@azure/keyvault-keys package

Classes

CryptographyClient

A client used to perform cryptographic operations on an Azure Key vault key or a local <xref:JsonWebKey>.

KeyClient

The KeyClient provides methods to manage KeyVaultKey in the Azure Key Vault. The client supports creating, retrieving, updating, deleting, purging, backing up, restoring and listing KeyVaultKeys. The client also supports listing DeletedKey for a soft-delete enabled Azure Key Vault.

Interfaces

AesCbcDecryptParameters

Decryption parameters for AES-CBC encryption algorithms.

AesCbcEncryptParameters

Encryption parameters for AES-CBC encryption algorithms.

AesGcmDecryptParameters

Decryption parameters for AES-GCM encryption algorithms.

AesGcmEncryptParameters

Encryption parameters for AES-GCM encryption algorithms.

BackupKeyOptions

Options for backupKey(string, BackupKeyOptions).

BeginDeleteKeyOptions

An interface representing the optional parameters that can be passed to beginDeleteKey(string, BeginDeleteKeyOptions)

BeginRecoverDeletedKeyOptions

An interface representing the optional parameters that can be passed to beginRecoverDeletedKey(string, BeginRecoverDeletedKeyOptions)

CreateEcKeyOptions

An interface representing the optional parameters that can be passed to createEcKey(string, CreateEcKeyOptions)

CreateKeyOptions

An interface representing the optional parameters that can be passed to createKey(string, KeyType_2, CreateKeyOptions)

CreateOctKeyOptions

An interface representing the optional parameters that can be passed to createOctKey(string, CreateOctKeyOptions)

CreateRsaKeyOptions

An interface representing the optional parameters that can be passed to createRsaKey(string, CreateRsaKeyOptions)

CryptographyClientOptions

The optional parameters accepted by the KeyVault's CryptographyClient

CryptographyOptions

An interface representing the options of the cryptography API methods, go to the CryptographyClient for more information.

DecryptOptions

Options for decrypt(DecryptParameters, DecryptOptions).

DecryptResult

Result of the decrypt(DecryptParameters, DecryptOptions) operation.

DeletedKey

An interface representing a deleted Key Vault Key.

EncryptOptions

Options for encrypt(EncryptParameters, EncryptOptions).

EncryptResult

Result of the encrypt(EncryptParameters, EncryptOptions) operation.

GetCryptographyClientOptions

Options for getCryptographyClient(string, GetCryptographyClientOptions).

GetDeletedKeyOptions

Options for getDeletedKey(string, GetDeletedKeyOptions).

GetKeyOptions

Options for getKey(string, GetKeyOptions).

GetKeyRotationPolicyOptions

Options for <xref:KeyClient.getRotationPolicy>

GetRandomBytesOptions

Options for getRandomBytes(number, GetRandomBytesOptions)

ImportKeyOptions

An interface representing the optional parameters that can be passed to importKey(string, JsonWebKey_2, ImportKeyOptions)

JsonWebKey_2

As of http://tools.ietf.org/html/draft-ietf-jose-json-web-key-18

KeyClientOptions

The optional parameters accepted by the KeyVault's KeyClient

KeyPollerOptions

An interface representing the optional parameters that can be passed to beginDeleteKey(string, BeginDeleteKeyOptions) and beginRecoverDeletedKey(string, BeginRecoverDeletedKeyOptions)

KeyProperties

An interface representing the Properties of KeyVaultKey

KeyReleasePolicy

The policy rules under which a key can be exported.

KeyRotationLifetimeAction

An action and its corresponding trigger that will be performed by Key Vault over the lifetime of a key.

KeyRotationPolicy

The complete key rotation policy that belongs to a key.

KeyRotationPolicyProperties

The properties of a key rotation policy that the client can set for a given key. You may also reset the key rotation policy to its default values by setting lifetimeActions to an empty array.

KeyVaultKey

An interface representing a Key Vault Key, with its name, value and KeyProperties.

KeyVaultKeyIdentifier

Represents the segments that compose a Key Vault Key Id.

ListDeletedKeysOptions

An interface representing optional parameters for KeyClient paged operations passed to listDeletedKeys(ListDeletedKeysOptions).

ListPropertiesOfKeyVersionsOptions

An interface representing optional parameters for KeyClient paged operations passed to listPropertiesOfKeyVersions(string, ListPropertiesOfKeyVersionsOptions).

ListPropertiesOfKeysOptions

An interface representing optional parameters for KeyClient paged operations passed to listPropertiesOfKeys(ListPropertiesOfKeysOptions).

PurgeDeletedKeyOptions

Options for purgeDeletedKey(string, PurgeDeletedKeyOptions).

ReleaseKeyOptions

Options for releaseKey(string, string, ReleaseKeyOptions)

ReleaseKeyResult

Result of the releaseKey(string, string, ReleaseKeyOptions) operation.

RestoreKeyBackupOptions

Options for restoreKeyBackup(Uint8Array, RestoreKeyBackupOptions).

RotateKeyOptions

Options for rotateKey(string, RotateKeyOptions)

RsaDecryptParameters

Decryption parameters for RSA encryption algorithms.

RsaEncryptParameters

Encryption parameters for RSA encryption algorithms.

SignOptions

Options for sign(SignatureAlgorithm, Uint8Array, SignOptions).

SignResult

Result of the sign(SignatureAlgorithm, Uint8Array, SignOptions) operation.

UnwrapKeyOptions

Options for unwrapKey(KeyWrapAlgorithm, Uint8Array, UnwrapKeyOptions).

UnwrapResult

Result of the <xref:unwrap> operation.

UpdateKeyPropertiesOptions

Options for updateKeyProperties(string, string, UpdateKeyPropertiesOptions).

UpdateKeyRotationPolicyOptions

Options for updateKeyRotationPolicy(string, KeyRotationPolicyProperties, UpdateKeyRotationPolicyOptions)

VerifyDataOptions

Options for verifyData(SignatureAlgorithm, Uint8Array, Uint8Array, VerifyOptions)

VerifyOptions

Options for verify(SignatureAlgorithm, Uint8Array, Uint8Array, VerifyOptions).

VerifyResult

Result of the verify(SignatureAlgorithm, Uint8Array, Uint8Array, VerifyOptions) operation.

WrapKeyOptions

Options for wrapKey(KeyWrapAlgorithm, Uint8Array, WrapKeyOptions).

WrapResult

Result of the <xref:wrap> operation.

Type Aliases

AesCbcEncryptionAlgorithm

A union type representing all supported AES-CBC encryption algorithms.

AesGcmEncryptionAlgorithm

A union type representing all supported AES-GCM encryption algorithms.

DecryptParameters

A type representing all currently supported decryption parameters as they apply to different encryption algorithms.

DeletionRecoveryLevel

Defines values for DeletionRecoveryLevel.
KnownDeletionRecoveryLevel can be used interchangeably with DeletionRecoveryLevel, this enum contains the known values that the service supports.

Known values supported by the service

Purgeable: Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)
Recoverable+Purgeable: Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered
Recoverable: Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered
Recoverable+ProtectedSubscription: Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered
CustomizedRecoverable+Purgeable: Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled.
CustomizedRecoverable: Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available.
CustomizedRecoverable+ProtectedSubscription: Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7<= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled.

EncryptParameters

A type representing all currently supported encryption parameters as they apply to different encryption algorithms.

EncryptionAlgorithm

Defines values for JsonWebKeyEncryptionAlgorithm.
<xref:KnownJsonWebKeyEncryptionAlgorithm> can be used interchangeably with JsonWebKeyEncryptionAlgorithm, this enum contains the known values that the service supports.

Known values supported by the service

RSA-OAEP
RSA-OAEP-256
RSA1_5
A128GCM
A192GCM
A256GCM
A128KW
A192KW
A256KW
A128CBC
A192CBC
A256CBC
A128CBCPAD
A192CBCPAD
A256CBCPAD

KeyCurveName

Defines values for JsonWebKeyCurveName.
<xref:KnownJsonWebKeyCurveName> can be used interchangeably with JsonWebKeyCurveName, this enum contains the known values that the service supports.

Known values supported by the service

P-256: The NIST P-256 elliptic curve, AKA SECG curve SECP256R1.
P-384: The NIST P-384 elliptic curve, AKA SECG curve SECP384R1.
P-521: The NIST P-521 elliptic curve, AKA SECG curve SECP521R1.
P-256K: The SECG SECP256K1 elliptic curve.

KeyExportEncryptionAlgorithm

Defines values for KeyEncryptionAlgorithm. KnownKeyExportEncryptionAlgorithm can be used interchangeably with KeyEncryptionAlgorithm, this enum contains the known values that the service supports.

Known values supported by the service

CKM_RSA_AES_KEY_WRAP
RSA_AES_KEY_WRAP_256
RSA_AES_KEY_WRAP_384

KeyOperation

Defines values for JsonWebKeyOperation.
<xref:KnownJsonWebKeyOperation> can be used interchangeably with JsonWebKeyOperation, this enum contains the known values that the service supports.

Known values supported by the service

encrypt
decrypt
sign
verify
wrapKey
unwrapKey
import
export

KeyRotationPolicyAction

The action that will be executed.

KeyType_2

Defines values for JsonWebKeyType.
<xref:KnownJsonWebKeyType> can be used interchangeably with JsonWebKeyType, this enum contains the known values that the service supports.

Known values supported by the service

EC: Elliptic Curve.
EC-HSM: Elliptic Curve with a private key which is stored in the HSM.
RSA: RSA (https://tools.ietf.org/html/rfc3447)
RSA-HSM: RSA with a private key which is stored in the HSM.
oct: Octet sequence (used to represent symmetric keys)
oct-HSM: Octet sequence (used to represent symmetric keys) which is stored the HSM.

KeyWrapAlgorithm

Supported algorithms for key wrapping/unwrapping

RsaEncryptionAlgorithm

A union type representing all supported RSA encryption algorithms.

SignatureAlgorithm

Defines values for JsonWebKeySignatureAlgorithm.
<xref:KnownJsonWebKeySignatureAlgorithm> can be used interchangeably with JsonWebKeySignatureAlgorithm, this enum contains the known values that the service supports.

Known values supported by the service

PS256: RSASSA-PSS using SHA-256 and MGF1 with SHA-256, as described in https://tools.ietf.org/html/rfc7518
PS384: RSASSA-PSS using SHA-384 and MGF1 with SHA-384, as described in https://tools.ietf.org/html/rfc7518
PS512: RSASSA-PSS using SHA-512 and MGF1 with SHA-512, as described in https://tools.ietf.org/html/rfc7518
RS256: RSASSA-PKCS1-v1_5 using SHA-256, as described in https://tools.ietf.org/html/rfc7518
RS384: RSASSA-PKCS1-v1_5 using SHA-384, as described in https://tools.ietf.org/html/rfc7518
RS512: RSASSA-PKCS1-v1_5 using SHA-512, as described in https://tools.ietf.org/html/rfc7518
RSNULL: Reserved
ES256: ECDSA using P-256 and SHA-256, as described in https://tools.ietf.org/html/rfc7518.
ES384: ECDSA using P-384 and SHA-384, as described in https://tools.ietf.org/html/rfc7518
ES512: ECDSA using P-521 and SHA-512, as described in https://tools.ietf.org/html/rfc7518
ES256K: ECDSA using P-256K and SHA-256, as described in https://tools.ietf.org/html/rfc7518

Enums

KnownDeletionRecoveryLevel

Known values of DeletionRecoveryLevel that the service accepts.

KnownEncryptionAlgorithms

Known values of EncryptionAlgorithm that the service accepts.

KnownKeyCurveNames

Known values of <xref:JsonWebKeyCurveName> that the service accepts.

KnownKeyExportEncryptionAlgorithm

Known values of KeyExportEncryptionAlgorithm that the service accepts.

KnownKeyOperations

Known values of KeyOperation that the service accepts.

KnownKeyTypes

Known values of <xref:JsonWebKeyType> that the service accepts.

KnownSignatureAlgorithms

Known values of <xref:JsonWebKeySignatureAlgorithm> that the service accepts.

Functions

parseKeyVaultKeyIdentifier(string)

Parses the given Key Vault Key Id. An example is: https://.vault.azure.net/keys//

On parsing the above Id, this function returns:

  {
     sourceId: "https://<keyvault-name>.vault.azure.net/keys/<key-name>/<unique-version-id>",
     vaultUrl: "https://<keyvault-name>.vault.azure.net",
     version: "<unique-version-id>",
     name: "<key-name>"
  }

Function Details

parseKeyVaultKeyIdentifier(string)

Parses the given Key Vault Key Id. An example is: https://.vault.azure.net/keys//

On parsing the above Id, this function returns:

  {
     sourceId: "https://<keyvault-name>.vault.azure.net/keys/<key-name>/<unique-version-id>",
     vaultUrl: "https://<keyvault-name>.vault.azure.net",
     version: "<unique-version-id>",
     name: "<key-name>"
  }
function parseKeyVaultKeyIdentifier(id: string): KeyVaultKeyIdentifier

Parameters

id

string

The Id of the Key Vault Key.

Returns