release - release
Releases a key.
The release key operation is applicable to all key types. The target key must be marked exportable. This operation requires the keys/release permission.
POST {vaultBaseUrl}/keys/{key-name}/{key-version}/release?api-version=7.4
URI Parameters
Name | In | Required | Type | Description |
---|---|---|---|---|
key-name
|
path | True |
string |
The name of the key to get. |
key-version
|
path | True |
string |
Adding the version parameter retrieves a specific version of a key. |
vault
|
path | True |
string |
The vault name, for example https://myvault.vault.azure.net. |
api-version
|
query | True |
string |
Client API version. |
Request Body
Name | Required | Type | Description |
---|---|---|---|
target | True |
string |
The attestation assertion for the target of the key release. |
enc |
The encryption algorithm to use to protected the exported key material |
||
nonce |
string |
A client provided nonce for freshness. |
Responses
Name | Type | Description |
---|---|---|
200 OK |
A JWS containing the key, its attributes, the result of the key release, and information about the request. |
|
Other Status Codes |
Key Vault error response describing why the operation failed. |
Examples
Release
Sample request
POST https://myvault.vault.azure.net//keys/exportable-aes-key/4eb68492b5f6421e835d961ad2be3155/release?api-version=7.4
{
"target": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkdXQXkxNk5ieFJJQ3lCUzVKckJxRk5DdXdjS2YxYUVYbS1hUDVsUlJ4UEUiLCJqa3UiOiJodHRwOi8vbG9jYWxob3N0OjgwMjMva2V5cyJ9.eyJhYXMtZWhkIjoiZXlKclpYbHpJanBiZXlKbElqb2lRVkZCUWlJc0ltdGxlVjl2Y0hNaU9sc2laR1ZqY25sd2RDSXNJbVZ1WTNKNWNIUWlYU3dpYTJsa0lqb2lOVE16TmpReU5HTXRaV1kzWlMxaU1tRm1MVFU1WmprdE5HUXdPRGhtTURRMFpHVTFJaXdpYTNSNUlqb2lVbE5CSWl3aWJpSTZJbkJPYkhoWVNuRTNPSGRPUkVVd2FXMVNOa1JCWWs5alNrRXpUekp1UlZvNVdFaGtjMDVQTjB0b00xWlJRVTh5VWt0eFlqQk9iRXh4TVhwUFRVOTVZVlJPUW5rNWMzUTRjbG95TURWYU1EWTFjalY2YlRKa1FrSllkRkJUU21Sc1VtSm9WRXd0TlRCcWFFVXpiRUV4WjFVemVYcDJaR0o1U1Zob2NtMDNkWEJFVGtKemFXeFNlR1ZVUW1KUGNWOW1XSE5vT1dGMVVHeGxVM0pOWlZCR2JGbElkVmRNTjJacGNYWktiMHMyZUZSSVZFSmZUa2R1WjBWMlFrMTVPRGRxWlVsbExWbEJUbUYxWkRsRk5GYzFhWHBLZFVwNmJGOHhORkJFY1VWdWVGcFNTM0F5YW1WUGJsZEpTRXRVVm0wMWFsRmhiakZoTlVkdmJGWmxRV2szWlhoalNtRXlNaTFLZERSRWEwNHlWakZMTUZCZlR6YzJSME5ETjNCWlVYVlpTWEkxZFZWclExUmtWVVYxYmxKSWIyaFRWbTFHZVZGaldFSlVkVmxuUVdNMVJFZEpaVGQ1UjNSRFdtOW9WRjlsVmxGQ2NESldVU0lzSW5WelpTSTZJbVZ1WXlKOVhYMCIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODAyMy8iLCJzZ3gtbXJlbmNsYXZlIjoiMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMCIsInNneC1tcnNpZ25lciI6Ijg2Nzg4ZmU0MDQ0OGYyYTEyZTIwYmY4ZDVlN2ExYzMxMzliYzVmZGMxNDMyYjM3MGMxZGEzNDg5YWI2NDlhODUiLCJpcy1kZWJ1Z2dhYmxlIjp0cnVlLCJ0ZWUiOiJzZ3giLCJpYXQiOjE1ODc0MjUxNzMsImV4cCI6MTU4ODAyOTk3M30.CA9gO0kRMHt6e9xTKopwEnDt-Mc52oAAe6zicFwX3REZd5E0m3WzJuSYS8H9iKTGL1dfusflPx74C5xLTZiHe0D2YFHYoW3efEm3r55DwkpTbA6tbDjMY7OIC9XuC7prAf4nQ5hYRk0LATzwytYIZ-c-R08ZEt5CV5XqR5MuSDKWWslPm36BHD3l03VVNEEG4hC9KuCIZ2z9YK5ofGze-IY1J9x1EwnG-y_1RF6rDKENjOROOaOH9JvohHGIfK0FKVj8_7E6JxMTQMb7K-45GfE20tTVdCs4A4k3jXNrIRcGmSK5EMrB_LbHzk0PIc6sjl-VuPZVqGxhsaAyoH3cdA"
}
Sample response
{
"value": "ew0KICAgICAgICAiYXR0cmlidXRlcyI6IHsNCiAgICAgICAgICAiY3JlYXRlZCI6IDE1ODc0MjUxNzQsDQogICAgICAgICAgImVuYWJsZWQiOiB0cnVlLA0KICAgICAgICAgICJleHBvcnRhYmxlIjogdHJ1ZSwNCiAgICAgICAgICAicmVjb3ZlcmFibGVEYXlzIjogOTAsDQogICAgICAgICAgInJlY292ZXJ5TGV2ZWwiOiAiUmVjb3ZlcmFibGUrUHVyZ2VhYmxlIiwNCiAgICAgICAgICAidXBkYXRlZCI6IDE1ODc0MjUxNzQNCiAgICAgICAgfSwNCiAgICAgICAgImtleSI6IHsNCiAgICAgICAgICAia2V5X29wcyI6IFsNCiAgICAgICAgICAgICJkZWNyeXB0IiwNCiAgICAgICAgICAgICJlbmNyeXB0Ig0KICAgICAgICAgIF0sDQogICAgICAgICAgImtpZCI6ICJodHRwczovL215dmF1bHQudmF1bHQuYXp1cmUubmV0L2tleXMvZXhwb3J0YWJsZS1hZXMta2V5LzRlYjY4NDkyYjVmNjQyMWU4MzVkOTYxYWQyYmUzMTU1IiwNCiAgICAgICAgICAia3R5IjogIm9jdCIsDQogICAgICAgICAgImtleV9oc20iOiAiQ3hYM3FWVHQyMlp2andkUy1mbU1Tc0xwYVFROEljZkdBQzJUWVdvM0ZYSVBuT3JTbVpXZFdOM2dMTU5TTFV0VU9oWHF3WENlNmpPeEgyak1yNnN1TzRRMG1mckt1ckFCLUlDNWdiRFpHR0Q5WGtzckFreVlTLTBwNHA0STRRNFF4RU9DdENLWVBZV1d1OTFkZzV4ZzVhWWpWUnlSNUczQzZPMGhhb3RwMUZMMUZpT0IxUFZjVzlIY2hESWRITUZDc3pzYjMzcGJ2RHVZdkpYUFBxZFNJR0lUOFA4RXhWRzlfUndZVFpsMktqM01UU2JlOXpqT0VFVy1FbkE2UGhyMEVGTzBoOTRkV0swWTJ0UGh5ekdZT1NCU2NKQ1dJZHdEOWxUMWFhSE5GRTByU0xKOXd2MHFHZXpSMTBuRDdWN0FMWmlFc2NzckFjd3JXVHRtbUNKTUFJSnBHZjB1OXJOMV9KUWlYdU80UTlDZjRiNzNuU1Axa0lJQVBrWjNyNkZxbXJtOEY3TmVLaXMiDQogICAgICAgIH0sDQogICAgICAgICJyZWxlYXNlX3BvbGljeSI6IHsNCiAgICAgICAgICAiY29udGVudFR5cGUiOiAiYXBwbGljYXRpb24vanNvbjsgY2hhcnNldD11dGYtODsgdmVyc2lvbj0xLjAiLA0KICAgICAgICAgICJkYXRhIjogImV5QWlZVzU1VDJZaU9pQmJJSHNnSW1Gc2JFOW1Jam9nV3lCN0lDSmpiR0ZwYlNJNklDSjRMVzF6TFhObmVDMXRjbk5wWjI1bGNpSXNJQ0pqYjI1a2FYUnBiMjRpT2lBaVpYRjFZV3h6SWl3Z0luWmhiSFZsSWpvZ0lqZzJOemc0Wm1VME1EUTBPR1l5WVRFeVpUSXdZbVk0WkRWbE4yRXhZek14TXpsaVl6Vm1aR014TkRNeVlqTTNNR014WkdFek5EZzVZV0kyTkRsaE9EVWlJSDBzSUhzZ0ltTnNZV2x0SWpvZ0luZ3RiWE10YzJkNExXbHpMV1JsWW5WbloyRmliR1VpTENBaVkyOXVaR2wwYVc5dUlqb2dJbVZ4ZFdGc2N5SXNJQ0oyWVd4MVpTSTZJQ0ptWVd4elpTSWdmU0JkTENBaVlYVjBhRzl5YVhSNUlqb2dJbWgwZEhBNkx5OXNiMk5oYkdodmMzUTZPREF5TXk4aUlIMGdYU0I5Ig0KICAgICAgICB9DQogICAgICB9"
}
Definitions
Name | Description |
---|---|
Error |
The key vault server error. |
Key |
The encryption algorithm to use to protected the exported key material |
Key |
The release key parameters. |
Key |
The release result, containing the released key. |
Key |
The key vault error exception. |
Error
The key vault server error.
Name | Type | Description |
---|---|---|
code |
string |
The error code. |
innererror |
The key vault server error. |
|
message |
string |
The error message. |
KeyEncryptionAlgorithm
The encryption algorithm to use to protected the exported key material
Name | Type | Description |
---|---|---|
CKM_RSA_AES_KEY_WRAP |
string |
|
RSA_AES_KEY_WRAP_256 |
string |
|
RSA_AES_KEY_WRAP_384 |
string |
KeyReleaseParameters
The release key parameters.
Name | Type | Description |
---|---|---|
enc |
The encryption algorithm to use to protected the exported key material |
|
nonce |
string |
A client provided nonce for freshness. |
target |
string |
The attestation assertion for the target of the key release. |
KeyReleaseResult
The release result, containing the released key.
Name | Type | Description |
---|---|---|
value |
string |
A signed object containing the released key. |
KeyVaultError
The key vault error exception.
Name | Type | Description |
---|---|---|
error |
The key vault server error. |