Use Key Vault to safeguard and manage cryptographic keys, certificates and secrets used by cloud applications and services.
Key Vault operations
| Operation |
Description |
| Check Name Availability |
Checks that the vault name is valid and is not already in use. |
| Create Or Update |
Create or update a key vault in the specified subscription. |
| Update Access Policy |
Update access policies in a key vault in the specified subscription. |
| Get |
Gets the specified Azure key vault. |
| List |
The List operation gets information about the vaults associated with the subscription. |
| List By Resource Group |
The List operation gets information about the vaults associated with the subscription and within the specified resource group. |
| List By Subscription |
The List operation gets information about the vaults associated with the subscription. |
| Update |
Update a key vault in the specified subscription. |
| Delete |
Deletes the specified Azure key vault. |
| Get Deleted |
Gets the deleted Azure key vault. |
| List Deleted |
Gets information about the deleted vaults in a subscription. |
| Purge |
Permanently deletes the specified vault. |
Private link operations
| Operation |
Description |
| List By Vault |
Gets the private link resources supported for the key vault. |
Private endpoint connections operations
| Operation |
Description |
| Get |
Gets the specified private endpoint connection associated with the key vault. |
| List By Resource |
The List operation gets information about the private endpoint connections associated with the vault. |
| Put |
Updates the specified private endpoint connection associated with the key vault. |
| Delete |
Deletes the specified private endpoint connection associated with the key vault. |
Managed HSM operations
| Operation |
Description |
| Create Or Update |
Create or update a managed HSM Pool in the specified subscription. |
| Get |
Gets the specified managed HSM Pool. |
| List By Resource Group |
The List operation gets information about the managed HSM Pools associated with the subscription and within the specified resource group. |
| List By Subscription |
The List operation gets information about the managed HSM Pools associated with the subscription. |
| Update |
Update a managed HSM Pool in the specified subscription. |
| Get Deleted |
Gets the specified deleted managed HSM. |
| List Deleted |
The List operation gets information about the deleted managed HSMs associated with the subscription. |
| Delete |
Deletes the specified managed HSM Pool. |
| Purge Deleted |
Permanently deletes the specified managed HSM. |
Private link operations
| Operation |
Description |
| List By MHSM Resource |
Gets the private link resources supported for the managed HSM pool. |
Private endpoint connections operations
| Operation |
Description |
| Get |
Gets the specified private endpoint connection associated with the managed HSM Pool. |
| List By Resource |
The List operation gets information about the private endpoint connections associated with the managed HSM Pool. |
| Put |
Updates the specified private endpoint connection associated with the managed HSM Pool. |
| Delete |
Deletes the specified private endpoint connection associated with the managed HSM Pool. |
HSM Security Domain operations
| Operation |
Description |
| Download |
Retrieves the Security Domain from the managed HSM. Calling this endpoint can be used to activate a provisioned managed HSM resource. |
| Download Pending |
Retrieves the Security Domain download operation status. |
| Upload |
Restore the provided Security Domain. |
| Upload Pending |
Get Security Domain upload operation status. |
Managed HSM Settings operations
| Operation |
Description |
| Get Setting |
Get specified account setting object. Retrieves the setting object of a specified setting name. |
| Get Settings |
List account settings. Retrieves a list of all the available account settings that can be configured. |
| Update Setting |
Updates key vault account setting, stores it, then returns the setting name and value to the client. Description of the pool setting to be updated |
Role-based access control operations
Role assignment operations
| Operation |
Description |
| Get |
Get the specified role assignment. |
| List |
Gets role assignments for a scope. |
| Create |
Creates a role assignment. |
| Delete |
Deletes a role assignment. |
Role definition operations
| Operation |
Description |
| Get |
Get the specified role definition. |
| List |
Get all role definitions that are applicable at scope and above. |
| Create Or Update |
Creates or updates a custom role definition. |
| Delete |
Deletes a custom role definition. |
Backup/restore operations
| Operation |
Description |
| Full Backup |
Creates a full backup using a user-provided SAS token to an Azure blob storage container. This operation is supported only by the Managed HSM service. |
| Backup Status |
Returns the status of full backup operation. |
| Full Restore |
Restores all key materials using the SAS token pointing to a previously stored Azure Blob storage backup folder. |
| Selective Restore |
Restores all key versions of a given key using user supplied SAS token pointing to a previously stored Azure Blob storage backup folder. |
| Restore Status |
Returns the status of restore operation. |
Key operations (Key Vault/Managed HSM)
| Operation |
Description |
| Get Key |
Gets the public part of a stored key. |
| Get Keys |
List keys in the specified vault. |
| Get Key Versions |
Retrieves a list of individual key versions with the same key name. |
| Create Key |
Creates a new key, stores it, then returns key parameters and attributes to the client. |
| Import Key |
Imports an externally created key, stores it, and returns key parameters and attributes to the client. |
| Update Key |
The update key operation changes specified attributes of a stored key and can be applied to any key type and key version stored in Azure Key Vault. |
| Delete Key |
Deletes a key of any type from storage in Azure Key Vault. |
| Get Deleted Key |
Gets the public part of a deleted key. |
| Get Deleted Keys |
Lists the deleted keys in the specified vault. |
| Purge Deleted Key |
Permanently deletes the specified key. |
| Recover Deleted Key |
Recovers the deleted key to its latest version. |
| Backup Key |
Requests that a backup of the specified key be downloaded to the client. |
| Restore Key |
Restores a backed up key to a vault. |
| Release Key |
Releases a key. The release key operation is applicable to all key types. The target key must be marked exportable. This operation requires the keys/release permission. |
| Rotate Key |
Creates a new key version, stores it, then returns key parameters, attributes and policy to the client. The operation will rotate the key based on the key policy. It requires the keys/rotate permission. |
| Get Key Rotation Policy |
Lists the policy for a key. The GetKeyRotationPolicy operation returns the specified key policy resources in the specified key vault. This operation requires the keys/get permission. |
| Update Key Rotation Policy |
Updates the rotation policy for a key. Set specified members in the key policy. Leave others as undefined. This operation requires the keys/update permission. |
Key operations (Managed HSM only)
| Operation |
Description |
| Get Random Bytes |
Get the requested number of bytes containing random values from a managed HSM. |
Cryptographic operations (Key Vault/Managed HSM)
| Operation |
Description |
| Decrypt |
Decrypts a single block of encrypted data. |
| Encrypt |
Encrypts an arbitrary sequence of bytes using an encryption key that is stored in a key vault. |
| Wrap Key |
Wraps a symmetric key using a specified key. |
| Unwrap Key |
Unwraps a symmetric key using the specified key that was initially used for wrapping that key. |
| Sign |
Creates a signature from a digest using the specified key. |
| Verify |
Verifies a signature using a specified key. |
Secret operations (Key Vault only)
Storage account key management operations (Key Vault only)
Storage Account configuration operations
Storage Account key operations
| Operation |
Description |
| Regenerate Storage Account Key |
Regenerates the specified key value for the given storage account. This operation requires the storage/regeneratekey permission. |
Storage Account SAS operations
| Operation |
Description |
| Get Sas Definition |
Gets information about a SAS definition for the specified storage account. This operation requires the storage/getsas permission. |
| Get Sas Definitions |
List storage SAS definitions for the given storage account. This operation requires the storage/listsas permission. |
| Set Sas Definition |
Creates or updates a new SAS definition for the specified storage account. This operation requires the storage/setsas permission. |
| Update Sas Definition |
Updates the specified attributes associated with the given SAS definition. This operation requires the storage/setsas permission. |
| Delete Sas Definition |
Deletes a SAS definition from a specified storage account. This operation requires the storage/deletesas permission. |
| Get Deleted Sas Definition |
Gets the specified deleted sas definition. |
| Get Deleted Sas Definitions |
Lists deleted SAS definitions for the specified vault and storage account. |
| Recover Deleted Sas Definition |
Recovers the deleted SAS definition. |
Certificate operations (Key Vault only)
Certificate policy operations
Certificate issuer operations
See also