Microsoft Azure

Microsoft Azure Key Vault API

Azure Key Vault is a cloud service for securely storing and accessing secrets, keys, and certificates. The REST API provides programmatic access to manage cryptographic keys, secrets such as connection strings and passwords, and certificates used by cloud applications and services, helping safeguard cryptographic keys and secrets while enabling users to maintain control of their keys.

GitHub OpenAPI

Documentation

📖
Documentation
https://learn.microsoft.com/en-us/rest/api/keyvault/
📖
GettingStarted
https://azure.microsoft.com/en-us/products/key-vault

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/microsoft-azure/refs/heads/main/openapi/azure-key-vault-openapi.yml
OpenAPI
https://raw.githubusercontent.com/api-evangelist/microsoft-azure/refs/heads/main/openapi/keyvaultclient-openapi-original.yml

Other Resources

🔗
Pricing
https://azure.microsoft.com/en-us/pricing/details/key-vault/
🔗
JSONLD
https://raw.githubusercontent.com/api-evangelist/microsoft-azure/refs/heads/main/json-ld/azure-key-vault-context.jsonld

OpenAPI Specification

azure-key-vault-openapi.yml Raw ↑ 
openapi: 3.1.0
info:
  title: Microsoft Azure Azure Key Vault API
  description: >-
    Azure Key Vault is a cloud service for securely storing and accessing secrets,
    keys, and certificates. The Key Vault REST API provides programmatic access
    to manage cryptographic keys, secrets (such as connection strings and passwords),
    and certificates used by cloud applications and services. Key Vault helps
    safeguard cryptographic keys and secrets used by applications, while enabling
    users to maintain control of their keys and reduce latency of cloud applications.
  version: '7.5'
  contact:
    name: Microsoft Azure Support
    url: https://azure.microsoft.com/en-us/support/
    email: [email protected]
  license:
    name: Microsoft API License
    url: https://learn.microsoft.com/en-us/legal/
  x-logo:
    url: https://azure.microsoft.com/svghandler/azure-logo.png
servers:
- url: https://{vaultName}.vault.azure.net
  description: Azure Key Vault endpoint
  variables:
    vaultName:
      default: mykeyvault
      description: The name of the Azure Key Vault.
security:
- oauth2:
  - https://vault.azure.net/.default
tags:
- name: Certificates
  description: Operations for managing certificates
- name: Keys
  description: Operations for managing cryptographic keys
- name: Secrets
  description: Operations for managing secrets
paths:
  /keys:
    get:
      operationId: Keys_List
      summary: Microsoft Azure List Keys
      description: >-
        List keys in the specified vault. Retrieves a list of the keys in the
        Key Vault as JSON Web Key structures that contain the public part of a
        stored key.
      tags:
      - Keys
      parameters:
      - $ref: '#/components/parameters/ApiVersionParameter'
      - name: maxresults
        in: query
        description: Maximum number of results to return in a page (1-25).
        schema:
          type: integer
          minimum: 1
          maximum: 25
        example: 10
      responses:
        '200':
          description: Successfully returned the list of keys.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/KeyListResult'
              examples:
                KeysList200Example:
                  summary: Default Keys_List 200 response
                  x-microcks-default: true
                  value:
                    value:
                    - kid: '500123'
                      tags: example_value
                      managed: true
                    nextLink: example_value
        default:
          description: Error response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/KeyVaultError'
              examples:
                KeysListdefaultExample:
                  summary: Default Keys_List default response
                  x-microcks-default: true
                  value:
                    error:
                      code: example_value
                      message: example_value
                      innererror:
                        code: example_value
                        innererror: example_value
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /keys/{key-name}/create:
    post:
      operationId: Keys_Create
      summary: Microsoft Azure Create a Key
      description: >-
        Creates a new key, stores it, then returns key parameters and attributes
        to the client. The create key operation can be used to create any key
        type in Azure Key Vault.
      tags:
      - Keys
      parameters:
      - name: key-name
        in: path
        required: true
        description: The name for the new key.
        schema:
          type: string
          pattern: '^[0-9a-zA-Z-]+$'
        example: example_value
      - $ref: '#/components/parameters/ApiVersionParameter'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/KeyCreateParameters'
            examples:
              KeysCreateRequestExample:
                summary: Default Keys_Create request
                x-microcks-default: true
                value:
                  kty: EC
                  key_size: 10
                  key_ops:
                  - encrypt
                  attributes:
                    enabled: true
                    nbf: 10
                    exp: 10
                    created: 10
                    updated: 10
                    recoveryLevel: Purgeable
                    recoverableDays: 10
                    exportable: true
                    hsmPlatform: example_value
                  tags: example_value
                  crv: P-256
                  release_policy:
                    contentType: example_value
                    immutable: true
                    data: example_value
                  exportable: true
      responses:
        '200':
          description: Successfully created the key.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/KeyBundle'
              examples:
                KeysCreate200Example:
                  summary: Default Keys_Create 200 response
                  x-microcks-default: true
                  value:
                    key:
                      kid: '500123'
                      kty: EC
                      key_ops:
                      - {}
                      n: example_value
                      e: example_value
                      d: example_value
                      dp: example_value
                      dq: example_value
                      qi: example_value
                      p: example_value
                      q: example_value
                      k: example_value
                      crv: P-256
                      x: example_value
                      'y': example_value
                    attributes:
                      enabled: true
                      nbf: 10
                      exp: 10
                      created: 10
                      updated: 10
                      recoveryLevel: Purgeable
                      recoverableDays: 10
                      exportable: true
                      hsmPlatform: example_value
                    tags: example_value
                    managed: true
                    release_policy:
                      contentType: example_value
                      immutable: true
                      data: example_value
        default:
          description: Error response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/KeyVaultError'
              examples:
                KeysCreatedefaultExample:
                  summary: Default Keys_Create default response
                  x-microcks-default: true
                  value:
                    error:
                      code: example_value
                      message: example_value
                      innererror:
                        code: example_value
                        innererror: example_value
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /keys/{key-name}/{key-version}:
    get:
      operationId: Keys_Get
      summary: Microsoft Azure Get a Key
      description: >-
        Gets the public part of a stored key. The get key operation applies to
        all key types. If the requested key is symmetric, then no key material
        is released in the response.
      tags:
      - Keys
      parameters:
      - name: key-name
        in: path
        required: true
        description: The name of the key.
        schema:
          type: string
        example: example_value
      - name: key-version
        in: path
        required: true
        description: >-
          The version of the key. Use an empty string to get the latest version.
        schema:
          type: string
        example: example_value
      - $ref: '#/components/parameters/ApiVersionParameter'
      responses:
        '200':
          description: Successfully returned the key.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/KeyBundle'
              examples:
                KeysGet200Example:
                  summary: Default Keys_Get 200 response
                  x-microcks-default: true
                  value:
                    key:
                      kid: '500123'
                      kty: EC
                      key_ops:
                      - {}
                      n: example_value
                      e: example_value
                      d: example_value
                      dp: example_value
                      dq: example_value
                      qi: example_value
                      p: example_value
                      q: example_value
                      k: example_value
                      crv: P-256
                      x: example_value
                      'y': example_value
                    attributes:
                      enabled: true
                      nbf: 10
                      exp: 10
                      created: 10
                      updated: 10
                      recoveryLevel: Purgeable
                      recoverableDays: 10
                      exportable: true
                      hsmPlatform: example_value
                    tags: example_value
                    managed: true
                    release_policy:
                      contentType: example_value
                      immutable: true
                      data: example_value
        default:
          description: Error response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/KeyVaultError'
              examples:
                KeysGetdefaultExample:
                  summary: Default Keys_Get default response
                  x-microcks-default: true
                  value:
                    error:
                      code: example_value
                      message: example_value
                      innererror:
                        code: example_value
                        innererror: example_value
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
    patch:
      operationId: Keys_Update
      summary: Microsoft Azure Update Key Attributes
      description: >-
        The update key operation changes specified attributes of a stored key
        and can be applied to any key type and key version stored in Azure Key Vault.
      tags:
      - Keys
      parameters:
      - name: key-name
        in: path
        required: true
        description: The name of the key.
        schema:
          type: string
        example: example_value
      - name: key-version
        in: path
        required: true
        description: The version of the key.
        schema:
          type: string
        example: example_value
      - $ref: '#/components/parameters/ApiVersionParameter'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/KeyUpdateParameters'
            examples:
              KeysUpdateRequestExample:
                summary: Default Keys_Update request
                x-microcks-default: true
                value:
                  key_ops:
                  - example_value
                  attributes:
                    enabled: true
                    nbf: 10
                    exp: 10
                    created: 10
                    updated: 10
                    recoveryLevel: Purgeable
                    recoverableDays: 10
                    exportable: true
                    hsmPlatform: example_value
                  tags: example_value
                  release_policy:
                    contentType: example_value
                    immutable: true
                    data: example_value
      responses:
        '200':
          description: Successfully updated the key.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/KeyBundle'
              examples:
                KeysUpdate200Example:
                  summary: Default Keys_Update 200 response
                  x-microcks-default: true
                  value:
                    key:
                      kid: '500123'
                      kty: EC
                      key_ops:
                      - {}
                      n: example_value
                      e: example_value
                      d: example_value
                      dp: example_value
                      dq: example_value
                      qi: example_value
                      p: example_value
                      q: example_value
                      k: example_value
                      crv: P-256
                      x: example_value
                      'y': example_value
                    attributes:
                      enabled: true
                      nbf: 10
                      exp: 10
                      created: 10
                      updated: 10
                      recoveryLevel: Purgeable
                      recoverableDays: 10
                      exportable: true
                      hsmPlatform: example_value
                    tags: example_value
                    managed: true
                    release_policy:
                      contentType: example_value
                      immutable: true
                      data: example_value
        default:
          description: Error response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/KeyVaultError'
              examples:
                KeysUpdatedefaultExample:
                  summary: Default Keys_Update default response
                  x-microcks-default: true
                  value:
                    error:
                      code: example_value
                      message: example_value
                      innererror:
                        code: example_value
                        innererror: example_value
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /keys/{key-name}:
    delete:
      operationId: Keys_Delete
      summary: Microsoft Azure Delete a Key
      description: >-
        Deletes a key of any type from storage in Azure Key Vault. The delete
        key operation cannot be used to remove individual versions of a key.
      tags:
      - Keys
      parameters:
      - name: key-name
        in: path
        required: true
        description: The name of the key to delete.
        schema:
          type: string
        example: example_value
      - $ref: '#/components/parameters/ApiVersionParameter'
      responses:
        '200':
          description: Successfully deleted the key.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/DeletedKeyBundle'
              examples:
                KeysDelete200Example:
                  summary: Default Keys_Delete 200 response
                  x-microcks-default: true
                  value:
                    recoveryId: '500123'
                    scheduledPurgeDate: 10
                    deletedDate: 10
        default:
          description: Error response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/KeyVaultError'
              examples:
                KeysDeletedefaultExample:
                  summary: Default Keys_Delete default response
                  x-microcks-default: true
                  value:
                    error:
                      code: example_value
                      message: example_value
                      innererror:
                        code: example_value
                        innererror: example_value
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /secrets:
    get:
      operationId: Secrets_List
      summary: Microsoft Azure List Secrets
      description: >-
        List secrets in the specified vault. The Get Secrets operation applies
        to the entire vault. However, only the base secret identifier and its
        attributes are provided in the response.
      tags:
      - Secrets
      parameters:
      - $ref: '#/components/parameters/ApiVersionParameter'
      - name: maxresults
        in: query
        description: Maximum number of results to return in a page (1-25).
        schema:
          type: integer
          minimum: 1
          maximum: 25
        example: 10
      responses:
        '200':
          description: Successfully returned the list of secrets.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SecretListResult'
              examples:
                SecretsList200Example:
                  summary: Default Secrets_List 200 response
                  x-microcks-default: true
                  value:
                    value:
                    - id: abc123
                      tags: example_value
                      contentType: example_value
                      managed: true
                    nextLink: example_value
        default:
          description: Error response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/KeyVaultError'
              examples:
                SecretsListdefaultExample:
                  summary: Default Secrets_List default response
                  x-microcks-default: true
                  value:
                    error:
                      code: example_value
                      message: example_value
                      innererror:
                        code: example_value
                        innererror: example_value
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /secrets/{secret-name}:
    put:
      operationId: Secrets_Set
      summary: Microsoft Azure Set a Secret
      description: >-
        Sets a secret in the specified vault. The set operation adds a secret to
        the Azure Key Vault. If the named secret already exists, Azure Key Vault
        creates a new version of that secret.
      tags:
      - Secrets
      parameters:
      - name: secret-name
        in: path
        required: true
        description: The name of the secret.
        schema:
          type: string
          pattern: '^[0-9a-zA-Z-]+$'
        example: example_value
      - $ref: '#/components/parameters/ApiVersionParameter'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/SecretSetParameters'
            examples:
              SecretsSetRequestExample:
                summary: Default Secrets_Set request
                x-microcks-default: true
                value:
                  value: example_value
                  tags: example_value
                  contentType: example_value
                  secretAttributes:
                    enabled: true
                    nbf: 10
                    exp: 10
                    created: 10
                    updated: 10
                    recoveryLevel: example_value
                    recoverableDays: 10
      responses:
        '200':
          description: Successfully set the secret.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SecretBundle'
              examples:
                SecretsSet200Example:
                  summary: Default Secrets_Set 200 response
                  x-microcks-default: true
                  value:
                    value: example_value
                    id: abc123
                    contentType: example_value
                    attributes:
                      enabled: true
                      nbf: 10
                      exp: 10
                      created: 10
                      updated: 10
                      recoveryLevel: example_value
                      recoverableDays: 10
                    tags: example_value
                    kid: '500123'
                    managed: true
        default:
          description: Error response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/KeyVaultError'
              examples:
                SecretsSetdefaultExample:
                  summary: Default Secrets_Set default response
                  x-microcks-default: true
                  value:
                    error:
                      code: example_value
                      message: example_value
                      innererror:
                        code: example_value
                        innererror: example_value
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
    delete:
      operationId: Secrets_Delete
      summary: Microsoft Azure Delete a Secret
      description: Deletes a secret from a specified key vault.
      tags:
      - Secrets
      parameters:
      - name: secret-name
        in: path
        required: true
        description: The name of the secret to delete.
        schema:
          type: string
        example: example_value
      - $ref: '#/components/parameters/ApiVersionParameter'
      responses:
        '200':
          description: Successfully deleted the secret.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/DeletedSecretBundle'
              examples:
                SecretsDelete200Example:
                  summary: Default Secrets_Delete 200 response
                  x-microcks-default: true
                  value:
                    recoveryId: '500123'
                    scheduledPurgeDate: 10
                    deletedDate: 10
        default:
          description: Error response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/KeyVaultError'
              examples:
                SecretsDeletedefaultExample:
                  summary: Default Secrets_Delete default response
                  x-microcks-default: true
                  value:
                    error:
                      code: example_value
                      message: example_value
                      innererror:
                        code: example_value
                        innererror: example_value
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /secrets/{secret-name}/{secret-version}:
    get:
      operationId: Secrets_Get
      summary: Microsoft Azure Get a Secret
      description: >-
        Get a specified secret from a given key vault. The GET operation is
        applicable to any secret stored in Azure Key Vault.
      tags:
      - Secrets
      parameters:
      - name: secret-name
        in: path
        required: true
        description: The name of the secret.
        schema:
          type: string
        example: example_value
      - name: secret-version
        in: path
        required: true
        description: The version of the secret. Use empty string for the latest version.
        schema:
          type: string
        example: example_value
      - $ref: '#/components/parameters/ApiVersionParameter'
      responses:
        '200':
          description: Successfully returned the secret.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SecretBundle'
              examples:
                SecretsGet200Example:
                  summary: Default Secrets_Get 200 response
                  x-microcks-default: true
                  value:
                    value: example_value
                    id: abc123
                    contentType: example_value
                    attributes:
                      enabled: true
                      nbf: 10
                      exp: 10
                      created: 10
                      updated: 10
                      recoveryLevel: example_value
                      recoverableDays: 10
                    tags: example_value
                    kid: '500123'
                    managed: true
        default:
          description: Error response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/KeyVaultError'
              examples:
                SecretsGetdefaultExample:
                  summary: Default Secrets_Get default response
                  x-microcks-default: true
                  value:
                    error:
                      code: example_value
                      message: example_value
                      innererror:
                        code: example_value
                        innererror: example_value
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /certificates:
    get:
      operationId: Certificates_List
      summary: Microsoft Azure List Certificates
      description: >-
        List certificates in the specified vault. Retrieves information about
        all certificates stored in the vault.
      tags:
      - Certificates
      parameters:
      - $ref: '#/components/parameters/ApiVersionParameter'
      - name: maxresults
        in: query
        description: Maximum number of results to return in a page (1-25).
        schema:
          type: integer
          minimum: 1
          maximum: 25
        example: 10
      - name: includePending
        in: query
        description: Whether to include certificates that are not fully provisioned.
        schema:
          type: boolean
        example: true
      responses:
        '200':
          description: Successfully returned the list of certificates.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CertificateListResult'
              examples:
                CertificatesList200Example:
                  summary: Default Certificates_List 200 response
                  x-microcks-default: true
                  value:
                    value:
                    - id: abc123
                      tags: example_value
                      x5t: example_value
                      subject: example_value
                    nextLink: example_value
        default:
          description: Error response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/KeyVaultError'
              examples:
                CertificatesListdefaultExample:
                  summary: Default Certificates_List default response
                  x-microcks-default: true
                  value:
                    error:
                      code: example_value
                      message: example_value
                      innererror:
                        code: example_value
                        innererror: example_value
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /certificates/{certificate-name}/create:
    post:
      operationId: Certificates_Create
      summary: Microsoft Azure Create a Certificate
      description: >-
        Creates a new certificate. If this is the first version, the certificate
        resource is created. This operation requires the certificates/create
        permission.
      tags:
      - Certificates
      parameters:
      - name: certificate-name
        in: path
        required: true
        description: The name of the certificate.
        schema:
          type: string
          pattern: '^[0-9a-zA-Z-]+$'
        example: example_value
      - $ref: '#/components/parameters/ApiVersionParameter'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CertificateCreateParameters'
            examples:
              CertificatesCreateRequestExample:
                summary: Default Certificates_Create request
                x-microcks-default: true
                value:
                  policy:
                    id: abc123
                    key_props:
                      exportable: true
                      kty: RSA
                      key_size: 10
                      reuse_key: true
                      crv: P-256
                    secret_props:
                      contentType: example_value
                    x509_props:
                      subject: example_value
                      sans: {}
                      ekus: {}
                      key_usage: {}
                      validity_months: 10
                    issuer:
                      name: Example Title
                      cty: example_value
                    lifetime_actions:
                    - {}
                  attributes:
                    enabled: true
                    nbf: 10
                    exp: 10
                    created: 10
                    updated: 10
                    recoveryLevel: example_value
                    recoverableDays: 10
                  tags: example_value
      responses:
        '202':
          description: Accepted. The certificate create operation is pending.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CertificateOperation'
              examples:
                CertificatesCreate202Example:
                  summary: Default Certificates_Create 202 response
                  x-microcks-default: true
                  value:
                    id: abc123
                    issuer:
                      name: Example Title
                    csr: example_value
                    cancellation_requested: true
                    status: example_value
                    status_details: example_value
                    error:
                      code: example_value
                      message: example_value
                    target: example_value
                    request_id: '500123'
        default:
          description: Error response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/KeyVaultError'
              examples:
                CertificatesCreatedefaultExample:
                  summary: Default Certificates_Create default response
                  x-microcks-default: true
                  value:
                    error:
                      code: example_value
                      message: example_value
                      innererror:
                        code: example_value
                        innererror: example_value
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
components:
  securitySchemes:
    oauth2:
      type: oauth2
      flows:
        implicit:
          authorizationUrl: https://login.microsoftonline.com/common/oauth2/authorize
          scopes:
            https://vault.azure.net/.default: Access Azure Key Vault
  parameters:
    ApiVersionParameter:
      name: api-version
      in: query
      required: true
      description: Client API version.
      schema:
        type: string
        default: '7.5'
  schemas:
    KeyBundle:
      type: object
      description: A key bundle containing the key and its attributes.
      properties:
        key:
          $ref: '#/components/schemas/JsonWebKey'
        attributes:
          $ref: '#/components/schemas/KeyAttributes'
        tags:
          type: object
          additionalProperties:
            type: string
          description: Application-specific metadata in the form of key-value pairs.
          example: example_value
        managed:
          type: boolean
          readOnly: true
          description: Whether the key's lifetime is managed by Key Vault.
          example: true
        release_policy:
          $ref: '#/components/schemas/KeyReleasePolicy'
    JsonWebKey:
      type: object
      description: JSON Web Key (JWK) representation of a key.
      properties:
        kid:
          type: string
          description:

# --- truncated at 32 KB (50 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/microsoft-azure/refs/heads/main/openapi/azure-key-vault-openapi.yml