encrypt - encrypt

Encrypts an arbitrary sequence of bytes using an encryption key that is stored in a key vault.
The ENCRYPT operation encrypts an arbitrary sequence of bytes using an encryption key that is stored in Azure Key Vault. Note that the ENCRYPT operation only supports a single block of data, the size of which is dependent on the target key and the encryption algorithm to be used. The ENCRYPT operation is only strictly necessary for symmetric keys stored in Azure Key Vault since protection with an asymmetric key can be performed using public portion of the key. This operation is supported for asymmetric keys as a convenience for callers that have a key-reference but do not have access to the public key material. This operation requires the keys/encrypt permission.

POST {vaultBaseUrl}/keys/{key-name}/{key-version}/encrypt?api-version=7.2

URI Parameters

Name In Required Type Description
key-name
path True
  • string

The name of the key.

key-version
path True
  • string

The version of the key.

vaultBaseUrl
path True
  • string

The vault name, for example https://myvault.vault.azure.net.

api-version
query True
  • string

Client API version.

Request Body

Name Required Type Description
alg True

algorithm identifier

value True
  • string
aad
  • string

Additional data to authenticate but not encrypt/decrypt when using authenticated crypto algorithms.

iv
  • string

Initialization vector for symmetric algorithms.

tag
  • string

The tag to authenticate when performing decryption with an authenticated algorithm.

Responses

Name Type Description
200 OK

The encryption result.

Other Status Codes

Key Vault error response describing why the operation failed.

Examples

Encrypt example

Sample Request

POST https://myvault.vault.azure.net//keys/sdktestkey/f6bc1f3d37c14b2bb1a2ebb4b24e9535/encrypt?api-version=7.2
{
  "alg": "RSA1_5",
  "value": "5ka5IVsnGrzufA"
}

Sample Response

{
  "kid": "https://myvault.vault.azure.net/keys/sdktestkey/f6bc1f3d37c14b2bb1a2ebb4b24e9535",
  "value": "CR0Hk0z72oOit5TxObqRpo-WFGZkb5BeN1C0xJFKHxzdDCESYPCNB-OkiWVAnMcSyu6g2aC8riVRRxY5MC2CWKj-CJ_SMke5X2kTi5yi4hJ5vuOLzmg_M6Bmqib7LsI-TeJHr9rs3-tZaSCdZ2zICeFWYduWV5rPjTnAD98epTorT8AA1zMaYHMIhKpmttcj18-dHr0E0T55dgRtsjK04uC3FlRd3odl4RhO1UHAmYpDd5FUqN-20R0dK0Zk8F8sOtThLhEmuLvqPHOCUBiGUhHA4nRDq1La4SUbThu2KMQJL6BbxxEymuliaYcNNtW7MxgVOf6V3mFxVNRY622i9g"
}

Definitions

Error

The key vault server error.

JsonWebKeyEncryptionAlgorithm

algorithm identifier

KeyOperationResult

The key operation result.

KeyOperationsParameters

The key operations parameters.

KeyVaultError

The key vault error exception.

Error

The key vault server error.

Name Type Description
code
  • string

The error code.

innererror

The key vault server error.

message
  • string

The error message.

JsonWebKeyEncryptionAlgorithm

algorithm identifier

Name Type Description
A128CBC
  • string
A128CBCPAD
  • string
A128GCM
  • string
A128KW
  • string
A192CBC
  • string
A192CBCPAD
  • string
A192GCM
  • string
A192KW
  • string
A256CBC
  • string
A256CBCPAD
  • string
A256GCM
  • string
A256KW
  • string
RSA-OAEP
  • string
RSA-OAEP-256
  • string
RSA1_5
  • string

KeyOperationResult

The key operation result.

Name Type Description
aad
  • string
iv
  • string
kid
  • string

Key identifier

tag
  • string
value
  • string

KeyOperationsParameters

The key operations parameters.

Name Type Description
aad
  • string

Additional data to authenticate but not encrypt/decrypt when using authenticated crypto algorithms.

alg

algorithm identifier

iv
  • string

Initialization vector for symmetric algorithms.

tag
  • string

The tag to authenticate when performing decryption with an authenticated algorithm.

value
  • string

KeyVaultError

The key vault error exception.

Name Type Description
error

The key vault server error.