Server Keys - Create Or Update

Creates or updates a server key.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/keys/{keyName}?api-version=2015-05-01-preview

URI Parameters

Name In Required Type Description
subscriptionId
path True
  • string

The subscription ID that identifies an Azure subscription.

resourceGroupName
path True
  • string

The name of the resource group that contains the resource. You can obtain this value from the Azure Resource Manager API or the portal.

serverName
path True
  • string

The name of the server.

keyName
path True
  • string

The name of the server key to be operated on (updated or created). The key name is required to be in the format of 'vault_key_version'. For example, if the keyId is https://YourVaultName.vault.azure.net/keys/YourKeyName/01234567890123456789012345678901, then the server key name should be formatted as: YourVaultName_YourKeyName_01234567890123456789012345678901

api-version
query True
  • string

The API version to use for the request.

Request Body

Name Required Type Description
creationDate
  • string
    date-time

The server key creation date.

kind
  • string

Kind of encryption protector. This is metadata used for the Azure portal experience.

serverKeyType True

The server key type like 'ServiceManaged', 'AzureKeyVault'.

thumbprint
  • string

Thumbprint of the server key.

uri
  • string

The URI of the server key.

Responses

Name Type Description
200 OK

Successfully updated the server key.

Other Status Codes

*** Error Responses: ***

  • 400 InvalidKeyName - An invalid value was given for the server key name.

  • 400 InvalidKeyType - The create server key type is not supported.

  • 400 InvalidKeyUpsertRequest - The create server key request does not exist or has no properties object.

  • 400 AzureKeyVaultInvalidExpirationDate - The operation could not be completed because the Azure Key Vault key expiration date is invalid.

  • 400 AzureKeyVaultInvalidUri - An invalid response from Azure Key Vault. Please use a valid Azure Key Vault URI.

  • 400 AzureKeyVaultMalformedVaultUri - The provided Key Vault uri is not valid.

  • 400 AzureKeyVaultInvalidExpirationDate - The operation could not be completed because the Azure Key Vault key expiration date is invalid.

  • 400 AzureKeyVaultInvalidUri - An invalid response from Azure Key Vault. Please use a valid Azure Key Vault URI.

  • 400 AzureKeyVaultMalformedVaultUri - The provided Key Vault uri is not valid.

  • 401 AzureKeyVaultKeyDisabled - The operation could not be completed on the server because the Azure Key Vault key is disabled.

  • 401 AzureKeyVaultNoServerIdentity - The server identity is not correctly configured on server. Please contact support.

  • 401 AzureKeyVaultMissingPermissions - The server is mising required permissions on the Azure Key Vault.

  • 401 AdalGenericError - The operation could not be completed because an Azure Active Directory error was encountered.

  • 401 AdalServicePrincipalNotFound - The operation could not be completed because an Azure Active Directory library Serivce Principal not found error was encountered.

  • 401 AzureKeyVaultKeyDisabled - The operation could not be completed on the server because the Azure Key Vault key is disabled.

  • 401 AzureKeyVaultNoServerIdentity - The server identity is not correctly configured on server. Please contact support.

  • 401 AzureKeyVaultMissingPermissions - The server is mising required permissions on the Azure Key Vault.

  • 401 AdalGenericError - The operation could not be completed because an Azure Active Directory error was encountered.

  • 401 AdalServicePrincipalNotFound - The operation could not be completed because an Azure Active Directory library Serivce Principal not found error was encountered.

  • 404 SubscriptionDoesNotHaveServer - The requested server was not found

  • 404 ResourceNotFound - The requested resource was not found.

  • 409 ServerKeyUriAlreadyExists - The server key URI already exists on the server.

  • 409 ServerKeyDoesNotExists - The server key does not exist.

  • 409 AzureKeyVaultKeyNameNotFound - The operation could not be completed because the Azure Key Vault Key name does not exist.

  • 409 AzureKeyVaultKeyInUse - The key is currently being used by the server.

  • 409 ServerKeyNameAlreadyExists - The server key already exists on the server.

  • 409 ServerKeyUriAlreadyExists - The server key URI already exists on the server.

  • 409 ServerKeyDoesNotExists - The server key does not exist.

  • 409 AzureKeyVaultKeyNameNotFound - The operation could not be completed because the Azure Key Vault Key name does not exist.

  • 409 AzureKeyVaultKeyInUse - The key is currently being used by the server.

  • 409 ServerKeyNameAlreadyExists - The server key already exists on the server.

  • 503 AzureKeyVaultConnectionFailed - The operation could not be completed on the server because attempts to connect to Azure Key Vault have failed

  • 503 AzureKeyVaultGenericConnectionError - The operation could not be completed because an error was encountered when attempting to retrieve Key Vault information .

  • 503 AzureKeyVaultConnectionFailed - The operation could not be completed on the server because attempts to connect to Azure Key Vault have failed

  • 503 AzureKeyVaultGenericConnectionError - The operation could not be completed because an error was encountered when attempting to retrieve Key Vault information .

202 Accepted

Accepted

201 Created

Successfully created the server key.

Examples

Creates or updates a server key

Sample Request

PUT https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/sqlcrudtest-7398/providers/Microsoft.Sql/servers/sqlcrudtest-4645/keys/someVault_someKey_01234567890123456789012345678901?api-version=2015-05-01-preview
{
  "properties": {
    "serverKeyType": "AzureKeyVault",
    "uri": "https://someVault.vault.azure.net/keys/someKey/01234567890123456789012345678901"
  }
}

Sample Response

{
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/sqlcrudtest-7398/providers/Microsoft.Sql/servers/sqlcrudtest-4645/keys/someVault_someKey_01234567890123456789012345678901",
  "name": "sqlcrudtest-4645",
  "type": "Microsoft.Sql/servers/keys",
  "location": "Japan East",
  "kind": "azurekeyvault",
  "properties": {
    "serverKeyType": "AzureKeyVault",
    "uri": "https://someVault.vault.azure.net/keys/someKey/01234567890123456789012345678901",
    "thumbprint": "00112233445566778899AABBCCDDEEFFAABBCCDD",
    "creationDate": "2017-05-01T00:00:00.000Z"
  }
}
{
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/sqlcrudtest-7398/providers/Microsoft.Sql/servers/sqlcrudtest-4645/keys/someVault_someKey_01234567890123456789012345678901",
  "name": "sqlcrudtest-4645",
  "type": "Microsoft.Sql/servers/keys",
  "location": "Japan East",
  "kind": "azurekeyvault",
  "properties": {
    "serverKeyType": "AzureKeyVault",
    "uri": "https://someVault.vault.azure.net/keys/someKey/01234567890123456789012345678901",
    "thumbprint": "00112233445566778899AABBCCDDEEFFAABBCCDD",
    "creationDate": "2017-05-01T00:00:00.000Z"
  }
}

Definitions

ServerKey
ServerKeyType

The server key type like 'ServiceManaged', 'AzureKeyVault'.

Name Type Description
creationDate
  • string
    date-time

The server key creation date.

kind
  • string

Kind of encryption protector. This is metadata used for the Azure portal experience.

location
  • string

Resource location.

serverKeyType

The server key type like 'ServiceManaged', 'AzureKeyVault'.

subregion
  • string

Subregion of the server key.

thumbprint
  • string

Thumbprint of the server key.

uri
  • string

The URI of the server key.

The server key type like 'ServiceManaged', 'AzureKeyVault'.

Name Description
AzureKeyVault
ServiceManaged