Azure Key Vault REST API reference

Use Key Vault to safeguard and manage cryptographic keys and secrets used by cloud applications and services.

Vault operations

Operation Description
Check Name Availability Checks that the vault name is valid and is not already in use.
Create Or Update Create or update a key vault in the specified subscription.
Delete Deletes the specified Azure key vault.
Get Gets the specified Azure key vault.
Get Deleted Gets the deleted Azure key vault.
List The List operation gets information about the vaults associated with the subscription.
List By Resource Group The List operation gets information about the vaults associated with the subscription and within the specified resource group.
List By Subscription The List operation gets information about the vaults associated with the subscription.
List Deleted Gets information about the deleted vaults in a subscription.
Purge Deleted Permanently deletes the specified vault.
Update Update a key vault in the specified subscription.
Update Access Policy Update access policies in a key vault in the specified subscription.

Key operations

Operation Description
Backup Key Requests that a backup of the specified key be downloaded to the client.
Create Key Creates a new key, stores it, then returns key parameters and attributes to the client.
Decrypt Decrypts a single block of encrypted data.
Delete Key Deletes a key of any type from storage in Azure Key Vault.
Encrypt Encrypts an arbitrary sequence of bytes using an encryption key that is stored in a key vault.
Get Deleted Key Gets the public part of a deleted key.
Get Deleted Keys Lists the deleted keys in the specified vault.
Get Key Gets the public part of a stored key.
Get Key Versions Retrieves a list of individual key versions with the same key name.
Get Keys List keys in the specified vault.
Import Key Imports an externally created key, stores it, and returns key parameters and attributes to the client.
Purge Deleted Key Permanently deletes the specified key.
Recover Deleted Key Recovers the deleted key to its latest version.
Restore Key Restores a backed up key to a vault.
Sign Creates a signature from a digest using the specified key.
Unwrap Key Unwraps a symmetric key using the specified key that was initially used for wrapping that key.
Update Key The update key operation changes specified attributes of a stored key and can be applied to any key type and key version stored in Azure Key Vault.
Verify Verifies a signature using a specified key.
Wrap Key Wraps a symmetric key using a specified key.

Secret operations

Operation Description
Backup Secret Backs up the specified secret.
Delete Secret Deletes a secret from a specified key vault.
Get Deleted Secret Gets the specified deleted secret.
Get Deleted Secrets Lists deleted secrets for the specified vault.
Get Secret Get a specified secret from a given key vault.
Get Secret Versions List all versions of the specified secret.
Get Secrets List secrets in a specified key vault.
Purge Deleted Secret Permanently deletes the specified secret.
Recover Deleted Secret Recovers the deleted secret to the latest version.
Restore Secret Restores a backed up secret to a vault.
Set Secret Sets a secret in a specified key vault.
Update Secret Updates the attributes associated with a specified secret in a given key vault.

Certificate operations

Operation Description
Backup Certificate Backs up the specified certificate.
Create Certificate Creates a new certificate.
Delete Certificate Deletes a certificate from a specified key vault.
Delete Certificate Contacts Deletes the certificate contacts for a specified key vault.
Delete Certificate Issuer Deletes the specified certificate issuer.
Delete Certificate Operation Deletes the creation operation for a specific certificate.
Get Certificate Gets information about a certificate.
Get Certificate Contacts Lists the certificate contacts for a specified key vault.
Get Certificate Issuer Lists the specified certificate issuer.
Get Certificate Issuers List certificate issuers for a specified key vault.
Get Certificate Operation Gets the creation operation of a certificate.
Get Certificate Policy Lists the policy for a certificate.
Get Certificate Versions List the versions of a certificate.
Get Certificates List certificates in a specified key vault
Get Deleted Certificate Retrieves information about the specified deleted certificate.
Get Deleted Certificates Lists the deleted certificates in the specified vault currently available for recovery.
Import Certificate Imports a certificate into a specified key vault.
Merge Certificate Merges a certificate or a certificate chain with a key pair existing on the server.
Purge Deleted Certificate Permanently deletes the specified deleted certificate.
Recover Deleted Certificate Recovers the deleted certificate back to its current version under /certificates.
Restore Certificate Restores a backed up certificate to a vault.
Set Certificate Contacts Sets the certificate contacts for the specified key vault.
Set Certificate Issuer Sets the specified certificate issuer.
Update Certificate Updates the specified attributes associated with the given certificate.
Update Certificate Issuer Updates the specified certificate issuer.
Update Certificate Operation Updates a certificate operation.
Update Certificate Policy Updates the policy for a certificate.

Storage operations

Operation Description
Backup Storage Account Backs up the specified storage account.
Delete Sas Definition Deletes a SAS definition from a specified storage account. This operation requires the storage/deletesas permission.
Delete Storage Account Deletes a storage account. This operation requires the storage/delete permission.
Get Deleted Sas Definition Gets the specified deleted sas definition.
Get Deleted Sas Definitions Lists deleted SAS definitions for the specified vault and storage account.
Get Deleted Storage Account Gets the specified deleted storage account.
Get Deleted Storage Accounts Lists deleted storage accounts for the specified vault.
Get Sas Definition Gets information about a SAS definition for the specified storage account. This operation requires the storage/getsas permission.
Get Sas Definitions List storage SAS definitions for the given storage account. This operation requires the storage/listsas permission.
Get Storage Account Gets information about a specified storage account. This operation requires the storage/get permission.
Get Storage Accounts List storage accounts managed by the specified key vault. This operation requires the storage/list permission.
Purge Deleted Storage Account Permanently deletes the specified storage account.
Recover Deleted Sas Definition Recovers the deleted SAS definition.
Recover Deleted Storage Account Recovers the deleted storage account.
Regenerate Storage Account Key Regenerates the specified key value for the given storage account. This operation requires the storage/regeneratekey permission.
Restore Storage Account Restores a backed up storage account to a vault.
Set Sas Definition Creates or updates a new SAS definition for the specified storage account. This operation requires the storage/setsas permission.
Set Storage Account Creates or updates a new storage account. This operation requires the storage/set permission.
Update Sas Definition Updates the specified attributes associated with the given SAS definition. This operation requires the storage/setsas permission.
Update Storage Account Updates the specified attributes associated with the given storage account. This operation requires the storage/set/update permission.

See also