Set Secret

Service:
Key Vault
API Version:
2016-10-01

Sets a secret in a specified key vault.

The CREATE operation adds a secret to the Azure Key Vault. If the named secret already exists, Azure Key Vault creates a new version of that secret.

See Common parameters and headers for headers and parameters that are used by all requests.

In your request:

  • Name the new or to be updated secret using {secret-name} in the request URL.

For more information, see About keys, secrets, and certificates and Authentication, requests and responses.

PUT https://{vaultBaseUrl}/secrets/{secret-name}?api-version={api-version}

URI Parameters

Name In Required Type Description
vaultBaseUrl
 path True
  • string

The vault name, for example https://myvault.vault.azure.net.
secret-name
 path True
  • string

The name of the secret.

Regex pattern: ^[0-9a-zA-Z-]+$
api-version
 query True
  • string

Use the latest service version, 2016-10-01.

Request Body

Name Required Type Description
attributes

The secret management attributes.
contentType
  • string

Type of the secret value such as a password.
tags
  • <string, string>

Application specific metadata in the form of key-value pairs.
value True
  • string

The value of the secret.

Responses

Name Type Description
200 OK

A secret bundle containing the result of the set secret request.
Other Status Codes

Key Vault error response describing why the operation failed.

Definitions

Error

The key vault server error.
KeyVaultError
SecretAttributes

The secret management attributes.
SecretBundle

The key vault server error.

Name Type Description
code
  • string

The error code.
innererror
message
  • string

The error message.
Name Type Description
error

The key vault server error.

The secret management attributes.

Name Type Description
created
  • integer
    unixtime

Creation time in UTC.
enabled
  • boolean

Determines whether the object is enabled.
exp
  • integer
    unixtime

Expiry date in UTC.
nbf
  • integer
    unixtime

Not before date in UTC.
recoveryLevel
  • enum:
    • Purgeable
    • Recoverable+Purgeable
    • Recoverable
    • Recoverable+ProtectedSubscription

Reflects the deletion recovery level currently in effect for secrets in the current vault. If it contains 'Purgeable', the secret can be permanently deleted by a privileged user; otherwise, only the system can purge the secret, at the end of the retention interval.
updated
  • integer
    unixtime

Last updated time in UTC.
Name Type Description
attributes

The secret management attributes.
contentType
  • string

The content type of the secret.
id
  • string

The secret id.
kid
  • string

If this is a secret backing a KV certificate, then this field specifies the corresponding key backing the KV certificate.
managed
  • boolean

True if the secret's lifetime is managed by key vault. If this is a secret backing a certificate, then managed will be true.
tags
  • <string, string>

Application specific metadata in the form of key-value pairs.
value
  • string

The secret value.