Secrets - Create

Service:

Front Door Service

API Version:

2025-04-15

Creates a new Secret within the specified profile.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Cdn/profiles/{profileName}/secrets/{secretName}?api-version=2025-04-15

URI Parameters

Name	In	Required	Type	Description
profileName	path	True	string minLength: 1 maxLength: 260 pattern: ^[a-zA-Z0-9]+(-*[a-zA-Z0-9])*$	Name of the Azure Front Door Standard or Azure Front Door Premium which is unique within the resource group.
resourceGroupName	path	True	string minLength: 1 maxLength: 90 pattern: ^[-\w\._\(\)]+$	Name of the Resource group within the Azure subscription.
secretName	path	True	string	Name of the Secret under the profile.
subscriptionId	path	True	string	Azure Subscription ID.
api-version	query	True	string	Version of the API to be used with the client request. Current version is 2025-04-15.

Request Body

Name	Type	Description
properties.parameters	SecretParameters: UrlSigningKeyParameters ManagedCertificateParameters CustomerCertificateParameters AzureFirstPartyManagedCertificateParameters	object which contains secret parameters

Responses

Name	Type	Description
200 OK	Secret	OK
201 Created	Secret	Created. The request has been fulfilled and a new delivery rule has been created.
202 Accepted	Secret	Accepted. The request has been accepted for processing and the operation will complete asynchronously. Headers location: string
Other Status Codes	AfdErrorResponse	Azure Front Door error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

Secrets_Create

Sample request

HTTP

PUT https://management.azure.com/subscriptions/subid/resourceGroups/RG/providers/Microsoft.Cdn/profiles/profile1/secrets/secret1?api-version=2025-04-15

{
  "properties": {
    "parameters": {
      "type": "CustomerCertificate",
      "secretVersion": "abcdef1234578900abcdef1234567890",
      "secretSource": {
        "id": "/subscriptions/subid/resourcegroups/RG/providers/Microsoft.KeyVault/vault/kvName/secrets/certificatename"
      },
      "useLatestVersion": false
    }
  }
}

Sample response

Status code:

200

{
  "name": "secret1",
  "id": "/subscriptions/subid/resourcegroups/RG/providers/Microsoft.Cdn/profiles/profile1/secrets/secret1",
  "type": "Microsoft.Cdn/profiles/secrets",
  "properties": {
    "parameters": {
      "type": "CustomerCertificate",
      "subject": "*.contoso.com",
      "certificateAuthority": "Symantec",
      "expirationDate": "2025-01-01T00:00:00-00:00",
      "thumbprint": "ABCDEF1234567890ABCDEF1234567890ABCDEF12",
      "secretSource": {
        "id": "/subscriptions/subid/resourcegroups/RG/providers/Microsoft.KeyVault/vaults/keyvaultname/secrets/certificatename"
      },
      "secretVersion": "abcdef1234578900abcdef1234567890",
      "useLatestVersion": true,
      "subjectAlternativeNames": [
        "foo.contoso.com",
        "www3.foo.contoso.com"
      ]
    },
    "provisioningState": "Succeeded",
    "deploymentStatus": "NotStarted"
  }
}

Status code:

201

{
  "name": "secret1",
  "id": "/subscriptions/subid/resourcegroups/RG/providers/Microsoft.Cdn/profiles/profile1/secrets/secret1",
  "type": "Microsoft.Cdn/profiles/secrets",
  "properties": {
    "parameters": {
      "type": "CustomerCertificate",
      "subject": "*.contoso.com",
      "certificateAuthority": "Symantec",
      "expirationDate": "2025-01-01T00:00:00-00:00",
      "thumbprint": "ABCDEF1234567890ABCDEF1234567890ABCDEF12",
      "secretSource": {
        "id": "/subscriptions/subid/resourcegroups/RG/providers/Microsoft.KeyVault/vaults/keyvaultname/secrets/certificatename"
      },
      "secretVersion": "abcdef1234578900abcdef1234567890",
      "useLatestVersion": true,
      "subjectAlternativeNames": [
        "foo.contoso.com",
        "www3.foo.contoso.com"
      ]
    },
    "provisioningState": "Succeeded",
    "deploymentStatus": "NotStarted"
  }
}

Status code:

202

azure-asyncoperation: https://management.azure.com/subscriptions/subid/resourcegroups/resourceGroupName/providers/Microsoft.Cdn/operationresults/operationId?api-version=2025-04-15

{
  "name": "secret1",
  "id": "/subscriptions/subid/resourcegroups/RG/providers/Microsoft.Cdn/profiles/profile1/secrets/secret1",
  "type": "Microsoft.Cdn/profiles/secrets",
  "properties": {
    "parameters": {
      "type": "CustomerCertificate",
      "subject": "*.contoso.com",
      "certificateAuthority": "Symantec",
      "expirationDate": "2025-01-01T00:00:00-00:00",
      "thumbprint": "ABCDEF1234567890ABCDEF1234567890ABCDEF12",
      "secretSource": {
        "id": "/subscriptions/subid/resourcegroups/RG/providers/Microsoft.KeyVault/vaults/keyvaultname/secrets/certificatename"
      },
      "secretVersion": "abcdef1234578900abcdef1234567890",
      "useLatestVersion": true,
      "subjectAlternativeNames": [
        "foo.contoso.com",
        "www3.foo.contoso.com"
      ]
    },
    "provisioningState": "Succeeded",
    "deploymentStatus": "NotStarted"
  }
}

Definitions

Name	Description
AfdErrorResponse	Error response
AfdProvisioningState	Provisioning status
AzureFirstPartyManagedCertificateParameters	Azure FirstParty Managed Certificate provided by other first party resource providers to enable HTTPS.
CustomerCertificateParameters	Customer Certificate used for https
DeploymentStatus
ErrorAdditionalInfo	The resource management error additional info.
ErrorDetail	The error detail.
IdentityType	The type of identity that creates/modifies resources
ManagedCertificateParameters	Managed Certificate used for https
ResourceReference	Reference to another resource.
Secret	Friendly Secret name mapping to the any Secret or secret related information.
SecretType	The type of the secret resource.
SystemData	Read only system data
UrlSigningKeyParameters	Url signing key parameters

AfdErrorResponse

Object

Error response

Name	Type	Description
error	ErrorDetail	The error object.

AfdProvisioningState

Enumeration

Provisioning status

Value	Description
Succeeded
Failed
Updating
Deleting
Creating

AzureFirstPartyManagedCertificateParameters

Object

Azure FirstParty Managed Certificate provided by other first party resource providers to enable HTTPS.

Name	Type	Description
certificateAuthority	string	Certificate issuing authority.
expirationDate	string	Certificate expiration date.
secretSource	ResourceReference	Resource reference to the Azure Key Vault certificate. Expected to be in format of /subscriptions/{​​​​​​​​​subscriptionId}​​​​​​​​​/resourceGroups/{​​​​​​​​​resourceGroupName}​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​/providers/Microsoft.KeyVault/vaults/{vaultName}​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​/secrets/{certificateName}​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​
subject	string	Subject name in the certificate.
subjectAlternativeNames	string[]	The list of SANs.
thumbprint	string	Certificate thumbprint.
type	string: AzureFirstPartyManagedCertificate	The type of the secret resource.

CustomerCertificateParameters

Object

Customer Certificate used for https

Name	Type	Description
certificateAuthority	string	Certificate issuing authority.
expirationDate	string	Certificate expiration date.
secretSource	ResourceReference	Resource reference to the Azure Key Vault certificate. Expected to be in format of /subscriptions/{​​​​​​​​​subscriptionId}​​​​​​​​​/resourceGroups/{​​​​​​​​​resourceGroupName}​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​/providers/Microsoft.KeyVault/vaults/{vaultName}​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​/secrets/{certificateName}​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​
secretVersion	string	Version of the secret to be used
subject	string	Subject name in the certificate.
subjectAlternativeNames	string[]	The list of SANs.
thumbprint	string	Certificate thumbprint.
type	string: CustomerCertificate	The type of the secret resource.
useLatestVersion	boolean	Whether to use the latest version for the certificate

DeploymentStatus

Enumeration

Value	Description
NotStarted
InProgress
Succeeded
Failed

ErrorAdditionalInfo

Object

The resource management error additional info.

Name	Type	Description
info	object	The additional info.
type	string	The additional info type.

ErrorDetail

Object

The error detail.

Name	Type	Description
additionalInfo	ErrorAdditionalInfo[]	The error additional info.
code	string	The error code.
details	ErrorDetail[]	The error details.
message	string	The error message.
target	string	The error target.

IdentityType

Enumeration

The type of identity that creates/modifies resources

Value	Description
user
application
managedIdentity
key

ManagedCertificateParameters

Object

Managed Certificate used for https

Name	Type	Description
expirationDate	string	Certificate expiration date.
subject	string	Subject name in the certificate.
type	string: ManagedCertificate	The type of the secret resource.

ResourceReference

Object

Reference to another resource.

Name	Type	Description
id	string	Resource ID.

Secret

Object

Friendly Secret name mapping to the any Secret or secret related information.

Name	Type	Description
id	string	Resource ID.
name	string	Resource name.
properties.deploymentStatus	DeploymentStatus
properties.parameters	SecretParameters: AzureFirstPartyManagedCertificateParameters CustomerCertificateParameters ManagedCertificateParameters UrlSigningKeyParameters	object which contains secret parameters
properties.profileName	string	The name of the profile which holds the secret.
properties.provisioningState	AfdProvisioningState	Provisioning status
systemData	SystemData	Read only system data
type	string	Resource type.

SecretType

Enumeration

The type of the secret resource.

Value	Description
UrlSigningKey
CustomerCertificate
ManagedCertificate
AzureFirstPartyManagedCertificate

SystemData

Object

Read only system data

Name	Type	Description
createdAt	string (date-time)	The timestamp of resource creation (UTC)
createdBy	string	An identifier for the identity that created the resource
createdByType	IdentityType	The type of identity that created the resource
lastModifiedAt	string (date-time)	The timestamp of resource last modification (UTC)
lastModifiedBy	string	An identifier for the identity that last modified the resource
lastModifiedByType	IdentityType	The type of identity that last modified the resource

UrlSigningKeyParameters

Object

Url signing key parameters

Name	Type	Description
keyId	string	Defines the customer defined key Id. This id will exist in the incoming request to indicate the key used to form the hash.
secretSource	ResourceReference	Resource reference to the Azure Key Vault secret. Expected to be in format of /subscriptions/{​​​​​​​​​subscriptionId}​​​​​​​​​/resourceGroups/{​​​​​​​​​resourceGroupName}​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​/providers/Microsoft.KeyVault/vaults/{vaultName}​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​/secrets/{secretName}​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​
secretVersion	string	Version of the secret to be used
type	string: UrlSigningKey	The type of the secret resource.