Vaults - Get

Gets the specified Azure key vault.

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}?api-version=2018-02-14

URI Parameters

Name In Required Type Description
subscriptionId
path True
  • string

Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call.

resourceGroupName
path True
  • string

The name of the Resource Group to which the vault belongs.

vaultName
path True
  • string

The name of the vault.

api-version
query True
  • string

Client Api Version.

Responses

Name Type Description
200 OK

Retrieved vault

Examples

Retrieve a vault

Sample Request

GET https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sample-resource-group/providers/Microsoft.KeyVault/vaults/sample-vault?api-version=2018-02-14

Sample Response

{
  "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sample-resource-group/providers/Microsoft.KeyVault/vaults/sample-vault",
  "name": "sample-vault",
  "type": "Microsoft.KeyVault/vaults",
  "location": "westus",
  "tags": {},
  "properties": {
    "sku": {
      "family": "A",
      "name": "standard"
    },
    "tenantId": "00000000-0000-0000-0000-000000000000",
    "accessPolicies": [
      {
        "tenantId": "00000000-0000-0000-0000-000000000000",
        "objectId": "00000000-0000-0000-0000-000000000000",
        "permissions": {
          "keys": [
            "encrypt",
            "decrypt",
            "wrapKey",
            "unwrapKey",
            "sign",
            "verify",
            "get",
            "list",
            "create",
            "update",
            "import",
            "delete",
            "backup",
            "restore",
            "recover",
            "purge"
          ],
          "secrets": [
            "get",
            "list",
            "set",
            "delete",
            "backup",
            "restore",
            "recover",
            "purge"
          ],
          "certificates": [
            "get",
            "list",
            "delete",
            "create",
            "import",
            "update",
            "managecontacts",
            "getissuers",
            "listissuers",
            "setissuers",
            "deleteissuers",
            "manageissuers",
            "recover",
            "purge"
          ]
        }
      }
    ],
    "enabledForDeployment": true,
    "enabledForDiskEncryption": true,
    "enabledForTemplateDeployment": true,
    "vaultUri": "https://sample-vault.vault.azure.net"
  }
}

Definitions

AccessPolicyEntry

An identity that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID.

CreateMode

The vault's create mode to indicate whether the vault need to be recovered or not.

IPRule

A rule governing the accesibility of a vault from a specific ip address or ip range.

NetworkRuleAction

The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.

NetworkRuleBypassOptions

Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.

NetworkRuleSet

A set of rules governing the network accessibility of a vault.

Permissions

Permissions the identity has for keys, secrets, certificates and storage.

Sku

SKU details

SkuFamily

SKU family name

SkuName

SKU name to specify whether the key vault is a standard vault or a premium vault.

Vault

Resource information with extended details.

VaultProperties

Properties of the vault

VirtualNetworkRule

A rule governing the accesibility of a vault from a specific virtual network.

AccessPolicyEntry

An identity that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID.

Name Type Description
applicationId
  • string

Application ID of the client making request on behalf of a principal

objectId
  • string

The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.

permissions

Permissions the identity has for keys, secrets and certificates.

tenantId
  • string

The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

CreateMode

The vault's create mode to indicate whether the vault need to be recovered or not.

Name Type Description
default
  • string
recover
  • string

IPRule

A rule governing the accesibility of a vault from a specific ip address or ip range.

Name Type Description
value
  • string

An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).

NetworkRuleAction

The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.

Name Type Description
Allow
  • string
Deny
  • string

NetworkRuleBypassOptions

Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.

Name Type Description
AzureServices
  • string
None
  • string

NetworkRuleSet

A set of rules governing the network accessibility of a vault.

Name Type Description
bypass

Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.

defaultAction

The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.

ipRules

The list of IP address rules.

virtualNetworkRules

The list of virtual network rules.

Permissions

Permissions the identity has for keys, secrets, certificates and storage.

Name Type Description
certificates
  • string[]

Permissions to certificates

keys
  • string[]

Permissions to keys

secrets
  • string[]

Permissions to secrets

storage
  • string[]

Permissions to storage accounts

Sku

SKU details

Name Type Description
family

SKU family name

name

SKU name to specify whether the key vault is a standard vault or a premium vault.

SkuFamily

SKU family name

Name Type Description
A
  • string

SkuName

SKU name to specify whether the key vault is a standard vault or a premium vault.

Name Type Description
premium
  • string
standard
  • string

Vault

Resource information with extended details.

Name Type Description
id
  • string

The Azure Resource Manager resource ID for the key vault.

location
  • string

The supported Azure location where the key vault should be created.

name
  • string

The name of the key vault.

properties

Properties of the vault

tags
  • object

The tags that will be assigned to the key vault.

type
  • string

The resource type of the key vault.

VaultProperties

Properties of the vault

Name Type Description
accessPolicies

An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID.

createMode

The vault's create mode to indicate whether the vault need to be recovered or not.

enablePurgeProtection
  • boolean

Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.

enableSoftDelete
  • boolean

Property to specify whether the 'soft delete' functionality is enabled for this key vault. It does not accept false value.

enabledForDeployment
  • boolean

Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.

enabledForDiskEncryption
  • boolean

Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.

enabledForTemplateDeployment
  • boolean

Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.

networkAcls

A collection of rules governing the accessibility of the vault from specific network locations.

sku

SKU details

tenantId
  • string

The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

vaultUri
  • string

The URI of the vault for performing operations on keys and secrets.

VirtualNetworkRule

A rule governing the accesibility of a vault from a specific virtual network.

Name Type Description
id
  • string

Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.