azure.keyvault.generated package

Module contents

class azure.keyvault.generated.KeyVaultClient(credentials)[source]

Bases: object

The key vault client performs cryptographic key operations and vault operations against the Key Vault service.

Variables:config (KeyVaultClientConfiguration) – Configuration for client.
Parameters:credentials (A msrestazure Credentials object) – Credentials needed for the client to connect to Azure.
backup_key(vault_base_url, key_name, custom_headers=None, raw=False, **operation_config)[source]

Requests that a backup of the specified key be downloaded to the client.

Parameters:
Return type:

BackupKeyResult

Return type:

ClientRawResponse if raw=true

Raises:

KeyVaultErrorException

create_certificate(vault_base_url, certificate_name, certificate_policy=None, certificate_attributes=None, tags=None, custom_headers=None, raw=False, **operation_config)[source]

Creates a new certificate. If this is the first version, the certificate resource is created.

Parameters:
  • vault_base_url (str) – The vault name, for example https://myvault.vault.azure.net.
  • certificate_name (str) – The name of the certificate.
  • certificate_policy (CertificatePolicy) – The management policy for the certificate.
  • certificate_attributes (CertificateAttributes) – The attributes of the certificate (optional).
  • tags (dict) – Application specific metadata in the form of key-value pairs.
  • custom_headers (dict) – headers that will be added to the request
  • raw (bool) – returns the direct response alongside the deserialized response
  • operation_configOperation configuration overrides.
Return type:

CertificateOperation

Return type:

ClientRawResponse if raw=true

Raises:

KeyVaultErrorException

create_key(vault_base_url, key_name, kty, key_size=None, key_ops=None, key_attributes=None, tags=None, custom_headers=None, raw=False, **operation_config)[source]

Creates a new key, stores it, then returns key parameters and attributes to the client. The create key operation can be used to create any key type in Azure Key Vault. If the named key already exists, Azure Key Vault creates a new version of the key. Authorization: Requires the keys/create permission.

Parameters:
  • vault_base_url (str) – The vault name, for example https://myvault.vault.azure.net.
  • key_name (str) – The name for the new key. The system will generate the version name for the new key.
  • kty (str or JsonWebKeyType) – The type of key to create. For valid key types, see JsonWebKeyType. Supported JsonWebKey key types (kty) for Elliptic Curve, RSA, HSM, Octet. Possible values include: ‘EC’, ‘RSA’, ‘RSA-HSM’, ‘oct’
  • key_size (int) – The key size in bytes. For example, 1024 or 2048.
  • key_ops (list of str or JsonWebKeyOperation) –
  • key_attributes (KeyAttributes) –
  • tags (dict) – Application specific metadata in the form of key-value pairs.
  • custom_headers (dict) – headers that will be added to the request
  • raw (bool) – returns the direct response alongside the deserialized response
  • operation_configOperation configuration overrides.
Return type:

KeyBundle

Return type:

ClientRawResponse if raw=true

Raises:

KeyVaultErrorException

decrypt(vault_base_url, key_name, key_version, algorithm, value, custom_headers=None, raw=False, **operation_config)[source]

Decrypts a single block of encrypted data.

Parameters:
Return type:

KeyOperationResult

Return type:

ClientRawResponse if raw=true

Raises:

KeyVaultErrorException

delete_certificate(vault_base_url, certificate_name, custom_headers=None, raw=False, **operation_config)[source]

Deletes a certificate from a specified key vault.

Parameters:
Return type:

CertificateBundle

Return type:

ClientRawResponse if raw=true

Raises:

KeyVaultErrorException

delete_certificate_contacts(vault_base_url, custom_headers=None, raw=False, **operation_config)[source]

Deletes the certificate contacts for a specified key vault.

Parameters:
Return type:

Contacts

Return type:

ClientRawResponse if raw=true

Raises:

KeyVaultErrorException

delete_certificate_issuer(vault_base_url, issuer_name, custom_headers=None, raw=False, **operation_config)[source]

Deletes the specified certificate issuer.

Parameters:
Return type:

IssuerBundle

Return type:

ClientRawResponse if raw=true

Raises:

KeyVaultErrorException

delete_certificate_operation(vault_base_url, certificate_name, custom_headers=None, raw=False, **operation_config)[source]

Deletes the operation for a specified certificate.

Parameters:
Return type:

CertificateOperation

Return type:

ClientRawResponse if raw=true

Raises:

KeyVaultErrorException

delete_key(vault_base_url, key_name, custom_headers=None, raw=False, **operation_config)[source]

Deletes a key of any type from storage in Azure Key Vault. The delete key operation cannot be used to remove individual versions of a key. This operation removes the cryptographic material associated with the key, which means the key is not usable for Sign/Verify, Wrap/Unwrap or Encrypt/Decrypt operations. Authorization: Requires the keys/delete permission.

Parameters:
Return type:

KeyBundle

Return type:

ClientRawResponse if raw=true

Raises:

KeyVaultErrorException

delete_secret(vault_base_url, secret_name, custom_headers=None, raw=False, **operation_config)[source]

Deletes a secret from a specified key vault.

Parameters:
Return type:

SecretBundle

Return type:

ClientRawResponse if raw=true

Raises:

KeyVaultErrorException

encrypt(vault_base_url, key_name, key_version, algorithm, value, custom_headers=None, raw=False, **operation_config)[source]

Encrypts an arbitrary sequence of bytes using an encryption key that is stored in a key vault.

Parameters:
Return type:

KeyOperationResult

Return type:

ClientRawResponse if raw=true

Raises:

KeyVaultErrorException

get_certificate(vault_base_url, certificate_name, certificate_version, custom_headers=None, raw=False, **operation_config)[source]

Gets information about a specified certificate.

Parameters:
  • vault_base_url (str) – The vault name, for example https://myvault.vault.azure.net.
  • certificate_name (str) – The name of the certificate in the given vault.
  • certificate_version (str) – The version of the certificate.
  • custom_headers (dict) – headers that will be added to the request
  • raw (bool) – returns the direct response alongside the deserialized response
  • operation_configOperation configuration overrides.
Return type:

CertificateBundle

Return type:

ClientRawResponse if raw=true

Raises:

KeyVaultErrorException

get_certificate_contacts(vault_base_url, custom_headers=None, raw=False, **operation_config)[source]

Lists the certificate contacts for a specified key vault.

Parameters:
Return type:

Contacts

Return type:

ClientRawResponse if raw=true

Raises:

KeyVaultErrorException

get_certificate_issuer(vault_base_url, issuer_name, custom_headers=None, raw=False, **operation_config)[source]

Lists the specified certificate issuer.

Parameters:
Return type:

IssuerBundle

Return type:

ClientRawResponse if raw=true

Raises:

KeyVaultErrorException

get_certificate_issuers(vault_base_url, maxresults=None, custom_headers=None, raw=False, **operation_config)[source]

List certificate issuers for a specified key vault.

Parameters:
  • vault_base_url (str) – The vault name, for example https://myvault.vault.azure.net.
  • maxresults (int) – Maximum number of results to return in a page. If not specified the service will return up to 25 results.
  • custom_headers (dict) – headers that will be added to the request
  • raw (bool) – returns the direct response alongside the deserialized response
  • operation_configOperation configuration overrides.
Return type:

CertificateIssuerItemPaged

Raises:

KeyVaultErrorException

get_certificate_operation(vault_base_url, certificate_name, custom_headers=None, raw=False, **operation_config)[source]

Gets the operation associated with a specified certificate.

Parameters:
Return type:

CertificateOperation

Return type:

ClientRawResponse if raw=true

Raises:

KeyVaultErrorException

get_certificate_policy(vault_base_url, certificate_name, custom_headers=None, raw=False, **operation_config)[source]

Lists the policy for a certificate.

Parameters:
Return type:

CertificatePolicy

Return type:

ClientRawResponse if raw=true

Raises:

KeyVaultErrorException

get_certificate_versions(vault_base_url, certificate_name, maxresults=None, custom_headers=None, raw=False, **operation_config)[source]

List the versions of a certificate.

Parameters:
  • vault_base_url (str) – The vault name, for example https://myvault.vault.azure.net.
  • certificate_name (str) – The name of the certificate.
  • maxresults (int) – Maximum number of results to return in a page. If not specified the service will return up to 25 results.
  • custom_headers (dict) – headers that will be added to the request
  • raw (bool) – returns the direct response alongside the deserialized response
  • operation_configOperation configuration overrides.
Return type:

CertificateItemPaged

Raises:

KeyVaultErrorException

get_certificates(vault_base_url, maxresults=None, custom_headers=None, raw=False, **operation_config)[source]

List certificates in a specified key vault.

Parameters:
  • vault_base_url (str) – The vault name, for example https://myvault.vault.azure.net.
  • maxresults (int) – Maximum number of results to return in a page. If not specified the service will return up to 25 results.
  • custom_headers (dict) – headers that will be added to the request
  • raw (bool) – returns the direct response alongside the deserialized response
  • operation_configOperation configuration overrides.
Return type:

CertificateItemPaged

Raises:

KeyVaultErrorException

get_key(vault_base_url, key_name, key_version, custom_headers=None, raw=False, **operation_config)[source]

Gets the public part of a stored key. The get key operation is applicable to all key types. If the requested key is symmetric, then no key material is released in the response. Authorization: Requires the keys/get permission.

Parameters:
  • vault_base_url (str) – The vault name, for example https://myvault.vault.azure.net.
  • key_name (str) – The name of the key to get.
  • key_version (str) – Adding the version parameter retrieves a specific version of a key.
  • custom_headers (dict) – headers that will be added to the request
  • raw (bool) – returns the direct response alongside the deserialized response
  • operation_configOperation configuration overrides.
Return type:

KeyBundle

Return type:

ClientRawResponse if raw=true

Raises:

KeyVaultErrorException

get_key_versions(vault_base_url, key_name, maxresults=None, custom_headers=None, raw=False, **operation_config)[source]

Retrieves a list of individual key versions with the same key name. The full key identifier, attributes, and tags are provided in the response. Authorization: Requires the keys/list permission.

Parameters:
  • vault_base_url (str) – The vault name, for example https://myvault.vault.azure.net.
  • key_name (str) – The name of the key.
  • maxresults (int) – Maximum number of results to return in a page. If not specified the service will return up to 25 results.
  • custom_headers (dict) – headers that will be added to the request
  • raw (bool) – returns the direct response alongside the deserialized response
  • operation_configOperation configuration overrides.
Return type:

KeyItemPaged

Raises:

KeyVaultErrorException

get_keys(vault_base_url, maxresults=None, custom_headers=None, raw=False, **operation_config)[source]

List keys in the specified vault.

Parameters:
  • vault_base_url (str) – The vault name, for example https://myvault.vault.azure.net.
  • maxresults (int) – Maximum number of results to return in a page. If not specified the service will return up to 25 results.
  • custom_headers (dict) – headers that will be added to the request
  • raw (bool) – returns the direct response alongside the deserialized response
  • operation_configOperation configuration overrides.
Return type:

KeyItemPaged

Raises:

KeyVaultErrorException

get_secret(vault_base_url, secret_name, secret_version, custom_headers=None, raw=False, **operation_config)[source]

Get a specified secret from a given key vault.

Parameters:
Return type:

SecretBundle

Return type:

ClientRawResponse if raw=true

Raises:

KeyVaultErrorException

get_secret_versions(vault_base_url, secret_name, maxresults=None, custom_headers=None, raw=False, **operation_config)[source]

List the versions of the specified secret.

Parameters:
  • vault_base_url (str) – The vault name, for example https://myvault.vault.azure.net.
  • secret_name (str) – The name of the secret.
  • maxresults (int) – Maximum number of results to return in a page. If not specified the service will return up to 25 results.
  • custom_headers (dict) – headers that will be added to the request
  • raw (bool) – returns the direct response alongside the deserialized response
  • operation_configOperation configuration overrides.
Return type:

SecretItemPaged

Raises:

KeyVaultErrorException

get_secrets(vault_base_url, maxresults=None, custom_headers=None, raw=False, **operation_config)[source]

List secrets in a specified key vault.

Parameters:
  • vault_base_url (str) – The vault name, for example https://myvault.vault.azure.net.
  • maxresults (int) – Maximum number of results to return in a page. If not specified the service will return up to 25 results.
  • custom_headers (dict) – headers that will be added to the request
  • raw (bool) – returns the direct response alongside the deserialized response
  • operation_configOperation configuration overrides.
Return type:

SecretItemPaged

Raises:

KeyVaultErrorException

import_certificate(vault_base_url, certificate_name, base64_encoded_certificate, password=None, certificate_policy=None, certificate_attributes=None, tags=None, custom_headers=None, raw=False, **operation_config)[source]

Imports a certificate into a specified key vault.

Parameters:
  • vault_base_url (str) – The vault name, for example https://myvault.vault.azure.net.
  • certificate_name (str) – The name of the certificate.
  • base64_encoded_certificate (str) – Base64 encoded representation of the certificate object to import. This certificate needs to contain the private key.
  • password (str) – If the private key in base64EncodedCertificate is encrypted, the password used for encryption.
  • certificate_policy (CertificatePolicy) – The management policy for the certificate.
  • certificate_attributes (CertificateAttributes) – The attributes of the certificate (optional).
  • tags (dict) – Application specific metadata in the form of key-value pairs.
  • custom_headers (dict) – headers that will be added to the request
  • raw (bool) – returns the direct response alongside the deserialized response
  • operation_configOperation configuration overrides.
Return type:

CertificateBundle

Return type:

ClientRawResponse if raw=true

Raises:

KeyVaultErrorException

import_key(vault_base_url, key_name, key, hsm=None, key_attributes=None, tags=None, custom_headers=None, raw=False, **operation_config)[source]

Imports an externally created key, stores it, and returns key parameters and attributes to the client. The import key operation may be used to import any key type into an Azure Key Vault. If the named key already exists, Azure Key Vault creates a new version of the key. Authorization: requires the keys/import permission. .

Parameters:
  • vault_base_url (str) – The vault name, for example https://myvault.vault.azure.net.
  • key_name (str) – Name for the imported key.
  • key (JsonWebKey) – The Json web key
  • hsm (bool) – Whether to import as a hardware key (HSM) or software key.
  • key_attributes (KeyAttributes) – The key management attributes.
  • tags (dict) – Application specific metadata in the form of key-value pairs.
  • custom_headers (dict) – headers that will be added to the request
  • raw (bool) – returns the direct response alongside the deserialized response
  • operation_configOperation configuration overrides.
Return type:

KeyBundle

Return type:

ClientRawResponse if raw=true

Raises:

KeyVaultErrorException

merge_certificate(vault_base_url, certificate_name, x509_certificates, certificate_attributes=None, tags=None, custom_headers=None, raw=False, **operation_config)[source]

Merges a certificate or a certificate chain with a key pair existing on the server.

Parameters:
  • vault_base_url (str) – The vault name, for example https://myvault.vault.azure.net.
  • certificate_name (str) – The name of the certificate.
  • x509_certificates (list of bytearray) – The certificate or the certificate chain to merge.
  • certificate_attributes (CertificateAttributes) – The attributes of the certificate (optional).
  • tags (dict) – Application specific metadata in the form of key-value pairs.
  • custom_headers (dict) – headers that will be added to the request
  • raw (bool) – returns the direct response alongside the deserialized response
  • operation_configOperation configuration overrides.
Return type:

CertificateBundle

Return type:

ClientRawResponse if raw=true

Raises:

KeyVaultErrorException

restore_key(vault_base_url, key_bundle_backup, custom_headers=None, raw=False, **operation_config)[source]

Restores a backed up key to a vault.

Parameters:
Return type:

KeyBundle

Return type:

ClientRawResponse if raw=true

Raises:

KeyVaultErrorException

set_certificate_contacts(vault_base_url, contact_list=None, custom_headers=None, raw=False, **operation_config)[source]

Sets the certificate contacts for the specified key vault.

Parameters:
Return type:

Contacts

Return type:

ClientRawResponse if raw=true

Raises:

KeyVaultErrorException

set_certificate_issuer(vault_base_url, issuer_name, provider, credentials=None, organization_details=None, attributes=None, custom_headers=None, raw=False, **operation_config)[source]

Sets the specified certificate issuer.

Parameters:
Return type:

IssuerBundle

Return type:

ClientRawResponse if raw=true

Raises:

KeyVaultErrorException

set_secret(vault_base_url, secret_name, value, tags=None, content_type=None, secret_attributes=None, custom_headers=None, raw=False, **operation_config)[source]

Sets a secret in a specified key vault.

Parameters:
  • vault_base_url (str) – The vault name, for example https://myvault.vault.azure.net.
  • secret_name (str) – The name of the secret.
  • value (str) – The value of the secret.
  • tags (dict) – Application specific metadata in the form of key-value pairs.
  • content_type (str) – Type of the secret value such as a password.
  • secret_attributes (SecretAttributes) – The secret management attributes.
  • custom_headers (dict) – headers that will be added to the request
  • raw (bool) – returns the direct response alongside the deserialized response
  • operation_configOperation configuration overrides.
Return type:

SecretBundle

Return type:

ClientRawResponse if raw=true

Raises:

KeyVaultErrorException

sign(vault_base_url, key_name, key_version, algorithm, value, custom_headers=None, raw=False, **operation_config)[source]

Creates a signature from a digest using the specified key.

Parameters:
  • vault_base_url (str) – The vault name, for example https://myvault.vault.azure.net.
  • key_name (str) – The name of the key.
  • key_version (str) – The version of the key.
  • algorithm (str or JsonWebKeySignatureAlgorithm) – The signing/verification algorithm identifier. For more information on possible algorithm types, see JsonWebKeySignatureAlgorithm. Possible values include: ‘RS256’, ‘RS384’, ‘RS512’, ‘RSNULL’
  • value (bytes) –
  • custom_headers (dict) – headers that will be added to the request
  • raw (bool) – returns the direct response alongside the deserialized response
  • operation_configOperation configuration overrides.
Return type:

KeyOperationResult

Return type:

ClientRawResponse if raw=true

Raises:

KeyVaultErrorException

unwrap_key(vault_base_url, key_name, key_version, algorithm, value, custom_headers=None, raw=False, **operation_config)[source]

Unwraps a symmetric key using the specified key that was initially used for wrapping that key.

Parameters:
Return type:

KeyOperationResult

Return type:

ClientRawResponse if raw=true

Raises:

KeyVaultErrorException

update_certificate(vault_base_url, certificate_name, certificate_version, certificate_policy=None, certificate_attributes=None, tags=None, custom_headers=None, raw=False, **operation_config)[source]

Updates the specified attributes associated with the given certificate.

Parameters:
  • vault_base_url (str) – The vault name, for example https://myvault.vault.azure.net.
  • certificate_name (str) – The name of the certificate in the given key vault.
  • certificate_version (str) – The version of the certificate.
  • certificate_policy (CertificatePolicy) – The management policy for the certificate.
  • certificate_attributes (CertificateAttributes) – The attributes of the certificate (optional).
  • tags (dict) – Application specific metadata in the form of key-value pairs.
  • custom_headers (dict) – headers that will be added to the request
  • raw (bool) – returns the direct response alongside the deserialized response
  • operation_configOperation configuration overrides.
Return type:

CertificateBundle

Return type:

ClientRawResponse if raw=true

Raises:

KeyVaultErrorException

update_certificate_issuer(vault_base_url, issuer_name, provider=None, credentials=None, organization_details=None, attributes=None, custom_headers=None, raw=False, **operation_config)[source]

Updates the specified certificate issuer.

Parameters:
Return type:

IssuerBundle

Return type:

ClientRawResponse if raw=true

Raises:

KeyVaultErrorException

update_certificate_operation(vault_base_url, certificate_name, cancellation_requested, custom_headers=None, raw=False, **operation_config)[source]

Updates a certificate operation.

Parameters:
  • vault_base_url (str) – The vault name, for example https://myvault.vault.azure.net.
  • certificate_name (str) – The name of the certificate.
  • cancellation_requested (bool) – Indicates if cancellation was requested on the certificate operation.
  • custom_headers (dict) – headers that will be added to the request
  • raw (bool) – returns the direct response alongside the deserialized response
  • operation_configOperation configuration overrides.
Return type:

CertificateOperation

Return type:

ClientRawResponse if raw=true

Raises:

KeyVaultErrorException

update_certificate_policy(vault_base_url, certificate_name, certificate_policy, custom_headers=None, raw=False, **operation_config)[source]

Updates the policy for a certificate. Set specified members in the certificate policy. Leave others as null.

Parameters:
Return type:

CertificatePolicy

Return type:

ClientRawResponse if raw=true

Raises:

KeyVaultErrorException

update_key(vault_base_url, key_name, key_version, key_ops=None, key_attributes=None, tags=None, custom_headers=None, raw=False, **operation_config)[source]

The update key operation changes specified attributes of a stored key and can be applied to any key type and key version stored in Azure Key Vault. The cryptographic material of a key itself cannot be changed. In order to perform this operation, the key must already exist in the Key Vault. Authorization: requires the keys/update permission.

Parameters:
  • vault_base_url (str) – The vault name, for example https://myvault.vault.azure.net.
  • key_name (str) – The name of key to update.
  • key_version (str) – The version of the key to update.
  • key_ops (list of str or JsonWebKeyOperation) – Json web key operations. For more information on possible key operations, see JsonWebKeyOperation.
  • key_attributes (KeyAttributes) –
  • tags (dict) – Application specific metadata in the form of key-value pairs.
  • custom_headers (dict) – headers that will be added to the request
  • raw (bool) – returns the direct response alongside the deserialized response
  • operation_configOperation configuration overrides.
Return type:

KeyBundle

Return type:

ClientRawResponse if raw=true

Raises:

KeyVaultErrorException

update_secret(vault_base_url, secret_name, secret_version, content_type=None, secret_attributes=None, tags=None, custom_headers=None, raw=False, **operation_config)[source]

Updates the attributes associated with a specified secret in a given key vault.

Parameters:
  • vault_base_url (str) – The vault name, for example https://myvault.vault.azure.net.
  • secret_name (str) – The name of the secret.
  • secret_version (str) – The version of the secret.
  • content_type (str) – Type of the secret value such as a password.
  • secret_attributes (SecretAttributes) – The secret management attributes.
  • tags (dict) – Application specific metadata in the form of key-value pairs.
  • custom_headers (dict) – headers that will be added to the request
  • raw (bool) – returns the direct response alongside the deserialized response
  • operation_configOperation configuration overrides.
Return type:

SecretBundle

Return type:

ClientRawResponse if raw=true

Raises:

KeyVaultErrorException

verify(vault_base_url, key_name, key_version, algorithm, digest, signature, custom_headers=None, raw=False, **operation_config)[source]

Verifies a signature using a specified key.

Parameters:
  • vault_base_url (str) – The vault name, for example https://myvault.vault.azure.net.
  • key_name (str) – The name of the key.
  • key_version (str) – The version of the key.
  • algorithm (str or JsonWebKeySignatureAlgorithm) – The signing/verification algorithm. For more information on possible algorithm types, see JsonWebKeySignatureAlgorithm. Possible values include: ‘RS256’, ‘RS384’, ‘RS512’, ‘RSNULL’
  • digest (bytes) – The digest used for signing.
  • signature (bytes) – The signature to be verified.
  • custom_headers (dict) – headers that will be added to the request
  • raw (bool) – returns the direct response alongside the deserialized response
  • operation_configOperation configuration overrides.
Return type:

KeyVerifyResult

Return type:

ClientRawResponse if raw=true

Raises:

KeyVaultErrorException

wrap_key(vault_base_url, key_name, key_version, algorithm, value, custom_headers=None, raw=False, **operation_config)[source]

Wraps a symmetric key using a specified key.

Parameters:
Return type:

KeyOperationResult

Return type:

ClientRawResponse if raw=true

Raises:

KeyVaultErrorException