Secrets - Create

Service:

Front Door Service

API Version:

2023-05-01

Creates a new Secret within the specified profile.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Cdn/profiles/{profileName}/secrets/{secretName}?api-version=2023-05-01

URI Parameters

Name	In	Required	Type	Description
profileName	path	True	string	Name of the Azure Front Door Standard or Azure Front Door Premium profile which is unique within the resource group.
resourceGroupName	path	True	string	Name of the Resource group within the Azure subscription. Regex pattern: ^[-\w\._\(\)]+$
secretName	path	True	string	Name of the Secret under the profile.
subscriptionId	path	True	string	Azure Subscription ID.
api-version	query	True	string	Version of the API to be used with the client request. Current version is 2023-05-01.

Request Body

Name	Type	Description
properties.parameters	SecretParameters: UrlSigningKeyParameters ManagedCertificateParameters CustomerCertificateParameters AzureFirstPartyManagedCertificateParameters	object which contains secret parameters

Responses

Name	Type	Description
200 OK	Secret	OK
201 Created	Secret	Created. The request has been fulfilled and a new delivery rule has been created.
202 Accepted	Secret	Accepted. The request has been accepted for processing and the operation will complete asynchronously. Headers location: string
Other Status Codes	AfdErrorResponse	Azure Front Door error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

Secrets_Create

Sample Request

HTTP

PUT https://management.azure.com/subscriptions/subid/resourceGroups/RG/providers/Microsoft.Cdn/profiles/profile1/secrets/secret1?api-version=2023-05-01

{
  "properties": {
    "parameters": {
      "type": "CustomerCertificate",
      "secretVersion": "abcdef1234578900abcdef1234567890",
      "secretSource": {
        "id": "/subscriptions/subid/resourcegroups/RG/providers/Microsoft.KeyVault/vault/kvName/secrets/certificatename"
      },
      "useLatestVersion": false
    }
  }
}

Java

import com.azure.resourcemanager.cdn.fluent.models.SecretInner;
import com.azure.resourcemanager.cdn.models.CustomerCertificateParameters;
import com.azure.resourcemanager.cdn.models.ResourceReference;

/** Samples for Secrets Create. */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/cdn/resource-manager/Microsoft.Cdn/stable/2023-05-01/examples/Secrets_Create.json
     */
    /**
     * Sample code: Secrets_Create.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void secretsCreate(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.cdnProfiles().manager().serviceClient().getSecrets().create("RG", "profile1", "secret1", new SecretInner()
            .withParameters(new CustomerCertificateParameters().withSecretSource(new ResourceReference().withId(
                "/subscriptions/subid/resourcegroups/RG/providers/Microsoft.KeyVault/vault/kvName/secrets/certificatename"))
                .withSecretVersion("fakeTokenPlaceholder").withUseLatestVersion(false)),
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential
from azure.mgmt.cdn import CdnManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-cdn
# USAGE
    python secrets_create.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = CdnManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid",
    )

    response = client.secrets.begin_create(
        resource_group_name="RG",
        profile_name="profile1",
        secret_name="secret1",
        secret={
            "properties": {
                "parameters": {
                    "secretSource": {
                        "id": "/subscriptions/subid/resourcegroups/RG/providers/Microsoft.KeyVault/vault/kvName/secrets/certificatename"
                    },
                    "secretVersion": "abcdef1234578900abcdef1234567890",
                    "type": "CustomerCertificate",
                    "useLatestVersion": False,
                }
            }
        },
    ).result()
    print(response)


# x-ms-original-file: specification/cdn/resource-manager/Microsoft.Cdn/stable/2023-05-01/examples/Secrets_Create.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armcdn_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/cdn/armcdn/v2"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7b551033155a63739b6d28f79b9c07569f6179b8/specification/cdn/resource-manager/Microsoft.Cdn/stable/2023-05-01/examples/Secrets_Create.json
func ExampleSecretsClient_BeginCreate() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armcdn.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewSecretsClient().BeginCreate(ctx, "RG", "profile1", "secret1", armcdn.Secret{
		Properties: &armcdn.SecretProperties{
			Parameters: &armcdn.CustomerCertificateParameters{
				Type: to.Ptr(armcdn.SecretTypeCustomerCertificate),
				SecretSource: &armcdn.ResourceReference{
					ID: to.Ptr("/subscriptions/subid/resourcegroups/RG/providers/Microsoft.KeyVault/vault/kvName/secrets/certificatename"),
				},
				SecretVersion:    to.Ptr("abcdef1234578900abcdef1234567890"),
				UseLatestVersion: to.Ptr(false),
			},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.Secret = armcdn.Secret{
	// 	Name: to.Ptr("secret1"),
	// 	Type: to.Ptr("Microsoft.Cdn/profiles/secrets"),
	// 	ID: to.Ptr("/subscriptions/subid/resourcegroups/RG/providers/Microsoft.Cdn/profiles/profile1/secrets/secret1"),
	// 	Properties: &armcdn.SecretProperties{
	// 		DeploymentStatus: to.Ptr(armcdn.DeploymentStatusNotStarted),
	// 		ProvisioningState: to.Ptr(armcdn.AfdProvisioningStateSucceeded),
	// 		Parameters: &armcdn.CustomerCertificateParameters{
	// 			Type: to.Ptr(armcdn.SecretTypeCustomerCertificate),
	// 			CertificateAuthority: to.Ptr("Symantec"),
	// 			ExpirationDate: to.Ptr("2025-01-01T00:00:00-00:00"),
	// 			SecretSource: &armcdn.ResourceReference{
	// 				ID: to.Ptr("/subscriptions/subid/resourcegroups/RG/providers/Microsoft.KeyVault/vaults/keyvaultname/secrets/certificatename"),
	// 			},
	// 			SecretVersion: to.Ptr("abcdef1234578900abcdef1234567890"),
	// 			Subject: to.Ptr("*.contoso.com"),
	// 			SubjectAlternativeNames: []*string{
	// 				to.Ptr("foo.contoso.com"),
	// 				to.Ptr("www3.foo.contoso.com")},
	// 				Thumbprint: to.Ptr("ABCDEF1234567890ABCDEF1234567890ABCDEF12"),
	// 				UseLatestVersion: to.Ptr(true),
	// 			},
	// 		},
	// 	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { CdnManagementClient } = require("@azure/arm-cdn");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates a new Secret within the specified profile.
 *
 * @summary Creates a new Secret within the specified profile.
 * x-ms-original-file: specification/cdn/resource-manager/Microsoft.Cdn/stable/2023-05-01/examples/Secrets_Create.json
 */
async function secretsCreate() {
  const subscriptionId = process.env["CDN_SUBSCRIPTION_ID"] || "subid";
  const resourceGroupName = process.env["CDN_RESOURCE_GROUP"] || "RG";
  const profileName = "profile1";
  const secretName = "secret1";
  const secret = {
    parameters: {
      type: "CustomerCertificate",
      secretSource: {
        id: "/subscriptions/subid/resourcegroups/RG/providers/Microsoft.KeyVault/vault/kvName/secrets/certificatename",
      },
      secretVersion: "abcdef1234578900abcdef1234567890",
      useLatestVersion: false,
    },
  };
  const credential = new DefaultAzureCredential();
  const client = new CdnManagementClient(credential, subscriptionId);
  const result = await client.secrets.beginCreateAndWait(
    resourceGroupName,
    profileName,
    secretName,
    secret
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "name": "secret1",
  "id": "/subscriptions/subid/resourcegroups/RG/providers/Microsoft.Cdn/profiles/profile1/secrets/secret1",
  "type": "Microsoft.Cdn/profiles/secrets",
  "properties": {
    "parameters": {
      "type": "CustomerCertificate",
      "subject": "*.contoso.com",
      "certificateAuthority": "Symantec",
      "expirationDate": "2025-01-01T00:00:00-00:00",
      "thumbprint": "ABCDEF1234567890ABCDEF1234567890ABCDEF12",
      "secretSource": {
        "id": "/subscriptions/subid/resourcegroups/RG/providers/Microsoft.KeyVault/vaults/keyvaultname/secrets/certificatename"
      },
      "secretVersion": "abcdef1234578900abcdef1234567890",
      "useLatestVersion": true,
      "subjectAlternativeNames": [
        "foo.contoso.com",
        "www3.foo.contoso.com"
      ]
    },
    "provisioningState": "Succeeded",
    "deploymentStatus": "NotStarted"
  }
}

Status code:

201

{
  "name": "secret1",
  "id": "/subscriptions/subid/resourcegroups/RG/providers/Microsoft.Cdn/profiles/profile1/secrets/secret1",
  "type": "Microsoft.Cdn/profiles/secrets",
  "properties": {
    "parameters": {
      "type": "CustomerCertificate",
      "subject": "*.contoso.com",
      "certificateAuthority": "Symantec",
      "expirationDate": "2025-01-01T00:00:00-00:00",
      "thumbprint": "ABCDEF1234567890ABCDEF1234567890ABCDEF12",
      "secretSource": {
        "id": "/subscriptions/subid/resourcegroups/RG/providers/Microsoft.KeyVault/vaults/keyvaultname/secrets/certificatename"
      },
      "secretVersion": "abcdef1234578900abcdef1234567890",
      "useLatestVersion": true,
      "subjectAlternativeNames": [
        "foo.contoso.com",
        "www3.foo.contoso.com"
      ]
    },
    "provisioningState": "Succeeded",
    "deploymentStatus": "NotStarted"
  }
}

Status code:

202

azure-asyncoperation: https://management.azure.com/subscriptions/subid/resourcegroups/resourceGroupName/providers/Microsoft.Cdn/operationresults/operationId?api-version=2023-05-01

Response Body

{
  "name": "secret1",
  "id": "/subscriptions/subid/resourcegroups/RG/providers/Microsoft.Cdn/profiles/profile1/secrets/secret1",
  "type": "Microsoft.Cdn/profiles/secrets",
  "properties": {
    "parameters": {
      "type": "CustomerCertificate",
      "subject": "*.contoso.com",
      "certificateAuthority": "Symantec",
      "expirationDate": "2025-01-01T00:00:00-00:00",
      "thumbprint": "ABCDEF1234567890ABCDEF1234567890ABCDEF12",
      "secretSource": {
        "id": "/subscriptions/subid/resourcegroups/RG/providers/Microsoft.KeyVault/vaults/keyvaultname/secrets/certificatename"
      },
      "secretVersion": "abcdef1234578900abcdef1234567890",
      "useLatestVersion": true,
      "subjectAlternativeNames": [
        "foo.contoso.com",
        "www3.foo.contoso.com"
      ]
    },
    "provisioningState": "Succeeded",
    "deploymentStatus": "NotStarted"
  }
}

Definitions

Name	Description
AfdErrorResponse	Error response
AfdProvisioningState	Provisioning status
AzureFirstPartyManagedCertificateParameters	Azure FirstParty Managed Certificate provided by other first party resource providers to enable HTTPS.
CustomerCertificateParameters	Customer Certificate used for https
DeploymentStatus
ErrorAdditionalInfo	The resource management error additional info.
ErrorDetail	The error detail.
IdentityType	The type of identity that creates/modifies resources
ManagedCertificateParameters	Managed Certificate used for https
ResourceReference	Reference to another resource.
Secret	Friendly Secret name mapping to the any Secret or secret related information.
SecretType	The type of the secret resource.
SystemData	Read only system data
UrlSigningKeyParameters	Url signing key parameters

AfdErrorResponse

Error response

Name	Type	Description
error	ErrorDetail	The error object.

AfdProvisioningState

Provisioning status

Name	Type	Description
Creating	string
Deleting	string
Failed	string
Succeeded	string
Updating	string

AzureFirstPartyManagedCertificateParameters

Azure FirstParty Managed Certificate provided by other first party resource providers to enable HTTPS.

Name	Type	Description
certificateAuthority	string	Certificate issuing authority.
expirationDate	string	Certificate expiration date.
secretSource	ResourceReference	Resource reference to the Azure Key Vault certificate. Expected to be in format of /subscriptions/{​​​​​​​​​subscriptionId}​​​​​​​​​/resourceGroups/{​​​​​​​​​resourceGroupName}​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​/providers/Microsoft.KeyVault/vaults/{vaultName}​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​/secrets/{certificateName}​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​
subject	string	Subject name in the certificate.
subjectAlternativeNames	string[]	The list of SANs.
thumbprint	string	Certificate thumbprint.
type	string: AzureFirstPartyManagedCertificate	The type of the secret resource.

CustomerCertificateParameters

Customer Certificate used for https

Name	Type	Description
certificateAuthority	string	Certificate issuing authority.
expirationDate	string	Certificate expiration date.
secretSource	ResourceReference	Resource reference to the Azure Key Vault certificate. Expected to be in format of /subscriptions/{​​​​​​​​​subscriptionId}​​​​​​​​​/resourceGroups/{​​​​​​​​​resourceGroupName}​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​/providers/Microsoft.KeyVault/vaults/{vaultName}​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​/secrets/{certificateName}​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​
secretVersion	string	Version of the secret to be used
subject	string	Subject name in the certificate.
subjectAlternativeNames	string[]	The list of SANs.
thumbprint	string	Certificate thumbprint.
type	string: CustomerCertificate	The type of the secret resource.
useLatestVersion	boolean	Whether to use the latest version for the certificate

DeploymentStatus

Name	Type	Description
Failed	string
InProgress	string
NotStarted	string
Succeeded	string

ErrorAdditionalInfo

The resource management error additional info.

Name	Type	Description
info	object	The additional info.
type	string	The additional info type.

ErrorDetail

The error detail.

Name	Type	Description
additionalInfo	ErrorAdditionalInfo[]	The error additional info.
code	string	The error code.
details	ErrorDetail[]	The error details.
message	string	The error message.
target	string	The error target.

IdentityType

The type of identity that creates/modifies resources

Name	Type	Description
application	string
key	string
managedIdentity	string
user	string

ManagedCertificateParameters

Managed Certificate used for https

Name	Type	Description
expirationDate	string	Certificate expiration date.
subject	string	Subject name in the certificate.
type	string: ManagedCertificate	The type of the secret resource.

ResourceReference

Reference to another resource.

Name	Type	Description
id	string	Resource ID.

Secret

Friendly Secret name mapping to the any Secret or secret related information.

Name	Type	Description
id	string	Resource ID.
name	string	Resource name.
properties.deploymentStatus	DeploymentStatus
properties.parameters	SecretParameters: AzureFirstPartyManagedCertificateParameters CustomerCertificateParameters ManagedCertificateParameters UrlSigningKeyParameters	object which contains secret parameters
properties.profileName	string	The name of the profile which holds the secret.
properties.provisioningState	AfdProvisioningState	Provisioning status
systemData	SystemData	Read only system data
type	string	Resource type.

SecretType

The type of the secret resource.

Name	Type	Description
AzureFirstPartyManagedCertificate	string
CustomerCertificate	string
ManagedCertificate	string
UrlSigningKey	string

SystemData

Read only system data

Name	Type	Description
createdAt	string	The timestamp of resource creation (UTC)
createdBy	string	An identifier for the identity that created the resource
createdByType	IdentityType	The type of identity that created the resource
lastModifiedAt	string	The timestamp of resource last modification (UTC)
lastModifiedBy	string	An identifier for the identity that last modified the resource
lastModifiedByType	IdentityType	The type of identity that last modified the resource

UrlSigningKeyParameters

Url signing key parameters

Name	Type	Description
keyId	string	Defines the customer defined key Id. This id will exist in the incoming request to indicate the key used to form the hash.
secretSource	ResourceReference	Resource reference to the Azure Key Vault secret. Expected to be in format of /subscriptions/{​​​​​​​​​subscriptionId}​​​​​​​​​/resourceGroups/{​​​​​​​​​resourceGroupName}​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​/providers/Microsoft.KeyVault/vaults/{vaultName}​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​/secrets/{secretName}​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​
secretVersion	string	Version of the secret to be used
type	string: UrlSigningKey	The type of the secret resource.