Azure Key Vault REST API reference
Use Key Vault to safeguard and manage cryptographic keys and secrets used by cloud applications and services.
Vault operations
| Operation | Description |
|---|---|
| Check Name Availability | Checks that the vault name is valid and is not already in use. |
| Create Or Update | Create or update a key vault in the specified subscription. |
| Delete | Deletes the specified Azure key vault. |
| Get | Gets the specified Azure key vault. |
| Get Deleted | Gets the deleted Azure key vault. |
| List | The List operation gets information about the vaults associated with the subscription. |
| List By Resource Group | The List operation gets information about the vaults associated with the subscription and within the specified resource group. |
| List By Subscription | The List operation gets information about the vaults associated with the subscription. |
| List Deleted | Gets information about the deleted vaults in a subscription. |
| Purge Deleted | Permanently deletes the specified vault. |
| Update | Update a key vault in the specified subscription. |
| Update Access Policy | Update access policies in a key vault in the specified subscription. |
Key operations
| Operation | Description |
|---|---|
| Backup Key | Requests that a backup of the specified key be downloaded to the client. |
| Create Key | Creates a new key, stores it, then returns key parameters and attributes to the client. |
| Decrypt | Decrypts a single block of encrypted data. |
| Delete Key | Deletes a key of any type from storage in Azure Key Vault. |
| Encrypt | Encrypts an arbitrary sequence of bytes using an encryption key that is stored in a key vault. |
| Get Deleted Key | Gets the public part of a deleted key. |
| Get Deleted Keys | Lists the deleted keys in the specified vault. |
| Get Key | Gets the public part of a stored key. |
| Get Key Versions | Retrieves a list of individual key versions with the same key name. |
| Get Keys | List keys in the specified vault. |
| Import Key | Imports an externally created key, stores it, and returns key parameters and attributes to the client. |
| Purge Deleted Key | Permanently deletes the specified key. |
| Recover Deleted Key | Recovers the deleted key to its latest version. |
| Restore Key | Restores a backed up key to a vault. |
| Sign | Creates a signature from a digest using the specified key. |
| Unwrap Key | Unwraps a symmetric key using the specified key that was initially used for wrapping that key. |
| Update Key | The update key operation changes specified attributes of a stored key and can be applied to any key type and key version stored in Azure Key Vault. |
| Verify | Verifies a signature using a specified key. |
| Wrap Key | Wraps a symmetric key using a specified key. |
Secret operations
| Operation | Description |
|---|---|
| Backup Secret | Backs up the specified secret. |
| Delete Secret | Deletes a secret from a specified key vault. |
| Get Deleted Secret | Gets the specified deleted secret. |
| Get Deleted Secrets | Lists deleted secrets for the specified vault. |
| Get Secret | Get a specified secret from a given key vault. |
| Get Secret Versions | List all versions of the specified secret. |
| Get Secrets | List secrets in a specified key vault. |
| Purge Deleted Secret | Permanently deletes the specified secret. |
| Recover Deleted Secret | Recovers the deleted secret to the latest version. |
| Restore Secret | Restores a backed up secret to a vault. |
| Set Secret | Sets a secret in a specified key vault. |
| Update Secret | Updates the attributes associated with a specified secret in a given key vault. |
Certificate operations
| Operation | Description |
|---|---|
| Backup Certificate | Backs up the specified certificate. |
| Create Certificate | Creates a new certificate. |
| Delete Certificate | Deletes a certificate from a specified key vault. |
| Delete Certificate Contacts | Deletes the certificate contacts for a specified key vault. |
| Delete Certificate Issuer | Deletes the specified certificate issuer. |
| Delete Certificate Operation | Deletes the creation operation for a specific certificate. |
| Get Certificate | Gets information about a certificate. |
| Get Certificate Contacts | Lists the certificate contacts for a specified key vault. |
| Get Certificate Issuer | Lists the specified certificate issuer. |
| Get Certificate Issuers | List certificate issuers for a specified key vault. |
| Get Certificate Operation | Gets the creation operation of a certificate. |
| Get Certificate Policy | Lists the policy for a certificate. |
| Get Certificate Versions | List the versions of a certificate. |
| Get Certificates | List certificates in a specified key vault |
| Get Deleted Certificate | Retrieves information about the specified deleted certificate. |
| Get Deleted Certificates | Lists the deleted certificates in the specified vault currently available for recovery. |
| Import Certificate | Imports a certificate into a specified key vault. |
| Merge Certificate | Merges a certificate or a certificate chain with a key pair existing on the server. |
| Purge Deleted Certificate | Permanently deletes the specified deleted certificate. |
| Recover Deleted Certificate | Recovers the deleted certificate back to its current version under /certificates. |
| Restore Certificate | Restores a backed up certificate to a vault. |
| Set Certificate Contacts | Sets the certificate contacts for the specified key vault. |
| Set Certificate Issuer | Sets the specified certificate issuer. |
| Update Certificate | Updates the specified attributes associated with the given certificate. |
| Update Certificate Issuer | Updates the specified certificate issuer. |
| Update Certificate Operation | Updates a certificate operation. |
| Update Certificate Policy | Updates the policy for a certificate. |
Storage operations
| Operation | Description |
|---|---|
| Backup Storage Account | Backs up the specified storage account. |
| Delete Sas Definition | Deletes a SAS definition from a specified storage account. This operation requires the storage/deletesas permission. |
| Delete Storage Account | Deletes a storage account. This operation requires the storage/delete permission. |
| Get Deleted Sas Definition | Gets the specified deleted sas definition. |
| Get Deleted Sas Definitions | Lists deleted SAS definitions for the specified vault and storage account. |
| Get Deleted Storage Account | Gets the specified deleted storage account. |
| Get Deleted Storage Accounts | Lists deleted storage accounts for the specified vault. |
| Get Sas Definition | Gets information about a SAS definition for the specified storage account. This operation requires the storage/getsas permission. |
| Get Sas Definitions | List storage SAS definitions for the given storage account. This operation requires the storage/listsas permission. |
| Get Storage Account | Gets information about a specified storage account. This operation requires the storage/get permission. |
| Get Storage Accounts | List storage accounts managed by the specified key vault. This operation requires the storage/list permission. |
| Purge Deleted Storage Account | Permanently deletes the specified storage account. |
| Recover Deleted Sas Definition | Recovers the deleted SAS definition. |
| Recover Deleted Storage Account | Recovers the deleted storage account. |
| Regenerate Storage Account Key | Regenerates the specified key value for the given storage account. This operation requires the storage/regeneratekey permission. |
| Restore Storage Account | Restores a backed up storage account to a vault. |
| Set Sas Definition | Creates or updates a new SAS definition for the specified storage account. This operation requires the storage/setsas permission. |
| Set Storage Account | Creates or updates a new storage account. This operation requires the storage/set permission. |
| Update Sas Definition | Updates the specified attributes associated with the given SAS definition. This operation requires the storage/setsas permission. |
| Update Storage Account | Updates the specified attributes associated with the given storage account. This operation requires the storage/set/update permission. |
See also
- For concepts and detailed information about data plane objects, see About keys, secrets, and certificates.
- For general information on constructing Azure REST API requests, see the Azure REST API reference
- For information specific to constructing Key Vault REST API requests, see
- See the following topics for additional Key Vault concepts and details