CertificateClient class
要與 KeyVault 憑證功能互動的用戶端
建構函式
| Certificate |
建立 CertificateClient 的實例。 |
屬性
| vault |
保存庫的基底 URL |
方法
| backup |
要求將指定憑證的備份下載到用戶端。 系統會下載所有版本的憑證。 此作業需要憑證/備份許可權。 範例用法: 產生憑證的備份 |
| begin |
建立新的憑證。 如果這是第一個版本,則會建立憑證資源。 此函式會傳回長時間執行的作業輪詢器,可讓您無限期等候直到憑證完全復原為止。
注意: 傳送 此作業需要憑證/建立許可權。 範例用法: 建立憑證 |
| begin |
DELETE 作業適用於儲存在 Azure Key Vault 中的任何憑證。 DELETE 無法套用至個別版本的憑證。 此函式會傳回長時間執行的作業輪詢器,可讓您無限期等候直到憑證完全復原為止。 此作業需要憑證/刪除許可權。 範例用法: 從指定的金鑰保存庫刪除憑證。 |
| begin |
復原指定保存庫中已刪除的憑證。 此作業只能在已啟用虛刪除的保存庫上執行。 此作業 此函式會傳回長時間執行的作業輪詢器,可讓您無限期等候直到憑證完全復原為止。 此作業需要憑證/復原許可權。 範例用法: 復原已刪除的憑證 |
| create |
createIssuer 作業會新增或更新指定的憑證簽發者。 此作業需要憑證/setissuers 許可權。 範例用法: 設定指定的憑證簽發者。 |
| delete |
刪除正在建立之指定憑證的建立作業。 不再建立憑證。 此作業需要憑證/更新許可權。 範例用法: 刪除憑證的作業 |
| delete |
刪除所有憑證聯繫人。 此作業需要憑證/managecontacts 許可權。 範例用法: 刪除所有憑證聯繫人 |
| delete |
deleteIssuer 作業會從保存庫永久移除指定的憑證簽發者。 此作業需要憑證/manageissuers/deleteissuers 許可權。 範例用法: 刪除指定的憑證簽發者。 |
| get |
取得特定憑證中可用的最新資訊,包括憑證的原則。 此作業需要憑證/取得許可權。 範例用法: 從憑證的名稱擷取憑證(包括憑證原則) |
| get |
取得與指定憑證相關聯的建立作業。 此作業需要憑證/取得許可權。 此函式會傳回長時間執行的作業輪詢器,可讓您無限期等候直到憑證完全復原為止。 範例用法: 取得憑證的輪詢器作業 |
| get |
getCertificatePolicy 作業會傳回指定密鑰保存庫中的指定憑證原則資源。 此作業需要憑證/取得許可權。 範例用法: 取得憑證的原則 |
| get |
取得特定版本上特定憑證的相關信息。 它不會傳回憑證的原則。 此作業需要憑證/取得許可權。 範例用法: 從憑證的名稱和指定的版本擷取憑證 |
| get |
傳回指定之金鑰保存庫中的憑證聯繫人資源集。 此作業需要憑證/managecontacts 許可權。 範例用法: 設定憑證聯繫人。 |
| get |
會擷取已刪除的憑證資訊及其屬性,例如保留間隔、排程的永久刪除和目前的刪除復原層級。 此作業需要憑證/取得許可權。 範例用法: 取得已刪除的憑證 |
| get |
getIssuer 作業會傳回指定密鑰保存庫中的指定憑證簽發者資源。 此作業需要憑證/manageissuers/getissuers 許可權。 範例用法: 取得他指定的憑證簽發者。 |
| import |
將包含私鑰的現有有效憑證匯入 Azure Key Vault。 要匯入的憑證可以是 PFX 或 PEM 格式。 如果憑證是 PEM 格式,PEM 檔案必須包含金鑰和 x509 憑證。 此作業需要憑證/匯入許可權。 範例用法: 從憑證的秘密值匯入憑證 |
| list |
擷取目前保存庫中處於已刪除狀態且準備好進行復原或清除的憑證。 此作業包含刪除特定資訊。 此作業需要憑證/取得/列表許可權。 此作業只能在已啟用虛刪除的保存庫上啟用。 範例用法: 列出已刪除的憑證 |
| list |
反覆運算保存庫中所有憑證的最新版本。 回應中會提供完整的憑證標識碼和屬性。 憑證不會傳回任何值。 此作業需要憑證/列表許可權。 範例用法: 列出指定之憑證的所有版本。 |
| list |
傳回指定之金鑰保存庫中憑證的版本。 此作業需要憑證/列表許可權。 範例用法: 列出憑證的版本。 |
| list |
傳回指定之金鑰保存庫中的憑證簽發者資源集。 此作業需要憑證/manageissuers/getissuers 許可權。 範例用法: 列出憑證簽發者。 |
| merge |
使用服務中目前可用的金鑰組,執行憑證或憑證鏈結的合併。 此作業需要憑證/建立許可權。 範例用法: 將已簽署的憑證要求合併至擱置的憑證 |
| purge |
執行無法復原之指定憑證的不可復原刪除。 如果復原層級未指定 「可清除」,則無法使用此作業。 此作業需要憑證/清除許可權。 範例用法: 取得已刪除的憑證 |
| restore |
將備份的憑證及其所有版本還原至保存庫。 此作業需要憑證/還原許可權。 範例用法: 從備份還原憑證 |
| set |
設定金鑰保存庫的憑證聯繫人。 此作業需要憑證/managecontacts 許可權。 範例用法: 設定憑證聯繫人。 |
| update |
更新指定憑證的憑證原則。 此作業需要憑證/更新許可權。 取得憑證的原則 |
| update |
在指定的憑證上套用指定的更新;更新的唯一元素是憑證的屬性。 此作業需要憑證/更新許可權。 範例用法: 更新憑證 |
| update |
updateIssuer 作業會在指定的憑證簽發者實體上執行更新。 此作業需要憑證/setissuers 許可權。 範例用法: 更新指定的憑證簽發者。 |
建構函式詳細資料
CertificateClient(string, TokenCredential, CertificateClientOptions)
建立 CertificateClient 的實例。
new CertificateClient(vaultUrl: string, credential: TokenCredential, clientOptions?: CertificateClientOptions)參數
- vaultUrl
-
string
保存庫的基底 URL。 您應該驗證此 URL 參考有效的 Key Vault 資源。 如需詳細資訊,請參閱 https://aka.ms/azsdk/blog/vault-uri。
- credential
- TokenCredential
對象,實作用來驗證服務要求 TokenCredential 介面。 使用 @azure/identity 套件來建立符合您需求的認證。
- clientOptions
- CertificateClientOptions
用來設定 Key Vault API 要求的管線選項。 請省略此參數以使用預設管線組態。
屬性詳細資料
vaultUrl
保存庫的基底 URL
vaultUrl: string屬性值
string
方法詳細資料
backupCertificate(string, OperationOptions)
要求將指定憑證的備份下載到用戶端。 系統會下載所有版本的憑證。 此作業需要憑證/備份許可權。
範例用法:
import { DefaultAzureCredential } from "@azure/identity";
import { CertificateClient } from "@azure/keyvault-certificates";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const client = new CertificateClient(url, credential);
await client.beginCreateCertificate("MyCertificate", {
issuerName: "Self",
subject: "cn=MyCert",
});
const backup = await client.backupCertificate("MyCertificate");
產生憑證的備份
function backupCertificate(certificateName: string, options?: OperationOptions): Promise<undefined | Uint8Array>參數
- certificateName
-
string
憑證的名稱
- options
- OperationOptions
選擇性參數
傳回
Promise<undefined | Uint8Array>
beginCreateCertificate(string, CertificatePolicy, BeginCreateCertificateOptions)
建立新的憑證。 如果這是第一個版本,則會建立憑證資源。 此函式會傳回長時間執行的作業輪詢器,可讓您無限期等候直到憑證完全復原為止。
注意: 傳送 Self 做為憑證原則 issuerName 會建立自我簽署憑證。
此作業需要憑證/建立許可權。
範例用法:
import { DefaultAzureCredential } from "@azure/identity";
import { CertificateClient } from "@azure/keyvault-certificates";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const client = new CertificateClient(url, credential);
const certificateName = "MyCertificateName";
const certificatePolicy = {
issuerName: "Self",
subject: "cn=MyCert",
};
const poller = await client.beginCreateCertificate(certificateName, certificatePolicy);
// You can use the pending certificate immediately:
const pendingCertificate = poller.getResult();
// Or you can wait until the certificate finishes being signed:
const keyVaultCertificate = await poller.pollUntilDone();
console.log(keyVaultCertificate);
建立憑證
function beginCreateCertificate(certificateName: string, policy: CertificatePolicy, options?: BeginCreateCertificateOptions): Promise<PollerLikeWithCancellation<CreateCertificateState, KeyVaultCertificateWithPolicy>>參數
- certificateName
-
string
憑證的名稱
- policy
- CertificatePolicy
- options
- BeginCreateCertificateOptions
選擇性參數
傳回
beginDeleteCertificate(string, CertificatePollerOptions)
DELETE 作業適用於儲存在 Azure Key Vault 中的任何憑證。 DELETE 無法套用至個別版本的憑證。 此函式會傳回長時間執行的作業輪詢器,可讓您無限期等候直到憑證完全復原為止。
此作業需要憑證/刪除許可權。
範例用法:
import { DefaultAzureCredential } from "@azure/identity";
import { CertificateClient } from "@azure/keyvault-certificates";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const keyVaultUrl = `https://${vaultName}.vault.azure.net`;
const client = new CertificateClient(keyVaultUrl, credential);
const certificateName = "MyCertificate";
const poller = await client.beginDeleteCertificate(certificateName);
// You can use the deleted certificate immediately:
const deletedCertificate = poller.getResult();
// The certificate is being deleted. Only wait for it if you want to restore it or purge it.
await poller.pollUntilDone();
// You can also get the deleted certificate this way:
await client.getDeletedCertificate(certificateName);
// Deleted certificates can also be recovered or purged.
// recoverDeletedCertificate returns a poller, just like beginDeleteCertificate.
// const recoverPoller = await client.beginRecoverDeletedCertificate(certificateName);
// await recoverPoller.pollUntilDone();
// If a certificate is done and the Key Vault has soft-delete enabled, the certificate can be purged with:
await client.purgeDeletedCertificate(certificateName);
從指定的金鑰保存庫刪除憑證。
function beginDeleteCertificate(certificateName: string, options?: CertificatePollerOptions): Promise<PollerLike<DeleteCertificateState, DeletedCertificate>>參數
- certificateName
-
string
憑證的名稱。
- options
- CertificatePollerOptions
選擇性參數
傳回
Promise<PollerLike<DeleteCertificateState, DeletedCertificate>>
beginRecoverDeletedCertificate(string, CertificatePollerOptions)
復原指定保存庫中已刪除的憑證。 此作業只能在已啟用虛刪除的保存庫上執行。 此作業 此函式會傳回長時間執行的作業輪詢器,可讓您無限期等候直到憑證完全復原為止。
此作業需要憑證/復原許可權。
範例用法:
import { DefaultAzureCredential } from "@azure/identity";
import { CertificateClient } from "@azure/keyvault-certificates";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const client = new CertificateClient(url, credential);
const deletePoller = await client.beginDeleteCertificate("MyCertificate");
await deletePoller.pollUntilDone();
const recoverPoller = await client.beginRecoverDeletedCertificate("MyCertificate");
// Waiting until it's done
const certificate = await recoverPoller.pollUntilDone();
console.log(certificate);
復原已刪除的憑證
function beginRecoverDeletedCertificate(certificateName: string, options?: CertificatePollerOptions): Promise<PollerLike<RecoverDeletedCertificateState, KeyVaultCertificateWithPolicy>>參數
- certificateName
-
string
已刪除憑證的名稱
- options
- CertificatePollerOptions
選擇性參數
傳回
createIssuer(string, string, CreateIssuerOptions)
createIssuer 作業會新增或更新指定的憑證簽發者。 此作業需要憑證/setissuers 許可權。
範例用法:
import { DefaultAzureCredential } from "@azure/identity";
import { CertificateClient } from "@azure/keyvault-certificates";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const keyVaultUrl = `https://${vaultName}.vault.azure.net`;
const client = new CertificateClient(keyVaultUrl, credential);
await client.createIssuer("IssuerName", "Test");
設定指定的憑證簽發者。
function createIssuer(issuerName: string, provider: string, options?: CreateIssuerOptions): Promise<CertificateIssuer>參數
- issuerName
-
string
簽發者的名稱。
- provider
-
string
簽發者提供者。
- options
- CreateIssuerOptions
選擇性參數
傳回
Promise<CertificateIssuer>
deleteCertificateOperation(string, OperationOptions)
刪除正在建立之指定憑證的建立作業。 不再建立憑證。 此作業需要憑證/更新許可權。
範例用法:
import { DefaultAzureCredential } from "@azure/identity";
import { CertificateClient } from "@azure/keyvault-certificates";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const client = new CertificateClient(url, credential);
await client.beginCreateCertificate("MyCertificate", {
issuerName: "Self",
subject: "cn=MyCert",
});
await client.deleteCertificateOperation("MyCertificate");
await client.getCertificateOperation("MyCertificate");
刪除憑證的作業
function deleteCertificateOperation(certificateName: string, options?: OperationOptions): Promise<CertificateOperation>參數
- certificateName
-
string
憑證的名稱
- options
- OperationOptions
選擇性參數
傳回
Promise<CertificateOperation>
deleteContacts(OperationOptions)
刪除所有憑證聯繫人。 此作業需要憑證/managecontacts 許可權。
範例用法:
import { DefaultAzureCredential } from "@azure/identity";
import { CertificateClient } from "@azure/keyvault-certificates";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const keyVaultUrl = `https://${vaultName}.vault.azure.net`;
const client = new CertificateClient(keyVaultUrl, credential);
await client.deleteContacts();
刪除所有憑證聯繫人
function deleteContacts(options?: OperationOptions): Promise<undefined | CertificateContact[]>參數
- options
- OperationOptions
選擇性參數
傳回
Promise<undefined | CertificateContact[]>
deleteIssuer(string, OperationOptions)
deleteIssuer 作業會從保存庫永久移除指定的憑證簽發者。 此作業需要憑證/manageissuers/deleteissuers 許可權。
範例用法:
import { DefaultAzureCredential } from "@azure/identity";
import { CertificateClient } from "@azure/keyvault-certificates";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const keyVaultUrl = `https://${vaultName}.vault.azure.net`;
const client = new CertificateClient(keyVaultUrl, credential);
await client.deleteIssuer("IssuerName");
刪除指定的憑證簽發者。
function deleteIssuer(issuerName: string, options?: OperationOptions): Promise<CertificateIssuer>參數
- issuerName
-
string
簽發者的名稱。
- options
- OperationOptions
選擇性參數
傳回
Promise<CertificateIssuer>
getCertificate(string, OperationOptions)
取得特定憑證中可用的最新資訊,包括憑證的原則。 此作業需要憑證/取得許可權。
範例用法:
import { DefaultAzureCredential } from "@azure/identity";
import { CertificateClient } from "@azure/keyvault-certificates";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const keyVaultUrl = `https://${vaultName}.vault.azure.net`;
const client = new CertificateClient(keyVaultUrl, credential);
const certificateName = "MyCertificate";
const result = await client.getCertificate(certificateName);
console.log(result.name);
從憑證的名稱擷取憑證(包括憑證原則)
function getCertificate(certificateName: string, options?: OperationOptions): Promise<KeyVaultCertificateWithPolicy>參數
- certificateName
-
string
憑證的名稱
- options
- OperationOptions
選擇性參數
傳回
Promise<KeyVaultCertificateWithPolicy>
getCertificateOperation(string, CertificatePollerOptions)
取得與指定憑證相關聯的建立作業。 此作業需要憑證/取得許可權。 此函式會傳回長時間執行的作業輪詢器,可讓您無限期等候直到憑證完全復原為止。
範例用法:
import { DefaultAzureCredential } from "@azure/identity";
import { CertificateClient } from "@azure/keyvault-certificates";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const client = new CertificateClient(url, credential);
const createPoller = await client.beginCreateCertificate("MyCertificate", {
issuerName: "Self",
subject: "cn=MyCert",
});
const poller = await client.getCertificateOperation("MyCertificate");
const pendingCertificate = poller.getResult();
const certificateOperation = poller.getOperationState().certificateOperation;
console.log(certificateOperation);
取得憑證的輪詢器作業
function getCertificateOperation(certificateName: string, options?: CertificatePollerOptions): Promise<PollerLikeWithCancellation<CertificateOperationState, KeyVaultCertificateWithPolicy>>參數
- certificateName
-
string
憑證的名稱
- options
- CertificatePollerOptions
選擇性參數
傳回
getCertificatePolicy(string, OperationOptions)
getCertificatePolicy 作業會傳回指定密鑰保存庫中的指定憑證原則資源。 此作業需要憑證/取得許可權。
範例用法:
import { DefaultAzureCredential } from "@azure/identity";
import { CertificateClient } from "@azure/keyvault-certificates";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const client = new CertificateClient(url, credential);
const policy = await client.getCertificatePolicy("MyCertificate");
console.log(policy);
取得憑證的原則
function getCertificatePolicy(certificateName: string, options?: OperationOptions): Promise<CertificatePolicy>參數
- certificateName
-
string
憑證的名稱
- options
- OperationOptions
選擇性參數
傳回
Promise<CertificatePolicy>
getCertificateVersion(string, string, OperationOptions)
取得特定版本上特定憑證的相關信息。 它不會傳回憑證的原則。 此作業需要憑證/取得許可權。
範例用法:
import { DefaultAzureCredential } from "@azure/identity";
import { CertificateClient } from "@azure/keyvault-certificates";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const client = new CertificateClient(url, credential);
const certificateName = "MyCertificateName";
const latestCertificate = await client.getCertificate(certificateName);
console.log(`Latest version of the certificate ${certificateName}: `, latestCertificate);
const specificCertificate = await client.getCertificateVersion(
certificateName,
latestCertificate.properties.version,
);
console.log(
`The certificate ${certificateName} at the version ${latestCertificate.properties.version}: `,
specificCertificate,
);
從憑證的名稱和指定的版本擷取憑證
function getCertificateVersion(certificateName: string, version: string, options?: OperationOptions): Promise<KeyVaultCertificate>參數
- certificateName
-
string
憑證的名稱
- version
-
string
憑證的特定版本
- options
- OperationOptions
選擇性參數
傳回
Promise<KeyVaultCertificate>
getContacts(OperationOptions)
傳回指定之金鑰保存庫中的憑證聯繫人資源集。 此作業需要憑證/managecontacts 許可權。
範例用法:
import { DefaultAzureCredential } from "@azure/identity";
import { CertificateClient } from "@azure/keyvault-certificates";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const keyVaultUrl = `https://${vaultName}.vault.azure.net`;
const client = new CertificateClient(keyVaultUrl, credential);
const contacts = await client.getContacts();
for (const contact of contacts) {
console.log(contact);
}
設定憑證聯繫人。
function getContacts(options?: OperationOptions): Promise<undefined | CertificateContact[]>參數
- options
- OperationOptions
選擇性參數
傳回
Promise<undefined | CertificateContact[]>
getDeletedCertificate(string, OperationOptions)
會擷取已刪除的憑證資訊及其屬性,例如保留間隔、排程的永久刪除和目前的刪除復原層級。 此作業需要憑證/取得許可權。
範例用法:
import { DefaultAzureCredential } from "@azure/identity";
import { CertificateClient } from "@azure/keyvault-certificates";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const client = new CertificateClient(url, credential);
const deletedCertificate = await client.getDeletedCertificate("MyDeletedCertificate");
console.log("Deleted certificate:", deletedCertificate);
取得已刪除的憑證
function getDeletedCertificate(certificateName: string, options?: OperationOptions): Promise<DeletedCertificate>參數
- certificateName
-
string
憑證的名稱
- options
- OperationOptions
選擇性參數
傳回
Promise<DeletedCertificate>
getIssuer(string, OperationOptions)
getIssuer 作業會傳回指定密鑰保存庫中的指定憑證簽發者資源。 此作業需要憑證/manageissuers/getissuers 許可權。
範例用法:
import { DefaultAzureCredential } from "@azure/identity";
import { CertificateClient } from "@azure/keyvault-certificates";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const keyVaultUrl = `https://${vaultName}.vault.azure.net`;
const client = new CertificateClient(keyVaultUrl, credential);
const certificateIssuer = await client.getIssuer("IssuerName");
console.log(certificateIssuer);
取得他指定的憑證簽發者。
function getIssuer(issuerName: string, options?: OperationOptions): Promise<CertificateIssuer>參數
- issuerName
-
string
簽發者的名稱。
- options
- OperationOptions
選擇性參數
傳回
Promise<CertificateIssuer>
importCertificate(string, Uint8Array, ImportCertificateOptions)
將包含私鑰的現有有效憑證匯入 Azure Key Vault。 要匯入的憑證可以是 PFX 或 PEM 格式。 如果憑證是 PEM 格式,PEM 檔案必須包含金鑰和 x509 憑證。 此作業需要憑證/匯入許可權。
範例用法:
import { DefaultAzureCredential } from "@azure/identity";
import { CertificateClient } from "@azure/keyvault-certificates";
import { SecretClient } from "@azure/keyvault-secrets";
import { isNodeLike } from "@azure/core-util";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const client = new CertificateClient(url, credential);
const secretClient = new SecretClient(url, credential);
const certificateSecret = await secretClient.getSecret("MyCertificate");
const base64EncodedCertificate = certificateSecret.value!;
const buffer = isNodeLike
? Buffer.from(base64EncodedCertificate, "base64")
: Uint8Array.from(atob(base64EncodedCertificate), (c) => c.charCodeAt(0));
await client.importCertificate("MyCertificate", buffer);
從憑證的秘密值匯入憑證
function importCertificate(certificateName: string, certificateBytes: Uint8Array, options?: ImportCertificateOptions): Promise<KeyVaultCertificateWithPolicy>參數
- certificateName
-
string
憑證的名稱
- certificateBytes
-
Uint8Array
包含 X.509 憑證和私鑰之憑證的 PFX 或 ASCII PEM 格式值
- options
- ImportCertificateOptions
選擇性參數
傳回
Promise<KeyVaultCertificateWithPolicy>
listDeletedCertificates(ListDeletedCertificatesOptions)
擷取目前保存庫中處於已刪除狀態且準備好進行復原或清除的憑證。 此作業包含刪除特定資訊。 此作業需要憑證/取得/列表許可權。 此作業只能在已啟用虛刪除的保存庫上啟用。
範例用法:
import { DefaultAzureCredential } from "@azure/identity";
import { CertificateClient } from "@azure/keyvault-certificates";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const client = new CertificateClient(url, credential);
for await (const deletedCertificate of client.listDeletedCertificates()) {
console.log(deletedCertificate);
}
for await (const page of client.listDeletedCertificates().byPage()) {
for (const deletedCertificate of page) {
console.log(deletedCertificate);
}
}
列出已刪除的憑證
function listDeletedCertificates(options?: ListDeletedCertificatesOptions): PagedAsyncIterableIterator<DeletedCertificate, DeletedCertificate[], PageSettings>參數
- options
- ListDeletedCertificatesOptions
選擇性參數
傳回
listPropertiesOfCertificates(ListPropertiesOfCertificatesOptions)
反覆運算保存庫中所有憑證的最新版本。 回應中會提供完整的憑證標識碼和屬性。 憑證不會傳回任何值。 此作業需要憑證/列表許可權。
範例用法:
import { DefaultAzureCredential } from "@azure/identity";
import { CertificateClient } from "@azure/keyvault-certificates";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const keyVaultUrl = `https://${vaultName}.vault.azure.net`;
const client = new CertificateClient(keyVaultUrl, credential);
// All in one call
for await (const certificateProperties of client.listPropertiesOfCertificates()) {
console.log(certificateProperties);
}
// By pages
for await (const page of client.listPropertiesOfCertificates().byPage()) {
for (const certificateProperties of page) {
console.log(certificateProperties);
}
}
列出指定之憑證的所有版本。
function listPropertiesOfCertificates(options?: ListPropertiesOfCertificatesOptions): PagedAsyncIterableIterator<CertificateProperties, CertificateProperties[], PageSettings>參數
選擇性參數
傳回
listPropertiesOfCertificateVersions(string, OperationOptions)
傳回指定之金鑰保存庫中憑證的版本。 此作業需要憑證/列表許可權。
範例用法:
import { DefaultAzureCredential } from "@azure/identity";
import { CertificateClient } from "@azure/keyvault-certificates";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const keyVaultUrl = `https://${vaultName}.vault.azure.net`;
const client = new CertificateClient(keyVaultUrl, credential);
for await (const certificateProperties of client.listPropertiesOfCertificateVersions(
"MyCertificate",
)) {
console.log(certificateProperties.version!);
}
列出憑證的版本。
function listPropertiesOfCertificateVersions(certificateName: string, options?: OperationOptions): PagedAsyncIterableIterator<CertificateProperties, CertificateProperties[], PageSettings>參數
- certificateName
-
string
憑證的名稱。
- options
- OperationOptions
選擇性參數
傳回
listPropertiesOfIssuers(OperationOptions)
傳回指定之金鑰保存庫中的憑證簽發者資源集。 此作業需要憑證/manageissuers/getissuers 許可權。
範例用法:
import { DefaultAzureCredential } from "@azure/identity";
import { CertificateClient } from "@azure/keyvault-certificates";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const keyVaultUrl = `https://${vaultName}.vault.azure.net`;
const client = new CertificateClient(keyVaultUrl, credential);
await client.createIssuer("IssuerName", "Test");
// All in one call
for await (const issuerProperties of client.listPropertiesOfIssuers()) {
console.log(issuerProperties);
}
// By pages
for await (const page of client.listPropertiesOfIssuers().byPage()) {
for (const issuerProperties of page) {
console.log(issuerProperties);
}
}
列出憑證簽發者。
function listPropertiesOfIssuers(options?: OperationOptions): PagedAsyncIterableIterator<IssuerProperties, IssuerProperties[], PageSettings>參數
- options
- OperationOptions
選擇性參數
傳回
mergeCertificate(string, Uint8Array[], OperationOptions)
使用服務中目前可用的金鑰組,執行憑證或憑證鏈結的合併。 此作業需要憑證/建立許可權。
範例用法:
import { DefaultAzureCredential } from "@azure/identity";
import { CertificateClient } from "@azure/keyvault-certificates";
import { writeFileSync, readFileSync } from "node:fs";
import { execSync } from "node:child_process";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const client = new CertificateClient(url, credential);
await client.beginCreateCertificate("MyCertificate", {
issuerName: "Unknown",
subject: "cn=MyCert",
});
const poller = await client.getCertificateOperation("MyCertificate");
const { csr } = poller.getOperationState().certificateOperation!;
const base64Csr = Buffer.from(csr!).toString("base64");
const wrappedCsr = [
"-----BEGIN CERTIFICATE REQUEST-----",
base64Csr,
"-----END CERTIFICATE REQUEST-----",
].join("\n");
writeFileSync("test.csr", wrappedCsr);
// Certificate available locally made using:
// openssl genrsa -out ca.key 2048
// openssl req -new -x509 -key ca.key -out ca.crt
// You can read more about how to create a fake certificate authority here: https://gist.github.com/Soarez/9688998
execSync("openssl x509 -req -in test.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out test.crt");
const base64Crt = readFileSync("test.crt").toString().split("\n").slice(1, -1).join("");
await client.mergeCertificate("MyCertificate", [Buffer.from(base64Crt)]);
將已簽署的憑證要求合併至擱置的憑證
function mergeCertificate(certificateName: string, x509Certificates: Uint8Array[], options?: OperationOptions): Promise<KeyVaultCertificateWithPolicy>參數
- certificateName
-
string
憑證的名稱
- x509Certificates
-
Uint8Array[]
要合併的憑證
- options
- OperationOptions
選擇性參數
傳回
Promise<KeyVaultCertificateWithPolicy>
purgeDeletedCertificate(string, OperationOptions)
執行無法復原之指定憑證的不可復原刪除。 如果復原層級未指定 「可清除」,則無法使用此作業。 此作業需要憑證/清除許可權。
範例用法:
import { DefaultAzureCredential } from "@azure/identity";
import { CertificateClient } from "@azure/keyvault-certificates";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const client = new CertificateClient(url, credential);
const deletePoller = await client.beginDeleteCertificate("MyCertificate");
await deletePoller.pollUntilDone();
// Deleting a certificate takes time, make sure to wait before purging it
client.purgeDeletedCertificate("MyCertificate");
取得已刪除的憑證
function purgeDeletedCertificate(certificateName: string, options?: OperationOptions): Promise<null>參數
- certificateName
-
string
要清除之已刪除憑證的名稱
- options
- OperationOptions
選擇性參數
傳回
Promise<null>
restoreCertificateBackup(Uint8Array, OperationOptions)
將備份的憑證及其所有版本還原至保存庫。 此作業需要憑證/還原許可權。
範例用法:
import { DefaultAzureCredential } from "@azure/identity";
import { CertificateClient } from "@azure/keyvault-certificates";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const client = new CertificateClient(url, credential);
await client.beginCreateCertificate("MyCertificate", {
issuerName: "Self",
subject: "cn=MyCert",
});
const backup = await client.backupCertificate("MyCertificate");
const poller = await client.beginDeleteCertificate("MyCertificate");
await poller.pollUntilDone();
// Some time is required before we're able to restore the certificate
await client.restoreCertificateBackup(backup!);
從備份還原憑證
function restoreCertificateBackup(backup: Uint8Array, options?: OperationOptions): Promise<KeyVaultCertificateWithPolicy>參數
- backup
-
Uint8Array
要從中還原的備份憑證
- options
- OperationOptions
選擇性參數
傳回
Promise<KeyVaultCertificateWithPolicy>
setContacts(CertificateContact[], OperationOptions)
設定金鑰保存庫的憑證聯繫人。 此作業需要憑證/managecontacts 許可權。
範例用法:
import { DefaultAzureCredential } from "@azure/identity";
import { CertificateClient } from "@azure/keyvault-certificates";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const keyVaultUrl = `https://${vaultName}.vault.azure.net`;
const client = new CertificateClient(keyVaultUrl, credential);
await client.setContacts([
{
email: "b@b.com",
name: "b",
phone: "222222222222",
},
]);
設定憑證聯繫人。
function setContacts(contacts: CertificateContact[], options?: OperationOptions): Promise<undefined | CertificateContact[]>參數
- contacts
要使用的聯繫人
- options
- OperationOptions
選擇性參數
傳回
Promise<undefined | CertificateContact[]>
updateCertificatePolicy(string, CertificatePolicy, OperationOptions)
更新指定憑證的憑證原則。 此作業需要憑證/更新許可權。 取得憑證的原則
function updateCertificatePolicy(certificateName: string, policy: CertificatePolicy, options?: OperationOptions): Promise<CertificatePolicy>參數
- certificateName
-
string
憑證的名稱
- policy
- CertificatePolicy
憑證原則
- options
- OperationOptions
選擇性參數
傳回
Promise<CertificatePolicy>
updateCertificateProperties(string, string, UpdateCertificatePropertiesOptions)
在指定的憑證上套用指定的更新;更新的唯一元素是憑證的屬性。 此作業需要憑證/更新許可權。
範例用法:
import { DefaultAzureCredential } from "@azure/identity";
import { CertificateClient } from "@azure/keyvault-certificates";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const client = new CertificateClient(url, credential);
// You may pass an empty string for version which will update
// the latest version of the certificate
await client.updateCertificateProperties("MyCertificate", "", {
tags: {
customTag: "value",
},
});
更新憑證
function updateCertificateProperties(certificateName: string, version: string, options?: UpdateCertificatePropertiesOptions): Promise<KeyVaultCertificate>參數
- certificateName
-
string
憑證的名稱
- version
-
string
要更新的憑證版本(空字串將會更新最新版本)
- options
- UpdateCertificateOptions
選項,包括要更新的內容
傳回
Promise<KeyVaultCertificate>
updateIssuer(string, UpdateIssuerOptions)
updateIssuer 作業會在指定的憑證簽發者實體上執行更新。 此作業需要憑證/setissuers 許可權。
範例用法:
import { DefaultAzureCredential } from "@azure/identity";
import { CertificateClient } from "@azure/keyvault-certificates";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const keyVaultUrl = `https://${vaultName}.vault.azure.net`;
const client = new CertificateClient(keyVaultUrl, credential);
await client.updateIssuer("IssuerName", {
provider: "Provider2",
});
更新指定的憑證簽發者。
function updateIssuer(issuerName: string, options?: UpdateIssuerOptions): Promise<CertificateIssuer>參數
- issuerName
-
string
簽發者的名稱。
- options
- UpdateIssuerOptions
選擇性參數
傳回
Promise<CertificateIssuer>