azure.keyvault.models module

class azure.keyvault.models.Attributes(enabled=None, not_before=None, expires=None)[source]

Bases: msrest.serialization.Model

The object attributes managed by the KeyVault service.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters:
  • enabled (bool) – Determines whether the object is enabled.
  • not_before (datetime) – Not before date in UTC.
  • expires (datetime) – Expiry date in UTC.
Variables:
class azure.keyvault.models.JsonWebKey(kid=None, kty=None, key_ops=None, n=None, e=None, d=None, dp=None, dq=None, qi=None, p=None, q=None, k=None, t=None)[source]

Bases: msrest.serialization.Model

As of http://tools.ietf.org/html/draft-ietf-jose-json-web-key-18.

Parameters:
  • kid (str) – Key identifier.
  • kty (str or JsonWebKeyType) – Supported JsonWebKey key types (kty) for Elliptic Curve, RSA, HSM, Octet. Kty is usually set to RSA. Possible values include: ‘EC’, ‘RSA’, ‘RSA-HSM’, ‘oct’
  • key_ops (list of str) –
  • n (bytes) – RSA modulus.
  • e (bytes) – RSA public exponent.
  • d (bytes) – RSA private exponent.
  • dp (bytes) – RSA private key parameter.
  • dq (bytes) – RSA private key parameter.
  • qi (bytes) – RSA private key parameter.
  • p (bytes) – RSA secret prime.
  • q (bytes) – RSA secret prime, with p < q.
  • k (bytes) – Symmetric key.
  • t (bytes) – HSM Token, used with ‘Bring Your Own Key’.
class azure.keyvault.models.KeyAttributes(enabled=None, not_before=None, expires=None)[source]

Bases: azure.keyvault.models.attributes.Attributes

The attributes of a key managed by the key vault service.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters:
  • enabled (bool) – Determines whether the object is enabled.
  • not_before (datetime) – Not before date in UTC.
  • expires (datetime) – Expiry date in UTC.
Variables:
  • created (datetime) – Creation time in UTC.
  • updated (datetime) – Last updated time in UTC.
  • recovery_level (str or DeletionRecoveryLevel) – Reflects the deletion recovery level currently in effect for keys in the current vault. If it contains ‘Purgeable’ the key can be permanently deleted by a privileged user; otherwise, only the system can purge the key, at the end of the retention interval. Possible values include: ‘Purgeable’, ‘Recoverable+Purgeable’, ‘Recoverable’, ‘Recoverable+ProtectedSubscription’
class azure.keyvault.models.KeyBundle(key=None, attributes=None, tags=None)[source]

Bases: msrest.serialization.Model

A KeyBundle consisting of a WebKey plus its attributes.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters:
  • key (JsonWebKey) – The Json web key.
  • attributes (KeyAttributes) – The key management attributes.
  • tags (dict) – Application specific metadata in the form of key-value pairs.
Variables:

managed (bool) – True if the key’s lifetime is managed by key vault. If this is a key backing a certificate, then managed will be true.

class azure.keyvault.models.KeyItem(kid=None, attributes=None, tags=None)[source]

Bases: msrest.serialization.Model

The key item containing key metadata.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters:
  • kid (str) – Key identifier.
  • attributes (KeyAttributes) – The key management attributes.
  • tags (dict) – Application specific metadata in the form of key-value pairs.
Variables:

managed (bool) – True if the key’s lifetime is managed by key vault. If this is a key backing a certificate, then managed will be true.

class azure.keyvault.models.DeletedKeyBundle(key=None, attributes=None, tags=None, recovery_id=None)[source]

Bases: azure.keyvault.models.key_bundle.KeyBundle

A DeletedKeyBundle consisting of a WebKey plus its Attributes and deletion info.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters:
  • key (JsonWebKey) – The Json web key.
  • attributes (KeyAttributes) – The key management attributes.
  • tags (dict) – Application specific metadata in the form of key-value pairs.
  • recovery_id (str) – The url of the recovery object, used to identify and recover the deleted key.
Variables:
  • managed (bool) – True if the key’s lifetime is managed by key vault. If this is a key backing a certificate, then managed will be true.
  • scheduled_purge_date (datetime) – The time when the key is scheduled to be purged, in UTC
  • deleted_date (datetime) – The time when the key was deleted, in UTC
class azure.keyvault.models.DeletedKeyItem(kid=None, attributes=None, tags=None, recovery_id=None)[source]

Bases: azure.keyvault.models.key_item.KeyItem

The deleted key item containing the deleted key metadata and information about deletion.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters:
  • kid (str) – Key identifier.
  • attributes (KeyAttributes) – The key management attributes.
  • tags (dict) – Application specific metadata in the form of key-value pairs.
  • recovery_id (str) – The url of the recovery object, used to identify and recover the deleted key.
Variables:
  • managed (bool) – True if the key’s lifetime is managed by key vault. If this is a key backing a certificate, then managed will be true.
  • scheduled_purge_date (datetime) – The time when the key is scheduled to be purged, in UTC
  • deleted_date (datetime) – The time when the key was deleted, in UTC
class azure.keyvault.models.SecretAttributes(enabled=None, not_before=None, expires=None)[source]

Bases: azure.keyvault.models.attributes.Attributes

The secret management attributes.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters:
  • enabled (bool) – Determines whether the object is enabled.
  • not_before (datetime) – Not before date in UTC.
  • expires (datetime) – Expiry date in UTC.
Variables:
  • created (datetime) – Creation time in UTC.
  • updated (datetime) – Last updated time in UTC.
  • recovery_level (str or DeletionRecoveryLevel) – Reflects the deletion recovery level currently in effect for secrets in the current vault. If it contains ‘Purgeable’, the secret can be permanently deleted by a privileged user; otherwise, only the system can purge the secret, at the end of the retention interval. Possible values include: ‘Purgeable’, ‘Recoverable+Purgeable’, ‘Recoverable’, ‘Recoverable+ProtectedSubscription’
class azure.keyvault.models.SecretBundle(value=None, id=None, content_type=None, attributes=None, tags=None)[source]

Bases: msrest.serialization.Model

A secret consisting of a value, id and its attributes.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters:
  • value (str) – The secret value.
  • id (str) – The secret id.
  • content_type (str) – The content type of the secret.
  • attributes (SecretAttributes) – The secret management attributes.
  • tags (dict) – Application specific metadata in the form of key-value pairs.
Variables:
  • kid (str) – If this is a secret backing a KV certificate, then this field specifies the corresponding key backing the KV certificate.
  • managed (bool) – True if the secret’s lifetime is managed by key vault. If this is a secret backing a certificate, then managed will be true.
class azure.keyvault.models.SecretItem(id=None, attributes=None, tags=None, content_type=None)[source]

Bases: msrest.serialization.Model

The secret item containing secret metadata.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters:
  • id (str) – Secret identifier.
  • attributes (SecretAttributes) – The secret management attributes.
  • tags (dict) – Application specific metadata in the form of key-value pairs.
  • content_type (str) – Type of the secret value such as a password.
Variables:

managed (bool) – True if the secret’s lifetime is managed by key vault. If this is a key backing a certificate, then managed will be true.

class azure.keyvault.models.DeletedSecretBundle(value=None, id=None, content_type=None, attributes=None, tags=None, recovery_id=None)[source]

Bases: azure.keyvault.models.secret_bundle.SecretBundle

A Deleted Secret consisting of its previous id, attributes and its tags, as well as information on when it will be purged.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters:
  • value (str) – The secret value.
  • id (str) – The secret id.
  • content_type (str) – The content type of the secret.
  • attributes (SecretAttributes) – The secret management attributes.
  • tags (dict) – Application specific metadata in the form of key-value pairs.
  • recovery_id (str) – The url of the recovery object, used to identify and recover the deleted secret.
Variables:
  • kid (str) – If this is a secret backing a KV certificate, then this field specifies the corresponding key backing the KV certificate.
  • managed (bool) – True if the secret’s lifetime is managed by key vault. If this is a secret backing a certificate, then managed will be true.
  • scheduled_purge_date (datetime) – The time when the secret is scheduled to be purged, in UTC
  • deleted_date (datetime) – The time when the secret was deleted, in UTC
class azure.keyvault.models.DeletedSecretItem(id=None, attributes=None, tags=None, content_type=None, recovery_id=None)[source]

Bases: azure.keyvault.models.secret_item.SecretItem

The deleted secret item containing metadata about the deleted secret.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters:
  • id (str) – Secret identifier.
  • attributes (SecretAttributes) – The secret management attributes.
  • tags (dict) – Application specific metadata in the form of key-value pairs.
  • content_type (str) – Type of the secret value such as a password.
  • recovery_id (str) – The url of the recovery object, used to identify and recover the deleted secret.
Variables:
  • managed (bool) – True if the secret’s lifetime is managed by key vault. If this is a key backing a certificate, then managed will be true.
  • scheduled_purge_date (datetime) – The time when the secret is scheduled to be purged, in UTC
  • deleted_date (datetime) – The time when the secret was deleted, in UTC
class azure.keyvault.models.SecretRestoreParameters(secret_bundle_backup)[source]

Bases: msrest.serialization.Model

The secret restore parameters.

Parameters:secret_bundle_backup (bytes) – The backup blob associated with a secret bundle.
class azure.keyvault.models.CertificateAttributes(enabled=None, not_before=None, expires=None)[source]

Bases: azure.keyvault.models.attributes.Attributes

The certificate management attributes.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters:
  • enabled (bool) – Determines whether the object is enabled.
  • not_before (datetime) – Not before date in UTC.
  • expires (datetime) – Expiry date in UTC.
Variables:
  • created (datetime) – Creation time in UTC.
  • updated (datetime) – Last updated time in UTC.
  • recovery_level (str or DeletionRecoveryLevel) – Reflects the deletion recovery level currently in effect for certificates in the current vault. If it contains ‘Purgeable’, the certificate can be permanently deleted by a privileged user; otherwise, only the system can purge the certificate, at the end of the retention interval. Possible values include: ‘Purgeable’, ‘Recoverable+Purgeable’, ‘Recoverable’, ‘Recoverable+ProtectedSubscription’
class azure.keyvault.models.CertificateItem(id=None, attributes=None, tags=None, x509_thumbprint=None)[source]

Bases: msrest.serialization.Model

The certificate item containing certificate metadata.

Parameters:
  • id (str) – Certificate identifier.
  • attributes (CertificateAttributes) – The certificate management attributes.
  • tags (dict) – Application specific metadata in the form of key-value pairs.
  • x509_thumbprint (bytes) – Thumbprint of the certificate.
class azure.keyvault.models.CertificateIssuerItem(id=None, provider=None)[source]

Bases: msrest.serialization.Model

The certificate issuer item containing certificate issuer metadata.

Parameters:
  • id (str) – Certificate Identifier.
  • provider (str) – The issuer provider.
class azure.keyvault.models.KeyProperties(exportable=None, key_type=None, key_size=None, reuse_key=None)[source]

Bases: msrest.serialization.Model

Properties of the key pair backing a certificate.

Parameters:
  • exportable (bool) – Indicates if the private key can be exported.
  • key_type (str) – The key type.
  • key_size (int) – The key size in bytes. For example; 1024 or 2048.
  • reuse_key (bool) – Indicates if the same key pair will be used on certificate renewal.
class azure.keyvault.models.SecretProperties(content_type=None)[source]

Bases: msrest.serialization.Model

Properties of the key backing a certificate.

Parameters:content_type (str) – The media type (MIME type).
class azure.keyvault.models.SubjectAlternativeNames(emails=None, dns_names=None, upns=None)[source]

Bases: msrest.serialization.Model

The subject alternate names of a X509 object.

Parameters:
  • emails (list of str) – Email addresses.
  • dns_names (list of str) – Domain names.
  • upns (list of str) – User principal names.
class azure.keyvault.models.X509CertificateProperties(subject=None, ekus=None, subject_alternative_names=None, key_usage=None, validity_in_months=None)[source]

Bases: msrest.serialization.Model

Properties of the X509 component of a certificate.

Parameters:
  • subject (str) – The subject name. Should be a valid X509 distinguished Name.
  • ekus (list of str) – The enhanced key usage.
  • subject_alternative_names (SubjectAlternativeNames) – The subject alternative names.
  • key_usage (list of str or KeyUsageType) – List of key usages.
  • validity_in_months (int) – The duration that the ceritifcate is valid in months.
class azure.keyvault.models.Trigger(lifetime_percentage=None, days_before_expiry=None)[source]

Bases: msrest.serialization.Model

A condition to be satisfied for an action to be executed.

Parameters:
  • lifetime_percentage (int) – Percentage of lifetime at which to trigger. Value should be between 1 and 99.
  • days_before_expiry (int) – Days before expiry.
class azure.keyvault.models.Action(action_type=None)[source]

Bases: msrest.serialization.Model

The action that will be executed.

Parameters:action_type (str or ActionType) – The type of the action. Possible values include: ‘EmailContacts’, ‘AutoRenew’
class azure.keyvault.models.LifetimeAction(trigger=None, action=None)[source]

Bases: msrest.serialization.Model

Action and its trigger that will be performed by Key Vault over the lifetime of a certificate.

Parameters:
  • trigger (Trigger) – The condition that will execute the action.
  • action (Action) – The action that will be executed.
class azure.keyvault.models.IssuerParameters(name=None, certificate_type=None)[source]

Bases: msrest.serialization.Model

Parameters for the issuer of the X509 component of a certificate.

Parameters:
  • name (str) – Name of the referenced issuer object or reserved names; for example, ‘Self’ or ‘Unknown’.
  • certificate_type (str) – Type of certificate to be requested from the issuer provider.
class azure.keyvault.models.CertificatePolicy(key_properties=None, secret_properties=None, x509_certificate_properties=None, lifetime_actions=None, issuer_parameters=None, attributes=None)[source]

Bases: msrest.serialization.Model

Management policy for a certificate.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

id (str) – The certificate id.

Parameters:
  • key_properties (KeyProperties) – Properties of the key backing a certificate.
  • secret_properties (SecretProperties) – Properties of the secret backing a certificate.
  • x509_certificate_properties (X509CertificateProperties) – Properties of the X509 component of a certificate.
  • lifetime_actions (list of LifetimeAction) – Actions that will be performed by Key Vault over the lifetime of a certificate.
  • issuer_parameters (IssuerParameters) – Parameters for the issuer of the X509 component of a certificate.
  • attributes (CertificateAttributes) – The certificate attributes.
class azure.keyvault.models.CertificateBundle(cer=None, content_type=None, attributes=None, tags=None)[source]

Bases: msrest.serialization.Model

A certificate bundle consists of a certificate (X509) plus its attributes.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:
  • id (str) – The certificate id.
  • kid (str) – The key id.
  • sid (str) – The secret id.
  • x509_thumbprint (bytes) – Thumbprint of the certificate.
  • policy (CertificatePolicy) – The management policy.
Parameters:
  • cer (bytearray) – CER contents of x509 certificate.
  • content_type (str) – The content type of the secret.
  • attributes (CertificateAttributes) – The certificate attributes.
  • tags (dict) – Application specific metadata in the form of key-value pairs
class azure.keyvault.models.DeletedCertificateBundle(cer=None, content_type=None, attributes=None, tags=None, recovery_id=None)[source]

Bases: azure.keyvault.models.certificate_bundle.CertificateBundle

A Deleted Certificate consisting of its previous id, attributes and its tags, as well as information on when it will be purged.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:
  • id (str) – The certificate id.
  • kid (str) – The key id.
  • sid (str) – The secret id.
  • x509_thumbprint (bytes) – Thumbprint of the certificate.
  • policy (CertificatePolicy) – The management policy.
  • scheduled_purge_date (datetime) – The time when the certificate is scheduled to be purged, in UTC
  • deleted_date (datetime) – The time when the certificate was deleted, in UTC
Parameters:
  • cer (bytearray) – CER contents of x509 certificate.
  • content_type (str) – The content type of the secret.
  • attributes (CertificateAttributes) – The certificate attributes.
  • tags (dict) – Application specific metadata in the form of key-value pairs
  • recovery_id (str) – The url of the recovery object, used to identify and recover the deleted certificate.
class azure.keyvault.models.DeletedCertificateItem(id=None, attributes=None, tags=None, x509_thumbprint=None, recovery_id=None)[source]

Bases: azure.keyvault.models.certificate_item.CertificateItem

The deleted certificate item containing metadata about the deleted certificate.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters:
  • id (str) – Certificate identifier.
  • attributes (CertificateAttributes) – The certificate management attributes.
  • tags (dict) – Application specific metadata in the form of key-value pairs.
  • x509_thumbprint (bytes) – Thumbprint of the certificate.
  • recovery_id (str) – The url of the recovery object, used to identify and recover the deleted certificate.
Variables:
  • scheduled_purge_date (datetime) – The time when the certificate is scheduled to be purged, in UTC
  • deleted_date (datetime) – The time when the certificate was deleted, in UTC
class azure.keyvault.models.Error[source]

Bases: msrest.serialization.Model

The key vault server error.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:
  • code (str) – The error code.
  • message (str) – The error message.
  • inner_error (Error) –
class azure.keyvault.models.CertificateOperation(issuer_parameters=None, csr=None, cancellation_requested=None, status=None, status_details=None, error=None, target=None, request_id=None)[source]

Bases: msrest.serialization.Model

A certificate operation is returned in case of asynchronous requests.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

id (str) – The certificate id.

Parameters:
  • issuer_parameters (IssuerParameters) – Parameters for the issuer of the X509 component of a certificate.
  • csr (bytearray) – The certificate signing request (CSR) that is being used in the certificate operation.
  • cancellation_requested (bool) – Indicates if cancellation was requested on the certificate operation.
  • status (str) – Status of the certificate operation.
  • status_details (str) – The status details of the certificate operation.
  • error (Error) – Error encountered, if any, during the certificate operation.
  • target (str) – Location which contains the result of the certificate operation.
  • request_id (str) – Identifier for the certificate operation.
class azure.keyvault.models.IssuerCredentials(account_id=None, password=None)[source]

Bases: msrest.serialization.Model

The credentials to be used for the certificate issuer.

Parameters:
  • account_id (str) – The user name/account name/account id.
  • password (str) – The password/secret/account key.
class azure.keyvault.models.AdministratorDetails(first_name=None, last_name=None, email_address=None, phone=None)[source]

Bases: msrest.serialization.Model

Details of the organization administrator of the certificate issuer.

Parameters:
  • first_name (str) – First name.
  • last_name (str) – Last name.
  • email_address (str) – Email addresss.
  • phone (str) – Phone number.
class azure.keyvault.models.OrganizationDetails(id=None, admin_details=None)[source]

Bases: msrest.serialization.Model

Details of the organization of the certificate issuer.

Parameters:
  • id (str) – Id of the organization.
  • admin_details (list of AdministratorDetails) – Details of the organization administrator.
class azure.keyvault.models.IssuerAttributes(enabled=None)[source]

Bases: msrest.serialization.Model

The attributes of an issuer managed by the Key Vault service.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters:

enabled (bool) – Determines whether the issuer is enabled.

Variables:
class azure.keyvault.models.IssuerBundle(provider=None, credentials=None, organization_details=None, attributes=None)[source]

Bases: msrest.serialization.Model

The issuer for Key Vault certificate.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

id (str) – Identifier for the issuer object.

Parameters:
  • provider (str) – The issuer provider.
  • credentials (IssuerCredentials) – The credentials to be used for the issuer.
  • organization_details (OrganizationDetails) – Details of the organization as provided to the issuer.
  • attributes (IssuerAttributes) – Attributes of the issuer object.
class azure.keyvault.models.Contact(email_address=None, name=None, phone=None)[source]

Bases: msrest.serialization.Model

The contact information for the vault certificates.

Parameters:
  • email_address (str) – Email addresss.
  • name (str) – Name.
  • phone (str) – Phone number.
class azure.keyvault.models.Contacts(contact_list=None)[source]

Bases: msrest.serialization.Model

The contacts for the vault certificates.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:id (str) – Identifier for the contacts collection.
Parameters:contact_list (list of Contact) – The contact list for the vault certificates.
class azure.keyvault.models.KeyCreateParameters(kty, key_size=None, key_ops=None, key_attributes=None, tags=None)[source]

Bases: msrest.serialization.Model

The key create parameters.

Parameters:
  • kty (str or JsonWebKeyType) – The type of key to create. For valid key types, see JsonWebKeyType. Supported JsonWebKey key types (kty) for Elliptic Curve, RSA, HSM, Octet. Possible values include: ‘EC’, ‘RSA’, ‘RSA-HSM’, ‘oct’
  • key_size (int) – The key size in bytes. For example, 1024 or 2048.
  • key_ops (list of str or JsonWebKeyOperation) –
  • key_attributes (KeyAttributes) –
  • tags (dict) – Application specific metadata in the form of key-value pairs.
class azure.keyvault.models.KeyImportParameters(key, hsm=None, key_attributes=None, tags=None)[source]

Bases: msrest.serialization.Model

The key import parameters.

Parameters:
  • hsm (bool) – Whether to import as a hardware key (HSM) or software key.
  • key (JsonWebKey) – The Json web key
  • key_attributes (KeyAttributes) – The key management attributes.
  • tags (dict) – Application specific metadata in the form of key-value pairs.
class azure.keyvault.models.KeyOperationsParameters(algorithm, value)[source]

Bases: msrest.serialization.Model

The key operations parameters.

Parameters:
class azure.keyvault.models.KeySignParameters(algorithm, value)[source]

Bases: msrest.serialization.Model

The key operations parameters.

Parameters:
  • algorithm (str or JsonWebKeySignatureAlgorithm) – The signing/verification algorithm identifier. For more information on possible algorithm types, see JsonWebKeySignatureAlgorithm. Possible values include: ‘PS256’, ‘PS384’, ‘PS512’, ‘RS256’, ‘RS384’, ‘RS512’, ‘RSNULL’
  • value (bytes) –
class azure.keyvault.models.KeyVerifyParameters(algorithm, digest, signature)[source]

Bases: msrest.serialization.Model

The key verify parameters.

Parameters:
  • algorithm (str or JsonWebKeySignatureAlgorithm) – The signing/verification algorithm. For more information on possible algorithm types, see JsonWebKeySignatureAlgorithm. Possible values include: ‘PS256’, ‘PS384’, ‘PS512’, ‘RS256’, ‘RS384’, ‘RS512’, ‘RSNULL’
  • digest (bytes) – The digest used for signing.
  • signature (bytes) – The signature to be verified.
class azure.keyvault.models.KeyUpdateParameters(key_ops=None, key_attributes=None, tags=None)[source]

Bases: msrest.serialization.Model

The key update parameters.

Parameters:
  • key_ops (list of str or JsonWebKeyOperation) – Json web key operations. For more information on possible key operations, see JsonWebKeyOperation.
  • key_attributes (KeyAttributes) –
  • tags (dict) – Application specific metadata in the form of key-value pairs.
class azure.keyvault.models.KeyRestoreParameters(key_bundle_backup)[source]

Bases: msrest.serialization.Model

The key restore parameters.

Parameters:key_bundle_backup (bytes) – The backup blob associated with a key bundle.
class azure.keyvault.models.SecretSetParameters(value, tags=None, content_type=None, secret_attributes=None)[source]

Bases: msrest.serialization.Model

The secret set parameters.

Parameters:
  • value (str) – The value of the secret.
  • tags (dict) – Application specific metadata in the form of key-value pairs.
  • content_type (str) – Type of the secret value such as a password.
  • secret_attributes (SecretAttributes) – The secret management attributes.
class azure.keyvault.models.SecretUpdateParameters(content_type=None, secret_attributes=None, tags=None)[source]

Bases: msrest.serialization.Model

The secret update parameters.

Parameters:
  • content_type (str) – Type of the secret value such as a password.
  • secret_attributes (SecretAttributes) – The secret management attributes.
  • tags (dict) – Application specific metadata in the form of key-value pairs.
class azure.keyvault.models.CertificateCreateParameters(certificate_policy=None, certificate_attributes=None, tags=None)[source]

Bases: msrest.serialization.Model

The certificate create parameters.

Parameters:
  • certificate_policy (CertificatePolicy) – The management policy for the certificate.
  • certificate_attributes (CertificateAttributes) – The attributes of the certificate (optional).
  • tags (dict) – Application specific metadata in the form of key-value pairs.
class azure.keyvault.models.CertificateImportParameters(base64_encoded_certificate, password=None, certificate_policy=None, certificate_attributes=None, tags=None)[source]

Bases: msrest.serialization.Model

The certificate import parameters.

Parameters:
  • base64_encoded_certificate (str) – Base64 encoded representation of the certificate object to import. This certificate needs to contain the private key.
  • password (str) – If the private key in base64EncodedCertificate is encrypted, the password used for encryption.
  • certificate_policy (CertificatePolicy) – The management policy for the certificate.
  • certificate_attributes (CertificateAttributes) – The attributes of the certificate (optional).
  • tags (dict) – Application specific metadata in the form of key-value pairs.
class azure.keyvault.models.CertificateUpdateParameters(certificate_policy=None, certificate_attributes=None, tags=None)[source]

Bases: msrest.serialization.Model

The certificate update parameters.

Parameters:
  • certificate_policy (CertificatePolicy) – The management policy for the certificate.
  • certificate_attributes (CertificateAttributes) – The attributes of the certificate (optional).
  • tags (dict) – Application specific metadata in the form of key-value pairs.
class azure.keyvault.models.CertificateMergeParameters(x509_certificates, certificate_attributes=None, tags=None)[source]

Bases: msrest.serialization.Model

The certificate merge parameters.

Parameters:
  • x509_certificates (list of bytearray) – The certificate or the certificate chain to merge.
  • certificate_attributes (CertificateAttributes) – The attributes of the certificate (optional).
  • tags (dict) – Application specific metadata in the form of key-value pairs.
class azure.keyvault.models.CertificateIssuerSetParameters(provider, credentials=None, organization_details=None, attributes=None)[source]

Bases: msrest.serialization.Model

The certificate issuer set parameters.

Parameters:
  • provider (str) – The issuer provider.
  • credentials (IssuerCredentials) – The credentials to be used for the issuer.
  • organization_details (OrganizationDetails) – Details of the organization as provided to the issuer.
  • attributes (IssuerAttributes) – Attributes of the issuer object.
class azure.keyvault.models.CertificateIssuerUpdateParameters(provider=None, credentials=None, organization_details=None, attributes=None)[source]

Bases: msrest.serialization.Model

The certificate issuer update parameters.

Parameters:
  • provider (str) – The issuer provider.
  • credentials (IssuerCredentials) – The credentials to be used for the issuer.
  • organization_details (OrganizationDetails) – Details of the organization as provided to the issuer.
  • attributes (IssuerAttributes) – Attributes of the issuer object.
class azure.keyvault.models.CertificateOperationUpdateParameter(cancellation_requested)[source]

Bases: msrest.serialization.Model

The certificate operation update parameters.

Parameters:cancellation_requested (bool) – Indicates if cancellation was requested on the certificate operation.
class azure.keyvault.models.KeyOperationResult[source]

Bases: msrest.serialization.Model

The key operation result.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:
  • kid (str) – Key identifier
  • result (bytes) –
class azure.keyvault.models.KeyVerifyResult[source]

Bases: msrest.serialization.Model

The key verify result.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:value (bool) – True if the signature is verified, otherwise false.
class azure.keyvault.models.BackupKeyResult[source]

Bases: msrest.serialization.Model

The backup key result, containing the backup blob.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:value (bytes) – The backup blob containing the backed up key.
class azure.keyvault.models.BackupSecretResult[source]

Bases: msrest.serialization.Model

The backup secret result, containing the backup blob.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:value (bytes) – The backup blob containing the backed up secret.
class azure.keyvault.models.PendingCertificateSigningRequestResult[source]

Bases: msrest.serialization.Model

The pending certificate signing request result.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:value (str) – The pending certificate signing request as Base64 encoded string.
class azure.keyvault.models.StorageAccountAttributes(enabled=None)[source]

Bases: msrest.serialization.Model

The storage account management attributes.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters:

enabled (bool) – the enabled state of the object.

Variables:
class azure.keyvault.models.StorageBundle[source]

Bases: msrest.serialization.Model

A Storage account bundle consists of key vault storage account details plus its attributes.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:
  • id (str) – The storage account id.
  • resource_id (str) – The storage account resource id.
  • active_key_name (str) – The current active storage account key name.
  • auto_regenerate_key (bool) – whether keyvault should manage the storage account for the user.
  • regeneration_period (str) – The key regeneration time duration specified in ISO-8601 format.
  • attributes (StorageAccountAttributes) – The storage account attributes.
  • tags (dict) – Application specific metadata in the form of key-value pairs
class azure.keyvault.models.StorageAccountCreateParameters(resource_id, active_key_name, auto_regenerate_key, regeneration_period=None, storage_account_attributes=None, tags=None)[source]

Bases: msrest.serialization.Model

The storage account create parameters.

Parameters:
  • resource_id (str) – Storage account resource id.
  • active_key_name (str) – Current active storage account key name.
  • auto_regenerate_key (bool) – whether keyvault should manage the storage account for the user.
  • regeneration_period (str) – The key regeneration time duration specified in ISO-8601 format.
  • storage_account_attributes (StorageAccountAttributes) – The attributes of the storage account.
  • tags (dict) – Application specific metadata in the form of key-value pairs.
class azure.keyvault.models.StorageAccountUpdateParameters(active_key_name=None, auto_regenerate_key=None, regeneration_period=None, storage_account_attributes=None, tags=None)[source]

Bases: msrest.serialization.Model

The storage account update parameters.

Parameters:
  • active_key_name (str) – The current active storage account key name.
  • auto_regenerate_key (bool) – whether keyvault should manage the storage account for the user.
  • regeneration_period (str) – The key regeneration time duration specified in ISO-8601 format.
  • storage_account_attributes (StorageAccountAttributes) – The attributes of the storage account.
  • tags (dict) – Application specific metadata in the form of key-value pairs.
class azure.keyvault.models.StorageAccountRegenerteKeyParameters(key_name)[source]

Bases: msrest.serialization.Model

The storage account key regenerate parameters.

Parameters:key_name (str) – The storage account key name.
class azure.keyvault.models.StorageAccountItem[source]

Bases: msrest.serialization.Model

The storage account item containing storage account metadata.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:
  • id (str) – Storage identifier.
  • resource_id (str) – Storage account resource Id.
  • attributes (StorageAccountAttributes) – The storage account management attributes.
  • tags (dict) – Application specific metadata in the form of key-value pairs.
class azure.keyvault.models.SasDefinitionAttributes(enabled=None)[source]

Bases: msrest.serialization.Model

The SAS definition management attributes.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters:

enabled (bool) – the enabled state of the object.

Variables:
class azure.keyvault.models.SasDefinitionBundle[source]

Bases: msrest.serialization.Model

A SAS definition bundle consists of key vault SAS definition details plus its attributes.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:
  • id (str) – The SAS definition id.
  • secret_id (str) – Storage account SAS definition secret id.
  • parameters (dict) – The SAS definition metadata in the form of key-value pairs.
  • attributes (SasDefinitionAttributes) – The SAS definition attributes.
  • tags (dict) – Application specific metadata in the form of key-value pairs
class azure.keyvault.models.SasDefinitionItem[source]

Bases: msrest.serialization.Model

The SAS definition item containing storage SAS definition metadata.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:
  • id (str) – The storage SAS identifier.
  • secret_id (str) – The storage account SAS definition secret id.
  • attributes (SasDefinitionAttributes) – The SAS definition management attributes.
  • tags (dict) – Application specific metadata in the form of key-value pairs.
class azure.keyvault.models.SasDefinitionCreateParameters(parameters, sas_definition_attributes=None, tags=None)[source]

Bases: msrest.serialization.Model

The SAS definition create parameters.

Parameters:
  • parameters (dict) – Sas definition creation metadata in the form of key-value pairs.
  • sas_definition_attributes (SasDefinitionAttributes) – The attributes of the SAS definition.
  • tags (dict) – Application specific metadata in the form of key-value pairs.
class azure.keyvault.models.SasDefinitionUpdateParameters(parameters=None, sas_definition_attributes=None, tags=None)[source]

Bases: msrest.serialization.Model

The SAS definition update parameters.

Parameters:
  • parameters (dict) – Sas definition update metadata in the form of key-value pairs.
  • sas_definition_attributes (SasDefinitionAttributes) – The attributes of the SAS definition.
  • tags (dict) – Application specific metadata in the form of key-value pairs.
class azure.keyvault.models.KeyVaultError[source]

Bases: msrest.serialization.Model

The key vault error exception.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:error (Error) –
exception azure.keyvault.models.KeyVaultErrorException(deserialize, response, *args)[source]

Bases: msrest.exceptions.HttpOperationError

Server responsed with exception of type: ‘KeyVaultError’.

Parameters:
  • deserialize – A deserializer
  • response – Server response to be deserialized.
class azure.keyvault.models.KeyItemPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of KeyItem object

class azure.keyvault.models.DeletedKeyItemPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of DeletedKeyItem object

class azure.keyvault.models.SecretItemPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of SecretItem object

class azure.keyvault.models.DeletedSecretItemPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of DeletedSecretItem object

class azure.keyvault.models.CertificateItemPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of CertificateItem object

class azure.keyvault.models.CertificateIssuerItemPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of CertificateIssuerItem object

class azure.keyvault.models.DeletedCertificateItemPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of DeletedCertificateItem object

class azure.keyvault.models.StorageAccountItemPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of StorageAccountItem object

class azure.keyvault.models.SasDefinitionItemPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of SasDefinitionItem object

class azure.keyvault.models.JsonWebKeyType[source]

Bases: enum.Enum

ec = 'EC'
oct = 'oct'
rsa = 'RSA'
rsa_hsm = 'RSA-HSM'
class azure.keyvault.models.DeletionRecoveryLevel[source]

Bases: enum.Enum

purgeable = 'Purgeable'
recoverable = 'Recoverable'
recoverable_protected_subscription = 'Recoverable+ProtectedSubscription'
recoverable_purgeable = 'Recoverable+Purgeable'
class azure.keyvault.models.KeyUsageType[source]

Bases: enum.Enum

c_rl_sign = 'cRLSign'
data_encipherment = 'dataEncipherment'
decipher_only = 'decipherOnly'
digital_signature = 'digitalSignature'
encipher_only = 'encipherOnly'
key_agreement = 'keyAgreement'
key_cert_sign = 'keyCertSign'
key_encipherment = 'keyEncipherment'
non_repudiation = 'nonRepudiation'
class azure.keyvault.models.ActionType[source]

Bases: enum.Enum

auto_renew = 'AutoRenew'
email_contacts = 'EmailContacts'
class azure.keyvault.models.JsonWebKeyOperation[source]

Bases: enum.Enum

decrypt = 'decrypt'
encrypt = 'encrypt'
sign = 'sign'
unwrap_key = 'unwrapKey'
verify = 'verify'
wrap_key = 'wrapKey'
class azure.keyvault.models.JsonWebKeyEncryptionAlgorithm[source]

Bases: enum.Enum

rsa1_5 = 'RSA1_5'
rsa_oaep = 'RSA-OAEP'
rsa_oaep_256 = 'RSA-OAEP-256'
class azure.keyvault.models.JsonWebKeySignatureAlgorithm[source]

Bases: enum.Enum

ps256 = 'PS256'
ps384 = 'PS384'
ps512 = 'PS512'
rs256 = 'RS256'
rs384 = 'RS384'
rs512 = 'RS512'
rsnull = 'RSNULL'