:

{

Description: Percentage of lifetime at which to trigger. Value should be between 1 and 99. ,

Format: int32 ,

Required: False ,

}

integer ,

days_before_expiry:

{

Description: Days before expiry to attempt renewal. Value should be between 1 and validity_in_months multiplied by 27. If validity_in_months is 36, then value should be between 1 and 972 (36 * 27). ,

Format: int32 ,

Required: False ,

}

integer ,

}

action:

{

Description: The action that will be executed. ,

Required: False ,

}

{

action_type:

{

Description: The type of the action. ,

Enum:

{

EmailContacts: A certificate policy that will email certificate contacts. ,

AutoRenew: A certificate policy that will auto-renew a certificate. ,

}

Required: False ,

}

enum ,

}

]

issuer:

{

Description: Parameters for the issuer of the X509 component of a certificate. ,

Required: False ,

}

{

name:

{

Description: Name of the referenced issuer object or reserved names; for example, 'Self' or 'Unknown'. ,

Required: False ,

}

string ,

cty:

{

Description: Certificate type as supported by the provider (optional); for example 'OV-SSL', 'EV-SSL' ,

Required: False ,

}

string ,

cert_transparency:

{

Description: Indicates if the certificates generated under this policy should be published to certificate transparency logs. ,

Required: False ,

}

boolean ,

}

attributes:

{

Description: The certificate attributes. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

}

cer:

{

Description: CER contents of x509 certificate. ,

Format: byte ,

Required: False ,

}

string ,

contentType:

{

Description: The content type of the secret. eg. 'application/x-pem-file' or 'application/x-pkcs12', ,

Required: False ,

}

string ,

attributes:

{

Description: The certificate attributes. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

}

tags:

{

Description: Application specific metadata in the form of key-value pairs ,

Required: False ,

}

object ,

recoveryId:

{

Description: The url of the recovery object, used to identify and recover the deleted certificate. ,

Required: False ,

}

string ,

scheduledPurgeDate:

{

Description: The time when the certificate is scheduled to be purged, in UTC ,

Format: unixtime ,

Required: False ,

}

integer ,

deletedDate:

{

Description: The time when the certificate was deleted, in UTC ,

Format: unixtime ,

Required: False ,

}

integer ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

PurgeDeletedCertificate (updated)

Description	: The PurgeDeletedCertificate operation performs an irreversible deletion of the specified certificate, without possibility for recovery. The operation is not available if the recovery level does not specify 'Purgeable'. This operation requires the certificate/purge permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "PurgeDeletedCertificate",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    }
  ]
}

⚼ Request

DELETE: /deletedcertificates/{certificate-name}

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

certificate-name:

{

Description: The name of the certificate ,

Required: True ,

}

string ,

}

⚐ Response (204)

{}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

RecoverDeletedCertificate (updated)

Description	: The RecoverDeletedCertificate operation performs the reversal of the Delete operation. The operation is applicable in vaults enabled for soft-delete, and must be issued during the retention interval (available in the deleted certificate's attributes). This operation requires the certificates/recover permission.
Reference	: Link ¶

⚶ Changes

{
  "#id": "RecoverDeletedCertificate",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version."
      }
    }
  ],
  "$responses": {
    "200": {
      "$properties": [
        {
          "policy": [
            {
              "key_props": [
                {
                  "#name": "kty",
                  "Enum": {
                    "new": [
                      [
                        "EC",
                        "Elliptic Curve."
                      ],
                      [
                        "EC-HSM",
                        "Elliptic Curve with a private key which is not exportable from the HSM."
                      ],
                      [
                        "RSA",
                        "RSA (https://tools.ietf.org/html/rfc3447)."
                      ],
                      [
                        "RSA-HSM",
                        "RSA with a private key which is not exportable from the HSM."
                      ],
                      [
                        "oct",
                        "Octet sequence (used to represent symmetric keys)."
                      ],
                      [
                        "oct-HSM",
                        "Octet sequence with a private key which is not exportable from the HSM."
                      ]
                    ],
                    "old": [
                      [
                        "EC",
                        ""
                      ],
                      [
                        "EC-HSM",
                        ""
                      ],
                      [
                        "RSA",
                        ""
                      ],
                      [
                        "RSA-HSM",
                        ""
                      ],
                      [
                        "oct",
                        ""
                      ],
                      [
                        "oct-HSM",
                        ""
                      ]
                    ]
                  }
                },
                {
                  "#name": "crv",
                  "Enum": {
                    "new": [
                      [
                        "P-256",
                        "The NIST P-256 elliptic curve, AKA SECG curve SECP256R1."
                      ],
                      [
                        "P-384",
                        "The NIST P-384 elliptic curve, AKA SECG curve SECP384R1."
                      ],
                      [
                        "P-521",
                        "The NIST P-521 elliptic curve, AKA SECG curve SECP521R1."
                      ],
                      [
                        "P-256K",
                        "The SECG SECP256K1 elliptic curve."
                      ]
                    ],
                    "old": [
                      [
                        "P-256",
                        ""
                      ],
                      [
                        "P-384",
                        ""
                      ],
                      [
                        "P-521",
                        ""
                      ],
                      [
                        "P-256K",
                        ""
                      ]
                    ]
                  }
                }
              ]
            },
            {
              "x509_props": [
                {
                  "key_usage": {
                    "Enum": {
                      "new": [
                        [
                          "digitalSignature",
                          "Indicates that the certificate key can be used as a digital signature."
                        ],
                        [
                          "nonRepudiation",
                          "Indicates that the certificate key can be used for authentication."
                        ],
                        [
                          "keyEncipherment",
                          "Indicates that the certificate key can be used for key encryption."
                        ],
                        [
                          "dataEncipherment",
                          "Indicates that the certificate key can be used for data encryption."
                        ],
                        [
                          "keyAgreement",
                          "Indicates that the certificate key can be used to determine key agreement, such as a key created using the Diffie-Hellman key agreement algorithm."
                        ],
                        [
                          "keyCertSign",
                          "Indicates that the certificate key can be used to sign certificates."
                        ],
                        [
                          "cRLSign",
                          "Indicates that the certificate key can be used to sign a certificate revocation list."
                        ],
                        [
                          "encipherOnly",
                          "Indicates that the certificate key can be used for encryption only."
                        ],
                        [
                          "decipherOnly",
                          "Indicates that the certificate key can be used for decryption only."
                        ]
                      ],
                      "old": [
                        [
                          "digitalSignature",
                          ""
                        ],
                        [
                          "nonRepudiation",
                          ""
                        ],
                        [
                          "keyEncipherment",
                          ""
                        ],
                        [
                          "dataEncipherment",
                          ""
                        ],
                        [
                          "keyAgreement",
                          ""
                        ],
                        [
                          "keyCertSign",
                          ""
                        ],
                        [
                          "cRLSign",
                          ""
                        ],
                        [
                          "encipherOnly",
                          ""
                        ],
                        [
                          "decipherOnly",
                          ""
                        ]
                      ]
                    }
                  }
                }
              ]
            },
            {
              "lifetime_actions": {
                "$properties": {
                  "action": [
                    {
                      "#name": "action_type",
                      "Enum": {
                        "new": [
                          [
                            "EmailContacts",
                            "A certificate policy that will email certificate contacts."
                          ],
                          [
                            "AutoRenew",
                            "A certificate policy that will auto-renew a certificate."
                          ]
                        ],
                        "old": [
                          [
                            "EmailContacts",
                            ""
                          ],
                          [
                            "AutoRenew",
                            ""
                          ]
                        ]
                      }
                    }
                  ]
                }
              }
            },
            {
              "attributes": [
                {
                  "@added_e6c8a2b6376d4fd3a94c77cfb507f41f": {
                    "#name": "enabled",
                    "Description": "Determines whether the object is enabled.",
                    "Required": false,
                    "Type": "boolean"
                  }
                },
                {
                  "@added_fd65061d1734439ea11735a53e44e192": {
                    "#name": "nbf",
                    "Description": "Not before date in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  }
                },
                {
                  "@added_f089368696d54ea1a57c438d10364f11": {
                    "#name": "exp",
                    "Description": "Expiry date in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  }
                },
                {
                  "@added_780d228706ac445ebbe2e3a2555dc034": {
                    "#name": "created",
                    "Description": "Creation time in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  }
                },
                {
                  "@added_7f7a21d3f017490a86456736477d77ea": {
                    "#name": "updated",
                    "Description": "Last updated time in UTC.",
                    "Format": "unixtime",
                    "Required": false,
                    "Type": "integer"
                  }
                },
                {
                  "#name": "recoveryLevel",
                  "Enum": {
                    "new": [
                      [
                        "Purgeable",
                        "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                      ],
                      [
                        "Recoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "CustomizedRecoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                      ],
                      [
                        "CustomizedRecoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                      ],
                      [
                        "CustomizedRecoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                      ]
                    ],
                    "old": [
                      [
                        "Purgeable",
                        "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                      ],
                      [
                        "Recoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "Recoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                      ],
                      [
                        "CustomizedRecoverable+Purgeable",
                        "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                      ],
                      [
                        "CustomizedRecoverable",
                        "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                      ],
                      [
                        "CustomizedRecoverable+ProtectedSubscription",
                        "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7<= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                      ]
                    ]
                  }
                }
              ]
            }
          ]
        },
        {
          "#name": "contentType",
          "Description": {
            "new": "The content type of the secret. eg. 'application/x-pem-file' or 'application/x-pkcs12',",
            "old": "The content type of the secret. eg. 'application/x-pem-file' or 'application/x-pkcs12', "
          }
        },
        {
          "attributes": [
            {
              "@added_ba6bf94dd95c420ab7cf07e9d77f705a": {
                "#name": "enabled",
                "Description": "Determines whether the object is enabled.",
                "Required": false,
                "Type": "boolean"
              }
            },
            {
              "@added_ece2af11826344a2b4da452d969ff949": {
                "#name": "nbf",
                "Description": "Not before date in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_778d8f62ad0447768816ab4439c11140": {
                "#name": "exp",
                "Description": "Expiry date in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_ca9882c20fe84f8ca2e6029c1a861f56": {
                "#name": "created",
                "Description": "Creation time in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "@added_f5dda89e8b6b4068a222edf407156f0e": {
                "#name": "updated",
                "Description": "Last updated time in UTC.",
                "Format": "unixtime",
                "Required": false,
                "Type": "integer"
              }
            },
            {
              "#name": "recoveryLevel",
              "Enum": {
                "new": [
                  [
                    "Purgeable",
                    "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                  ],
                  [
                    "Recoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "CustomizedRecoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                  ],
                  [
                    "CustomizedRecoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7 <= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                  ],
                  [
                    "CustomizedRecoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7 <= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                  ]
                ],
                "old": [
                  [
                    "Purgeable",
                    "Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)"
                  ],
                  [
                    "Recoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "Recoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself  cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered"
                  ],
                  [
                    "CustomizedRecoverable+Purgeable",
                    "Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled."
                  ],
                  [
                    "CustomizedRecoverable",
                    "Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available."
                  ],
                  [
                    "CustomizedRecoverable+ProtectedSubscription",
                    "Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7<= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled."
                  ]
                ]
              }
            }
          ]
        }
      ]
    }
  }
}

⚼ Request

POST: /deletedcertificates/{certificate-name}/recover

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

certificate-name:

{

Description: The name of the deleted certificate ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

id:

{

Description: The certificate id. ,

Required: False ,

}

string ,

kid:

{

Description: The key id. ,

Required: False ,

}

string ,

sid:

{

Description: The secret id. ,

Required: False ,

}

string ,

x5t:

{

Description: Thumbprint of the certificate. ,

Format: base64url ,

Required: False ,

}

string ,

policy:

{

Description: The management policy. ,

Required: False ,

}

{

id:

{

Description: The certificate id. ,

Required: False ,

}

string ,

key_props:

{

Description: Properties of the key backing a certificate. ,

Required: False ,

}

{

exportable:

{

Description: Indicates if the private key can be exported. Release policy must be provided when creating the first version of an exportable key. ,

Required: False ,

}

boolean ,

kty:

{

Description: The type of key pair to be used for the certificate. ,

Enum:

{

EC: Elliptic Curve. ,

EC-HSM: Elliptic Curve with a private key which is not exportable from the HSM. ,

RSA: RSA (https://tools.ietf.org/html/rfc3447). ,

RSA-HSM: RSA with a private key which is not exportable from the HSM. ,

oct: Octet sequence (used to represent symmetric keys). ,

oct-HSM: Octet sequence with a private key which is not exportable from the HSM. ,

}

Required: False ,

}

enum ,

key_size:

{

Description: The key size in bits. For example: 2048, 3072, or 4096 for RSA. ,

Format: int32 ,

Required: False ,

}

integer ,

reuse_key:

{

Description: Indicates if the same key pair will be used on certificate renewal. ,

Required: False ,

}

boolean ,

crv:

{

Description: Elliptic curve name. For valid values, see JsonWebKeyCurveName. ,

Enum:

{

P-256: The NIST P-256 elliptic curve, AKA SECG curve SECP256R1. ,

P-384: The NIST P-384 elliptic curve, AKA SECG curve SECP384R1. ,

P-521: The NIST P-521 elliptic curve, AKA SECG curve SECP521R1. ,

P-256K: The SECG SECP256K1 elliptic curve. ,

}

Required: False ,

}

enum ,

}

secret_props:

{

Description: Properties of the secret backing a certificate. ,

Required: False ,

}

{

contentType:

{

Description: The media type (MIME type). ,

Required: False ,

}

string ,

}

x509_props:

{

Description: Properties of the X509 component of a certificate. ,

Required: False ,

}

{

subject:

{

Description: The subject name. Should be a valid X509 distinguished Name. ,

Required: False ,

}

string ,

ekus:

{

Description: The enhanced key usage. ,

Required: False ,

}

[

string ,

]

sans:

{

Description: The subject alternative names. ,

Required: False ,

}

{

emails:

{

Description: Email addresses. ,

Required: False ,

}

[

string ,

]

dns_names:

{

Description: Domain names. ,

Required: False ,

}

[

string ,

]

upns:

{

Description: User principal names. ,

Required: False ,

}

[

string ,

]

}

key_usage:

{

Description: Defines how the certificate's key may be used. ,

Required: False ,

}

[

string ,

]

validity_months:

{

Description: The duration that the certificate is valid in months. ,

Format: int32 ,

Required: False ,

}

integer ,

}

lifetime_actions:

{

Description: Actions that will be performed by Key Vault over the lifetime of a certificate. ,

Required: False ,

}

[

{

trigger:

{

Description: The condition that will execute the action. ,

Required: False ,

}

{

lifetime_percentage:

{

Description: Percentage of lifetime at which to trigger. Value should be between 1 and 99. ,

Format: int32 ,

Required: False ,

}

integer ,

days_before_expiry:

{

Description: Days before expiry to attempt renewal. Value should be between 1 and validity_in_months multiplied by 27. If validity_in_months is 36, then value should be between 1 and 972 (36 * 27). ,

Format: int32 ,

Required: False ,

}

integer ,

}

action:

{

Description: The action that will be executed. ,

Required: False ,

}

{

action_type:

{

Description: The type of the action. ,

Enum:

{

EmailContacts: A certificate policy that will email certificate contacts. ,

AutoRenew: A certificate policy that will auto-renew a certificate. ,

}

Required: False ,

}

enum ,

}

]

issuer:

{

Description: Parameters for the issuer of the X509 component of a certificate. ,

Required: False ,

}

{

name:

{

Description: Name of the referenced issuer object or reserved names; for example, 'Self' or 'Unknown'. ,

Required: False ,

}

string ,

cty:

{

Description: Certificate type as supported by the provider (optional); for example 'OV-SSL', 'EV-SSL' ,

Required: False ,

}

string ,

cert_transparency:

{

Description: Indicates if the certificates generated under this policy should be published to certificate transparency logs. ,

Required: False ,

}

boolean ,

}

attributes:

{

Description: The certificate attributes. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

}

cer:

{

Description: CER contents of x509 certificate. ,

Format: byte ,

Required: False ,

}

string ,

contentType:

{

Description: The content type of the secret. eg. 'application/x-pem-file' or 'application/x-pkcs12', ,

Required: False ,

}

string ,

attributes:

{

Description: The certificate attributes. ,

Required: False ,

}

{

enabled:

{

Description: Determines whether the object is enabled. ,

Required: False ,

}

boolean ,

nbf:

{

Description: Not before date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

exp:

{

Description: Expiry date in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

created:

{

Description: Creation time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

updated:

{

Description: Last updated time in UTC. ,

Format: unixtime ,

Required: False ,

}

integer ,

recoverableDays:

{

Description: softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. ,

Format: int32 ,

Required: False ,

}

integer ,

recoveryLevel:

{

Enum:

{

}

Required: False ,

}

enum ,

}

tags:

{

Description: Application specific metadata in the form of key-value pairs ,

Required: False ,

}

object ,

}

⚐ Response (default)

{

error:

{

Description: The key vault server error. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

innererror:

{

Required: False ,

}

string ,

}

Microsoft.KeyVault (preview:7.6.1)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (202)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (201)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)