Server Keys - Create Or Update

Creates or updates a server key.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/keys/{keyName}?api-version=2015-05-01-preview

URI Parameters

Name In Required Type Description
subscriptionId
path True
  • string

The subscription ID that identifies an Azure subscription.

resourceGroupName
path True
  • string

The name of the resource group that contains the resource. You can obtain this value from the Azure Resource Manager API or the portal.

serverName
path True
  • string

The name of the server.

keyName
path True
  • string

The name of the server key to be operated on (updated or created). The key name is required to be in the format of 'vault_key_version'. For example, if the keyId is https://YourVaultName.vault.azure.net/keys/YourKeyName/01234567890123456789012345678901, then the server key name should be formatted as: YourVaultName_YourKeyName_01234567890123456789012345678901

api-version
query True
  • string

The API version to use for the request.

Request Body

default

Name Required Type Description
kind
  • string

Kind of encryption protector. This is metadata used for the Azure portal experience.

properties.creationDate
  • string

The server key creation date.

properties.serverKeyType True

The server key type like 'ServiceManaged', 'AzureKeyVault'.

properties.thumbprint
  • string

Thumbprint of the server key.

properties.uri
  • string

The URI of the server key.

Responses

Name Type Description
200 OK

Successfully updated the server key.

201 Created

Successfully created the server key.

202 Accepted

Accepted

Other Status Codes

*** Error Responses: ***

  • 400 InvalidKeyName - An invalid value was given for the server key name.

  • 400 InvalidKeyType - The create server key type is not supported.

  • 400 InvalidKeyUpsertRequest - The create server key request does not exist or has no properties object.

  • 400 AzureKeyVaultInvalidExpirationDate - The operation could not be completed because the Azure Key Vault key expiration date is invalid.

  • 400 AzureKeyVaultInvalidUri - An invalid response from Azure Key Vault. Please use a valid Azure Key Vault URI.

  • 400 AzureKeyVaultMalformedVaultUri - The provided Key Vault uri is not valid.

  • 400 AzureKeyVaultInvalidExpirationDate - The operation could not be completed because the Azure Key Vault key expiration date is invalid.

  • 400 AzureKeyVaultInvalidUri - An invalid response from Azure Key Vault. Please use a valid Azure Key Vault URI.

  • 400 AzureKeyVaultMalformedVaultUri - The provided Key Vault uri is not valid.

  • 401 AzureKeyVaultKeyDisabled - The operation could not be completed on the server because the Azure Key Vault key is disabled.

  • 401 AzureKeyVaultNoServerIdentity - The server identity is not correctly configured on server. Please contact support.

  • 401 AzureKeyVaultMissingPermissions - The server is mising required permissions on the Azure Key Vault.

  • 401 AdalGenericError - The operation could not be completed because an Azure Active Directory error was encountered.

  • 401 AdalServicePrincipalNotFound - The operation could not be completed because an Azure Active Directory library Serivce Principal not found error was encountered.

  • 401 AzureKeyVaultKeyDisabled - The operation could not be completed on the server because the Azure Key Vault key is disabled.

  • 401 AzureKeyVaultNoServerIdentity - The server identity is not correctly configured on server. Please contact support.

  • 401 AzureKeyVaultMissingPermissions - The server is mising required permissions on the Azure Key Vault.

  • 401 AdalGenericError - The operation could not be completed because an Azure Active Directory error was encountered.

  • 401 AdalServicePrincipalNotFound - The operation could not be completed because an Azure Active Directory library Serivce Principal not found error was encountered.

  • 404 SubscriptionDoesNotHaveServer - The requested server was not found

  • 404 ResourceNotFound - The requested resource was not found.

  • 409 ServerKeyUriAlreadyExists - The server key URI already exists on the server.

  • 409 ServerKeyDoesNotExists - The server key does not exist.

  • 409 AzureKeyVaultKeyNameNotFound - The operation could not be completed because the Azure Key Vault Key name does not exist.

  • 409 AzureKeyVaultKeyInUse - The key is currently being used by the server.

  • 409 ServerKeyNameAlreadyExists - The server key already exists on the server.

  • 409 ServerKeyUriAlreadyExists - The server key URI already exists on the server.

  • 409 ServerKeyDoesNotExists - The server key does not exist.

  • 409 AzureKeyVaultKeyNameNotFound - The operation could not be completed because the Azure Key Vault Key name does not exist.

  • 409 AzureKeyVaultKeyInUse - The key is currently being used by the server.

  • 409 ServerKeyNameAlreadyExists - The server key already exists on the server.

  • 503 AzureKeyVaultConnectionFailed - The operation could not be completed on the server because attempts to connect to Azure Key Vault have failed

  • 503 AzureKeyVaultGenericConnectionError - The operation could not be completed because an error was encountered when attempting to retrieve Key Vault information .

  • 503 AzureKeyVaultConnectionFailed - The operation could not be completed on the server because attempts to connect to Azure Key Vault have failed

  • 503 AzureKeyVaultGenericConnectionError - The operation could not be completed because an error was encountered when attempting to retrieve Key Vault information .

Examples

Creates or updates a server key

Sample Request

PUT https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/sqlcrudtest-7398/providers/Microsoft.Sql/servers/sqlcrudtest-4645/keys/someVault_someKey_01234567890123456789012345678901?api-version=2015-05-01-preview
{
  "properties": {
    "serverKeyType": "AzureKeyVault",
    "uri": "https://someVault.vault.azure.net/keys/someKey/01234567890123456789012345678901"
  }
}

Sample Response

{
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/sqlcrudtest-7398/providers/Microsoft.Sql/servers/sqlcrudtest-4645/keys/someVault_someKey_01234567890123456789012345678901",
  "name": "sqlcrudtest-4645",
  "type": "Microsoft.Sql/servers/keys",
  "location": "Japan East",
  "kind": "azurekeyvault",
  "properties": {
    "serverKeyType": "AzureKeyVault",
    "uri": "https://someVault.vault.azure.net/keys/someKey/01234567890123456789012345678901",
    "thumbprint": "00112233445566778899AABBCCDDEEFFAABBCCDD",
    "creationDate": "2017-05-01T00:00:00Z"
  }
}
{
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/sqlcrudtest-7398/providers/Microsoft.Sql/servers/sqlcrudtest-4645/keys/someVault_someKey_01234567890123456789012345678901",
  "name": "sqlcrudtest-4645",
  "type": "Microsoft.Sql/servers/keys",
  "location": "Japan East",
  "kind": "azurekeyvault",
  "properties": {
    "serverKeyType": "AzureKeyVault",
    "uri": "https://someVault.vault.azure.net/keys/someKey/01234567890123456789012345678901",
    "thumbprint": "00112233445566778899AABBCCDDEEFFAABBCCDD",
    "creationDate": "2017-05-01T00:00:00Z"
  }
}

Definitions

ServerKey

A server key.

ServerKeyType

The server key type like 'ServiceManaged', 'AzureKeyVault'.

ServerKey

A server key.

Name Type Description
id
  • string

Resource ID.

kind
  • string

Kind of encryption protector. This is metadata used for the Azure portal experience.

location
  • string

Resource location.

name
  • string

Resource name.

properties.creationDate
  • string

The server key creation date.

properties.serverKeyType

The server key type like 'ServiceManaged', 'AzureKeyVault'.

properties.subregion
  • string

Subregion of the server key.

properties.thumbprint
  • string

Thumbprint of the server key.

properties.uri
  • string

The URI of the server key.

type
  • string

Resource type.

ServerKeyType

The server key type like 'ServiceManaged', 'AzureKeyVault'.

Name Type Description
AzureKeyVault
  • string
ServiceManaged
  • string