Vaults - Create Or Update

Create or update a key vault in the specified subscription.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}?api-version=2016-10-01

URI Parameters

Name In Required Type Description
subscriptionId
path True
  • string

Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call.

resourceGroupName
path True
  • string

The name of the Resource Group to which the server belongs.

vaultName
path True
  • string

Name of the vault

Regex pattern: ^[a-zA-Z0-9-]{3,24}$

api-version
query True
  • string

Client Api Version.

Request Body

Name Required Type Description
location True
  • string

The supported Azure location where the key vault should be created.

properties True

Properties of the vault

tags
  • <string, string>

The tags that will be assigned to the key vault.

Responses

Name Type Description
200 OK

Created or updated vault

201 Created

Created or updated vault

Examples

Create a new vault or update an existing vault

Sample Request

PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sample-resource-group/providers/Microsoft.KeyVault/vaults/sample-vault?api-version=2016-10-01
{
  "location": "westus",
  "properties": {
    "tenantId": "00000000-0000-0000-0000-000000000000",
    "sku": {
      "family": "A",
      "name": "standard"
    },
    "accessPolicies": [
      {
        "tenantId": "00000000-0000-0000-0000-000000000000",
        "objectId": "00000000-0000-0000-0000-000000000000",
        "permissions": {
          "keys": [
            "encrypt",
            "decrypt",
            "wrapKey",
            "unwrapKey",
            "sign",
            "verify",
            "get",
            "list",
            "create",
            "update",
            "import",
            "delete",
            "backup",
            "restore",
            "recover",
            "purge"
          ],
          "secrets": [
            "get",
            "list",
            "set",
            "delete",
            "backup",
            "restore",
            "recover",
            "purge"
          ],
          "certificates": [
            "get",
            "list",
            "delete",
            "create",
            "import",
            "update",
            "managecontacts",
            "getissuers",
            "listissuers",
            "setissuers",
            "deleteissuers",
            "manageissuers",
            "recover",
            "purge"
          ]
        }
      }
    ],
    "enabledForDeployment": true,
    "enabledForDiskEncryption": true,
    "enabledForTemplateDeployment": true
  }
}

Sample Response

{
  "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sample-resource-group/providers/Microsoft.KeyVault/vaults/sample-vault",
  "name": "sample-vault",
  "type": "Microsoft.KeyVault/vaults",
  "location": "westus",
  "tags": {},
  "properties": {
    "sku": {
      "family": "A",
      "name": "standard"
    },
    "tenantId": "00000000-0000-0000-0000-000000000000",
    "accessPolicies": [
      {
        "tenantId": "00000000-0000-0000-0000-000000000000",
        "objectId": "00000000-0000-0000-0000-000000000000",
        "permissions": {
          "keys": [
            "encrypt",
            "decrypt",
            "wrapKey",
            "unwrapKey",
            "sign",
            "verify",
            "get",
            "list",
            "create",
            "update",
            "import",
            "delete",
            "backup",
            "restore",
            "recover",
            "purge"
          ],
          "secrets": [
            "get",
            "list",
            "set",
            "delete",
            "backup",
            "restore",
            "recover",
            "purge"
          ],
          "certificates": [
            "get",
            "list",
            "delete",
            "create",
            "import",
            "update",
            "managecontacts",
            "getissuers",
            "listissuers",
            "setissuers",
            "deleteissuers",
            "manageissuers",
            "recover",
            "purge"
          ]
        }
      }
    ],
    "enabledForDeployment": true,
    "enabledForDiskEncryption": true,
    "enabledForTemplateDeployment": true,
    "vaultUri": "https://sample-vault.vault.azure.net"
  }
}
{
  "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sample-resource-group/providers/Microsoft.KeyVault/vaults/sample-vault",
  "name": "sample-vault",
  "type": "Microsoft.KeyVault/vaults",
  "location": "westus",
  "tags": {},
  "properties": {
    "sku": {
      "family": "A",
      "name": "standard"
    },
    "tenantId": "00000000-0000-0000-0000-000000000000",
    "accessPolicies": [
      {
        "tenantId": "00000000-0000-0000-0000-000000000000",
        "objectId": "00000000-0000-0000-0000-000000000000",
        "permissions": {
          "keys": [
            "encrypt",
            "decrypt",
            "wrapKey",
            "unwrapKey",
            "sign",
            "verify",
            "get",
            "list",
            "create",
            "update",
            "import",
            "delete",
            "backup",
            "restore",
            "recover",
            "purge"
          ],
          "secrets": [
            "get",
            "list",
            "set",
            "delete",
            "backup",
            "restore",
            "recover",
            "purge"
          ],
          "certificates": [
            "get",
            "list",
            "delete",
            "create",
            "import",
            "update",
            "managecontacts",
            "getissuers",
            "listissuers",
            "setissuers",
            "deleteissuers",
            "manageissuers",
            "recover",
            "purge"
          ]
        }
      }
    ],
    "enabledForDeployment": true,
    "enabledForDiskEncryption": true,
    "enabledForTemplateDeployment": true,
    "vaultUri": "https://sample-vault.vault.azure.net"
  }
}

Definitions

AccessPolicyEntry

An identity that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID.

CreateMode

The vault's create mode to indicate whether the vault need to be recovered or not.

Permissions

Permissions the identity has for keys, secrets, certificates and storage.

Sku

SKU details

SkuFamily

SKU family name

SkuName

SKU name to specify whether the key vault is a standard vault or a premium vault.

Vault

Resource information with extended details.

VaultCreateOrUpdateParameters

Parameters for creating or updating a vault

VaultProperties

Properties of the vault

AccessPolicyEntry

An identity that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID.

Name Type Description
applicationId
  • string

Application ID of the client making request on behalf of a principal

objectId
  • string

The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.

permissions

Permissions the identity has for keys, secrets and certificates.

tenantId
  • string

The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

CreateMode

The vault's create mode to indicate whether the vault need to be recovered or not.

Name Type Description
default
  • string
recover
  • string

Permissions

Permissions the identity has for keys, secrets, certificates and storage.

Name Type Description
certificates
  • string[]

Permissions to certificates

keys
  • string[]

Permissions to keys

secrets
  • string[]

Permissions to secrets

storage
  • string[]

Permissions to storage accounts

Sku

SKU details

Name Type Description
family

SKU family name

name

SKU name to specify whether the key vault is a standard vault or a premium vault.

SkuFamily

SKU family name

Name Type Description
A
  • string

SkuName

SKU name to specify whether the key vault is a standard vault or a premium vault.

Name Type Description
premium
  • string
standard
  • string

Vault

Resource information with extended details.

Name Type Description
id
  • string

The Azure Resource Manager resource ID for the key vault.

location
  • string

The supported Azure location where the key vault should be created.

name
  • string

The name of the key vault.

properties

Properties of the vault

tags
  • <string, string>

The tags that will be assigned to the key vault.

type
  • string

The resource type of the key vault.

VaultCreateOrUpdateParameters

Parameters for creating or updating a vault

Name Type Description
location
  • string

The supported Azure location where the key vault should be created.

properties

Properties of the vault

tags
  • <string, string>

The tags that will be assigned to the key vault.

VaultProperties

Properties of the vault

Name Type Description
accessPolicies

An identity that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID.

createMode

The vault's create mode to indicate whether the vault need to be recovered or not.

enableSoftDelete
  • boolean

Property to specify whether the 'soft delete' functionality is enabled for this key vault. It does not accept false value.

enabledForDeployment
  • boolean

Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.

enabledForDiskEncryption
  • boolean

Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.

enabledForTemplateDeployment
  • boolean

Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.

sku

SKU details

tenantId
  • string

The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

vaultUri
  • string

The URI of the vault for performing operations on keys and secrets.