Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Use Key Vault to safeguard and manage cryptographic keys, certificates and secrets used by cloud applications and services.
Key Vault operations
| Operation | Description |
|---|---|
| Check Name Availability | Checks that the vault name is valid and is not already in use. |
| Create Or Update | Create or update a key vault in the specified subscription. |
| Update Access Policy | Update access policies in a key vault in the specified subscription. |
| Get | Gets the specified Azure key vault. |
| List | The List operation gets information about the vaults associated with the subscription. |
| List By Resource Group | The List operation gets information about the vaults associated with the subscription and within the specified resource group. |
| List By Subscription | The List operation gets information about the vaults associated with the subscription. |
| Update | Update a key vault in the specified subscription. |
| Delete | Deletes the specified Azure key vault. |
| Get Deleted | Gets the deleted Azure key vault. |
| List Deleted | Gets information about the deleted vaults in a subscription. |
| Purge | Permanently deletes the specified vault. |
Private link operations
| Operation | Description |
|---|---|
| List By Vault | Gets the private link resources supported for the key vault. |
Private endpoint connections operations
| Operation | Description |
|---|---|
| Get | Gets the specified private endpoint connection associated with the key vault. |
| List By Resource | The List operation gets information about the private endpoint connections associated with the vault. |
| Put | Updates the specified private endpoint connection associated with the key vault. |
| Delete | Deletes the specified private endpoint connection associated with the key vault. |
Managed HSM operations
| Operation | Description |
|---|---|
| Create Or Update | Create or update a managed HSM Pool in the specified subscription. |
| Get | Gets the specified managed HSM Pool. |
| List By Resource Group | The List operation gets information about the managed HSM Pools associated with the subscription and within the specified resource group. |
| List By Subscription | The List operation gets information about the managed HSM Pools associated with the subscription. |
| Update | Update a managed HSM Pool in the specified subscription. |
| Get Deleted | Gets the specified deleted managed HSM. |
| List Deleted | The List operation gets information about the deleted managed HSMs associated with the subscription. |
| Delete | Deletes the specified managed HSM Pool. |
| Purge Deleted | Permanently deletes the specified managed HSM. |
Private link operations
| Operation | Description |
|---|---|
| List By MHSM Resource | Gets the private link resources supported for the managed HSM pool. |
Private endpoint connections operations
| Operation | Description |
|---|---|
| Get | Gets the specified private endpoint connection associated with the managed HSM Pool. |
| List By Resource | The List operation gets information about the private endpoint connections associated with the managed HSM Pool. |
| Put | Updates the specified private endpoint connection associated with the managed HSM Pool. |
| Delete | Deletes the specified private endpoint connection associated with the managed HSM Pool. |
HSM Security Domain operations
| Operation | Description |
|---|---|
| Download | Retrieves the Security Domain from the managed HSM. Calling this endpoint can be used to activate a provisioned managed HSM resource. |
| Download Pending | Retrieves the Security Domain download operation status. |
| Upload | Restore the provided Security Domain. |
| Upload Pending | Get Security Domain upload operation status. |
Managed HSM Settings operations
| Operation | Description |
|---|---|
| Get Setting | Get specified account setting object. Retrieves the setting object of a specified setting name. |
| Get Settings | List account settings. Retrieves a list of all the available account settings that can be configured. |
| Update Setting | Updates key vault account setting, stores it, then returns the setting name and value to the client. Description of the pool setting to be updated |
Role-based access control operations
Role assignment operations
| Operation | Description |
|---|---|
| Get | Get the specified role assignment. |
| List | Gets role assignments for a scope. |
| Create | Creates a role assignment. |
| Delete | Deletes a role assignment. |
Role definition operations
| Operation | Description |
|---|---|
| Get | Get the specified role definition. |
| List | Get all role definitions that are applicable at scope and above. |
| Create Or Update | Creates or updates a custom role definition. |
| Delete | Deletes a custom role definition. |
Backup/restore operations
| Operation | Description |
|---|---|
| Full Backup | Creates a full backup using a user-provided SAS token to an Azure blob storage container. This operation is supported only by the Managed HSM service. |
| Backup Status | Returns the status of full backup operation. |
| Full Restore | Restores all key materials using the SAS token pointing to a previously stored Azure Blob storage backup folder. |
| Selective Restore | Restores all key versions of a given key using user supplied SAS token pointing to a previously stored Azure Blob storage backup folder. |
| Restore Status | Returns the status of restore operation. |
Key operations (Key Vault/Managed HSM)
| Operation | Description |
|---|---|
| Get Key | Gets the public part of a stored key. |
| Get Keys | List keys in the specified vault. |
| Get Key Versions | Retrieves a list of individual key versions with the same key name. |
| Create Key | Creates a new key, stores it, then returns key parameters and attributes to the client. |
| Import Key | Imports an externally created key, stores it, and returns key parameters and attributes to the client. |
| Update Key | The update key operation changes specified attributes of a stored key and can be applied to any key type and key version stored in Azure Key Vault. |
| Delete Key | Deletes a key of any type from storage in Azure Key Vault. |
| Get Deleted Key | Gets the public part of a deleted key. |
| Get Deleted Keys | Lists the deleted keys in the specified vault. |
| Purge Deleted Key | Permanently deletes the specified key. |
| Recover Deleted Key | Recovers the deleted key to its latest version. |
| Backup Key | Requests that a backup of the specified key be downloaded to the client. |
| Restore Key | Restores a backed up key to a vault. |
| Release Key | Releases a key. The release key operation is applicable to all key types. The target key must be marked exportable. This operation requires the keys/release permission. |
| Rotate Key | Creates a new key version, stores it, then returns key parameters, attributes and policy to the client. The operation will rotate the key based on the key policy. It requires the keys/rotate permission. |
| Get Key Rotation Policy | Lists the policy for a key. The GetKeyRotationPolicy operation returns the specified key policy resources in the specified key vault. This operation requires the keys/get permission. |
| Update Key Rotation Policy | Updates the rotation policy for a key. Set specified members in the key policy. Leave others as undefined. This operation requires the keys/update permission. |
Key operations (Managed HSM only)
| Operation | Description |
|---|---|
| Get Random Bytes | Get the requested number of bytes containing random values from a managed HSM. |
Cryptographic operations (Key Vault/Managed HSM)
| Operation | Description |
|---|---|
| Decrypt | Decrypts a single block of encrypted data. |
| Encrypt | Encrypts an arbitrary sequence of bytes using an encryption key that is stored in a key vault. |
| Wrap Key | Wraps a symmetric key using a specified key. |
| Unwrap Key | Unwraps a symmetric key using the specified key that was initially used for wrapping that key. |
| Sign | Creates a signature from a digest using the specified key. |
| Verify | Verifies a signature using a specified key. |
Secret operations (Key Vault only)
| Operation | Description |
|---|---|
| Get Secret | Get a specified secret from a given key vault. |
| Get Secrets | List secrets in a specified key vault. |
| Get Secret Versions | List all versions of the specified secret. |
| Set Secret | Sets a secret in a specified key vault. |
| Update Secret | Updates the attributes associated with a specified secret in a given key vault. |
| Delete Secret | Deletes a secret from a specified key vault. |
| Get Deleted Secret | Gets the specified deleted secret. |
| Get Deleted Secrets | Lists deleted secrets for the specified vault. |
| Purge Deleted Secret | Permanently deletes the specified secret. |
| Recover Deleted Secret | Recovers the deleted secret to the latest version. |
| Backup Secret | Backs up the specified secret. |
| Restore Secret | Restores a backed up secret to a vault. |
Storage account key management operations (Key Vault only)
Storage Account configuration operations
| Operation | Description |
|---|---|
| Get Storage Account | Gets information about a specified storage account. This operation requires the storage/get permission. |
| Get Storage Accounts | List storage accounts managed by the specified key vault. This operation requires the storage/list permission. |
| Update Storage Account | Updates the specified attributes associated with the given storage account. This operation requires the storage/set/update permission. |
| Set Storage Account | Creates or updates a new storage account. This operation requires the storage/set permission. |
| Delete Storage Account | Deletes a storage account. This operation requires the storage/delete permission. |
| Get Deleted Storage Account | Gets the specified deleted storage account. |
| Get Deleted Storage Accounts | Lists deleted storage accounts for the specified vault. |
| Purge Deleted Storage Account | Permanently deletes the specified storage account. |
| Recover Deleted Storage Account | Recovers the deleted storage account. |
| Backup Storage Account | Backs up the specified storage account. |
| Restore Storage Account | Restores a backed-up storage account to a vault. |
Storage Account key operations
| Operation | Description |
|---|---|
| Regenerate Storage Account Key | Regenerates the specified key value for the given storage account. This operation requires the storage/regeneratekey permission. |
Storage Account SAS operations
| Operation | Description |
|---|---|
| Get Sas Definition | Gets information about a SAS definition for the specified storage account. This operation requires the storage/getsas permission. |
| Get Sas Definitions | List storage SAS definitions for the given storage account. This operation requires the storage/listsas permission. |
| Set Sas Definition | Creates or updates a new SAS definition for the specified storage account. This operation requires the storage/setsas permission. |
| Update Sas Definition | Updates the specified attributes associated with the given SAS definition. This operation requires the storage/setsas permission. |
| Delete Sas Definition | Deletes a SAS definition from a specified storage account. This operation requires the storage/deletesas permission. |
| Get Deleted Sas Definition | Gets the specified deleted sas definition. |
| Get Deleted Sas Definitions | Lists deleted SAS definitions for the specified vault and storage account. |
| Recover Deleted Sas Definition | Recovers the deleted SAS definition. |
Certificate operations (Key Vault only)
| Operation | Description |
|---|---|
| Get Certificate | Gets information about a certificate. |
| Get Certificates | List certificates in a specified key vault |
| Get Certificate Versions | List the versions of a certificate. |
| Create Certificate | Creates a new certificate. |
| Import Certificate | Imports a certificate into a specified key vault. |
| Merge Certificate | Merges a certificate or a certificate chain with a key pair existing on the server. |
| Get Certificate Operation | Gets the creation operation of a certificate. |
| Update Certificate Operation | Updates a certificate operation. |
| Delete Certificate Operation | Deletes the creation operation for a specific certificate. |
| Update Certificate | Updates the specified attributes associated with the given certificate. |
| Delete Certificate | Deletes a certificate from a specified key vault. |
| Get Deleted Certificate | Retrieves information about the specified deleted certificate. |
| Get Deleted Certificates | Lists the deleted certificates in the specified vault currently available for recovery. |
| Purge Deleted Certificate | Permanently deletes the specified deleted certificate. |
| Recover Deleted Certificate | Recovers the deleted certificate back to its current version under /certificates. |
| Backup Certificate | Backs up the specified certificate. |
| Restore Certificate | Restores a backed-up certificate to a vault. |
Certificate policy operations
| Operation | Description |
|---|---|
| Get Certificate Policy | Lists the policy for a certificate. |
| Update Certificate Policy | Updates the policy for a certificate. |
Certificate contacts operations
| Operation | Description |
|---|---|
| Get Certificate Contacts | Lists the certificate contacts for a specified key vault. |
| Set Certificate Contacts | Sets the certificate contacts for the specified key vault. |
| Delete Certificate Contacts | Deletes the certificate contacts for a specified key vault. |
Certificate issuer operations
| Operation | Description |
|---|---|
| Get Certificate Issuer | Lists the specified certificate issuer. |
| Get Certificate Issuers | List certificate issuers for a specified key vault. |
| Set Certificate Issuer | Sets the specified certificate issuer. |
| Update Certificate Issuer | Updates the specified certificate issuer. |
| Delete Certificate Issuer | Deletes the specified certificate issuer. |
See also
- For concepts and detailed information about Key Vault, see About Azure Key Vault.
- For concepts and detailed information about Managed HSM, see What is Azure Key Vault Managed HSM?
- For concepts and detailed information about data plane objects, see About keys, secrets, and certificates.
- For general information on constructing Azure REST API requests, see the Azure REST API reference
- For information specific to constructing Key Vault REST API requests, see
- See the following topics for additional Key Vault concepts and details