KeyVaultClient Class
The key vault client performs cryptographic key operations and vault operations against the Key Vault service.
- Inheritance
-
KeyVaultClient
Constructor
KeyVaultClient(credentials)Parameters
Variables
- config
- KeyVaultClientConfiguration
Configuration for client.
Methods
| backup_key |
Requests that a backup of the specified key be downloaded to the client. The Key Backup operation exports a key from Azure Key Vault in a protected form. Note that this operation does NOT return key material in a form that can be used outside the Azure Key Vault system, the returned key material is either protected to a Azure Key Vault HSM or to Azure Key Vault itself. The intent of this operation is to allow a client to GENERATE a key in one Azure Key Vault instance, BACKUP the key, and then RESTORE it into another Azure Key Vault instance. The BACKUP operation may be used to export, in protected form, any key type from Azure Key Vault. Individual versions of a key cannot be backed up. BACKUP / RESTORE can be performed within geographical boundaries only; meaning that a BACKUP from one geographical area cannot be restored to another geographical area. For example, a backup from the US geographical area cannot be restored in an EU geographical area. This operation requires the key/backup permission. |
| backup_secret |
Backs up the specified secret. Requests that a backup of the specified secret be downloaded to the client. All versions of the secret will be downloaded. This operation requires the secrets/backup permission. |
| create_certificate |
Creates a new certificate. If this is the first version, the certificate resource is created. This operation requires the certificates/create permission. |
| create_key |
Creates a new key, stores it, then returns key parameters and attributes to the client. The create key operation can be used to create any key type in Azure Key Vault. If the named key already exists, Azure Key Vault creates a new version of the key. It requires the keys/create permission. |
| decrypt |
Decrypts a single block of encrypted data. The DECRYPT operation decrypts a well-formed block of ciphertext using the target encryption key and specified algorithm. This operation is the reverse of the ENCRYPT operation; only a single block of data may be decrypted, the size of this block is dependent on the target key and the algorithm to be used. The DECRYPT operation applies to asymmetric and symmetric keys stored in Azure Key Vault since it uses the private portion of the key. This operation requires the keys/decrypt permission. |
| delete_certificate |
Deletes a certificate from a specified key vault. Deletes all versions of a certificate object along with its associated policy. Delete certificate cannot be used to remove individual versions of a certificate object. This operation requires the certificates/delete permission. |
| delete_certificate_contacts |
Deletes the certificate contacts for a specified key vault. Deletes the certificate contacts for a specified key vault certificate. This operation requires the certificates/managecontacts permission. |
| delete_certificate_issuer |
Deletes the specified certificate issuer. The DeleteCertificateIssuer operation permanently removes the specified certificate issuer from the vault. This operation requires the certificates/manageissuers/deleteissuers permission. |
| delete_certificate_operation |
Deletes the creation operation for a specific certificate. Deletes the creation operation for a specified certificate that is in the process of being created. The certificate is no longer created. This operation requires the certificates/update permission. |
| delete_key |
Deletes a key of any type from storage in Azure Key Vault. The delete key operation cannot be used to remove individual versions of a key. This operation removes the cryptographic material associated with the key, which means the key is not usable for Sign/Verify, Wrap/Unwrap or Encrypt/Decrypt operations. This operation requires the keys/delete permission. |
| delete_sas_definition |
Deletes a SAS definition from a specified storage account. This operation requires the storage/deletesas permission. |
| delete_secret |
Deletes a secret from a specified key vault. The DELETE operation applies to any secret stored in Azure Key Vault. DELETE cannot be applied to an individual version of a secret. This operation requires the secrets/delete permission. |
| delete_storage_account |
Deletes a storage account. This operation requires the storage/delete permission. |
| encrypt |
Encrypts an arbitrary sequence of bytes using an encryption key that is stored in a key vault. The ENCRYPT operation encrypts an arbitrary sequence of bytes using an encryption key that is stored in Azure Key Vault. Note that the ENCRYPT operation only supports a single block of data, the size of which is dependent on the target key and the encryption algorithm to be used. The ENCRYPT operation is only strictly necessary for symmetric keys stored in Azure Key Vault since protection with an asymmetric key can be performed using public portion of the key. This operation is supported for asymmetric keys as a convenience for callers that have a key-reference but do not have access to the public key material. This operation requires the keys/encypt permission. |
| get_certificate |
Gets information about a certificate. Gets information about a specific certificate. This operation requires the certificates/get permission. |
| get_certificate_contacts |
Lists the certificate contacts for a specified key vault. The GetCertificateContacts operation returns the set of certificate contact resources in the specified key vault. This operation requires the certificates/managecontacts permission. |
| get_certificate_issuer |
Lists the specified certificate issuer. The GetCertificateIssuer operation returns the specified certificate issuer resources in the specified key vault. This operation requires the certificates/manageissuers/getissuers permission. |
| get_certificate_issuers |
List certificate issuers for a specified key vault. The GetCertificateIssuers operation returns the set of certificate issuer resources in the specified key vault. This operation requires the certificates/manageissuers/getissuers permission. |
| get_certificate_operation |
Gets the creation operation of a certificate. Gets the creation operation associated with a specified certificate. This operation requires the certificates/get permission. |
| get_certificate_policy |
Lists the policy for a certificate. The GetCertificatePolicy operation returns the specified certificate policy resources in the specified key vault. This operation requires the certificates/get permission. |
| get_certificate_versions |
List the versions of a certificate. The GetCertificateVersions operation returns the versions of a certificate in the specified key vault. This operation requires the certificates/list permission. |
| get_certificates |
List certificates in a specified key vault. The GetCertificates operation returns the set of certificates resources in the specified key vault. This operation requires the certificates/list permission. |
| get_deleted_certificate |
Retrieves information about the specified deleted certificate. The GetDeletedCertificate operation retrieves the deleted certificate information plus its attributes, such as retention interval, scheduled permanent deletion and the current deletion recovery level. This operation requires the certificates/get permission. |
| get_deleted_certificates |
Lists the deleted certificates in the specified vault currently available for recovery. The GetDeletedCertificates operation retrieves the certificates in the current vault which are in a deleted state and ready for recovery or purging. This operation includes deletion-specific information. This operation requires the certificates/get/list permission. This operation can only be enabled on soft-delete enabled vaults. |
| get_deleted_key |
Gets the public part of a deleted key. The Get Deleted Key operation is applicable for soft-delete enabled vaults. While the operation can be invoked on any vault, it will return an error if invoked on a non soft-delete enabled vault. This operation requires the keys/get permission. . |
| get_deleted_keys |
Lists the deleted keys in the specified vault. Retrieves a list of the keys in the Key Vault as JSON Web Key structures that contain the public part of a deleted key. This operation includes deletion-specific information. The Get Deleted Keys operation is applicable for vaults enabled for soft-delete. While the operation can be invoked on any vault, it will return an error if invoked on a non soft-delete enabled vault. This operation requires the keys/list permission. |
| get_deleted_secret |
Gets the specified deleted secret. The Get Deleted Secret operation returns the specified deleted secret along with its attributes. This operation requires the secrets/get permission. |
| get_deleted_secrets |
Lists deleted secrets for the specified vault. The Get Deleted Secrets operation returns the secrets that have been deleted for a vault enabled for soft-delete. This operation requires the secrets/list permission. |
| get_key |
Gets the public part of a stored key. The get key operation is applicable to all key types. If the requested key is symmetric, then no key material is released in the response. This operation requires the keys/get permission. |
| get_key_versions |
Retrieves a list of individual key versions with the same key name. The full key identifier, attributes, and tags are provided in the response. This operation requires the keys/list permission. |
| get_keys |
List keys in the specified vault. Retrieves a list of the keys in the Key Vault as JSON Web Key structures that contain the public part of a stored key. The LIST operation is applicable to all key types, however only the base key identifier, attributes, and tags are provided in the response. Individual versions of a key are not listed in the response. This operation requires the keys/list permission. |
| get_sas_definition |
Gets information about a SAS definition for the specified storage account. This operation requires the storage/getsas permission. |
| get_sas_definitions |
List storage SAS definitions for the given storage account. This operation requires the storage/listsas permission. |
| get_secret |
Get a specified secret from a given key vault. The GET operation is applicable to any secret stored in Azure Key Vault. This operation requires the secrets/get permission. |
| get_secret_versions |
List all versions of the specified secret. The full secret identifier and attributes are provided in the response. No values are returned for the secrets. This operations requires the secrets/list permission. |
| get_secrets |
List secrets in a specified key vault. The Get Secrets operation is applicable to the entire vault. However, only the base secret identifier and its attributes are provided in the response. Individual secret versions are not listed in the response. This operation requires the secrets/list permission. |
| get_storage_account |
Gets information about a specified storage account. This operation requires the storage/get permission. |
| get_storage_accounts |
List storage accounts managed by the specified key vault. This operation requires the storage/list permission. |
| import_certificate |
Imports a certificate into a specified key vault. Imports an existing valid certificate, containing a private key, into Azure Key Vault. The certificate to be imported can be in either PFX or PEM format. If the certificate is in PEM format the PEM file must contain the key as well as x509 certificates. This operation requires the certificates/import permission. |
| import_key |
Imports an externally created key, stores it, and returns key parameters and attributes to the client. The import key operation may be used to import any key type into an Azure Key Vault. If the named key already exists, Azure Key Vault creates a new version of the key. This operation requires the keys/import permission. |
| merge_certificate |
Merges a certificate or a certificate chain with a key pair existing on the server. The MergeCertificate operation performs the merging of a certificate or certificate chain with a key pair currently available in the service. This operation requires the certificates/create permission. |
| purge_deleted_certificate |
Permanently deletes the specified deleted certificate. The PurgeDeletedCertificate operation performs an irreversible deletion of the specified certificate, without possibility for recovery. The operation is not available if the recovery level does not specify 'Purgeable'. This operation requires the certificate/purge permission. |
| purge_deleted_key |
Permanently deletes the specified key. The Purge Deleted Key operation is applicable for soft-delete enabled vaults. While the operation can be invoked on any vault, it will return an error if invoked on a non soft-delete enabled vault. This operation requires the keys/purge permission. |
| purge_deleted_secret |
Permanently deletes the specified secret. The purge deleted secret operation removes the secret permanently, without the possibility of recovery. This operation can only be enabled on a soft-delete enabled vault. This operation requires the secrets/purge permission. |
| recover_deleted_certificate |
Recovers the deleted certificate back to its current version under /certificates. The RecoverDeletedCertificate operation performs the reversal of the Delete operation. The operation is applicable in vaults enabled for soft-delete, and must be issued during the retention interval (available in the deleted certificate's attributes). This operation requires the certificates/recover permission. |
| recover_deleted_key |
Recovers the deleted key to its latest version. The Recover Deleted Key operation is applicable for deleted keys in soft-delete enabled vaults. It recovers the deleted key back to its latest version under /keys. An attempt to recover an non-deleted key will return an error. Consider this the inverse of the delete operation on soft-delete enabled vaults. This operation requires the keys/recover permission. |
| recover_deleted_secret |
Recovers the deleted secret to the latest version. Recovers the deleted secret in the specified vault. This operation can only be performed on a soft-delete enabled vault. This operation requires the secrets/recover permission. |
| regenerate_storage_account_key |
Regenerates the specified key value for the given storage account. This operation requires the storage/regeneratekey permission. |
| restore_key |
Restores a backed up key to a vault. Imports a previously backed up key into Azure Key Vault, restoring the key, its key identifier, attributes and access control policies. The RESTORE operation may be used to import a previously backed up key. Individual versions of a key cannot be restored. The key is restored in its entirety with the same key name as it had when it was backed up. If the key name is not available in the target Key Vault, the RESTORE operation will be rejected. While the key name is retained during restore, the final key identifier will change if the key is restored to a different vault. Restore will restore all versions and preserve version identifiers. The RESTORE operation is subject to security constraints: The target Key Vault must be owned by the same Microsoft Azure Subscription as the source Key Vault The user must have RESTORE permission in the target Key Vault. This operation requires the keys/restore permission. |
| restore_secret |
Restores a backed up secret to a vault. Restores a backed up secret, and all its versions, to a vault. This operation requires the secrets/restore permission. |
| set_certificate_contacts |
Sets the certificate contacts for the specified key vault. Sets the certificate contacts for the specified key vault. This operation requires the certificates/managecontacts permission. |
| set_certificate_issuer |
Sets the specified certificate issuer. The SetCertificateIssuer operation adds or updates the specified certificate issuer. This operation requires the certificates/setissuers permission. |
| set_sas_definition |
Creates or updates a new SAS definition for the specified storage account. This operation requires the storage/setsas permission. |
| set_secret |
Sets a secret in a specified key vault. The SET operation adds a secret to the Azure Key Vault. If the named secret already exists, Azure Key Vault creates a new version of that secret. This operation requires the secrets/set permission. |
| set_storage_account |
Creates or updates a new storage account. This operation requires the storage/set permission. |
| sign |
Creates a signature from a digest using the specified key. The SIGN operation is applicable to asymmetric and symmetric keys stored in Azure Key Vault since this operation uses the private portion of the key. This operation requires the keys/sign permission. |
| unwrap_key |
Unwraps a symmetric key using the specified key that was initially used for wrapping that key. The UNWRAP operation supports decryption of a symmetric key using the target key encryption key. This operation is the reverse of the WRAP operation. The UNWRAP operation applies to asymmetric and symmetric keys stored in Azure Key Vault since it uses the private portion of the key. This operation requires the keys/unwrapKey permission. |
| update_certificate |
Updates the specified attributes associated with the given certificate. The UpdateCertificate operation applies the specified update on the given certificate; the only elements updated are the certificate's attributes. This operation requires the certificates/update permission. |
| update_certificate_issuer |
Updates the specified certificate issuer. The UpdateCertificateIssuer operation performs an update on the specified certificate issuer entity. This operation requires the certificates/setissuers permission. |
| update_certificate_operation |
Updates a certificate operation. Updates a certificate creation operation that is already in progress. This operation requires the certificates/update permission. |
| update_certificate_policy |
Updates the policy for a certificate. Set specified members in the certificate policy. Leave others as null. This operation requires the certificates/update permission. |
| update_key |
The update key operation changes specified attributes of a stored key and can be applied to any key type and key version stored in Azure Key Vault. In order to perform this operation, the key must already exist in the Key Vault. Note: The cryptographic material of a key itself cannot be changed. This operation requires the keys/update permission. |
| update_sas_definition |
Updates the specified attributes associated with the given SAS definition. This operation requires the storage/setsas permission. |
| update_secret |
Updates the attributes associated with a specified secret in a given key vault. The UPDATE operation changes specified attributes of an existing stored secret. Attributes that are not specified in the request are left unchanged. The value of a secret itself cannot be changed. This operation requires the secrets/set permission. |
| update_storage_account |
Updates the specified attributes associated with the given storage account. This operation requires the storage/set/update permission. |
| verify |
Verifies a signature using a specified key. The VERIFY operation is applicable to symmetric keys stored in Azure Key Vault. VERIFY is not strictly necessary for asymmetric keys stored in Azure Key Vault since signature verification can be performed using the public portion of the key but this operation is supported as a convenience for callers that only have a key-reference and not the public portion of the key. This operation requires the keys/verify permission. |
| wrap_key |
Wraps a symmetric key using a specified key. The WRAP operation supports encryption of a symmetric key using a key encryption key that has previously been stored in an Azure Key Vault. The WRAP operation is only strictly necessary for symmetric keys stored in Azure Key Vault since protection with an asymmetric key can be performed using the public portion of the key. This operation is supported for asymmetric keys as a convenience for callers that have a key-reference but do not have access to the public key material. This operation requires the keys/wrapKey permission. |
backup_key
Requests that a backup of the specified key be downloaded to the client.
The Key Backup operation exports a key from Azure Key Vault in a protected form. Note that this operation does NOT return key material in a form that can be used outside the Azure Key Vault system, the returned key material is either protected to a Azure Key Vault HSM or to Azure Key Vault itself. The intent of this operation is to allow a client to GENERATE a key in one Azure Key Vault instance, BACKUP the key, and then RESTORE it into another Azure Key Vault instance. The BACKUP operation may be used to export, in protected form, any key type from Azure Key Vault. Individual versions of a key cannot be backed up. BACKUP / RESTORE can be performed within geographical boundaries only; meaning that a BACKUP from one geographical area cannot be restored to another geographical area. For example, a backup from the US geographical area cannot be restored in an EU geographical area. This operation requires the key/backup permission.
backup_key(vault_base_url, key_name, custom_headers=None, raw=False, **operation_config)Parameters
- operation_config
Operation configuration overrides.
Returns
BackupKeyResult or ClientRawResponse if raw=true
Return type
Exceptions
backup_secret
Backs up the specified secret.
Requests that a backup of the specified secret be downloaded to the client. All versions of the secret will be downloaded. This operation requires the secrets/backup permission.
backup_secret(vault_base_url, secret_name, custom_headers=None, raw=False, **operation_config)Parameters
- operation_config
Operation configuration overrides.
Returns
BackupSecretResult or ClientRawResponse if raw=true
Return type
Exceptions
create_certificate
Creates a new certificate.
If this is the first version, the certificate resource is created. This operation requires the certificates/create permission.
create_certificate(vault_base_url, certificate_name, certificate_policy=None, certificate_attributes=None, tags=None, custom_headers=None, raw=False, **operation_config)Parameters
- certificate_attributes
- CertificateAttributes
The attributes of the certificate (optional).
Application specific metadata in the form of key-value pairs.
- operation_config
Operation configuration overrides.
Returns
CertificateOperation or ClientRawResponse if raw=true
Return type
Exceptions
create_key
Creates a new key, stores it, then returns key parameters and attributes to the client.
The create key operation can be used to create any key type in Azure Key Vault. If the named key already exists, Azure Key Vault creates a new version of the key. It requires the keys/create permission.
create_key(vault_base_url, key_name, kty, key_size=None, key_ops=None, key_attributes=None, tags=None, curve=None, custom_headers=None, raw=False, **operation_config)Parameters
- key_name
- str
The name for the new key. The system will generate the version name for the new key.
- kty
- str or JsonWebKeyType
The type of key to create. For valid values, see JsonWebKeyType. Possible values include: 'EC', 'EC-HSM', 'RSA', 'RSA-HSM', 'oct'
- key_ops
- list[str or JsonWebKeyOperation]
- key_attributes
- KeyAttributes
Application specific metadata in the form of key-value pairs.
- curve
- str or JsonWebKeyCurveName
Elliptic curve name. For valid values, see JsonWebKeyCurveName. Possible values include: 'P-256', 'P-384', 'P-521', 'SECP256K1'
- operation_config
Operation configuration overrides.
Returns
KeyBundle or ClientRawResponse if raw=true
Return type
Exceptions
decrypt
Decrypts a single block of encrypted data.
The DECRYPT operation decrypts a well-formed block of ciphertext using the target encryption key and specified algorithm. This operation is the reverse of the ENCRYPT operation; only a single block of data may be decrypted, the size of this block is dependent on the target key and the algorithm to be used. The DECRYPT operation applies to asymmetric and symmetric keys stored in Azure Key Vault since it uses the private portion of the key. This operation requires the keys/decrypt permission.
decrypt(vault_base_url, key_name, key_version, algorithm, value, custom_headers=None, raw=False, **operation_config)Parameters
- algorithm
- str or JsonWebKeyEncryptionAlgorithm
algorithm identifier. Possible values include: 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5'
- value
- bytes
- operation_config
Operation configuration overrides.
Returns
KeyOperationResult or ClientRawResponse if raw=true
Return type
Exceptions
delete_certificate
Deletes a certificate from a specified key vault.
Deletes all versions of a certificate object along with its associated policy. Delete certificate cannot be used to remove individual versions of a certificate object. This operation requires the certificates/delete permission.
delete_certificate(vault_base_url, certificate_name, custom_headers=None, raw=False, **operation_config)Parameters
- operation_config
Operation configuration overrides.
Returns
DeletedCertificateBundle or ClientRawResponse if raw=true
Return type
Exceptions
delete_certificate_contacts
Deletes the certificate contacts for a specified key vault.
Deletes the certificate contacts for a specified key vault certificate. This operation requires the certificates/managecontacts permission.
delete_certificate_contacts(vault_base_url, custom_headers=None, raw=False, **operation_config)Parameters
- operation_config
Operation configuration overrides.
Returns
Contacts or ClientRawResponse if raw=true
Return type
Exceptions
delete_certificate_issuer
Deletes the specified certificate issuer.
The DeleteCertificateIssuer operation permanently removes the specified certificate issuer from the vault. This operation requires the certificates/manageissuers/deleteissuers permission.
delete_certificate_issuer(vault_base_url, issuer_name, custom_headers=None, raw=False, **operation_config)Parameters
- operation_config
Operation configuration overrides.
Returns
IssuerBundle or ClientRawResponse if raw=true
Return type
Exceptions
delete_certificate_operation
Deletes the creation operation for a specific certificate.
Deletes the creation operation for a specified certificate that is in the process of being created. The certificate is no longer created. This operation requires the certificates/update permission.
delete_certificate_operation(vault_base_url, certificate_name, custom_headers=None, raw=False, **operation_config)Parameters
- operation_config
Operation configuration overrides.
Returns
CertificateOperation or ClientRawResponse if raw=true
Return type
Exceptions
delete_key
Deletes a key of any type from storage in Azure Key Vault.
The delete key operation cannot be used to remove individual versions of a key. This operation removes the cryptographic material associated with the key, which means the key is not usable for Sign/Verify, Wrap/Unwrap or Encrypt/Decrypt operations. This operation requires the keys/delete permission.
delete_key(vault_base_url, key_name, custom_headers=None, raw=False, **operation_config)Parameters
- operation_config
Operation configuration overrides.
Returns
DeletedKeyBundle or ClientRawResponse if raw=true
Return type
Exceptions
delete_sas_definition
Deletes a SAS definition from a specified storage account. This operation requires the storage/deletesas permission.
delete_sas_definition(vault_base_url, storage_account_name, sas_definition_name, custom_headers=None, raw=False, **operation_config)Parameters
- operation_config
Operation configuration overrides.
Returns
SasDefinitionBundle or ClientRawResponse if raw=true
Return type
Exceptions
delete_secret
Deletes a secret from a specified key vault.
The DELETE operation applies to any secret stored in Azure Key Vault. DELETE cannot be applied to an individual version of a secret. This operation requires the secrets/delete permission.
delete_secret(vault_base_url, secret_name, custom_headers=None, raw=False, **operation_config)Parameters
- operation_config
Operation configuration overrides.
Returns
DeletedSecretBundle or ClientRawResponse if raw=true
Return type
Exceptions
delete_storage_account
Deletes a storage account. This operation requires the storage/delete permission.
delete_storage_account(vault_base_url, storage_account_name, custom_headers=None, raw=False, **operation_config)Parameters
- operation_config
Operation configuration overrides.
Returns
StorageBundle or ClientRawResponse if raw=true
Return type
Exceptions
encrypt
Encrypts an arbitrary sequence of bytes using an encryption key that is stored in a key vault.
The ENCRYPT operation encrypts an arbitrary sequence of bytes using an encryption key that is stored in Azure Key Vault. Note that the ENCRYPT operation only supports a single block of data, the size of which is dependent on the target key and the encryption algorithm to be used. The ENCRYPT operation is only strictly necessary for symmetric keys stored in Azure Key Vault since protection with an asymmetric key can be performed using public portion of the key. This operation is supported for asymmetric keys as a convenience for callers that have a key-reference but do not have access to the public key material. This operation requires the keys/encypt permission.
encrypt(vault_base_url, key_name, key_version, algorithm, value, custom_headers=None, raw=False, **operation_config)Parameters
- algorithm
- str or JsonWebKeyEncryptionAlgorithm
algorithm identifier. Possible values include: 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5'
- value
- bytes
- operation_config
Operation configuration overrides.
Returns
KeyOperationResult or ClientRawResponse if raw=true
Return type
Exceptions
get_certificate
Gets information about a certificate.
Gets information about a specific certificate. This operation requires the certificates/get permission.
get_certificate(vault_base_url, certificate_name, certificate_version, custom_headers=None, raw=False, **operation_config)Parameters
- operation_config
Operation configuration overrides.
Returns
CertificateBundle or ClientRawResponse if raw=true
Return type
Exceptions
get_certificate_contacts
Lists the certificate contacts for a specified key vault.
The GetCertificateContacts operation returns the set of certificate contact resources in the specified key vault. This operation requires the certificates/managecontacts permission.
get_certificate_contacts(vault_base_url, custom_headers=None, raw=False, **operation_config)Parameters
- operation_config
Operation configuration overrides.
Returns
Contacts or ClientRawResponse if raw=true
Return type
Exceptions
get_certificate_issuer
Lists the specified certificate issuer.
The GetCertificateIssuer operation returns the specified certificate issuer resources in the specified key vault. This operation requires the certificates/manageissuers/getissuers permission.
get_certificate_issuer(vault_base_url, issuer_name, custom_headers=None, raw=False, **operation_config)Parameters
- operation_config
Operation configuration overrides.
Returns
IssuerBundle or ClientRawResponse if raw=true
Return type
Exceptions
get_certificate_issuers
List certificate issuers for a specified key vault.
The GetCertificateIssuers operation returns the set of certificate issuer resources in the specified key vault. This operation requires the certificates/manageissuers/getissuers permission.
get_certificate_issuers(vault_base_url, maxresults=None, custom_headers=None, raw=False, **operation_config)Parameters
- maxresults
- int
Maximum number of results to return in a page. If not specified the service will return up to 25 results.
- operation_config
Operation configuration overrides.
Returns
An iterator like instance of CertificateIssuerItem
Return type
Exceptions
get_certificate_operation
Gets the creation operation of a certificate.
Gets the creation operation associated with a specified certificate. This operation requires the certificates/get permission.
get_certificate_operation(vault_base_url, certificate_name, custom_headers=None, raw=False, **operation_config)Parameters
- operation_config
Operation configuration overrides.
Returns
CertificateOperation or ClientRawResponse if raw=true
Return type
Exceptions
get_certificate_policy
Lists the policy for a certificate.
The GetCertificatePolicy operation returns the specified certificate policy resources in the specified key vault. This operation requires the certificates/get permission.
get_certificate_policy(vault_base_url, certificate_name, custom_headers=None, raw=False, **operation_config)Parameters
- operation_config
Operation configuration overrides.
Returns
CertificatePolicy or ClientRawResponse if raw=true
Return type
Exceptions
get_certificate_versions
List the versions of a certificate.
The GetCertificateVersions operation returns the versions of a certificate in the specified key vault. This operation requires the certificates/list permission.
get_certificate_versions(vault_base_url, certificate_name, maxresults=None, custom_headers=None, raw=False, **operation_config)Parameters
- maxresults
- int
Maximum number of results to return in a page. If not specified the service will return up to 25 results.
- operation_config
Operation configuration overrides.
Returns
An iterator like instance of CertificateItem
Return type
Exceptions
get_certificates
List certificates in a specified key vault.
The GetCertificates operation returns the set of certificates resources in the specified key vault. This operation requires the certificates/list permission.
get_certificates(vault_base_url, maxresults=None, custom_headers=None, raw=False, **operation_config)Parameters
- maxresults
- int
Maximum number of results to return in a page. If not specified the service will return up to 25 results.
- operation_config
Operation configuration overrides.
Returns
An iterator like instance of CertificateItem
Return type
Exceptions
get_deleted_certificate
Retrieves information about the specified deleted certificate.
The GetDeletedCertificate operation retrieves the deleted certificate information plus its attributes, such as retention interval, scheduled permanent deletion and the current deletion recovery level. This operation requires the certificates/get permission.
get_deleted_certificate(vault_base_url, certificate_name, custom_headers=None, raw=False, **operation_config)Parameters
- operation_config
Operation configuration overrides.
Returns
DeletedCertificateBundle or ClientRawResponse if raw=true
Return type
Exceptions
get_deleted_certificates
Lists the deleted certificates in the specified vault currently available for recovery.
The GetDeletedCertificates operation retrieves the certificates in the current vault which are in a deleted state and ready for recovery or purging. This operation includes deletion-specific information. This operation requires the certificates/get/list permission. This operation can only be enabled on soft-delete enabled vaults.
get_deleted_certificates(vault_base_url, maxresults=None, custom_headers=None, raw=False, **operation_config)Parameters
- maxresults
- int
Maximum number of results to return in a page. If not specified the service will return up to 25 results.
- operation_config
Operation configuration overrides.
Returns
An iterator like instance of DeletedCertificateItem
Return type
Exceptions
get_deleted_key
Gets the public part of a deleted key.
The Get Deleted Key operation is applicable for soft-delete enabled vaults. While the operation can be invoked on any vault, it will return an error if invoked on a non soft-delete enabled vault. This operation requires the keys/get permission. .
get_deleted_key(vault_base_url, key_name, custom_headers=None, raw=False, **operation_config)Parameters
- operation_config
Operation configuration overrides.
Returns
DeletedKeyBundle or ClientRawResponse if raw=true
Return type
Exceptions
get_deleted_keys
Lists the deleted keys in the specified vault.
Retrieves a list of the keys in the Key Vault as JSON Web Key structures that contain the public part of a deleted key. This operation includes deletion-specific information. The Get Deleted Keys operation is applicable for vaults enabled for soft-delete. While the operation can be invoked on any vault, it will return an error if invoked on a non soft-delete enabled vault. This operation requires the keys/list permission.
get_deleted_keys(vault_base_url, maxresults=None, custom_headers=None, raw=False, **operation_config)Parameters
- maxresults
- int
Maximum number of results to return in a page. If not specified the service will return up to 25 results.
- operation_config
Operation configuration overrides.
Returns
An iterator like instance of DeletedKeyItem
Return type
Exceptions
get_deleted_secret
Gets the specified deleted secret.
The Get Deleted Secret operation returns the specified deleted secret along with its attributes. This operation requires the secrets/get permission.
get_deleted_secret(vault_base_url, secret_name, custom_headers=None, raw=False, **operation_config)Parameters
- operation_config
Operation configuration overrides.
Returns
DeletedSecretBundle or ClientRawResponse if raw=true
Return type
Exceptions
get_deleted_secrets
Lists deleted secrets for the specified vault.
The Get Deleted Secrets operation returns the secrets that have been deleted for a vault enabled for soft-delete. This operation requires the secrets/list permission.
get_deleted_secrets(vault_base_url, maxresults=None, custom_headers=None, raw=False, **operation_config)Parameters
- maxresults
- int
Maximum number of results to return in a page. If not specified the service will return up to 25 results.
- operation_config
Operation configuration overrides.
Returns
An iterator like instance of DeletedSecretItem
Return type
Exceptions
get_key
Gets the public part of a stored key.
The get key operation is applicable to all key types. If the requested key is symmetric, then no key material is released in the response. This operation requires the keys/get permission.
get_key(vault_base_url, key_name, key_version, custom_headers=None, raw=False, **operation_config)Parameters
- operation_config
Operation configuration overrides.
Returns
KeyBundle or ClientRawResponse if raw=true
Return type
Exceptions
get_key_versions
Retrieves a list of individual key versions with the same key name.
The full key identifier, attributes, and tags are provided in the response. This operation requires the keys/list permission.
get_key_versions(vault_base_url, key_name, maxresults=None, custom_headers=None, raw=False, **operation_config)Parameters
- maxresults
- int
Maximum number of results to return in a page. If not specified the service will return up to 25 results.
- operation_config
Operation configuration overrides.
Returns
An iterator like instance of KeyItem
Return type
Exceptions
get_keys
List keys in the specified vault.
Retrieves a list of the keys in the Key Vault as JSON Web Key structures that contain the public part of a stored key. The LIST operation is applicable to all key types, however only the base key identifier, attributes, and tags are provided in the response. Individual versions of a key are not listed in the response. This operation requires the keys/list permission.
get_keys(vault_base_url, maxresults=None, custom_headers=None, raw=False, **operation_config)Parameters
- maxresults
- int
Maximum number of results to return in a page. If not specified the service will return up to 25 results.
- operation_config
Operation configuration overrides.
Returns
An iterator like instance of KeyItem
Return type
Exceptions
get_sas_definition
Gets information about a SAS definition for the specified storage account. This operation requires the storage/getsas permission.
get_sas_definition(vault_base_url, storage_account_name, sas_definition_name, custom_headers=None, raw=False, **operation_config)Parameters
- operation_config
Operation configuration overrides.
Returns
SasDefinitionBundle or ClientRawResponse if raw=true
Return type
Exceptions
get_sas_definitions
List storage SAS definitions for the given storage account. This operation requires the storage/listsas permission.
get_sas_definitions(vault_base_url, storage_account_name, maxresults=None, custom_headers=None, raw=False, **operation_config)Parameters
- maxresults
- int
Maximum number of results to return in a page. If not specified the service will return up to 25 results.
- operation_config
Operation configuration overrides.
Returns
An iterator like instance of SasDefinitionItem
Return type
Exceptions
get_secret
Get a specified secret from a given key vault.
The GET operation is applicable to any secret stored in Azure Key Vault. This operation requires the secrets/get permission.
get_secret(vault_base_url, secret_name, secret_version, custom_headers=None, raw=False, **operation_config)Parameters
- operation_config
Operation configuration overrides.
Returns
SecretBundle or ClientRawResponse if raw=true
Return type
Exceptions
get_secret_versions
List all versions of the specified secret.
The full secret identifier and attributes are provided in the response. No values are returned for the secrets. This operations requires the secrets/list permission.
get_secret_versions(vault_base_url, secret_name, maxresults=None, custom_headers=None, raw=False, **operation_config)Parameters
- maxresults
- int
Maximum number of results to return in a page. If not specified, the service will return up to 25 results.
- operation_config
Operation configuration overrides.
Returns
An iterator like instance of SecretItem
Return type
Exceptions
get_secrets
List secrets in a specified key vault.
The Get Secrets operation is applicable to the entire vault. However, only the base secret identifier and its attributes are provided in the response. Individual secret versions are not listed in the response. This operation requires the secrets/list permission.
get_secrets(vault_base_url, maxresults=None, custom_headers=None, raw=False, **operation_config)Parameters
- maxresults
- int
Maximum number of results to return in a page. If not specified, the service will return up to 25 results.
- operation_config
Operation configuration overrides.
Returns
An iterator like instance of SecretItem
Return type
Exceptions
get_storage_account
Gets information about a specified storage account. This operation requires the storage/get permission.
get_storage_account(vault_base_url, storage_account_name, custom_headers=None, raw=False, **operation_config)Parameters
- operation_config
Operation configuration overrides.
Returns
StorageBundle or ClientRawResponse if raw=true
Return type
Exceptions
get_storage_accounts
List storage accounts managed by the specified key vault. This operation requires the storage/list permission.
get_storage_accounts(vault_base_url, maxresults=None, custom_headers=None, raw=False, **operation_config)Parameters
- maxresults
- int
Maximum number of results to return in a page. If not specified the service will return up to 25 results.
- operation_config
Operation configuration overrides.
Returns
An iterator like instance of StorageAccountItem
Return type
Exceptions
import_certificate
Imports a certificate into a specified key vault.
Imports an existing valid certificate, containing a private key, into Azure Key Vault. The certificate to be imported can be in either PFX or PEM format. If the certificate is in PEM format the PEM file must contain the key as well as x509 certificates. This operation requires the certificates/import permission.
import_certificate(vault_base_url, certificate_name, base64_encoded_certificate, password=None, certificate_policy=None, certificate_attributes=None, tags=None, custom_headers=None, raw=False, **operation_config)Parameters
- base64_encoded_certificate
- str
Base64 encoded representation of the certificate object to import. This certificate needs to contain the private key.
- password
- str
If the private key in base64EncodedCertificate is encrypted, the password used for encryption.
- certificate_attributes
- CertificateAttributes
The attributes of the certificate (optional).
Application specific metadata in the form of key-value pairs.
- operation_config
Operation configuration overrides.
Returns
CertificateBundle or ClientRawResponse if raw=true
Return type
Exceptions
import_key
Imports an externally created key, stores it, and returns key parameters and attributes to the client.
The import key operation may be used to import any key type into an Azure Key Vault. If the named key already exists, Azure Key Vault creates a new version of the key. This operation requires the keys/import permission.
import_key(vault_base_url, key_name, key, hsm=None, key_attributes=None, tags=None, custom_headers=None, raw=False, **operation_config)Parameters
Application specific metadata in the form of key-value pairs.
- operation_config
Operation configuration overrides.
Returns
KeyBundle or ClientRawResponse if raw=true
Return type
Exceptions
merge_certificate
Merges a certificate or a certificate chain with a key pair existing on the server.
The MergeCertificate operation performs the merging of a certificate or certificate chain with a key pair currently available in the service. This operation requires the certificates/create permission.
merge_certificate(vault_base_url, certificate_name, x509_certificates, certificate_attributes=None, tags=None, custom_headers=None, raw=False, **operation_config)Parameters
- certificate_attributes
- CertificateAttributes
The attributes of the certificate (optional).
Application specific metadata in the form of key-value pairs.
- operation_config
Operation configuration overrides.
Returns
CertificateBundle or ClientRawResponse if raw=true
Return type
Exceptions
purge_deleted_certificate
Permanently deletes the specified deleted certificate.
The PurgeDeletedCertificate operation performs an irreversible deletion of the specified certificate, without possibility for recovery. The operation is not available if the recovery level does not specify 'Purgeable'. This operation requires the certificate/purge permission.
purge_deleted_certificate(vault_base_url, certificate_name, custom_headers=None, raw=False, **operation_config)Parameters
- operation_config
Operation configuration overrides.
Returns
None or ClientRawResponse if raw=true
Return type
Exceptions
purge_deleted_key
Permanently deletes the specified key.
The Purge Deleted Key operation is applicable for soft-delete enabled vaults. While the operation can be invoked on any vault, it will return an error if invoked on a non soft-delete enabled vault. This operation requires the keys/purge permission.
purge_deleted_key(vault_base_url, key_name, custom_headers=None, raw=False, **operation_config)Parameters
- operation_config
Operation configuration overrides.
Returns
None or ClientRawResponse if raw=true
Return type
Exceptions
purge_deleted_secret
Permanently deletes the specified secret.
The purge deleted secret operation removes the secret permanently, without the possibility of recovery. This operation can only be enabled on a soft-delete enabled vault. This operation requires the secrets/purge permission.
purge_deleted_secret(vault_base_url, secret_name, custom_headers=None, raw=False, **operation_config)Parameters
- operation_config
Operation configuration overrides.
Returns
None or ClientRawResponse if raw=true
Return type
Exceptions
recover_deleted_certificate
Recovers the deleted certificate back to its current version under /certificates.
The RecoverDeletedCertificate operation performs the reversal of the Delete operation. The operation is applicable in vaults enabled for soft-delete, and must be issued during the retention interval (available in the deleted certificate's attributes). This operation requires the certificates/recover permission.
recover_deleted_certificate(vault_base_url, certificate_name, custom_headers=None, raw=False, **operation_config)Parameters
- operation_config
Operation configuration overrides.
Returns
CertificateBundle or ClientRawResponse if raw=true
Return type
Exceptions
recover_deleted_key
Recovers the deleted key to its latest version.
The Recover Deleted Key operation is applicable for deleted keys in soft-delete enabled vaults. It recovers the deleted key back to its latest version under /keys. An attempt to recover an non-deleted key will return an error. Consider this the inverse of the delete operation on soft-delete enabled vaults. This operation requires the keys/recover permission.
recover_deleted_key(vault_base_url, key_name, custom_headers=None, raw=False, **operation_config)Parameters
- operation_config
Operation configuration overrides.
Returns
KeyBundle or ClientRawResponse if raw=true
Return type
Exceptions
recover_deleted_secret
Recovers the deleted secret to the latest version.
Recovers the deleted secret in the specified vault. This operation can only be performed on a soft-delete enabled vault. This operation requires the secrets/recover permission.
recover_deleted_secret(vault_base_url, secret_name, custom_headers=None, raw=False, **operation_config)Parameters
- operation_config
Operation configuration overrides.
Returns
SecretBundle or ClientRawResponse if raw=true
Return type
Exceptions
regenerate_storage_account_key
Regenerates the specified key value for the given storage account. This operation requires the storage/regeneratekey permission.
regenerate_storage_account_key(vault_base_url, storage_account_name, key_name, custom_headers=None, raw=False, **operation_config)Parameters
- operation_config
Operation configuration overrides.
Returns
StorageBundle or ClientRawResponse if raw=true
Return type
Exceptions
restore_key
Restores a backed up key to a vault.
Imports a previously backed up key into Azure Key Vault, restoring the key, its key identifier, attributes and access control policies. The RESTORE operation may be used to import a previously backed up key. Individual versions of a key cannot be restored. The key is restored in its entirety with the same key name as it had when it was backed up. If the key name is not available in the target Key Vault, the RESTORE operation will be rejected. While the key name is retained during restore, the final key identifier will change if the key is restored to a different vault. Restore will restore all versions and preserve version identifiers. The RESTORE operation is subject to security constraints: The target Key Vault must be owned by the same Microsoft Azure Subscription as the source Key Vault The user must have RESTORE permission in the target Key Vault. This operation requires the keys/restore permission.
restore_key(vault_base_url, key_bundle_backup, custom_headers=None, raw=False, **operation_config)Parameters
- operation_config
Operation configuration overrides.
Returns
KeyBundle or ClientRawResponse if raw=true
Return type
Exceptions
restore_secret
Restores a backed up secret to a vault.
Restores a backed up secret, and all its versions, to a vault. This operation requires the secrets/restore permission.
restore_secret(vault_base_url, secret_bundle_backup, custom_headers=None, raw=False, **operation_config)Parameters
- operation_config
Operation configuration overrides.
Returns
SecretBundle or ClientRawResponse if raw=true
Return type
Exceptions
set_certificate_contacts
Sets the certificate contacts for the specified key vault.
Sets the certificate contacts for the specified key vault. This operation requires the certificates/managecontacts permission.
set_certificate_contacts(vault_base_url, contact_list=None, custom_headers=None, raw=False, **operation_config)Parameters
- operation_config
Operation configuration overrides.
Returns
Contacts or ClientRawResponse if raw=true
Return type
Exceptions
set_certificate_issuer
Sets the specified certificate issuer.
The SetCertificateIssuer operation adds or updates the specified certificate issuer. This operation requires the certificates/setissuers permission.
set_certificate_issuer(vault_base_url, issuer_name, provider, credentials=None, organization_details=None, attributes=None, custom_headers=None, raw=False, **operation_config)Parameters
- organization_details
- OrganizationDetails
Details of the organization as provided to the issuer.
- operation_config
Operation configuration overrides.
Returns
IssuerBundle or ClientRawResponse if raw=true
Return type
Exceptions
set_sas_definition
Creates or updates a new SAS definition for the specified storage account. This operation requires the storage/setsas permission.
set_sas_definition(vault_base_url, storage_account_name, sas_definition_name, parameters, sas_definition_attributes=None, tags=None, custom_headers=None, raw=False, **operation_config)Parameters
- sas_definition_attributes
- SasDefinitionAttributes
The attributes of the SAS definition.
Application specific metadata in the form of key-value pairs.
- operation_config
Operation configuration overrides.
Returns
SasDefinitionBundle or ClientRawResponse if raw=true
Return type
Exceptions
set_secret
Sets a secret in a specified key vault.
The SET operation adds a secret to the Azure Key Vault. If the named secret already exists, Azure Key Vault creates a new version of that secret. This operation requires the secrets/set permission.
set_secret(vault_base_url, secret_name, value, tags=None, content_type=None, secret_attributes=None, custom_headers=None, raw=False, **operation_config)Parameters
Application specific metadata in the form of key-value pairs.
- operation_config
Operation configuration overrides.
Returns
SecretBundle or ClientRawResponse if raw=true
Return type
Exceptions
set_storage_account
Creates or updates a new storage account. This operation requires the storage/set permission.
set_storage_account(vault_base_url, storage_account_name, resource_id, active_key_name, auto_regenerate_key, regeneration_period=None, storage_account_attributes=None, tags=None, custom_headers=None, raw=False, **operation_config)Parameters
- regeneration_period
- str
The key regeneration time duration specified in ISO-8601 format.
- storage_account_attributes
- StorageAccountAttributes
The attributes of the storage account.
Application specific metadata in the form of key-value pairs.
- operation_config
Operation configuration overrides.
Returns
StorageBundle or ClientRawResponse if raw=true
Return type
Exceptions
sign
Creates a signature from a digest using the specified key.
The SIGN operation is applicable to asymmetric and symmetric keys stored in Azure Key Vault since this operation uses the private portion of the key. This operation requires the keys/sign permission.
sign(vault_base_url, key_name, key_version, algorithm, value, custom_headers=None, raw=False, **operation_config)Parameters
- algorithm
- str or JsonWebKeySignatureAlgorithm
The signing/verification algorithm identifier. For more information on possible algorithm types, see JsonWebKeySignatureAlgorithm. Possible values include: 'PS256', 'PS384', 'PS512', 'RS256', 'RS384', 'RS512', 'RSNULL', 'ES256', 'ES384', 'ES512', 'ECDSA256'
- value
- bytes
- operation_config
Operation configuration overrides.
Returns
KeyOperationResult or ClientRawResponse if raw=true
Return type
Exceptions
unwrap_key
Unwraps a symmetric key using the specified key that was initially used for wrapping that key.
The UNWRAP operation supports decryption of a symmetric key using the target key encryption key. This operation is the reverse of the WRAP operation. The UNWRAP operation applies to asymmetric and symmetric keys stored in Azure Key Vault since it uses the private portion of the key. This operation requires the keys/unwrapKey permission.
unwrap_key(vault_base_url, key_name, key_version, algorithm, value, custom_headers=None, raw=False, **operation_config)Parameters
- algorithm
- str or JsonWebKeyEncryptionAlgorithm
algorithm identifier. Possible values include: 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5'
- value
- bytes
- operation_config
Operation configuration overrides.
Returns
KeyOperationResult or ClientRawResponse if raw=true
Return type
Exceptions
update_certificate
Updates the specified attributes associated with the given certificate.
The UpdateCertificate operation applies the specified update on the given certificate; the only elements updated are the certificate's attributes. This operation requires the certificates/update permission.
update_certificate(vault_base_url, certificate_name, certificate_version, certificate_policy=None, certificate_attributes=None, tags=None, custom_headers=None, raw=False, **operation_config)Parameters
- certificate_attributes
- CertificateAttributes
The attributes of the certificate (optional).
Application specific metadata in the form of key-value pairs.
- operation_config
Operation configuration overrides.
Returns
CertificateBundle or ClientRawResponse if raw=true
Return type
Exceptions
update_certificate_issuer
Updates the specified certificate issuer.
The UpdateCertificateIssuer operation performs an update on the specified certificate issuer entity. This operation requires the certificates/setissuers permission.
update_certificate_issuer(vault_base_url, issuer_name, provider=None, credentials=None, organization_details=None, attributes=None, custom_headers=None, raw=False, **operation_config)Parameters
- organization_details
- OrganizationDetails
Details of the organization as provided to the issuer.
- operation_config
Operation configuration overrides.
Returns
IssuerBundle or ClientRawResponse if raw=true
Return type
Exceptions
update_certificate_operation
Updates a certificate operation.
Updates a certificate creation operation that is already in progress. This operation requires the certificates/update permission.
update_certificate_operation(vault_base_url, certificate_name, cancellation_requested, custom_headers=None, raw=False, **operation_config)Parameters
- cancellation_requested
- bool
Indicates if cancellation was requested on the certificate operation.
- operation_config
Operation configuration overrides.
Returns
CertificateOperation or ClientRawResponse if raw=true
Return type
Exceptions
update_certificate_policy
Updates the policy for a certificate.
Set specified members in the certificate policy. Leave others as null. This operation requires the certificates/update permission.
update_certificate_policy(vault_base_url, certificate_name, certificate_policy, custom_headers=None, raw=False, **operation_config)Parameters
- operation_config
Operation configuration overrides.
Returns
CertificatePolicy or ClientRawResponse if raw=true
Return type
Exceptions
update_key
The update key operation changes specified attributes of a stored key and can be applied to any key type and key version stored in Azure Key Vault.
In order to perform this operation, the key must already exist in the Key Vault. Note: The cryptographic material of a key itself cannot be changed. This operation requires the keys/update permission.
update_key(vault_base_url, key_name, key_version, key_ops=None, key_attributes=None, tags=None, custom_headers=None, raw=False, **operation_config)Parameters
- key_ops
- list[str or JsonWebKeyOperation]
Json web key operations. For more information on possible key operations, see JsonWebKeyOperation.
- key_attributes
- KeyAttributes
Application specific metadata in the form of key-value pairs.
- operation_config
Operation configuration overrides.
Returns
KeyBundle or ClientRawResponse if raw=true
Return type
Exceptions
update_sas_definition
Updates the specified attributes associated with the given SAS definition. This operation requires the storage/setsas permission.
update_sas_definition(vault_base_url, storage_account_name, sas_definition_name, parameters=None, sas_definition_attributes=None, tags=None, custom_headers=None, raw=False, **operation_config)Parameters
Sas definition update metadata in the form of key-value pairs.
- sas_definition_attributes
- SasDefinitionAttributes
The attributes of the SAS definition.
Application specific metadata in the form of key-value pairs.
- operation_config
Operation configuration overrides.
Returns
SasDefinitionBundle or ClientRawResponse if raw=true
Return type
Exceptions
update_secret
Updates the attributes associated with a specified secret in a given key vault.
The UPDATE operation changes specified attributes of an existing stored secret. Attributes that are not specified in the request are left unchanged. The value of a secret itself cannot be changed. This operation requires the secrets/set permission.
update_secret(vault_base_url, secret_name, secret_version, content_type=None, secret_attributes=None, tags=None, custom_headers=None, raw=False, **operation_config)Parameters
Application specific metadata in the form of key-value pairs.
- operation_config
Operation configuration overrides.
Returns
SecretBundle or ClientRawResponse if raw=true
Return type
Exceptions
update_storage_account
Updates the specified attributes associated with the given storage account. This operation requires the storage/set/update permission.
update_storage_account(vault_base_url, storage_account_name, active_key_name=None, auto_regenerate_key=None, regeneration_period=None, storage_account_attributes=None, tags=None, custom_headers=None, raw=False, **operation_config)Parameters
- auto_regenerate_key
- bool
whether keyvault should manage the storage account for the user.
- regeneration_period
- str
The key regeneration time duration specified in ISO-8601 format.
- storage_account_attributes
- StorageAccountAttributes
The attributes of the storage account.
Application specific metadata in the form of key-value pairs.
- operation_config
Operation configuration overrides.
Returns
StorageBundle or ClientRawResponse if raw=true
Return type
Exceptions
verify
Verifies a signature using a specified key.
The VERIFY operation is applicable to symmetric keys stored in Azure Key Vault. VERIFY is not strictly necessary for asymmetric keys stored in Azure Key Vault since signature verification can be performed using the public portion of the key but this operation is supported as a convenience for callers that only have a key-reference and not the public portion of the key. This operation requires the keys/verify permission.
verify(vault_base_url, key_name, key_version, algorithm, digest, signature, custom_headers=None, raw=False, **operation_config)Parameters
- algorithm
- str or JsonWebKeySignatureAlgorithm
The signing/verification algorithm. For more information on possible algorithm types, see JsonWebKeySignatureAlgorithm. Possible values include: 'PS256', 'PS384', 'PS512', 'RS256', 'RS384', 'RS512', 'RSNULL', 'ES256', 'ES384', 'ES512', 'ECDSA256'
- operation_config
Operation configuration overrides.
Returns
KeyVerifyResult or ClientRawResponse if raw=true
Return type
Exceptions
wrap_key
Wraps a symmetric key using a specified key.
The WRAP operation supports encryption of a symmetric key using a key encryption key that has previously been stored in an Azure Key Vault. The WRAP operation is only strictly necessary for symmetric keys stored in Azure Key Vault since protection with an asymmetric key can be performed using the public portion of the key. This operation is supported for asymmetric keys as a convenience for callers that have a key-reference but do not have access to the public key material. This operation requires the keys/wrapKey permission.
wrap_key(vault_base_url, key_name, key_version, algorithm, value, custom_headers=None, raw=False, **operation_config)Parameters
- algorithm
- str or JsonWebKeyEncryptionAlgorithm
algorithm identifier. Possible values include: 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5'
- value
- bytes
- operation_config
Operation configuration overrides.
Returns
KeyOperationResult or ClientRawResponse if raw=true
Return type
Exceptions
Feedback
Submit and view feedback for