Recover Deleted Certificate

Service:: Key Vault

API Version:: 2016-10-01

Recovers the deleted certificate back to its current version under /certificates.

The RecoverDeletedCertificate operation performs the reversal of the Delete operation. The operation is applicable in vaults enabled for soft-delete, and must be issued during the retention interval (available in the deleted certificate's attributes).

POST https://{vaultBaseUrl}/deletedcertificates/{certificate-name}/recover?api-version={api-version}

URI Parameters

Name	In	Required	Type	Description
vaultBaseUrl	path	True	string	The vault name, for example https://myvault.vault.azure.net.
certificate-name	path	True	string	The name of the deleted certificate
api-version	query	True	string	Client API version.

Responses

Name	Type	Description
200 OK	CertificateBundle	A Certificate bundle of the original certificate and its attributes
Other Status Codes	KeyVaultError	Key Vault error response describing why the operation failed.

Definitions

Action	The action that will be executed.
CertificateAttributes	The certificate attributes.
CertificateBundle
CertificatePolicy	The management policy.
Error	The key vault server error.
IssuerParameters	Parameters for the issuer of the X509 component of a certificate.
KeyProperties	Properties of the key backing a certificate.
KeyVaultError
LifetimeAction	Action and its trigger that will be performed by Key Vault over the lifetime of a certificate.
SecretProperties	Properties of the secret backing a certificate.
SubjectAlternativeNames	The subject alternative names.
Trigger	The condition that will execute the action.
X509CertificateProperties	Properties of the X509 component of a certificate.

Action

The action that will be executed.

Name	Type	Description
action_type	enum: EmailContacts AutoRenew	The type of the action.

CertificateAttributes

The certificate attributes.

Name	Type	Description
created	integer unixtime	Creation time in UTC.
enabled	boolean	Determines whether the object is enabled.
exp	integer unixtime	Expiry date in UTC.
nbf	integer unixtime	Not before date in UTC.
recoveryLevel	enum: Purgeable Recoverable+Purgeable Recoverable Recoverable+ProtectedSubscription	Reflects the deletion recovery level currently in effect for certificates in the current vault. If it contains 'Purgeable', the certificate can be permanently deleted by a privileged user; otherwise, only the system can purge the certificate, at the end of the retention interval.
updated	integer unixtime	Last updated time in UTC.

CertificateBundle

Name	Type	Description
attributes	CertificateAttributes	The certificate attributes.
cer	string byte	CER contents of x509 certificate.
contentType	string	The content type of the secret.
id	string	The certificate id.
kid	string	The key id.
policy	CertificatePolicy	The management policy.
sid	string	The secret id.
tags	<string, string>	Application specific metadata in the form of key-value pairs
x5t	string base64url	Thumbprint of the certificate.

CertificatePolicy

The management policy.

Name	Type	Description
attributes	CertificateAttributes	The certificate attributes.
id	string	The certificate id.
issuer	IssuerParameters	Parameters for the issuer of the X509 component of a certificate.
key_props	KeyProperties	Properties of the key backing a certificate.
lifetime_actions	LifetimeAction[]	Actions that will be performed by Key Vault over the lifetime of a certificate.
secret_props	SecretProperties	Properties of the secret backing a certificate.
x509_props	X509CertificateProperties	Properties of the X509 component of a certificate.

Error

The key vault server error.

Name	Type	Description
code	string	The error code.
innererror
message	string	The error message.

IssuerParameters

Parameters for the issuer of the X509 component of a certificate.

Name	Type	Description
cty	string	Type of certificate to be requested from the issuer provider.
name	string	Name of the referenced issuer object or reserved names; for example, 'Self' or 'Unknown'.

KeyProperties

Properties of the key backing a certificate.

Name	Type	Description
exportable	boolean	Indicates if the private key can be exported.
key_size	integer int32	The key size in bytes. For example; 1024 or 2048.
kty	string	The key type.
reuse_key	boolean	Indicates if the same key pair will be used on certificate renewal.

KeyVaultError

Name	Type	Description
error	Error	The key vault server error.

LifetimeAction

Action and its trigger that will be performed by Key Vault over the lifetime of a certificate.

Name	Type	Description
action	Action	The action that will be executed.
trigger	Trigger	The condition that will execute the action.

SecretProperties

Properties of the secret backing a certificate.

Name	Type	Description
contentType	string	The media type (MIME type).

SubjectAlternativeNames

The subject alternative names.

Name	Type	Description
dns_names	string[]	Domain names.
emails	string[]	Email addresses.
upns	string[]	User principal names.

Trigger

The condition that will execute the action.

Name	Type	Description
days_before_expiry	integer int32	Days before expiry.
lifetime_percentage	integer int32	Percentage of lifetime at which to trigger. Value should be between 1 and 99.

X509CertificateProperties

Properties of the X509 component of a certificate.

Name	Type	Description
ekus	string[]	The enhanced key usage.
key_usage	string[]	List of key usages.
sans	SubjectAlternativeNames	The subject alternative names.
subject	string	The subject name. Should be a valid X509 distinguished Name.
validity_months	integer int32	The duration that the ceritifcate is valid in months.