release - release
Releases a key.
The release key operation is applicable to all key types. The target key must be marked exportable. This operation requires the keys/release permission.
POST {vaultBaseUrl}/keys/{key-name}/{key-version}/release?api-version=2025-07-01URI Parameters
| Name | In | Required | Type | Description |
|---|---|---|---|---|
|
key-name
|
path | True |
string |
The name of the key to get. |
|
key-version
|
path | True |
string |
Adding the version parameter retrieves a specific version of a key. |
|
vault
|
path | True |
string (uri) |
|
|
api-version
|
query | True |
string minLength: 1 |
The API version to use for this operation. |
Request Body
| Name | Required | Type | Description |
|---|---|---|---|
| target | True |
string minLength: 1 |
The attestation assertion for the target of the key release. |
| enc |
The encryption algorithm to use to protected the exported key material |
||
| nonce |
string |
A client provided nonce for freshness. |
Responses
| Name | Type | Description |
|---|---|---|
| 200 OK |
The request has succeeded. |
|
| Other Status Codes |
An unexpected error response. |
Security
OAuth2Auth
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
| Name | Description |
|---|---|
| https://vault.azure.net/.default |
Examples
Release
Sample request
POST https://myvault.vault.azure.net//keys/exportable-aes-key/4eb68492b5f6421e835d961ad2be3155/release?api-version=2025-07-01
{
"target": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkdXQXkxNk5ieFJJQ3lCUzVKckJxRk5DdXdjS2YxYUVYbS1hUDVsUlJ4UEUiLCJqa3UiOiJodHRwOi8vbG9jYWxob3N0OjgwMjMva2V5cyJ9.eyJhYXMtZWhkIjoiZXlKclpYbHpJanBiZXlKbElqb2lRVkZCUWlJc0ltdGxlVjl2Y0hNaU9sc2laR1ZqY25sd2RDSXNJbVZ1WTNKNWNIUWlYU3dpYTJsa0lqb2lOVE16TmpReU5HTXRaV1kzWlMxaU1tRm1MVFU1WmprdE5HUXdPRGhtTURRMFpHVTFJaXdpYTNSNUlqb2lVbE5CSWl3aWJpSTZJbkJPYkhoWVNuRTNPSGRPUkVVd2FXMVNOa1JCWWs5alNrRXpUekp1UlZvNVdFaGtjMDVQTjB0b00xWlJRVTh5VWt0eFlqQk9iRXh4TVhwUFRVOTVZVlJPUW5rNWMzUTRjbG95TURWYU1EWTFjalY2YlRKa1FrSllkRkJUU21Sc1VtSm9WRXd0TlRCcWFFVXpiRUV4WjFVemVYcDJaR0o1U1Zob2NtMDNkWEJFVGtKemFXeFNlR1ZVUW1KUGNWOW1XSE5vT1dGMVVHeGxVM0pOWlZCR2JGbElkVmRNTjJacGNYWktiMHMyZUZSSVZFSmZUa2R1WjBWMlFrMTVPRGRxWlVsbExWbEJUbUYxWkRsRk5GYzFhWHBLZFVwNmJGOHhORkJFY1VWdWVGcFNTM0F5YW1WUGJsZEpTRXRVVm0wMWFsRmhiakZoTlVkdmJGWmxRV2szWlhoalNtRXlNaTFLZERSRWEwNHlWakZMTUZCZlR6YzJSME5ETjNCWlVYVlpTWEkxZFZWclExUmtWVVYxYmxKSWIyaFRWbTFHZVZGaldFSlVkVmxuUVdNMVJFZEpaVGQ1UjNSRFdtOW9WRjlsVmxGQ2NESldVU0lzSW5WelpTSTZJbVZ1WXlKOVhYMCIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODAyMy8iLCJzZ3gtbXJlbmNsYXZlIjoiMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMCIsInNneC1tcnNpZ25lciI6Ijg2Nzg4ZmU0MDQ0OGYyYTEyZTIwYmY4ZDVlN2ExYzMxMzliYzVmZGMxNDMyYjM3MGMxZGEzNDg5YWI2NDlhODUiLCJpcy1kZWJ1Z2dhYmxlIjp0cnVlLCJ0ZWUiOiJzZ3giLCJpYXQiOjE1ODc0MjUxNzMsImV4cCI6MTU4ODAyOTk3M30.CA9gO0kRMHt6e9xTKopwEnDt-Mc52oAAe6zicFwX3REZd5E0m3WzJuSYS8H9iKTGL1dfusflPx74C5xLTZiHe0D2YFHYoW3efEm3r55DwkpTbA6tbDjMY7OIC9XuC7prAf4nQ5hYRk0LATzwytYIZ-c-R08ZEt5CV5XqR5MuSDKWWslPm36BHD3l03VVNEEG4hC9KuCIZ2z9YK5ofGze-IY1J9x1EwnG-y_1RF6rDKENjOROOaOH9JvohHGIfK0FKVj8_7E6JxMTQMb7K-45GfE20tTVdCs4A4k3jXNrIRcGmSK5EMrB_LbHzk0PIc6sjl-VuPZVqGxhsaAyoH3cdA"
}
Sample response
{
"value": "ew0KICAgICAgICAiYXR0cmlidXRlcyI6IHsNCiAgICAgICAgICAiY3JlYXRlZCI6IDE1ODc0MjUxNzQsDQogICAgICAgICAgImVuYWJsZWQiOiB0cnVlLA0KICAgICAgICAgICJleHBvcnRhYmxlIjogdHJ1ZSwNCiAgICAgICAgICAicmVjb3ZlcmFibGVEYXlzIjogOTAsDQogICAgICAgICAgInJlY292ZXJ5TGV2ZWwiOiAiUmVjb3ZlcmFibGUrUHVyZ2VhYmxlIiwNCiAgICAgICAgICAidXBkYXRlZCI6IDE1ODc0MjUxNzQNCiAgICAgICAgfSwNCiAgICAgICAgImtleSI6IHsNCiAgICAgICAgICAia2V5X29wcyI6IFsNCiAgICAgICAgICAgICJkZWNyeXB0IiwNCiAgICAgICAgICAgICJlbmNyeXB0Ig0KICAgICAgICAgIF0sDQogICAgICAgICAgImtpZCI6ICJodHRwczovL215dmF1bHQudmF1bHQuYXp1cmUubmV0L2tleXMvZXhwb3J0YWJsZS1hZXMta2V5LzRlYjY4NDkyYjVmNjQyMWU4MzVkOTYxYWQyYmUzMTU1IiwNCiAgICAgICAgICAia3R5IjogIm9jdCIsDQogICAgICAgICAgImtleV9oc20iOiAiQ3hYM3FWVHQyMlp2andkUy1mbU1Tc0xwYVFROEljZkdBQzJUWVdvM0ZYSVBuT3JTbVpXZFdOM2dMTU5TTFV0VU9oWHF3WENlNmpPeEgyak1yNnN1TzRRMG1mckt1ckFCLUlDNWdiRFpHR0Q5WGtzckFreVlTLTBwNHA0STRRNFF4RU9DdENLWVBZV1d1OTFkZzV4ZzVhWWpWUnlSNUczQzZPMGhhb3RwMUZMMUZpT0IxUFZjVzlIY2hESWRITUZDc3pzYjMzcGJ2RHVZdkpYUFBxZFNJR0lUOFA4RXhWRzlfUndZVFpsMktqM01UU2JlOXpqT0VFVy1FbkE2UGhyMEVGTzBoOTRkV0swWTJ0UGh5ekdZT1NCU2NKQ1dJZHdEOWxUMWFhSE5GRTByU0xKOXd2MHFHZXpSMTBuRDdWN0FMWmlFc2NzckFjd3JXVHRtbUNKTUFJSnBHZjB1OXJOMV9KUWlYdU80UTlDZjRiNzNuU1Axa0lJQVBrWjNyNkZxbXJtOEY3TmVLaXMiDQogICAgICAgIH0sDQogICAgICAgICJyZWxlYXNlX3BvbGljeSI6IHsNCiAgICAgICAgICAiY29udGVudFR5cGUiOiAiYXBwbGljYXRpb24vanNvbjsgY2hhcnNldD11dGYtODsgdmVyc2lvbj0xLjAiLA0KICAgICAgICAgICJkYXRhIjogImV5QWlZVzU1VDJZaU9pQmJJSHNnSW1Gc2JFOW1Jam9nV3lCN0lDSmpiR0ZwYlNJNklDSjRMVzF6TFhObmVDMXRjbk5wWjI1bGNpSXNJQ0pqYjI1a2FYUnBiMjRpT2lBaVpYRjFZV3h6SWl3Z0luWmhiSFZsSWpvZ0lqZzJOemc0Wm1VME1EUTBPR1l5WVRFeVpUSXdZbVk0WkRWbE4yRXhZek14TXpsaVl6Vm1aR014TkRNeVlqTTNNR014WkdFek5EZzVZV0kyTkRsaE9EVWlJSDBzSUhzZ0ltTnNZV2x0SWpvZ0luZ3RiWE10YzJkNExXbHpMV1JsWW5WbloyRmliR1VpTENBaVkyOXVaR2wwYVc5dUlqb2dJbVZ4ZFdGc2N5SXNJQ0oyWVd4MVpTSTZJQ0ptWVd4elpTSWdmU0JkTENBaVlYVjBhRzl5YVhSNUlqb2dJbWgwZEhBNkx5OXNiMk5oYkdodmMzUTZPREF5TXk4aUlIMGdYU0I5Ig0KICAgICAgICB9DQogICAgICB9"
}Definitions
| Name | Description |
|---|---|
| Error | |
|
Key |
The encryption algorithm to use to protected the exported key material |
|
Key |
The release key parameters. |
|
Key |
The release result, containing the released key. |
|
Key |
The key vault error exception. |
Error
| Name | Type | Description |
|---|---|---|
| code |
string |
The error code. |
| innererror |
The key vault server error. |
|
| message |
string |
The error message. |
KeyEncryptionAlgorithm
The encryption algorithm to use to protected the exported key material
| Value | Description |
|---|---|
| CKM_RSA_AES_KEY_WRAP |
The CKM_RSA_AES_KEY_WRAP key wrap mechanism. |
| RSA_AES_KEY_WRAP_256 |
The RSA_AES_KEY_WRAP_256 key wrap mechanism. |
| RSA_AES_KEY_WRAP_384 |
The RSA_AES_KEY_WRAP_384 key wrap mechanism. |
KeyReleaseParameters
The release key parameters.
| Name | Type | Description |
|---|---|---|
| enc |
The encryption algorithm to use to protected the exported key material |
|
| nonce |
string |
A client provided nonce for freshness. |
| target |
string minLength: 1 |
The attestation assertion for the target of the key release. |
KeyReleaseResult
The release result, containing the released key.
| Name | Type | Description |
|---|---|---|
| value |
string |
A signed object containing the released key. |
KeyVaultError
The key vault error exception.
| Name | Type | Description |
|---|---|---|
| error |
The key vault server error. |