Get Key
Gets the public part of a stored key.
The GET operation is applicable to all key types; however only the public portion of a key stored in Azure Key Vault is returned. If the target key is symmetric, then no key material is released in the response.
See Common parameters and headers for headers and parameters that are used by all requests.
In your request:
- Provide the name of the key to get using
{key-name}in the request URL. - Adding the key-version parameter,
…/keys/{key-name}/{key-version}…, retrieves a specific version of a key.
Request body: An HTTP GET has no request body.
For more information, see About keys, secrets, and certificates and Authentication, requests and responses.
GET https://{vaultBaseUrl}/keys/{key-name}/{key-version}?api-version={api-version}
URI Parameters
| Name | In | Required | Type | Description |
|---|---|---|---|---|
|
vaultBaseUrl
|
path | True |
|
The vault name, for example https://myvault.vault.azure.net. |
|
key-name
|
path | True |
|
The name of the key to get. |
|
key-version
|
path | True |
|
Adding the version parameter retrieves a specific version of a key. |
|
api-version
|
query | True |
|
Use the latest service version, 2016-10-01. |
Responses
| Name | Type | Description |
|---|---|---|
| 200 OK |
A key bundle containing the key and its attributes. |
|
| Other Status Codes |
Key Vault error response describing why the operation failed. |
Definitions
| Error |
The key vault server error. |
| JsonWebKey |
The Json web key. |
| KeyAttributes |
The key management attributes. |
| KeyBundle | |
| KeyVaultError |
The key vault server error.
| Name | Type | Description |
|---|---|---|
| code |
|
The error code. |
| innererror | ||
| message |
|
The error message. |
The Json web key.
| Name | Type | Description |
|---|---|---|
| crv |
|
Elliptic curve name. For valid values, see JsonWebKeyCurveName. |
| d |
|
RSA private exponent, or the D component of an EC private key. |
| dp |
|
RSA private key parameter. |
| dq |
|
RSA private key parameter. |
| e |
|
RSA public exponent. |
| k |
|
Symmetric key. |
| key_hsm |
|
HSM Token, used with 'Bring Your Own Key'. |
| key_ops |
|
Supported key operations. |
| kid |
|
Key identifier. |
| kty |
|
JsonWebKey key type (kty). |
| n |
|
RSA modulus. |
| p |
|
RSA secret prime. |
| q |
|
RSA secret prime, with p < q. |
| qi |
|
RSA private key parameter. |
| x |
|
X component of an EC public key. |
| y |
|
Y component of an EC public key. |
The key management attributes.
| Name | Type | Description |
|---|---|---|
| created |
|
Creation time in UTC. |
| enabled |
|
Determines whether the object is enabled. |
| exp |
|
Expiry date in UTC. |
| nbf |
|
Not before date in UTC. |
| recoveryLevel |
|
Reflects the deletion recovery level currently in effect for keys in the current vault. If it contains 'Purgeable' the key can be permanently deleted by a privileged user; otherwise, only the system can purge the key, at the end of the retention interval. |
| updated |
|
Last updated time in UTC. |
| Name | Type | Description |
|---|---|---|
| attributes |
The key management attributes. |
|
| key |
The Json web key. |
|
| managed |
|
True if the key's lifetime is managed by key vault. If this is a key backing a certificate, then managed will be true. |
| tags |
|
Application specific metadata in the form of key-value pairs. |
| Name | Type | Description |
|---|---|---|
| error |
The key vault server error. |