Create Key
Creates a new key, stores it, then returns key parameters and attributes to the client.
Creates a new key, stores it, then returns key parameters and attributes to the client. The CREATE operation can be used to create any key type in Azure Key Vault. If the named key already exists, Azure Key Vault creates a new version of the key.
See Common parameters and headers for headers and parameters that are used by all requests.
In your request:
- Replace
{key-name}with the name you want assigned to the new key. - When creating a new key, just specify the top-level name. The system will generate the version name and append that in the response.
For more information, see About keys, secrets, and certificates and Authentication, requests and responses.
POST https://{vaultBaseUrl}/keys/{key-name}/create?api-version={api-version}URI Parameters
| Name | In | Required | Type | Description |
|---|---|---|---|---|
|
vaultBaseUrl
|
path | True |
|
The vault name, for example https://myvault.vault.azure.net. |
|
key-name
|
path | True |
|
The name for the new key. The system will generate the version name for the new key. Regex pattern: |
|
api-version
|
query | True |
|
Use the latest service version, 2016-10-01. |
Request Body
| Name | Required | Type | Description |
|---|---|---|---|
| attributes |
The attributes of a key managed by the key vault service. |
||
| crv |
|
Elliptic curve name. For valid values, see JsonWebKeyCurveName. |
|
| key_ops |
|
JSON web key operations. For more information, see JsonWebKeyOperation. |
|
| key_size |
|
The key size in bytes. For example, 1024 or 2048. |
|
| kty | True |
|
The type of key to create. For valid values, see JsonWebKeyType. |
| tags |
|
Application specific metadata in the form of key-value pairs. |
Responses
| Name | Type | Description |
|---|---|---|
| 200 OK |
A key bundle containing the result of the create key request. |
|
| Other Status Codes |
Key Vault error response describing why the operation failed. |
Definitions
| Error |
The key vault server error. |
| JsonWebKey |
The Json web key. |
| KeyAttributes |
The attributes of a key managed by the key vault service. |
| KeyBundle | |
| KeyVaultError |
The key vault server error.
| Name | Type | Description |
|---|---|---|
| code |
|
The error code. |
| innererror | ||
| message |
|
The error message. |
The Json web key.
| Name | Type | Description |
|---|---|---|
| crv |
|
Elliptic curve name. For valid values, see JsonWebKeyCurveName. |
| d |
|
RSA private exponent, or the D component of an EC private key. |
| dp |
|
RSA private key parameter. |
| dq |
|
RSA private key parameter. |
| e |
|
RSA public exponent. |
| k |
|
Symmetric key. |
| key_hsm |
|
HSM Token, used with 'Bring Your Own Key'. |
| key_ops |
|
Supported key operations. |
| kid |
|
Key identifier. |
| kty |
|
JsonWebKey key type (kty). |
| n |
|
RSA modulus. |
| p |
|
RSA secret prime. |
| q |
|
RSA secret prime, with p < q. |
| qi |
|
RSA private key parameter. |
| x |
|
X component of an EC public key. |
| y |
|
Y component of an EC public key. |
The attributes of a key managed by the key vault service.
| Name | Type | Description |
|---|---|---|
| created |
|
Creation time in UTC. |
| enabled |
|
Determines whether the object is enabled. |
| exp |
|
Expiry date in UTC. |
| nbf |
|
Not before date in UTC. |
| recoveryLevel |
|
Reflects the deletion recovery level currently in effect for keys in the current vault. If it contains 'Purgeable' the key can be permanently deleted by a privileged user; otherwise, only the system can purge the key, at the end of the retention interval. |
| updated |
|
Last updated time in UTC. |
| Name | Type | Description |
|---|---|---|
| attributes |
The key management attributes. |
|
| key |
The Json web key. |
|
| managed |
|
True if the key's lifetime is managed by key vault. If this is a key backing a certificate, then managed will be true. |
| tags |
|
Application specific metadata in the form of key-value pairs. |
| Name | Type | Description |
|---|---|---|
| error |
The key vault server error. |