openapi: 3.1.0 info: title: Azure Key Vault Data Plane API description: >- The Azure Key Vault data plane API for performing operations on keys, secrets, and certificates within a specific Key Vault instance. This API enables cryptographic operations, secret management, and certificate lifecycle management. All operations require OAuth 2.0 authentication via Azure Active Directory. version: '7.4' contact: name: Microsoft Azure Support url: https://azure.microsoft.com/en-us/support/ license: name: Microsoft API License url: https://learn.microsoft.com/en-us/legal/microsoft-apis/terms-of-use x-apisguru-categories: - security - cloud x-logo: url: https://azure.microsoft.com/svghandler/key-vault/ servers: - url: https://{vaultName}.vault.azure.net description: Azure Key Vault data plane endpoint variables: vaultName: description: The name of the Key Vault instance default: myvault security: - OAuth2Auth: [] tags: - name: Certificates description: >- Operations for creating, importing, managing, and renewing certificates including lifecycle management and certificate authority integration. - name: Keys description: >- Operations for creating, importing, managing, and performing cryptographic operations with keys. - name: Secrets description: >- Operations for securely storing and managing secrets such as passwords, connection strings, and API keys. paths: # ─────────────────────────────────────────────── # Keys # ─────────────────────────────────────────────── /keys/{key-name}/create: post: operationId: Keys_CreateKey summary: Azure Key Vault Create Key description: >- Creates a new key, stores it, then returns key parameters and attributes to the client. If the named key already exists, Azure Key Vault creates a new version of the key. Requires the keys/create permission. tags: - Keys parameters: - $ref: '#/components/parameters/KeyNameParameter' - $ref: '#/components/parameters/ApiVersionParameter' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/KeyCreateParameters' responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/KeyBundle' default: description: An unexpected error response. content: application/json: schema: $ref: '#/components/schemas/KeyVaultError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /keys/{key-name}/{key-version}: get: operationId: Keys_GetKey summary: Azure Key Vault Get Key description: >- Gets the public part of a stored key. The get key operation is applicable to all key types. If the requested key is symmetric, then no key material is released in the response. Requires the keys/get permission. tags: - Keys parameters: - $ref: '#/components/parameters/KeyNameParameter' - $ref: '#/components/parameters/KeyVersionParameter' - $ref: '#/components/parameters/ApiVersionParameter' responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/KeyBundle' default: description: An unexpected error response. content: application/json: schema: $ref: '#/components/schemas/KeyVaultError' x-microcks-operation: delay: 0 dispatcher: FALLBACK patch: operationId: Keys_UpdateKey summary: Azure Key Vault Update Key description: >- The update key operation changes specified attributes of a stored key and can be applied to any key type and key version stored in Azure Key Vault. Requires the keys/update permission. tags: - Keys parameters: - $ref: '#/components/parameters/KeyNameParameter' - $ref: '#/components/parameters/KeyVersionParameter' - $ref: '#/components/parameters/ApiVersionParameter' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/KeyUpdateParameters' responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/KeyBundle' default: description: An unexpected error response. content: application/json: schema: $ref: '#/components/schemas/KeyVaultError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /keys/{key-name}: delete: operationId: Keys_DeleteKey summary: Azure Key Vault Delete Key description: >- Deletes a key of any type from storage in Azure Key Vault. Requires the keys/delete permission. tags: - Keys parameters: - $ref: '#/components/parameters/KeyNameParameter' - $ref: '#/components/parameters/ApiVersionParameter' responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/DeletedKeyBundle' default: description: An unexpected error response. content: application/json: schema: $ref: '#/components/schemas/KeyVaultError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /keys: get: operationId: Keys_GetKeys summary: Azure Key Vault List Keys description: >- Retrieves a list of the keys in the Key Vault as JSON Web Key structures that contain the public part of a stored key. The list operation is applicable to all key types. Requires the keys/list permission. tags: - Keys parameters: - $ref: '#/components/parameters/ApiVersionParameter' - $ref: '#/components/parameters/MaxResultsParameter' responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/KeyListResult' default: description: An unexpected error response. content: application/json: schema: $ref: '#/components/schemas/KeyVaultError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /keys/{key-name}/{key-version}/encrypt: post: operationId: Keys_Encrypt summary: Azure Key Vault Encrypt description: >- Encrypts an arbitrary sequence of bytes using an encryption key that is stored in a Key Vault. Requires the keys/encrypt permission. tags: - Keys parameters: - $ref: '#/components/parameters/KeyNameParameter' - $ref: '#/components/parameters/KeyVersionParameter' - $ref: '#/components/parameters/ApiVersionParameter' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/KeyOperationsParameters' responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/KeyOperationResult' default: description: An unexpected error response. content: application/json: schema: $ref: '#/components/schemas/KeyVaultError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /keys/{key-name}/{key-version}/decrypt: post: operationId: Keys_Decrypt summary: Azure Key Vault Decrypt description: >- Decrypts a single block of encrypted data using the specified encryption key. Requires the keys/decrypt permission. tags: - Keys parameters: - $ref: '#/components/parameters/KeyNameParameter' - $ref: '#/components/parameters/KeyVersionParameter' - $ref: '#/components/parameters/ApiVersionParameter' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/KeyOperationsParameters' responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/KeyOperationResult' default: description: An unexpected error response. content: application/json: schema: $ref: '#/components/schemas/KeyVaultError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /keys/{key-name}/{key-version}/sign: post: operationId: Keys_Sign summary: Azure Key Vault Sign description: >- Creates a signature from a digest using the specified key. Requires the keys/sign permission. tags: - Keys parameters: - $ref: '#/components/parameters/KeyNameParameter' - $ref: '#/components/parameters/KeyVersionParameter' - $ref: '#/components/parameters/ApiVersionParameter' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/KeySignParameters' responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/KeyOperationResult' default: description: An unexpected error response. content: application/json: schema: $ref: '#/components/schemas/KeyVaultError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /keys/{key-name}/{key-version}/verify: post: operationId: Keys_Verify summary: Azure Key Vault Verify description: >- Verifies a signature using a specified key. Requires the keys/verify permission. tags: - Keys parameters: - $ref: '#/components/parameters/KeyNameParameter' - $ref: '#/components/parameters/KeyVersionParameter' - $ref: '#/components/parameters/ApiVersionParameter' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/KeyVerifyParameters' responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/KeyVerifyResult' default: description: An unexpected error response. content: application/json: schema: $ref: '#/components/schemas/KeyVaultError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /keys/{key-name}/{key-version}/wrapkey: post: operationId: Keys_WrapKey summary: Azure Key Vault Wrap Key description: >- Wraps a symmetric key using a specified key. Requires the keys/wrapKey permission. tags: - Keys parameters: - $ref: '#/components/parameters/KeyNameParameter' - $ref: '#/components/parameters/KeyVersionParameter' - $ref: '#/components/parameters/ApiVersionParameter' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/KeyOperationsParameters' responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/KeyOperationResult' default: description: An unexpected error response. content: application/json: schema: $ref: '#/components/schemas/KeyVaultError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /keys/{key-name}/{key-version}/unwrapkey: post: operationId: Keys_UnwrapKey summary: Azure Key Vault Unwrap Key description: >- Unwraps a symmetric key using the specified key that was initially used for wrapping that key. Requires the keys/unwrapKey permission. tags: - Keys parameters: - $ref: '#/components/parameters/KeyNameParameter' - $ref: '#/components/parameters/KeyVersionParameter' - $ref: '#/components/parameters/ApiVersionParameter' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/KeyOperationsParameters' responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/KeyOperationResult' default: description: An unexpected error response. content: application/json: schema: $ref: '#/components/schemas/KeyVaultError' # ─────────────────────────────────────────────── # Secrets # ─────────────────────────────────────────────── x-microcks-operation: delay: 0 dispatcher: FALLBACK /secrets/{secret-name}: put: operationId: Secrets_SetSecret summary: Azure Key Vault Set Secret description: >- Sets a secret in a specified key vault. The SET operation adds a secret to the Azure Key Vault. If the named secret already exists, Azure Key Vault creates a new version of that secret. Requires the secrets/set permission. tags: - Secrets parameters: - $ref: '#/components/parameters/SecretNameParameter' - $ref: '#/components/parameters/ApiVersionParameter' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/SecretSetParameters' responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/SecretBundle' default: description: An unexpected error response. content: application/json: schema: $ref: '#/components/schemas/KeyVaultError' x-microcks-operation: delay: 0 dispatcher: FALLBACK delete: operationId: Secrets_DeleteSecret summary: Azure Key Vault Delete Secret description: >- Deletes a secret from a specified key vault. Requires the secrets/delete permission. tags: - Secrets parameters: - $ref: '#/components/parameters/SecretNameParameter' - $ref: '#/components/parameters/ApiVersionParameter' responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/DeletedSecretBundle' default: description: An unexpected error response. content: application/json: schema: $ref: '#/components/schemas/KeyVaultError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /secrets/{secret-name}/{secret-version}: get: operationId: Secrets_GetSecret summary: Azure Key Vault Get Secret description: >- Get a specified secret from a given key vault. The GET operation is applicable to any secret stored in Azure Key Vault. Requires the secrets/get permission. tags: - Secrets parameters: - $ref: '#/components/parameters/SecretNameParameter' - $ref: '#/components/parameters/SecretVersionParameter' - $ref: '#/components/parameters/ApiVersionParameter' responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/SecretBundle' default: description: An unexpected error response. content: application/json: schema: $ref: '#/components/schemas/KeyVaultError' x-microcks-operation: delay: 0 dispatcher: FALLBACK patch: operationId: Secrets_UpdateSecret summary: Azure Key Vault Update Secret description: >- Updates the attributes associated with a specified secret in a given key vault. Requires the secrets/set permission. tags: - Secrets parameters: - $ref: '#/components/parameters/SecretNameParameter' - $ref: '#/components/parameters/SecretVersionParameter' - $ref: '#/components/parameters/ApiVersionParameter' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/SecretUpdateParameters' responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/SecretBundle' default: description: An unexpected error response. content: application/json: schema: $ref: '#/components/schemas/KeyVaultError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /secrets: get: operationId: Secrets_GetSecrets summary: Azure Key Vault List Secrets description: >- List secrets in a specified key vault. The Get Secrets operation is applicable to the entire vault. Requires the secrets/list permission. tags: - Secrets parameters: - $ref: '#/components/parameters/ApiVersionParameter' - $ref: '#/components/parameters/MaxResultsParameter' responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/SecretListResult' default: description: An unexpected error response. content: application/json: schema: $ref: '#/components/schemas/KeyVaultError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /secrets/{secret-name}/versions: get: operationId: Secrets_GetSecretVersions summary: Azure Key Vault List Secret Versions description: >- List all versions of the specified secret. Requires the secrets/list permission. tags: - Secrets parameters: - $ref: '#/components/parameters/SecretNameParameter' - $ref: '#/components/parameters/ApiVersionParameter' - $ref: '#/components/parameters/MaxResultsParameter' responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/SecretListResult' default: description: An unexpected error response. content: application/json: schema: $ref: '#/components/schemas/KeyVaultError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /secrets/{secret-name}/backup: post: operationId: Secrets_BackupSecret summary: Azure Key Vault Backup Secret description: >- Requests that a backup of the specified secret be downloaded to the client. All versions of the secret will be downloaded. Requires the secrets/backup permission. tags: - Secrets parameters: - $ref: '#/components/parameters/SecretNameParameter' - $ref: '#/components/parameters/ApiVersionParameter' responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/BackupSecretResult' default: description: An unexpected error response. content: application/json: schema: $ref: '#/components/schemas/KeyVaultError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /secrets/restore: post: operationId: Secrets_RestoreSecret summary: Azure Key Vault Restore Secret description: >- Restores a backed up secret, and all its versions, to a vault. Requires the secrets/restore permission. tags: - Secrets parameters: - $ref: '#/components/parameters/ApiVersionParameter' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/SecretRestoreParameters' responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/SecretBundle' default: description: An unexpected error response. content: application/json: schema: $ref: '#/components/schemas/KeyVaultError' # ─────────────────────────────────────────────── # Certificates # ─────────────────────────────────────────────── x-microcks-operation: delay: 0 dispatcher: FALLBACK /certificates/{certificate-name}/create: post: operationId: Certificates_CreateCertificate summary: Azure Key Vault Create Certificate description: >- Creates a new certificate. If this is the first version, the certificate resource is created. Requires the certificates/create permission. tags: - Certificates parameters: - $ref: '#/components/parameters/CertificateNameParameter' - $ref: '#/components/parameters/ApiVersionParameter' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CertificateCreateParameters' responses: '202': description: >- The request has been accepted for processing, but processing has not yet completed. content: application/json: schema: $ref: '#/components/schemas/CertificateOperation' default: description: An unexpected error response. content: application/json: schema: $ref: '#/components/schemas/KeyVaultError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /certificates/{certificate-name}/{certificate-version}: get: operationId: Certificates_GetCertificate summary: Azure Key Vault Get Certificate description: >- Gets information about a specific certificate. Requires the certificates/get permission. tags: - Certificates parameters: - $ref: '#/components/parameters/CertificateNameParameter' - $ref: '#/components/parameters/CertificateVersionParameter' - $ref: '#/components/parameters/ApiVersionParameter' responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/CertificateBundle' default: description: An unexpected error response. content: application/json: schema: $ref: '#/components/schemas/KeyVaultError' x-microcks-operation: delay: 0 dispatcher: FALLBACK patch: operationId: Certificates_UpdateCertificate summary: Azure Key Vault Update Certificate description: >- Applies the specified update on the given certificate. Requires the certificates/update permission. tags: - Certificates parameters: - $ref: '#/components/parameters/CertificateNameParameter' - $ref: '#/components/parameters/CertificateVersionParameter' - $ref: '#/components/parameters/ApiVersionParameter' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CertificateUpdateParameters' responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/CertificateBundle' default: description: An unexpected error response. content: application/json: schema: $ref: '#/components/schemas/KeyVaultError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /certificates/{certificate-name}: delete: operationId: Certificates_DeleteCertificate summary: Azure Key Vault Delete Certificate description: >- Deletes all versions of a certificate object along with its associated policy. Requires the certificates/delete permission. tags: - Certificates parameters: - $ref: '#/components/parameters/CertificateNameParameter' - $ref: '#/components/parameters/ApiVersionParameter' responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/DeletedCertificateBundle' default: description: An unexpected error response. content: application/json: schema: $ref: '#/components/schemas/KeyVaultError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /certificates: get: operationId: Certificates_GetCertificates summary: Azure Key Vault List Certificates description: >- List certificates in a specified key vault. Requires the certificates/list permission. tags: - Certificates parameters: - $ref: '#/components/parameters/ApiVersionParameter' - $ref: '#/components/parameters/MaxResultsParameter' - name: includePending in: query description: >- Specifies whether to include certificates which are not completely provisioned. schema: type: boolean responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/CertificateListResult' default: description: An unexpected error response. content: application/json: schema: $ref: '#/components/schemas/KeyVaultError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /certificates/{certificate-name}/import: post: operationId: Certificates_ImportCertificate summary: Azure Key Vault Import Certificate description: >- Imports an existing valid certificate, containing a private key, into Azure Key Vault. The certificate to be imported can be in either PFX or PEM format. Requires the certificates/import permission. tags: - Certificates parameters: - $ref: '#/components/parameters/CertificateNameParameter' - $ref: '#/components/parameters/ApiVersionParameter' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CertificateImportParameters' responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/CertificateBundle' default: description: An unexpected error response. content: application/json: schema: $ref: '#/components/schemas/KeyVaultError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /certificates/{certificate-name}/policy: get: operationId: Certificates_GetCertificatePolicy summary: Azure Key Vault Get Certificate Policy description: >- Gets the policy for a certificate. Requires the certificates/get permission. tags: - Certificates parameters: - $ref: '#/components/parameters/CertificateNameParameter' - $ref: '#/components/parameters/ApiVersionParameter' responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/CertificatePolicy' default: description: An unexpected error response. content: application/json: schema: $ref: '#/components/schemas/KeyVaultError' x-microcks-operation: delay: 0 dispatcher: FALLBACK patch: operationId: Certificates_UpdateCertificatePolicy summary: Azure Key Vault Update Certificate Policy description: >- Set specified members in the certificate policy. Requires the certificates/update permission. tags: - Certificates parameters: - $ref: '#/components/parameters/CertificateNameParameter' - $ref: '#/components/parameters/ApiVersionParameter' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CertificatePolicy' responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/CertificatePolicy' default: description: An unexpected error response. content: application/json: schema: $ref: '#/components/schemas/KeyVaultError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /certificates/{certificate-name}/pending: get: operationId: Certificates_GetCertificateOperation summary: Azure Key Vault Get Certificate Operation description: >- Gets the creation operation associated with a specified certificate. Requires the certificates/get permission. tags: - Certificates parameters: - $ref: '#/components/parameters/CertificateNameParameter' - $ref: '#/components/parameters/ApiVersionParameter' responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/CertificateOperation' default: description: An unexpected error response. content: application/json: schema: $ref: '#/components/schemas/KeyVaultError' x-microcks-operation: delay: 0 dispatcher: FALLBACK delete: operationId: Certificates_DeleteCertificateOperation summary: Azure Key Vault Delete Certificate Operation description: >- Deletes the creation operation for a specific certificate. Requires the certificates/update permission. tags: - Certificates parameters: - $ref: '#/components/parameters/CertificateNameParameter' - $ref: '#/components/parameters/ApiVersionParameter' responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/CertificateOperation' default: description: An unexpected error response. content: application/json: schema: $ref: '#/components/schemas/KeyVaultError' x-microcks-operation: delay: 0 dispatcher: FALLBACK components: securitySchemes: OAuth2Auth: type: oauth2 description: >- Azure Active Directory OAuth2 authentication. Requires an access token scoped to the Key Vault resource. flows: implicit: authorizationUrl: https://login.microsoftonline.com/common/oauth2/authorize scopes: https://vault.azure.net/.default: Access Azure Key Vault parameters: ApiVersionParameter: name: api-version in: query required: true description: The API version to use for this operation. schema: type: string minLength: 1 default: '7.4' KeyNameParameter: name: key-name in: path required: true description: The name of the key. schema: type: string pattern: '^[0-9a-zA-Z-]+$' KeyVersionParameter: name: key-version in: path required: true description: >- The version of the key. This URI fragment is optional. If not specified, the latest version of the key is returned. schema: type: string SecretNameParameter: name: secret-name in: path required: true description: The name of the secret. schema: type: string pattern: '^[0-9a-zA-Z-]+$' SecretVersionParameter: name: secret-version in: path required: true description: >- The version of the secret. This URI fragment is optional. If not specified, the latest version of the secret is returned. schema: type: string CertificateNameParameter: name: certificate-name in: path required: true description: The name of the certificate. schema: type: string pattern: '^[0-9a-zA-Z-]+$' CertificateVersionParameter: name: certificate-version in: path required: true description: >- The version of the certificate. This URI fragment is optional. If not specified, the latest version of the certificate is returned. schema: type: string MaxResultsParameter: name: maxresults in: query required: false description: >- Maximum number of results to return in a page. If not specified, the service will return up to 25 results. schema: type: integer format: int32 minimum: 1 maximum: 25 schemas: # ─────────────────────────────────────────────── # Common / Error schemas # ─────────────────────────────────────────────── KeyVaultError: type: object description: The key vault error exception. properties: error: $ref: '#/components/schemas/Error' readOnly: true Error: type: object description: The key vault server error. properties: code: type: string description: The error code. readOnly: true example: example_value message: type: string description: The error message. readOnly: true example: example_value innererror: $ref: '#/components/schemas/Error' readOnly: true DeletionRecoveryLevel: type: string description: >- Reflects the deletion recovery level currently in effect for objects in the current vault. enum: - Purgeable - Recoverable+Purgeable - Recoverable - Recoverable+ProtectedSubscription - CustomizedRecoverable+Purgeable - CustomizedRecoverable - CustomizedRecoverable+ProtectedSubscription # ─────────────────────────────────────────────── # Key schemas # ─────────────────────────────────────────────── JsonWebKeyType: type: string description: >- JsonWebKey Key Type (kty), as defined in https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40. enum: - EC - EC-HSM - RSA - RSA-HSM - oct - oct-HSM JsonWebKeyCurveName: type: string description: Elliptic curve name. enum: - P-256 - P-384 - P-521 - P-256K JsonWebKeyOperation: type: string description: JSON web key operations. enum: - encrypt - decrypt - sign - verify - wrapKey - unwrapKey - import - export JsonWebKey: type: object description: >- As of http://tools.ietf.org/html/draft-ietf-jose-json-web-key-18. properties: kid: type: string description: Key identifier. example: '500123' kty: $ref: '#/components/schemas/JsonWebKeyType' key_ops: type: array items: type: string description: Supported key operations. example: [] n: type: string format: base64url description: RSA modulus. example: example_value e: type: string format: base64url description: RSA public exponent. example: example_value d: type: string format: base64url description: RSA private exponent, or the D component of an EC private key. example: example_value dp: type: string format: base64url description: RSA private key parameter. example: example_value dq: type: string format: base64url description: RSA private key parameter. example: example_value qi: type: string format: base64url description: RSA private key parameter. example: example_value p: type: string format: base64url description: RSA secret prime. example: example_value q: type: string format: base64url description: RSA secret prime, with p < q. example: example_value k: type: string format: base64url description: Symmetric key. example: example_value key_hsm: type: string format: base64url description: Protected Key, used with Bring Your Own Key. example: example_value crv: $ref: '#/components/schemas/JsonWebKeyCurveName' x: type: string format: base64url description: X component of an EC public key. example: example_value 'y': type: string format: base64url description: Y component of an EC public key. example: example_value KeyAttributes: type: object description: The attributes of a key managed by the key vault service. properties: enabled: type: boolean description: Determines whether the object is enabled. example: true nbf: type: integer format: unixtime description: Not before date in UTC. example: 10 exp: type: integer format: unixtime description: Expiry date in UTC. example: 10 created: type: integer format: unixtime description: Creation time in UTC. readOnly: true example: 10 updated: type: integer format: unixtime description: Last updated time in UTC. readOnly: true example: 10 recoveryLevel: $ref: '#/components/schemas/DeletionRecoveryLevel' recoverableDays: type: integer format: int32 description: >- softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. readOnly: true example: 10 exportable: type: boolean description: Indicates if the private key can be exported. example: true hsmPlatform: type: string description: The underlying HSM Platform. readOnly: true example: example_value KeyReleasePolicy: type: object description: The policy rules under which the key can be exported. properties: contentType: type: string description: Content type and version of key release policy. default: application/json; charset=utf-8 example: example_value data: type: string format: base64url description: >- Blob encoding the policy rules under which the key can be released. example: example_value immutable: type: boolean description: >- Defines the mutability state of the policy. Once marked immutable, this flag cannot be reset and the policy cannot be changed under any circumstances. example: true KeyBundle: type: object description: A KeyBundle consisting of a WebKey plus its attributes. properties: key: $ref: '#/components/schemas/JsonWebKey' attributes: $ref: '#/components/schemas/KeyAttributes' tags: type: object additionalProperties: type: string description: Application specific metadata in the form of key-value pairs. example: example_value managed: type: boolean description: >- True if the key's lifetime is managed by key vault. If this is a key backing a certificate, then managed will be true. readOnly: true example: true release_policy: $ref: '#/components/schemas/KeyReleasePolicy' DeletedKeyBundle: type: object description: A deleted key bundle consisting of a WebKey plus its attributes. allOf: - $ref: '#/components/schemas/KeyBundle' properties: recoveryId: type: string description: The url of the recovery object, used to identify and recover the deleted key. example: '500123' scheduledPurgeDate: type: integer format: unixtime description: The time when the key is scheduled to be purged, in UTC. readOnly: true example: 10 deletedDate: type: integer format: unixtime description: The time when the key was deleted, in UTC. readOnly: true example: 10 KeyCreateParameters: type: object description: The key create parameters. required: - kty properties: kty: $ref: '#/components/schemas/JsonWebKeyType' key_size: type: integer format: int32 description: >- The key size in bits. For example: 2048, 3072, or 4096 for RSA. example: 10 public_exponent: type: integer format: int32 description: The public exponent for a RSA key. example: 10 key_ops: type: array items: $ref: '#/components/schemas/JsonWebKeyOperation' description: JSON web key operations. example: [] attributes: $ref: '#/components/schemas/KeyAttributes' tags: type: object additionalProperties: type: string description: Application specific metadata in the form of key-value pairs. example: example_value crv: $ref: '#/components/schemas/JsonWebKeyCurveName' release_policy: $ref: '#/components/schemas/KeyReleasePolicy' KeyUpdateParameters: type: object description: The key update parameters. properties: key_ops: type: array items: $ref: '#/components/schemas/JsonWebKeyOperation' description: JSON web key operations. example: [] attributes: $ref: '#/components/schemas/KeyAttributes' tags: type: object additionalProperties: type: string description: Application specific metadata in the form of key-value pairs. example: example_value release_policy: $ref: '#/components/schemas/KeyReleasePolicy' KeyOperationsParameters: type: object description: The key operations parameters. required: - alg - value properties: alg: type: string description: Algorithm identifier. enum: - RSA-OAEP - RSA-OAEP-256 - RSA1_5 - A128GCM - A192GCM - A256GCM - A128KW - A192KW - A256KW - A128CBC - A192CBC - A256CBC - A128CBCPAD - A192CBCPAD - A256CBCPAD example: RSA-OAEP value: type: string format: base64url description: The value to operate on. example: example_value iv: type: string format: base64url description: Initialization vector for symmetric algorithms. example: example_value aad: type: string format: base64url description: Additional data to authenticate but not encrypt/decrypt. example: example_value tag: type: string format: base64url description: The tag to verify when performing decryption with an authenticated algorithm. example: example_value KeySignParameters: type: object description: The key sign parameters. required: - alg - value properties: alg: type: string description: The signing/verification algorithm identifier. enum: - PS256 - PS384 - PS512 - RS256 - RS384 - RS512 - RSNULL - ES256 - ES384 - ES512 - ES256K example: PS256 value: type: string format: base64url description: The digest value to sign. example: example_value KeyVerifyParameters: type: object description: The key verify parameters. required: - alg - digest - value properties: alg: type: string description: The signing/verification algorithm identifier. enum: - PS256 - PS384 - PS512 - RS256 - RS384 - RS512 - RSNULL - ES256 - ES384 - ES512 - ES256K example: PS256 digest: type: string format: base64url description: The digest used for signing. example: example_value value: type: string format: base64url description: The signature to verify. example: example_value KeyOperationResult: type: object description: The key operation result. properties: kid: type: string description: Key identifier. readOnly: true example: '500123' value: type: string format: base64url description: The result of the operation. readOnly: true example: example_value iv: type: string format: base64url description: Initialization vector for symmetric algorithms. readOnly: true example: example_value tag: type: string format: base64url description: Authentication tag for authenticated encryption algorithms. readOnly: true example: example_value aad: type: string format: base64url description: Additional authenticated data. readOnly: true example: example_value KeyVerifyResult: type: object description: The key verify result. properties: value: type: boolean description: True if the signature is verified, otherwise false. readOnly: true example: true KeyItem: type: object description: The key item containing key metadata. properties: kid: type: string description: Key identifier. example: '500123' attributes: $ref: '#/components/schemas/KeyAttributes' tags: type: object additionalProperties: type: string description: Application specific metadata in the form of key-value pairs. example: example_value managed: type: boolean description: >- True if the key's lifetime is managed by key vault. readOnly: true example: true KeyListResult: type: object description: The key list result. properties: value: type: array items: $ref: '#/components/schemas/KeyItem' description: A list of keys. readOnly: true example: [] nextLink: type: string description: The URL to get the next set of keys. readOnly: true # ─────────────────────────────────────────────── # Secret schemas # ─────────────────────────────────────────────── example: example_value SecretAttributes: type: object description: The secret management attributes. properties: enabled: type: boolean description: Determines whether the object is enabled. example: true nbf: type: integer format: unixtime description: Not before date in UTC. example: 10 exp: type: integer format: unixtime description: Expiry date in UTC. example: 10 created: type: integer format: unixtime description: Creation time in UTC. readOnly: true example: 10 updated: type: integer format: unixtime description: Last updated time in UTC. readOnly: true example: 10 recoveryLevel: $ref: '#/components/schemas/DeletionRecoveryLevel' recoverableDays: type: integer format: int32 description: >- softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. readOnly: true example: 10 SecretBundle: type: object description: A secret consisting of a value, id and its attributes. properties: value: type: string description: The secret value. example: example_value id: type: string description: The secret id. example: abc123 contentType: type: string description: The content type of the secret. example: example_value attributes: $ref: '#/components/schemas/SecretAttributes' tags: type: object additionalProperties: type: string description: Application specific metadata in the form of key-value pairs. example: example_value kid: type: string description: >- If this is a secret backing a KV certificate, then this field specifies the corresponding key backing the KV certificate. readOnly: true example: '500123' managed: type: boolean description: >- True if the secret's lifetime is managed by key vault. If this is a secret backing a certificate, then managed will be true. readOnly: true example: true DeletedSecretBundle: type: object description: A deleted secret bundle consisting of its previous id, attributes, tags, and deletion information. allOf: - $ref: '#/components/schemas/SecretBundle' properties: recoveryId: type: string description: The url of the recovery object, used to identify and recover the deleted secret. example: '500123' scheduledPurgeDate: type: integer format: unixtime description: The time when the secret is scheduled to be purged, in UTC. readOnly: true example: 10 deletedDate: type: integer format: unixtime description: The time when the secret was deleted, in UTC. readOnly: true example: 10 SecretSetParameters: type: object description: The secret set parameters. required: - value properties: value: type: string description: The value of the secret. example: example_value tags: type: object additionalProperties: type: string description: Application specific metadata in the form of key-value pairs. example: example_value contentType: type: string description: Type of the secret value such as a password. example: example_value attributes: $ref: '#/components/schemas/SecretAttributes' SecretUpdateParameters: type: object description: The secret update parameters. properties: contentType: type: string description: Type of the secret value such as a password. example: example_value attributes: $ref: '#/components/schemas/SecretAttributes' tags: type: object additionalProperties: type: string description: Application specific metadata in the form of key-value pairs. example: example_value SecretItem: type: object description: The secret item containing secret metadata. properties: id: type: string description: Secret identifier. example: abc123 attributes: $ref: '#/components/schemas/SecretAttributes' tags: type: object additionalProperties: type: string description: Application specific metadata in the form of key-value pairs. example: example_value contentType: type: string description: Type of the secret value such as a password. example: example_value managed: type: boolean description: >- True if the secret's lifetime is managed by key vault. readOnly: true example: true SecretListResult: type: object description: The secret list result. properties: value: type: array items: $ref: '#/components/schemas/SecretItem' description: A list of secrets. readOnly: true example: [] nextLink: type: string description: The URL to get the next set of secrets. readOnly: true example: example_value BackupSecretResult: type: object description: The backup secret result, containing the backup blob. properties: value: type: string format: base64url description: The backup blob containing the backed up secret. readOnly: true example: example_value SecretRestoreParameters: type: object description: The secret restore parameters. required: - value properties: value: type: string format: base64url description: The backup blob associated with a secret bundle. # ─────────────────────────────────────────────── # Certificate schemas # ─────────────────────────────────────────────── example: example_value CertificateAttributes: type: object description: The certificate management attributes. properties: enabled: type: boolean description: Determines whether the object is enabled. example: true nbf: type: integer format: unixtime description: Not before date in UTC. example: 10 exp: type: integer format: unixtime description: Expiry date in UTC. example: 10 created: type: integer format: unixtime description: Creation time in UTC. readOnly: true example: 10 updated: type: integer format: unixtime description: Last updated time in UTC. readOnly: true example: 10 recoveryLevel: $ref: '#/components/schemas/DeletionRecoveryLevel' recoverableDays: type: integer format: int32 description: >- softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. readOnly: true example: 10 IssuerParameters: type: object description: Parameters for the issuer of the X509 component of a certificate. properties: name: type: string description: >- Name of the referenced issuer object or reserved names; for example, 'Self' or 'Unknown'. example: Example Title cty: type: string description: >- Certificate type as supported by the provider (optional); for example 'OV-SSL', 'EV-SSL'. example: example_value cert_transparency: type: boolean description: >- Indicates if the certificates generated under this policy should be published to certificate transparency logs. example: true KeyProperties: type: object description: Properties of the key pair backing a certificate. properties: exportable: type: boolean description: Indicates if the private key can be exported. example: true kty: $ref: '#/components/schemas/JsonWebKeyType' key_size: type: integer format: int32 description: >- The key size in bits. For example: 2048, 3072, or 4096 for RSA. example: 10 reuse_key: type: boolean description: >- Indicates if the same key pair will be used on certificate renewal. example: true crv: $ref: '#/components/schemas/JsonWebKeyCurveName' SecretProperties: type: object description: Properties of the secret backing a certificate. properties: contentType: type: string description: The media type (MIME type). example: example_value SubjectAlternativeNames: type: object description: The Subject Alternative Names of a X509 object. properties: emails: type: array items: type: string description: Email addresses. example: user@example.com dns_names: type: array items: type: string description: Domain names. example: [] upns: type: array items: type: string description: User Principal Names. example: [] uris: type: array items: type: string description: Uniform Resource Identifiers. example: [] ipAddresses: type: array items: type: string description: IP addresses; supports IPv4 and IPv6. example: [] X509CertificateProperties: type: object description: Properties of the X509 component of a certificate. properties: subject: type: string description: >- The subject name. Should be a valid X509 distinguished name. example: example_value ekus: type: array items: type: string description: The enhanced key usage. example: [] sans: $ref: '#/components/schemas/SubjectAlternativeNames' key_usage: type: array items: type: string enum: - digitalSignature - nonRepudiation - keyEncipherment - dataEncipherment - keyAgreement - keyCertSign - cRLSign - encipherOnly - decipherOnly description: >- Defines how the certificate's key may be used. example: [] validity_months: type: integer format: int32 minimum: 0 description: The duration that the certificate is valid in months. example: 10 LifetimeAction: type: object description: >- Action and its trigger that will be performed by Key Vault over the lifetime of a certificate. properties: trigger: type: object description: The condition that will execute the action. properties: lifetime_percentage: type: integer format: int32 minimum: 1 maximum: 99 description: >- Percentage of lifetime at which to trigger. days_before_expiry: type: integer format: int32 description: Days before expiry to attempt renewal. example: example_value action: type: object description: The action that will be executed. properties: action_type: type: string enum: - EmailContacts - AutoRenew description: The type of the action. example: example_value CertificatePolicy: type: object description: Management policy for a certificate. properties: id: type: string description: The certificate id. readOnly: true example: abc123 key_props: $ref: '#/components/schemas/KeyProperties' secret_props: $ref: '#/components/schemas/SecretProperties' x509_props: $ref: '#/components/schemas/X509CertificateProperties' lifetime_actions: type: array items: $ref: '#/components/schemas/LifetimeAction' description: >- Actions that will be performed by Key Vault over the lifetime of a certificate. example: [] issuer: $ref: '#/components/schemas/IssuerParameters' attributes: $ref: '#/components/schemas/CertificateAttributes' CertificateBundle: type: object description: A certificate bundle consists of a certificate (X509) plus its attributes. properties: id: type: string description: The certificate id. example: abc123 kid: type: string description: The key id. example: '500123' sid: type: string description: The secret id. example: '500123' x5t: type: string format: base64url description: Thumbprint of the certificate. example: example_value cer: type: string format: byte description: CER contents of x509 certificate. example: example_value contentType: type: string description: The content type of the secret. example: example_value attributes: $ref: '#/components/schemas/CertificateAttributes' tags: type: object additionalProperties: type: string description: Application specific metadata in the form of key-value pairs. example: example_value policy: $ref: '#/components/schemas/CertificatePolicy' DeletedCertificateBundle: type: object description: A deleted certificate bundle consisting of its previous id, attributes, tags, and deletion information. allOf: - $ref: '#/components/schemas/CertificateBundle' properties: recoveryId: type: string description: The url of the recovery object, used to identify and recover the deleted certificate. example: '500123' scheduledPurgeDate: type: integer format: unixtime description: The time when the certificate is scheduled to be purged, in UTC. readOnly: true example: 10 deletedDate: type: integer format: unixtime description: The time when the certificate was deleted, in UTC. readOnly: true example: 10 CertificateCreateParameters: type: object description: The certificate create parameters. properties: policy: $ref: '#/components/schemas/CertificatePolicy' attributes: $ref: '#/components/schemas/CertificateAttributes' tags: type: object additionalProperties: type: string description: Application specific metadata in the form of key-value pairs. example: example_value CertificateImportParameters: type: object description: The certificate import parameters. required: - value properties: value: type: string description: >- Base64 encoded representation of the certificate object to import. This certificate needs to contain the private key. example: example_value pwd: type: string description: >- If the private key in base64EncodedCertificate is encrypted, the password used for encryption. example: example_value policy: $ref: '#/components/schemas/CertificatePolicy' attributes: $ref: '#/components/schemas/CertificateAttributes' tags: type: object additionalProperties: type: string description: Application specific metadata in the form of key-value pairs. example: example_value CertificateUpdateParameters: type: object description: The certificate update parameters. properties: policy: $ref: '#/components/schemas/CertificatePolicy' attributes: $ref: '#/components/schemas/CertificateAttributes' tags: type: object additionalProperties: type: string description: Application specific metadata in the form of key-value pairs. example: example_value CertificateOperation: type: object description: >- A certificate operation is returned in case of asynchronous requests. properties: id: type: string description: The certificate id. readOnly: true example: abc123 issuer: $ref: '#/components/schemas/IssuerParameters' csr: type: string format: byte description: >- The certificate signing request (CSR) that is being used in the certificate operation. example: example_value cancellation_requested: type: boolean description: >- Indicates if cancellation was requested on the certificate operation. example: true status: type: string description: Status of the certificate operation. example: example_value status_details: type: string description: The status details of the certificate operation. example: example_value error: $ref: '#/components/schemas/Error' target: type: string description: >- Location which contains the result of the certificate operation. example: example_value request_id: type: string description: Identifier for the certificate operation. example: '500123' CertificateItem: type: object description: The certificate item containing certificate metadata. properties: id: type: string description: Certificate identifier. example: abc123 attributes: $ref: '#/components/schemas/CertificateAttributes' tags: type: object additionalProperties: type: string description: Application specific metadata in the form of key-value pairs. example: example_value x5t: type: string format: base64url description: Thumbprint of the certificate. example: example_value subject: type: string description: The subject name of the certificate. example: example_value CertificateListResult: type: object description: The certificate list result. properties: value: type: array items: $ref: '#/components/schemas/CertificateItem' description: A list of certificates. readOnly: true example: [] nextLink: type: string description: The URL to get the next set of certificates. readOnly: true example: example_value externalDocs: description: Azure Key Vault REST API Reference url: https://learn.microsoft.com/en-us/rest/api/keyvault/