Vaults - Get
Gets the specified Azure key vault.
GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}?api-version=2018-02-14
URI Parameters
Name | In | Required | Type | Description |
---|---|---|---|---|
subscription
|
path | True |
|
Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. |
resource
|
path | True |
|
The name of the Resource Group to which the vault belongs. |
vault
|
path | True |
|
The name of the vault. |
api-version
|
query | True |
|
Client Api Version. |
Responses
Name | Type | Description |
---|---|---|
200 OK |
Retrieved vault |
Examples
Retrieve a vault
Sample Request
GET https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sample-resource-group/providers/Microsoft.KeyVault/vaults/sample-vault?api-version=2018-02-14
Sample Response
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sample-resource-group/providers/Microsoft.KeyVault/vaults/sample-vault",
"name": "sample-vault",
"type": "Microsoft.KeyVault/vaults",
"location": "westus",
"tags": {},
"properties": {
"sku": {
"family": "A",
"name": "standard"
},
"tenantId": "00000000-0000-0000-0000-000000000000",
"accessPolicies": [
{
"tenantId": "00000000-0000-0000-0000-000000000000",
"objectId": "00000000-0000-0000-0000-000000000000",
"permissions": {
"keys": [
"encrypt",
"decrypt",
"wrapKey",
"unwrapKey",
"sign",
"verify",
"get",
"list",
"create",
"update",
"import",
"delete",
"backup",
"restore",
"recover",
"purge"
],
"secrets": [
"get",
"list",
"set",
"delete",
"backup",
"restore",
"recover",
"purge"
],
"certificates": [
"get",
"list",
"delete",
"create",
"import",
"update",
"managecontacts",
"getissuers",
"listissuers",
"setissuers",
"deleteissuers",
"manageissuers",
"recover",
"purge"
]
}
}
],
"enabledForDeployment": true,
"enabledForDiskEncryption": true,
"enabledForTemplateDeployment": true,
"vaultUri": "https://sample-vault.vault.azure.net"
}
}
Definitions
Access |
An identity that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. |
Create |
The vault's create mode to indicate whether the vault need to be recovered or not. |
IPRule |
A rule governing the accessibility of a vault from a specific ip address or ip range. |
Network |
The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. |
Network |
Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'. |
Network |
A set of rules governing the network accessibility of a vault. |
Permissions |
Permissions the identity has for keys, secrets, certificates and storage. |
Sku |
SKU details |
Sku |
SKU family name |
Sku |
SKU name to specify whether the key vault is a standard vault or a premium vault. |
Vault |
Resource information with extended details. |
Vault |
Properties of the vault |
Virtual |
A rule governing the accessibility of a vault from a specific virtual network. |
AccessPolicyEntry
An identity that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID.
Name | Type | Description |
---|---|---|
applicationId |
|
Application ID of the client making request on behalf of a principal |
objectId |
|
The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. |
permissions |
Permissions the identity has for keys, secrets and certificates. |
|
tenantId |
|
The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. |
CreateMode
The vault's create mode to indicate whether the vault need to be recovered or not.
Name | Type | Description |
---|---|---|
default |
|
|
recover |
|
IPRule
A rule governing the accessibility of a vault from a specific ip address or ip range.
Name | Type | Description |
---|---|---|
value |
|
An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78). |
NetworkRuleAction
The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
Name | Type | Description |
---|---|---|
Allow |
|
|
Deny |
|
NetworkRuleBypassOptions
Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
Name | Type | Description |
---|---|---|
AzureServices |
|
|
None |
|
NetworkRuleSet
A set of rules governing the network accessibility of a vault.
Name | Type | Description |
---|---|---|
bypass |
Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'. |
|
defaultAction |
The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. |
|
ipRules |
|
The list of IP address rules. |
virtualNetworkRules |
The list of virtual network rules. |
Permissions
Permissions the identity has for keys, secrets, certificates and storage.
Name | Type | Description |
---|---|---|
certificates |
|
Permissions to certificates |
keys |
|
Permissions to keys |
secrets |
|
Permissions to secrets |
storage |
|
Permissions to storage accounts |
Sku
SKU details
Name | Type | Description |
---|---|---|
family |
SKU family name |
|
name |
SKU name to specify whether the key vault is a standard vault or a premium vault. |
SkuFamily
SKU family name
Name | Type | Description |
---|---|---|
A |
|
SkuName
SKU name to specify whether the key vault is a standard vault or a premium vault.
Name | Type | Description |
---|---|---|
premium |
|
|
standard |
|
Vault
Resource information with extended details.
Name | Type | Description |
---|---|---|
id |
|
The Azure Resource Manager resource ID for the key vault. |
location |
|
The supported Azure location where the key vault should be created. |
name |
|
The name of the key vault. |
properties |
Properties of the vault |
|
tags |
|
The tags that will be assigned to the key vault. |
type |
|
The resource type of the key vault. |
VaultProperties
Properties of the vault
Name | Type | Description |
---|---|---|
accessPolicies |
An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When |
|
createMode |
The vault's create mode to indicate whether the vault need to be recovered or not. |
|
enablePurgeProtection |
|
Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value. |
enableSoftDelete |
|
Property to specify whether the 'soft delete' functionality is enabled for this key vault. It does not accept false value. |
enabledForDeployment |
|
Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. |
enabledForDiskEncryption |
|
Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. |
enabledForTemplateDeployment |
|
Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. |
networkAcls |
A collection of rules governing the accessibility of the vault from specific network locations. |
|
sku |
SKU details |
|
tenantId |
|
The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. |
vaultUri |
|
The URI of the vault for performing operations on keys and secrets. |
VirtualNetworkRule
A rule governing the accessibility of a vault from a specific virtual network.
Name | Type | Description |
---|---|---|
id |
|
Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'. |