@azure/keyvault-keys package

Classes

CryptographyClient

A client used to perform cryptographic operations on an Azure Key vault key or a local <xref:JsonWebKey>.

KeyClient

The KeyClient provides methods to manage <xref:KeyVaultKey> in the Azure Key Vault. The client supports creating, retrieving, updating, deleting, purging, backing up, restoring and listing KeyVaultKeys. The client also supports listing <xref:DeletedKey> for a soft-delete enabled Azure Key Vault.

Interfaces

AesCbcDecryptParameters

Decryption parameters for AES-CBC encryption algorithms.

AesCbcEncryptParameters

Encryption parameters for AES-CBC encryption algorithms.

AesGcmDecryptParameters

Decryption parameters for AES-GCM encryption algorithms.

AesGcmEncryptParameters

Encryption parameters for AES-GCM encryption algorithms.

BackupKeyOptions

Options for <xref:backupKey>.

BeginDeleteKeyOptions

An interface representing the optional parameters that can be passed to <xref:beginDeleteKey>

BeginRecoverDeletedKeyOptions

An interface representing the optional parameters that can be passed to <xref:beginRecoverDeletedKey>

CreateEcKeyOptions

An interface representing the optional parameters that can be passed to <xref:createEcKey>

CreateKeyOptions

An interface representing the optional parameters that can be passed to <xref:createKey>

CreateOctKeyOptions

An interface representing the optional parameters that can be passed to <xref:createOctKey>

CreateRsaKeyOptions

An interface representing the optional parameters that can be passed to <xref:createRsaKey>

CryptographyClientOptions

The optional parameters accepted by the KeyVault's CryptographyClient

CryptographyOptions

An interface representing the options of the cryptography API methods, go to the <xref:CryptographyClient> for more information.

DecryptOptions

Options for <xref:decrypt>.

DecryptResult

Result of the <xref:decrypt> operation.

DeletedKey

An interface representing a deleted Key Vault Key.

EncryptOptions

Options for <xref:encrypt>.

EncryptResult

Result of the <xref:encrypt> operation.

GetDeletedKeyOptions

Options for <xref:getDeletedKey>.

GetKeyOptions

Options for <xref:getKey>.

ImportKeyOptions

An interface representing the optional parameters that can be passed to <xref:importKey>

JsonWebKey

As of http://tools.ietf.org/html/draft-ietf-jose-json-web-key-18

KeyClientOptions

The optional parameters accepted by the KeyVault's KeyClient

KeyPollerOptions

An interface representing the optional parameters that can be passed to <xref:beginDeleteKey> and <xref:beginRecoverDeletedKey>

KeyProperties

An interface representing the Properties of <xref:KeyVaultKey>

KeyVaultKey

An interface representing a Key Vault Key, with its name, value and <xref:KeyProperties>.

KeyVaultKeyIdentifier

Represents the segments that compose a Key Vault Key Id.

ListDeletedKeysOptions

An interface representing optional parameters for KeyClient paged operations passed to <xref:listDeletedKeys>.

ListPropertiesOfKeyVersionsOptions

An interface representing optional parameters for KeyClient paged operations passed to <xref:listPropertiesOfKeyVersions>.

ListPropertiesOfKeysOptions

An interface representing optional parameters for KeyClient paged operations passed to <xref:listPropertiesOfKeys>.

PurgeDeletedKeyOptions

Options for <xref:purgeDeletedKey>.

RestoreKeyBackupOptions

Options for <xref:restoreKeyBackup>.

RsaDecryptParameters

Decryption parameters for RSA encryption algorithms.

RsaEncryptParameters

Encryption parameters for RSA encryption algorithms.

SignOptions

Options for <xref:sign>.

SignResult

Result of the <xref:sign> operation.

UnwrapKeyOptions

Options for <xref:unwrapKey>.

UnwrapResult

Result of the <xref:unwrap> operation.

UpdateKeyPropertiesOptions

Options for <xref:updateKeyProperties>.

VerifyDataOptions

Options for <xref:verifyData>

VerifyOptions

Options for <xref:verify>.

VerifyResult

Result of the <xref:verify> operation.

WrapKeyOptions

Options for <xref:wrapKey>.

WrapResult

Result of the <xref:wrap> operation.

Type Aliases

AesCbcEncryptionAlgorithm

A union type representing all supported AES-CBC encryption algorithms.

AesGcmEncryptionAlgorithm

A union type representing all supported AES-GCM encryption algorithms.

DecryptParameters

A type representing all currently supported decryption parameters as they apply to different encryption algorithms.

DeletionRecoveryLevel

Defines values for DeletionRecoveryLevel.
<xref:KnownDeletionRecoveryLevel> can be used interchangeably with DeletionRecoveryLevel, this enum contains the known values that the service supports.

Know values supported by the service

Purgeable: Denotes a vault state in which deletion is an irreversible operation, without the possibility for recovery. This level corresponds to no protection being available against a Delete operation; the data is irretrievably lost upon accepting a Delete operation at the entity level or higher (vault, resource group, subscription etc.)
Recoverable+Purgeable: Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval (90 days), unless a Purge operation is requested, or the subscription is cancelled. System wil permanently delete it after 90 days, if not recovered
Recoverable: Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity during the retention interval(90 days) and while the subscription is still available. System wil permanently delete it after 90 days, if not recovered
Recoverable+ProtectedSubscription: Denotes a vault and subscription state in which deletion is recoverable within retention interval (90 days), immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled. System wil permanently delete it after 90 days, if not recovered
CustomizedRecoverable+Purgeable: Denotes a vault state in which deletion is recoverable, and which also permits immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90). This level guarantees the recoverability of the deleted entity during the retention interval, unless a Purge operation is requested, or the subscription is cancelled.
CustomizedRecoverable: Denotes a vault state in which deletion is recoverable without the possibility for immediate and permanent deletion (i.e. purge when 7<= SoftDeleteRetentionInDays < 90).This level guarantees the recoverability of the deleted entity during the retention interval and while the subscription is still available.
CustomizedRecoverable+ProtectedSubscription: Denotes a vault and subscription state in which deletion is recoverable, immediate and permanent deletion (i.e. purge) is not permitted, and in which the subscription itself cannot be permanently canceled when 7<= SoftDeleteRetentionInDays < 90. This level guarantees the recoverability of the deleted entity during the retention interval, and also reflects the fact that the subscription itself cannot be cancelled.

EncryptParameters

A type representing all currently supported encryption parameters as they apply to different encryption algorithms.

EncryptionAlgorithm

Defines values for JsonWebKeyEncryptionAlgorithm.
<xref:KnownJsonWebKeyEncryptionAlgorithm> can be used interchangeably with JsonWebKeyEncryptionAlgorithm, this enum contains the known values that the service supports.

Know values supported by the service

RSA-OAEP
RSA-OAEP-256
RSA1_5
A128GCM
A192GCM
A256GCM
A128KW
A192KW
A256KW
A128CBC
A192CBC
A256CBC
A128CBCPAD
A192CBCPAD
A256CBCPAD

KeyCurveName

Defines values for JsonWebKeyCurveName.
<xref:KnownJsonWebKeyCurveName> can be used interchangeably with JsonWebKeyCurveName, this enum contains the known values that the service supports.

Know values supported by the service

P-256: The NIST P-256 elliptic curve, AKA SECG curve SECP256R1.
P-384: The NIST P-384 elliptic curve, AKA SECG curve SECP384R1.
P-521: The NIST P-521 elliptic curve, AKA SECG curve SECP521R1.
P-256K: The SECG SECP256K1 elliptic curve.

KeyOperation

Defines values for JsonWebKeyOperation.
<xref:KnownJsonWebKeyOperation> can be used interchangeably with JsonWebKeyOperation, this enum contains the known values that the service supports.

Know values supported by the service

encrypt
decrypt
sign
verify
wrapKey
unwrapKey
import

KeyType

Defines values for JsonWebKeyType.
<xref:KnownJsonWebKeyType> can be used interchangeably with JsonWebKeyType, this enum contains the known values that the service supports.

Know values supported by the service

EC: Elliptic Curve.
EC-HSM: Elliptic Curve with a private key which is not exportable from the HSM.
RSA: RSA (https://tools.ietf.org/html/rfc3447)
RSA-HSM: RSA with a private key which is not exportable from the HSM.
oct: Octet sequence (used to represent symmetric keys)
oct-HSM: Octet sequence (used to represent symmetric keys) which is not exportable from the HSM.

KeyWrapAlgorithm

Supported algorithms for key wrapping/unwrapping

RsaEncryptionAlgorithm

A union type representing all supported RSA encryption algorithms.

SignatureAlgorithm

Defines values for JsonWebKeySignatureAlgorithm.
<xref:KnownJsonWebKeySignatureAlgorithm> can be used interchangeably with JsonWebKeySignatureAlgorithm, this enum contains the known values that the service supports.

Know values supported by the service

PS256: RSASSA-PSS using SHA-256 and MGF1 with SHA-256, as described in https://tools.ietf.org/html/rfc7518
PS384: RSASSA-PSS using SHA-384 and MGF1 with SHA-384, as described in https://tools.ietf.org/html/rfc7518
PS512: RSASSA-PSS using SHA-512 and MGF1 with SHA-512, as described in https://tools.ietf.org/html/rfc7518
RS256: RSASSA-PKCS1-v1_5 using SHA-256, as described in https://tools.ietf.org/html/rfc7518
RS384: RSASSA-PKCS1-v1_5 using SHA-384, as described in https://tools.ietf.org/html/rfc7518
RS512: RSASSA-PKCS1-v1_5 using SHA-512, as described in https://tools.ietf.org/html/rfc7518
RSNULL: Reserved
ES256: ECDSA using P-256 and SHA-256, as described in https://tools.ietf.org/html/rfc7518.
ES384: ECDSA using P-384 and SHA-384, as described in https://tools.ietf.org/html/rfc7518
ES512: ECDSA using P-521 and SHA-512, as described in https://tools.ietf.org/html/rfc7518
ES256K: ECDSA using P-256K and SHA-256, as described in https://tools.ietf.org/html/rfc7518

Enums

KnownDeletionRecoveryLevel

Known values of <xref:DeletionRecoveryLevel> that the service accepts.

KnownEncryptionAlgorithms

Known values of <xref:JsonWebKeyEncryptionAlgorithm> that the service accepts.

KnownKeyCurveNames

Known values of <xref:JsonWebKeyCurveName> that the service accepts.

KnownKeyOperations

Known values of <xref:JsonWebKeyOperation> that the service accepts.

KnownKeyTypes

Known values of <xref:JsonWebKeyType> that the service accepts.

KnownSignatureAlgorithms

Known values of <xref:JsonWebKeySignatureAlgorithm> that the service accepts.

Functions

parseKeyVaultKeyIdentifier(string)

Parses the given Key Vault Key Id. An example is: https://.vault.azure.net/keys//

On parsing the above Id, this function returns:

  {
     sourceId: "https://<keyvault-name>.vault.azure.net/keys/<key-name>/<unique-version-id>",
     vaultUrl: "https://<keyvault-name>.vault.azure.net",
     version: "<unique-version-id>",
     name: "<key-name>"
  }

Function Details

parseKeyVaultKeyIdentifier(string)

Parses the given Key Vault Key Id. An example is: https://.vault.azure.net/keys//

On parsing the above Id, this function returns:

  {
     sourceId: "https://<keyvault-name>.vault.azure.net/keys/<key-name>/<unique-version-id>",
     vaultUrl: "https://<keyvault-name>.vault.azure.net",
     version: "<unique-version-id>",
     name: "<key-name>"
  }
function parseKeyVaultKeyIdentifier(id: string)

Parameters

id

string

The Id of the Key Vault Key.

Returns