azure.keyvault.models module

class azure.keyvault.models.Attributes(*, enabled: bool = None, not_before=None, expires=None, **kwargs)[source]

Bases: msrest.serialization.Model

The object attributes managed by the KeyVault service.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters:
  • enabled (bool) – Determines whether the object is enabled.
  • not_before (datetime) – Not before date in UTC.
  • expires (datetime) – Expiry date in UTC.
Variables:
  • created (datetime) – Creation time in UTC.
  • updated (datetime) – Last updated time in UTC.
class azure.keyvault.models.JsonWebKey(*, kid: str = None, kty=None, key_ops=None, n: bytes = None, e: bytes = None, d: bytes = None, dp: bytes = None, dq: bytes = None, qi: bytes = None, p: bytes = None, q: bytes = None, k: bytes = None, t: bytes = None, crv=None, x: bytes = None, y: bytes = None, **kwargs)[source]

Bases: msrest.serialization.Model

As of http://tools.ietf.org/html/draft-ietf-jose-json-web-key-18.

Parameters:
  • kid (str) – Key identifier.
  • kty (str or JsonWebKeyType) – JsonWebKey Key Type (kty), as defined in https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40. Possible values include: ‘EC’, ‘EC-HSM’, ‘RSA’, ‘RSA-HSM’, ‘oct’
  • key_ops (list[str]) –
  • n (bytes) – RSA modulus.
  • e (bytes) – RSA public exponent.
  • d (bytes) – RSA private exponent, or the D component of an EC private key.
  • dp (bytes) – RSA private key parameter.
  • dq (bytes) – RSA private key parameter.
  • qi (bytes) – RSA private key parameter.
  • p (bytes) – RSA secret prime.
  • q (bytes) – RSA secret prime, with p < q.
  • k (bytes) – Symmetric key.
  • t (bytes) – HSM Token, used with ‘Bring Your Own Key’.
  • crv (str or JsonWebKeyCurveName) – Elliptic curve name. For valid values, see JsonWebKeyCurveName. Possible values include: ‘P-256’, ‘P-384’, ‘P-521’, ‘P-256K’
  • x (bytes) – X component of an EC public key.
  • y (bytes) – Y component of an EC public key.
class azure.keyvault.models.KeyAttributes(*, enabled: bool = None, not_before=None, expires=None, **kwargs)[source]

Bases: azure.keyvault.models.attributes_py3.Attributes

The attributes of a key managed by the key vault service.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters:
  • enabled (bool) – Determines whether the object is enabled.
  • not_before (datetime) – Not before date in UTC.
  • expires (datetime) – Expiry date in UTC.
Variables:
  • created (datetime) – Creation time in UTC.
  • updated (datetime) – Last updated time in UTC.
  • recovery_level (str or DeletionRecoveryLevel) – Reflects the deletion recovery level currently in effect for keys in the current vault. If it contains ‘Purgeable’ the key can be permanently deleted by a privileged user; otherwise, only the system can purge the key, at the end of the retention interval. Possible values include: ‘Purgeable’, ‘Recoverable+Purgeable’, ‘Recoverable’, ‘Recoverable+ProtectedSubscription’
class azure.keyvault.models.KeyBundle(*, key=None, attributes=None, tags=None, **kwargs)[source]

Bases: msrest.serialization.Model

A KeyBundle consisting of a WebKey plus its attributes.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters:
  • key (JsonWebKey) – The Json web key.
  • attributes (KeyAttributes) – The key management attributes.
  • tags (dict[str, str]) – Application specific metadata in the form of key-value pairs.
Variables:

managed (bool) – True if the key’s lifetime is managed by key vault. If this is a key backing a certificate, then managed will be true.

class azure.keyvault.models.KeyItem(*, kid: str = None, attributes=None, tags=None, **kwargs)[source]

Bases: msrest.serialization.Model

The key item containing key metadata.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters:
  • kid (str) – Key identifier.
  • attributes (KeyAttributes) – The key management attributes.
  • tags (dict[str, str]) – Application specific metadata in the form of key-value pairs.
Variables:

managed (bool) – True if the key’s lifetime is managed by key vault. If this is a key backing a certificate, then managed will be true.

class azure.keyvault.models.DeletedKeyBundle(*, key=None, attributes=None, tags=None, recovery_id: str = None, **kwargs)[source]

Bases: azure.keyvault.models.key_bundle_py3.KeyBundle

A DeletedKeyBundle consisting of a WebKey plus its Attributes and deletion info.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters:
  • key (JsonWebKey) – The Json web key.
  • attributes (KeyAttributes) – The key management attributes.
  • tags (dict[str, str]) – Application specific metadata in the form of key-value pairs.
  • recovery_id (str) – The url of the recovery object, used to identify and recover the deleted key.
Variables:
  • managed (bool) – True if the key’s lifetime is managed by key vault. If this is a key backing a certificate, then managed will be true.
  • scheduled_purge_date (datetime) – The time when the key is scheduled to be purged, in UTC
  • deleted_date (datetime) – The time when the key was deleted, in UTC
class azure.keyvault.models.DeletedKeyItem(*, kid: str = None, attributes=None, tags=None, recovery_id: str = None, **kwargs)[source]

Bases: azure.keyvault.models.key_item_py3.KeyItem

The deleted key item containing the deleted key metadata and information about deletion.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters:
  • kid (str) – Key identifier.
  • attributes (KeyAttributes) – The key management attributes.
  • tags (dict[str, str]) – Application specific metadata in the form of key-value pairs.
  • recovery_id (str) – The url of the recovery object, used to identify and recover the deleted key.
Variables:
  • managed (bool) – True if the key’s lifetime is managed by key vault. If this is a key backing a certificate, then managed will be true.
  • scheduled_purge_date (datetime) – The time when the key is scheduled to be purged, in UTC
  • deleted_date (datetime) – The time when the key was deleted, in UTC
class azure.keyvault.models.SecretAttributes(*, enabled: bool = None, not_before=None, expires=None, **kwargs)[source]

Bases: azure.keyvault.models.attributes_py3.Attributes

The secret management attributes.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters:
  • enabled (bool) – Determines whether the object is enabled.
  • not_before (datetime) – Not before date in UTC.
  • expires (datetime) – Expiry date in UTC.
Variables:
  • created (datetime) – Creation time in UTC.
  • updated (datetime) – Last updated time in UTC.
  • recovery_level (str or DeletionRecoveryLevel) – Reflects the deletion recovery level currently in effect for secrets in the current vault. If it contains ‘Purgeable’, the secret can be permanently deleted by a privileged user; otherwise, only the system can purge the secret, at the end of the retention interval. Possible values include: ‘Purgeable’, ‘Recoverable+Purgeable’, ‘Recoverable’, ‘Recoverable+ProtectedSubscription’
class azure.keyvault.models.SecretBundle(*, value: str = None, id: str = None, content_type: str = None, attributes=None, tags=None, **kwargs)[source]

Bases: msrest.serialization.Model

A secret consisting of a value, id and its attributes.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters:
  • value (str) – The secret value.
  • id (str) – The secret id.
  • content_type (str) – The content type of the secret.
  • attributes (SecretAttributes) – The secret management attributes.
  • tags (dict[str, str]) – Application specific metadata in the form of key-value pairs.
Variables:
  • kid (str) – If this is a secret backing a KV certificate, then this field specifies the corresponding key backing the KV certificate.
  • managed (bool) – True if the secret’s lifetime is managed by key vault. If this is a secret backing a certificate, then managed will be true.
class azure.keyvault.models.SecretItem(*, id: str = None, attributes=None, tags=None, content_type: str = None, **kwargs)[source]

Bases: msrest.serialization.Model

The secret item containing secret metadata.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters:
  • id (str) – Secret identifier.
  • attributes (SecretAttributes) – The secret management attributes.
  • tags (dict[str, str]) – Application specific metadata in the form of key-value pairs.
  • content_type (str) – Type of the secret value such as a password.
Variables:

managed (bool) – True if the secret’s lifetime is managed by key vault. If this is a key backing a certificate, then managed will be true.

class azure.keyvault.models.DeletedSecretBundle(*, value: str = None, id: str = None, content_type: str = None, attributes=None, tags=None, recovery_id: str = None, **kwargs)[source]

Bases: azure.keyvault.models.secret_bundle_py3.SecretBundle

A Deleted Secret consisting of its previous id, attributes and its tags, as well as information on when it will be purged.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters:
  • value (str) – The secret value.
  • id (str) – The secret id.
  • content_type (str) – The content type of the secret.
  • attributes (SecretAttributes) – The secret management attributes.
  • tags (dict[str, str]) – Application specific metadata in the form of key-value pairs.
  • recovery_id (str) – The url of the recovery object, used to identify and recover the deleted secret.
Variables:
  • kid (str) – If this is a secret backing a KV certificate, then this field specifies the corresponding key backing the KV certificate.
  • managed (bool) – True if the secret’s lifetime is managed by key vault. If this is a secret backing a certificate, then managed will be true.
  • scheduled_purge_date (datetime) – The time when the secret is scheduled to be purged, in UTC
  • deleted_date (datetime) – The time when the secret was deleted, in UTC
class azure.keyvault.models.DeletedSecretItem(*, id: str = None, attributes=None, tags=None, content_type: str = None, recovery_id: str = None, **kwargs)[source]

Bases: azure.keyvault.models.secret_item_py3.SecretItem

The deleted secret item containing metadata about the deleted secret.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters:
  • id (str) – Secret identifier.
  • attributes (SecretAttributes) – The secret management attributes.
  • tags (dict[str, str]) – Application specific metadata in the form of key-value pairs.
  • content_type (str) – Type of the secret value such as a password.
  • recovery_id (str) – The url of the recovery object, used to identify and recover the deleted secret.
Variables:
  • managed (bool) – True if the secret’s lifetime is managed by key vault. If this is a key backing a certificate, then managed will be true.
  • scheduled_purge_date (datetime) – The time when the secret is scheduled to be purged, in UTC
  • deleted_date (datetime) – The time when the secret was deleted, in UTC
class azure.keyvault.models.SecretRestoreParameters(*, secret_bundle_backup: bytes, **kwargs)[source]

Bases: msrest.serialization.Model

The secret restore parameters.

All required parameters must be populated in order to send to Azure.

Parameters:secret_bundle_backup (bytes) – Required. The backup blob associated with a secret bundle.
class azure.keyvault.models.StorageRestoreParameters(*, storage_bundle_backup: bytes, **kwargs)[source]

Bases: msrest.serialization.Model

The secret restore parameters.

All required parameters must be populated in order to send to Azure.

Parameters:storage_bundle_backup (bytes) – Required. The backup blob associated with a storage account.
class azure.keyvault.models.CertificateAttributes(*, enabled: bool = None, not_before=None, expires=None, **kwargs)[source]

Bases: azure.keyvault.models.attributes_py3.Attributes

The certificate management attributes.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters:
  • enabled (bool) – Determines whether the object is enabled.
  • not_before (datetime) – Not before date in UTC.
  • expires (datetime) – Expiry date in UTC.
Variables:
  • created (datetime) – Creation time in UTC.
  • updated (datetime) – Last updated time in UTC.
  • recovery_level (str or DeletionRecoveryLevel) – Reflects the deletion recovery level currently in effect for certificates in the current vault. If it contains ‘Purgeable’, the certificate can be permanently deleted by a privileged user; otherwise, only the system can purge the certificate, at the end of the retention interval. Possible values include: ‘Purgeable’, ‘Recoverable+Purgeable’, ‘Recoverable’, ‘Recoverable+ProtectedSubscription’
class azure.keyvault.models.CertificateItem(*, id: str = None, attributes=None, tags=None, x509_thumbprint: bytes = None, **kwargs)[source]

Bases: msrest.serialization.Model

The certificate item containing certificate metadata.

Parameters:
  • id (str) – Certificate identifier.
  • attributes (CertificateAttributes) – The certificate management attributes.
  • tags (dict[str, str]) – Application specific metadata in the form of key-value pairs.
  • x509_thumbprint (bytes) – Thumbprint of the certificate.
class azure.keyvault.models.CertificateIssuerItem(*, id: str = None, provider: str = None, **kwargs)[source]

Bases: msrest.serialization.Model

The certificate issuer item containing certificate issuer metadata.

Parameters:
  • id (str) – Certificate Identifier.
  • provider (str) – The issuer provider.
class azure.keyvault.models.KeyProperties(*, exportable: bool = None, key_type=None, key_size: int = None, reuse_key: bool = None, curve=None, **kwargs)[source]

Bases: msrest.serialization.Model

Properties of the key pair backing a certificate.

Parameters:
  • exportable (bool) – Indicates if the private key can be exported.
  • key_type (str or JsonWebKeyType) – The type of key pair to be used for the certificate. Possible values include: ‘EC’, ‘EC-HSM’, ‘RSA’, ‘RSA-HSM’, ‘oct’
  • key_size (int) – The key size in bits. For example: 2048, 3072, or 4096 for RSA.
  • reuse_key (bool) – Indicates if the same key pair will be used on certificate renewal.
  • curve (str or JsonWebKeyCurveName) – Elliptic curve name. For valid values, see JsonWebKeyCurveName. Possible values include: ‘P-256’, ‘P-384’, ‘P-521’, ‘P-256K’
class azure.keyvault.models.SecretProperties(*, content_type: str = None, **kwargs)[source]

Bases: msrest.serialization.Model

Properties of the key backing a certificate.

Parameters:content_type (str) – The media type (MIME type).
class azure.keyvault.models.SubjectAlternativeNames(*, emails=None, dns_names=None, upns=None, **kwargs)[source]

Bases: msrest.serialization.Model

The subject alternate names of a X509 object.

Parameters:
  • emails (list[str]) – Email addresses.
  • dns_names (list[str]) – Domain names.
  • upns (list[str]) – User principal names.
class azure.keyvault.models.X509CertificateProperties(*, subject: str = None, ekus=None, subject_alternative_names=None, key_usage=None, validity_in_months: int = None, **kwargs)[source]

Bases: msrest.serialization.Model

Properties of the X509 component of a certificate.

Parameters:
  • subject (str) – The subject name. Should be a valid X509 distinguished Name.
  • ekus (list[str]) – The enhanced key usage.
  • subject_alternative_names (SubjectAlternativeNames) – The subject alternative names.
  • key_usage (list[str or KeyUsageType]) – List of key usages.
  • validity_in_months (int) – The duration that the ceritifcate is valid in months.
class azure.keyvault.models.Trigger(*, lifetime_percentage: int = None, days_before_expiry: int = None, **kwargs)[source]

Bases: msrest.serialization.Model

A condition to be satisfied for an action to be executed.

Parameters:
  • lifetime_percentage (int) – Percentage of lifetime at which to trigger. Value should be between 1 and 99.
  • days_before_expiry (int) – Days before expiry to attempt renewal. Value should be between 1 and validity_in_months multiplied by 27. If validity_in_months is 36, then value should be between 1 and 972 (36 * 27).
class azure.keyvault.models.Action(*, action_type=None, **kwargs)[source]

Bases: msrest.serialization.Model

The action that will be executed.

Parameters:action_type (str or ActionType) – The type of the action. Possible values include: ‘EmailContacts’, ‘AutoRenew’
class azure.keyvault.models.LifetimeAction(*, trigger=None, action=None, **kwargs)[source]

Bases: msrest.serialization.Model

Action and its trigger that will be performed by Key Vault over the lifetime of a certificate.

Parameters:
  • trigger (Trigger) – The condition that will execute the action.
  • action (Action) – The action that will be executed.
class azure.keyvault.models.IssuerParameters(*, name: str = None, certificate_type: str = None, certificate_transparency: bool = None, **kwargs)[source]

Bases: msrest.serialization.Model

Parameters for the issuer of the X509 component of a certificate.

Parameters:
  • name (str) – Name of the referenced issuer object or reserved names; for example, ‘Self’ or ‘Unknown’.
  • certificate_type (str) – Type of certificate to be requested from the issuer provider.
  • certificate_transparency (bool) – Indicates if the certificates generated under this policy should be published to certificate transparency logs.
class azure.keyvault.models.CertificatePolicy(*, key_properties=None, secret_properties=None, x509_certificate_properties=None, lifetime_actions=None, issuer_parameters=None, attributes=None, **kwargs)[source]

Bases: msrest.serialization.Model

Management policy for a certificate.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

id (str) – The certificate id.

Parameters:
  • key_properties (KeyProperties) – Properties of the key backing a certificate.
  • secret_properties (SecretProperties) – Properties of the secret backing a certificate.
  • x509_certificate_properties (X509CertificateProperties) – Properties of the X509 component of a certificate.
  • lifetime_actions (list[LifetimeAction]) – Actions that will be performed by Key Vault over the lifetime of a certificate.
  • issuer_parameters (IssuerParameters) – Parameters for the issuer of the X509 component of a certificate.
  • attributes (CertificateAttributes) – The certificate attributes.
class azure.keyvault.models.CertificateBundle(*, cer: bytearray = None, content_type: str = None, attributes=None, tags=None, **kwargs)[source]

Bases: msrest.serialization.Model

A certificate bundle consists of a certificate (X509) plus its attributes.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:
  • id (str) – The certificate id.
  • kid (str) – The key id.
  • sid (str) – The secret id.
  • x509_thumbprint (bytes) – Thumbprint of the certificate.
  • policy (CertificatePolicy) – The management policy.
Parameters:
  • cer (bytearray) – CER contents of x509 certificate.
  • content_type (str) – The content type of the secret.
  • attributes (CertificateAttributes) – The certificate attributes.
  • tags (dict[str, str]) – Application specific metadata in the form of key-value pairs
class azure.keyvault.models.DeletedCertificateBundle(*, cer: bytearray = None, content_type: str = None, attributes=None, tags=None, recovery_id: str = None, **kwargs)[source]

Bases: azure.keyvault.models.certificate_bundle_py3.CertificateBundle

A Deleted Certificate consisting of its previous id, attributes and its tags, as well as information on when it will be purged.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:
  • id (str) – The certificate id.
  • kid (str) – The key id.
  • sid (str) – The secret id.
  • x509_thumbprint (bytes) – Thumbprint of the certificate.
  • policy (CertificatePolicy) – The management policy.
  • scheduled_purge_date (datetime) – The time when the certificate is scheduled to be purged, in UTC
  • deleted_date (datetime) – The time when the certificate was deleted, in UTC
Parameters:
  • cer (bytearray) – CER contents of x509 certificate.
  • content_type (str) – The content type of the secret.
  • attributes (CertificateAttributes) – The certificate attributes.
  • tags (dict[str, str]) – Application specific metadata in the form of key-value pairs
  • recovery_id (str) – The url of the recovery object, used to identify and recover the deleted certificate.
class azure.keyvault.models.DeletedCertificateItem(*, id: str = None, attributes=None, tags=None, x509_thumbprint: bytes = None, recovery_id: str = None, **kwargs)[source]

Bases: azure.keyvault.models.certificate_item_py3.CertificateItem

The deleted certificate item containing metadata about the deleted certificate.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters:
  • id (str) – Certificate identifier.
  • attributes (CertificateAttributes) – The certificate management attributes.
  • tags (dict[str, str]) – Application specific metadata in the form of key-value pairs.
  • x509_thumbprint (bytes) – Thumbprint of the certificate.
  • recovery_id (str) – The url of the recovery object, used to identify and recover the deleted certificate.
Variables:
  • scheduled_purge_date (datetime) – The time when the certificate is scheduled to be purged, in UTC
  • deleted_date (datetime) – The time when the certificate was deleted, in UTC
class azure.keyvault.models.Error(**kwargs)[source]

Bases: msrest.serialization.Model

The key vault server error.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:
  • code (str) – The error code.
  • message (str) – The error message.
  • inner_error (Error) –
class azure.keyvault.models.CertificateOperation(*, issuer_parameters=None, csr: bytearray = None, cancellation_requested: bool = None, status: str = None, status_details: str = None, error=None, target: str = None, request_id: str = None, **kwargs)[source]

Bases: msrest.serialization.Model

A certificate operation is returned in case of asynchronous requests.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

id (str) – The certificate id.

Parameters:
  • issuer_parameters (IssuerParameters) – Parameters for the issuer of the X509 component of a certificate.
  • csr (bytearray) – The certificate signing request (CSR) that is being used in the certificate operation.
  • cancellation_requested (bool) – Indicates if cancellation was requested on the certificate operation.
  • status (str) – Status of the certificate operation.
  • status_details (str) – The status details of the certificate operation.
  • error (Error) – Error encountered, if any, during the certificate operation.
  • target (str) – Location which contains the result of the certificate operation.
  • request_id (str) – Identifier for the certificate operation.
class azure.keyvault.models.IssuerCredentials(*, account_id: str = None, password: str = None, **kwargs)[source]

Bases: msrest.serialization.Model

The credentials to be used for the certificate issuer.

Parameters:
  • account_id (str) – The user name/account name/account id.
  • password (str) – The password/secret/account key.
class azure.keyvault.models.AdministratorDetails(*, first_name: str = None, last_name: str = None, email_address: str = None, phone: str = None, **kwargs)[source]

Bases: msrest.serialization.Model

Details of the organization administrator of the certificate issuer.

Parameters:
  • first_name (str) – First name.
  • last_name (str) – Last name.
  • email_address (str) – Email addresss.
  • phone (str) – Phone number.
class azure.keyvault.models.OrganizationDetails(*, id: str = None, admin_details=None, **kwargs)[source]

Bases: msrest.serialization.Model

Details of the organization of the certificate issuer.

Parameters:
  • id (str) – Id of the organization.
  • admin_details (list[AdministratorDetails]) – Details of the organization administrator.
class azure.keyvault.models.IssuerAttributes(*, enabled: bool = None, **kwargs)[source]

Bases: msrest.serialization.Model

The attributes of an issuer managed by the Key Vault service.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters:

enabled (bool) – Determines whether the issuer is enabled.

Variables:
  • created (datetime) – Creation time in UTC.
  • updated (datetime) – Last updated time in UTC.
class azure.keyvault.models.IssuerBundle(*, provider: str = None, credentials=None, organization_details=None, attributes=None, **kwargs)[source]

Bases: msrest.serialization.Model

The issuer for Key Vault certificate.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

id (str) – Identifier for the issuer object.

Parameters:
  • provider (str) – The issuer provider.
  • credentials (IssuerCredentials) – The credentials to be used for the issuer.
  • organization_details (OrganizationDetails) – Details of the organization as provided to the issuer.
  • attributes (IssuerAttributes) – Attributes of the issuer object.
class azure.keyvault.models.Contact(*, email_address: str = None, name: str = None, phone: str = None, **kwargs)[source]

Bases: msrest.serialization.Model

The contact information for the vault certificates.

Parameters:
  • email_address (str) – Email addresss.
  • name (str) – Name.
  • phone (str) – Phone number.
class azure.keyvault.models.Contacts(*, contact_list=None, **kwargs)[source]

Bases: msrest.serialization.Model

The contacts for the vault certificates.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:id (str) – Identifier for the contacts collection.
Parameters:contact_list (list[Contact]) – The contact list for the vault certificates.
class azure.keyvault.models.KeyCreateParameters(*, kty, key_size: int = None, key_ops=None, key_attributes=None, tags=None, curve=None, **kwargs)[source]

Bases: msrest.serialization.Model

The key create parameters.

All required parameters must be populated in order to send to Azure.

Parameters:
  • kty (str or JsonWebKeyType) – Required. The type of key to create. For valid values, see JsonWebKeyType. Possible values include: ‘EC’, ‘EC-HSM’, ‘RSA’, ‘RSA-HSM’, ‘oct’
  • key_size (int) – The key size in bits. For example: 2048, 3072, or 4096 for RSA.
  • key_ops (list[str or JsonWebKeyOperation]) –
  • key_attributes (KeyAttributes) –
  • tags (dict[str, str]) – Application specific metadata in the form of key-value pairs.
  • curve (str or JsonWebKeyCurveName) – Elliptic curve name. For valid values, see JsonWebKeyCurveName. Possible values include: ‘P-256’, ‘P-384’, ‘P-521’, ‘P-256K’
class azure.keyvault.models.KeyImportParameters(*, key, hsm: bool = None, key_attributes=None, tags=None, **kwargs)[source]

Bases: msrest.serialization.Model

The key import parameters.

All required parameters must be populated in order to send to Azure.

Parameters:
  • hsm (bool) – Whether to import as a hardware key (HSM) or software key.
  • key (JsonWebKey) – Required. The Json web key
  • key_attributes (KeyAttributes) – The key management attributes.
  • tags (dict[str, str]) – Application specific metadata in the form of key-value pairs.
class azure.keyvault.models.KeyOperationsParameters(*, algorithm, value: bytes, **kwargs)[source]

Bases: msrest.serialization.Model

The key operations parameters.

All required parameters must be populated in order to send to Azure.

Parameters:
  • algorithm (str or JsonWebKeyEncryptionAlgorithm) – Required. algorithm identifier. Possible values include: ‘RSA-OAEP’, ‘RSA-OAEP-256’, ‘RSA1_5’
  • value (bytes) – Required.
class azure.keyvault.models.KeySignParameters(*, algorithm, value: bytes, **kwargs)[source]

Bases: msrest.serialization.Model

The key operations parameters.

All required parameters must be populated in order to send to Azure.

Parameters:
  • algorithm (str or JsonWebKeySignatureAlgorithm) – Required. The signing/verification algorithm identifier. For more information on possible algorithm types, see JsonWebKeySignatureAlgorithm. Possible values include: ‘PS256’, ‘PS384’, ‘PS512’, ‘RS256’, ‘RS384’, ‘RS512’, ‘RSNULL’, ‘ES256’, ‘ES384’, ‘ES512’, ‘ES256K’
  • value (bytes) – Required.
class azure.keyvault.models.KeyVerifyParameters(*, algorithm, digest: bytes, signature: bytes, **kwargs)[source]

Bases: msrest.serialization.Model

The key verify parameters.

All required parameters must be populated in order to send to Azure.

Parameters:
  • algorithm (str or JsonWebKeySignatureAlgorithm) – Required. The signing/verification algorithm. For more information on possible algorithm types, see JsonWebKeySignatureAlgorithm. Possible values include: ‘PS256’, ‘PS384’, ‘PS512’, ‘RS256’, ‘RS384’, ‘RS512’, ‘RSNULL’, ‘ES256’, ‘ES384’, ‘ES512’, ‘ES256K’
  • digest (bytes) – Required. The digest used for signing.
  • signature (bytes) – Required. The signature to be verified.
class azure.keyvault.models.KeyUpdateParameters(*, key_ops=None, key_attributes=None, tags=None, **kwargs)[source]

Bases: msrest.serialization.Model

The key update parameters.

Parameters:
  • key_ops (list[str or JsonWebKeyOperation]) – Json web key operations. For more information on possible key operations, see JsonWebKeyOperation.
  • key_attributes (KeyAttributes) –
  • tags (dict[str, str]) – Application specific metadata in the form of key-value pairs.
class azure.keyvault.models.KeyRestoreParameters(*, key_bundle_backup: bytes, **kwargs)[source]

Bases: msrest.serialization.Model

The key restore parameters.

All required parameters must be populated in order to send to Azure.

Parameters:key_bundle_backup (bytes) – Required. The backup blob associated with a key bundle.
class azure.keyvault.models.SecretSetParameters(*, value: str, tags=None, content_type: str = None, secret_attributes=None, **kwargs)[source]

Bases: msrest.serialization.Model

The secret set parameters.

All required parameters must be populated in order to send to Azure.

Parameters:
  • value (str) – Required. The value of the secret.
  • tags (dict[str, str]) – Application specific metadata in the form of key-value pairs.
  • content_type (str) – Type of the secret value such as a password.
  • secret_attributes (SecretAttributes) – The secret management attributes.
class azure.keyvault.models.SecretUpdateParameters(*, content_type: str = None, secret_attributes=None, tags=None, **kwargs)[source]

Bases: msrest.serialization.Model

The secret update parameters.

Parameters:
  • content_type (str) – Type of the secret value such as a password.
  • secret_attributes (SecretAttributes) – The secret management attributes.
  • tags (dict[str, str]) – Application specific metadata in the form of key-value pairs.
class azure.keyvault.models.CertificateCreateParameters(*, certificate_policy=None, certificate_attributes=None, tags=None, **kwargs)[source]

Bases: msrest.serialization.Model

The certificate create parameters.

Parameters:
  • certificate_policy (CertificatePolicy) – The management policy for the certificate.
  • certificate_attributes (CertificateAttributes) – The attributes of the certificate (optional).
  • tags (dict[str, str]) – Application specific metadata in the form of key-value pairs.
class azure.keyvault.models.CertificateImportParameters(*, base64_encoded_certificate: str, password: str = None, certificate_policy=None, certificate_attributes=None, tags=None, **kwargs)[source]

Bases: msrest.serialization.Model

The certificate import parameters.

All required parameters must be populated in order to send to Azure.

Parameters:
  • base64_encoded_certificate (str) – Required. Base64 encoded representation of the certificate object to import. This certificate needs to contain the private key.
  • password (str) – If the private key in base64EncodedCertificate is encrypted, the password used for encryption.
  • certificate_policy (CertificatePolicy) – The management policy for the certificate.
  • certificate_attributes (CertificateAttributes) – The attributes of the certificate (optional).
  • tags (dict[str, str]) – Application specific metadata in the form of key-value pairs.
class azure.keyvault.models.CertificateUpdateParameters(*, certificate_policy=None, certificate_attributes=None, tags=None, **kwargs)[source]

Bases: msrest.serialization.Model

The certificate update parameters.

Parameters:
  • certificate_policy (CertificatePolicy) – The management policy for the certificate.
  • certificate_attributes (CertificateAttributes) – The attributes of the certificate (optional).
  • tags (dict[str, str]) – Application specific metadata in the form of key-value pairs.
class azure.keyvault.models.CertificateMergeParameters(*, x509_certificates, certificate_attributes=None, tags=None, **kwargs)[source]

Bases: msrest.serialization.Model

The certificate merge parameters.

All required parameters must be populated in order to send to Azure.

Parameters:
  • x509_certificates (list[bytearray]) – Required. The certificate or the certificate chain to merge.
  • certificate_attributes (CertificateAttributes) – The attributes of the certificate (optional).
  • tags (dict[str, str]) – Application specific metadata in the form of key-value pairs.
class azure.keyvault.models.CertificateIssuerSetParameters(*, provider: str, credentials=None, organization_details=None, attributes=None, **kwargs)[source]

Bases: msrest.serialization.Model

The certificate issuer set parameters.

All required parameters must be populated in order to send to Azure.

Parameters:
  • provider (str) – Required. The issuer provider.
  • credentials (IssuerCredentials) – The credentials to be used for the issuer.
  • organization_details (OrganizationDetails) – Details of the organization as provided to the issuer.
  • attributes (IssuerAttributes) – Attributes of the issuer object.
class azure.keyvault.models.CertificateIssuerUpdateParameters(*, provider: str = None, credentials=None, organization_details=None, attributes=None, **kwargs)[source]

Bases: msrest.serialization.Model

The certificate issuer update parameters.

Parameters:
  • provider (str) – The issuer provider.
  • credentials (IssuerCredentials) – The credentials to be used for the issuer.
  • organization_details (OrganizationDetails) – Details of the organization as provided to the issuer.
  • attributes (IssuerAttributes) – Attributes of the issuer object.
class azure.keyvault.models.CertificateOperationUpdateParameter(*, cancellation_requested: bool, **kwargs)[source]

Bases: msrest.serialization.Model

The certificate operation update parameters.

All required parameters must be populated in order to send to Azure.

Parameters:cancellation_requested (bool) – Required. Indicates if cancellation was requested on the certificate operation.
class azure.keyvault.models.KeyOperationResult(**kwargs)[source]

Bases: msrest.serialization.Model

The key operation result.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:
  • kid (str) – Key identifier
  • result (bytes) –
class azure.keyvault.models.KeyVerifyResult(**kwargs)[source]

Bases: msrest.serialization.Model

The key verify result.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:value (bool) – True if the signature is verified, otherwise false.
class azure.keyvault.models.BackupKeyResult(**kwargs)[source]

Bases: msrest.serialization.Model

The backup key result, containing the backup blob.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:value (bytes) – The backup blob containing the backed up key.
class azure.keyvault.models.BackupSecretResult(**kwargs)[source]

Bases: msrest.serialization.Model

The backup secret result, containing the backup blob.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:value (bytes) – The backup blob containing the backed up secret.
class azure.keyvault.models.BackupStorageResult(**kwargs)[source]

Bases: msrest.serialization.Model

The backup storage result, containing the backup blob.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:value (bytes) – The backup blob containing the backed up storage account.
class azure.keyvault.models.PendingCertificateSigningRequestResult(**kwargs)[source]

Bases: msrest.serialization.Model

The pending certificate signing request result.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:value (str) – The pending certificate signing request as Base64 encoded string.
class azure.keyvault.models.StorageAccountAttributes(*, enabled: bool = None, **kwargs)[source]

Bases: msrest.serialization.Model

The storage account management attributes.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters:

enabled (bool) – the enabled state of the object.

Variables:
  • created (datetime) – Creation time in UTC.
  • updated (datetime) – Last updated time in UTC.
  • recovery_level (str or DeletionRecoveryLevel) – Reflects the deletion recovery level currently in effect for storage accounts in the current vault. If it contains ‘Purgeable’ the storage account can be permanently deleted by a privileged user; otherwise, only the system can purge the storage account, at the end of the retention interval. Possible values include: ‘Purgeable’, ‘Recoverable+Purgeable’, ‘Recoverable’, ‘Recoverable+ProtectedSubscription’
class azure.keyvault.models.StorageBundle(**kwargs)[source]

Bases: msrest.serialization.Model

A Storage account bundle consists of key vault storage account details plus its attributes.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:
  • id (str) – The storage account id.
  • resource_id (str) – The storage account resource id.
  • active_key_name (str) – The current active storage account key name.
  • auto_regenerate_key (bool) – whether keyvault should manage the storage account for the user.
  • regeneration_period (str) – The key regeneration time duration specified in ISO-8601 format.
  • attributes (StorageAccountAttributes) – The storage account attributes.
  • tags (dict[str, str]) – Application specific metadata in the form of key-value pairs
class azure.keyvault.models.DeletedStorageBundle(*, recovery_id: str = None, **kwargs)[source]

Bases: azure.keyvault.models.storage_bundle_py3.StorageBundle

A deleted storage account bundle consisting of its previous id, attributes and its tags, as well as information on when it will be purged.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:
  • id (str) – The storage account id.
  • resource_id (str) – The storage account resource id.
  • active_key_name (str) – The current active storage account key name.
  • auto_regenerate_key (bool) – whether keyvault should manage the storage account for the user.
  • regeneration_period (str) – The key regeneration time duration specified in ISO-8601 format.
  • attributes (StorageAccountAttributes) – The storage account attributes.
  • tags (dict[str, str]) – Application specific metadata in the form of key-value pairs
  • scheduled_purge_date (datetime) – The time when the storage account is scheduled to be purged, in UTC
  • deleted_date (datetime) – The time when the storage account was deleted, in UTC
Parameters:

recovery_id (str) – The url of the recovery object, used to identify and recover the deleted storage account.

class azure.keyvault.models.StorageAccountCreateParameters(*, resource_id: str, active_key_name: str, auto_regenerate_key: bool, regeneration_period: str = None, storage_account_attributes=None, tags=None, **kwargs)[source]

Bases: msrest.serialization.Model

The storage account create parameters.

All required parameters must be populated in order to send to Azure.

Parameters:
  • resource_id (str) – Required. Storage account resource id.
  • active_key_name (str) – Required. Current active storage account key name.
  • auto_regenerate_key (bool) – Required. whether keyvault should manage the storage account for the user.
  • regeneration_period (str) – The key regeneration time duration specified in ISO-8601 format.
  • storage_account_attributes (StorageAccountAttributes) – The attributes of the storage account.
  • tags (dict[str, str]) – Application specific metadata in the form of key-value pairs.
class azure.keyvault.models.StorageAccountUpdateParameters(*, active_key_name: str = None, auto_regenerate_key: bool = None, regeneration_period: str = None, storage_account_attributes=None, tags=None, **kwargs)[source]

Bases: msrest.serialization.Model

The storage account update parameters.

Parameters:
  • active_key_name (str) – The current active storage account key name.
  • auto_regenerate_key (bool) – whether keyvault should manage the storage account for the user.
  • regeneration_period (str) – The key regeneration time duration specified in ISO-8601 format.
  • storage_account_attributes (StorageAccountAttributes) – The attributes of the storage account.
  • tags (dict[str, str]) – Application specific metadata in the form of key-value pairs.
class azure.keyvault.models.StorageAccountRegenerteKeyParameters(*, key_name: str, **kwargs)[source]

Bases: msrest.serialization.Model

The storage account key regenerate parameters.

All required parameters must be populated in order to send to Azure.

Parameters:key_name (str) – Required. The storage account key name.
class azure.keyvault.models.StorageAccountItem(**kwargs)[source]

Bases: msrest.serialization.Model

The storage account item containing storage account metadata.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:
  • id (str) – Storage identifier.
  • resource_id (str) – Storage account resource Id.
  • attributes (StorageAccountAttributes) – The storage account management attributes.
  • tags (dict[str, str]) – Application specific metadata in the form of key-value pairs.
class azure.keyvault.models.DeletedStorageAccountItem(*, recovery_id: str = None, **kwargs)[source]

Bases: azure.keyvault.models.storage_account_item_py3.StorageAccountItem

The deleted storage account item containing metadata about the deleted storage account.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:
  • id (str) – Storage identifier.
  • resource_id (str) – Storage account resource Id.
  • attributes (StorageAccountAttributes) – The storage account management attributes.
  • tags (dict[str, str]) – Application specific metadata in the form of key-value pairs.
  • scheduled_purge_date (datetime) – The time when the storage account is scheduled to be purged, in UTC
  • deleted_date (datetime) – The time when the storage account was deleted, in UTC
Parameters:

recovery_id (str) – The url of the recovery object, used to identify and recover the deleted storage account.

class azure.keyvault.models.SasDefinitionAttributes(*, enabled: bool = None, **kwargs)[source]

Bases: msrest.serialization.Model

The SAS definition management attributes.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters:

enabled (bool) – the enabled state of the object.

Variables:
  • created (datetime) – Creation time in UTC.
  • updated (datetime) – Last updated time in UTC.
  • recovery_level (str or DeletionRecoveryLevel) – Reflects the deletion recovery level currently in effect for SAS definitions in the current vault. If it contains ‘Purgeable’ the SAS definition can be permanently deleted by a privileged user; otherwise, only the system can purge the SAS definition, at the end of the retention interval. Possible values include: ‘Purgeable’, ‘Recoverable+Purgeable’, ‘Recoverable’, ‘Recoverable+ProtectedSubscription’
class azure.keyvault.models.SasDefinitionBundle(**kwargs)[source]

Bases: msrest.serialization.Model

A SAS definition bundle consists of key vault SAS definition details plus its attributes.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:
  • id (str) – The SAS definition id.
  • secret_id (str) – Storage account SAS definition secret id.
  • template_uri (str) – The SAS definition token template signed with an arbitrary key. Tokens created according to the SAS definition will have the same properties as the template.
  • sas_type (str or SasTokenType) – The type of SAS token the SAS definition will create. Possible values include: ‘account’, ‘service’
  • validity_period (str) – The validity period of SAS tokens created according to the SAS definition.
  • attributes (SasDefinitionAttributes) – The SAS definition attributes.
  • tags (dict[str, str]) – Application specific metadata in the form of key-value pairs
class azure.keyvault.models.DeletedSasDefinitionBundle(*, recovery_id: str = None, **kwargs)[source]

Bases: azure.keyvault.models.sas_definition_bundle_py3.SasDefinitionBundle

A deleted SAS definition bundle consisting of its previous id, attributes and its tags, as well as information on when it will be purged.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:
  • id (str) – The SAS definition id.
  • secret_id (str) – Storage account SAS definition secret id.
  • template_uri (str) – The SAS definition token template signed with an arbitrary key. Tokens created according to the SAS definition will have the same properties as the template.
  • sas_type (str or SasTokenType) – The type of SAS token the SAS definition will create. Possible values include: ‘account’, ‘service’
  • validity_period (str) – The validity period of SAS tokens created according to the SAS definition.
  • attributes (SasDefinitionAttributes) – The SAS definition attributes.
  • tags (dict[str, str]) – Application specific metadata in the form of key-value pairs
  • scheduled_purge_date (datetime) – The time when the SAS definition is scheduled to be purged, in UTC
  • deleted_date (datetime) – The time when the SAS definition was deleted, in UTC
Parameters:

recovery_id (str) – The url of the recovery object, used to identify and recover the deleted SAS definition.

class azure.keyvault.models.SasDefinitionItem(**kwargs)[source]

Bases: msrest.serialization.Model

The SAS definition item containing storage SAS definition metadata.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:
  • id (str) – The storage SAS identifier.
  • secret_id (str) – The storage account SAS definition secret id.
  • attributes (SasDefinitionAttributes) – The SAS definition management attributes.
  • tags (dict[str, str]) – Application specific metadata in the form of key-value pairs.
class azure.keyvault.models.DeletedSasDefinitionItem(*, recovery_id: str = None, **kwargs)[source]

Bases: azure.keyvault.models.sas_definition_item_py3.SasDefinitionItem

The deleted SAS definition item containing metadata about the deleted SAS definition.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:
  • id (str) – The storage SAS identifier.
  • secret_id (str) – The storage account SAS definition secret id.
  • attributes (SasDefinitionAttributes) – The SAS definition management attributes.
  • tags (dict[str, str]) – Application specific metadata in the form of key-value pairs.
  • scheduled_purge_date (datetime) – The time when the SAS definition is scheduled to be purged, in UTC
  • deleted_date (datetime) – The time when the SAS definition was deleted, in UTC
Parameters:

recovery_id (str) – The url of the recovery object, used to identify and recover the deleted SAS definition.

class azure.keyvault.models.SasDefinitionCreateParameters(*, template_uri: str, sas_type, validity_period: str, sas_definition_attributes=None, tags=None, **kwargs)[source]

Bases: msrest.serialization.Model

The SAS definition create parameters.

All required parameters must be populated in order to send to Azure.

Parameters:
  • template_uri (str) – Required. The SAS definition token template signed with an arbitrary key. Tokens created according to the SAS definition will have the same properties as the template.
  • sas_type (str or SasTokenType) – Required. The type of SAS token the SAS definition will create. Possible values include: ‘account’, ‘service’
  • validity_period (str) – Required. The validity period of SAS tokens created according to the SAS definition.
  • sas_definition_attributes (SasDefinitionAttributes) – The attributes of the SAS definition.
  • tags (dict[str, str]) – Application specific metadata in the form of key-value pairs.
class azure.keyvault.models.SasDefinitionUpdateParameters(*, template_uri: str = None, sas_type=None, validity_period: str = None, sas_definition_attributes=None, tags=None, **kwargs)[source]

Bases: msrest.serialization.Model

The SAS definition update parameters.

Parameters:
  • template_uri (str) – The SAS definition token template signed with an arbitrary key. Tokens created according to the SAS definition will have the same properties as the template.
  • sas_type (str or SasTokenType) – The type of SAS token the SAS definition will create. Possible values include: ‘account’, ‘service’
  • validity_period (str) – The validity period of SAS tokens created according to the SAS definition.
  • sas_definition_attributes (SasDefinitionAttributes) – The attributes of the SAS definition.
  • tags (dict[str, str]) – Application specific metadata in the form of key-value pairs.
class azure.keyvault.models.KeyVaultError(**kwargs)[source]

Bases: msrest.serialization.Model

The key vault error exception.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:error (Error) –
exception azure.keyvault.models.KeyVaultErrorException(deserialize, response, *args)[source]

Bases: msrest.exceptions.HttpOperationError

Server responsed with exception of type: ‘KeyVaultError’.

Parameters:
  • deserialize – A deserializer
  • response – Server response to be deserialized.
class azure.keyvault.models.CertificateRestoreParameters(*, certificate_bundle_backup: bytes, **kwargs)[source]

Bases: msrest.serialization.Model

The certificate restore parameters.

All required parameters must be populated in order to send to Azure.

Parameters:certificate_bundle_backup (bytes) – Required. The backup blob associated with a certificate bundle.
class azure.keyvault.models.BackupCertificateResult(**kwargs)[source]

Bases: msrest.serialization.Model

The backup certificate result, containing the backup blob.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:value (bytes) – The backup blob containing the backed up certificate.
class azure.keyvault.models.KeyItemPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of KeyItem object

class azure.keyvault.models.DeletedKeyItemPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of DeletedKeyItem object

class azure.keyvault.models.SecretItemPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of SecretItem object

class azure.keyvault.models.DeletedSecretItemPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of DeletedSecretItem object

class azure.keyvault.models.CertificateItemPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of CertificateItem object

class azure.keyvault.models.CertificateIssuerItemPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of CertificateIssuerItem object

class azure.keyvault.models.DeletedCertificateItemPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of DeletedCertificateItem object

class azure.keyvault.models.StorageAccountItemPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of StorageAccountItem object

class azure.keyvault.models.DeletedStorageAccountItemPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of DeletedStorageAccountItem object

class azure.keyvault.models.SasDefinitionItemPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of SasDefinitionItem object

class azure.keyvault.models.DeletedSasDefinitionItemPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of DeletedSasDefinitionItem object

class azure.keyvault.models.JsonWebKeyType[source]

Bases: str, enum.Enum

An enumeration.

ec = 'EC'

Elliptic Curve.

ec_hsm = 'EC-HSM'

Elliptic Curve with a private key which is not exportable from the HSM.

oct = 'oct'

Octet sequence (used to represent symmetric keys)

rsa = 'RSA'

RSA (https://tools.ietf.org/html/rfc3447)

rsa_hsm = 'RSA-HSM'

RSA with a private key which is not exportable from the HSM.

class azure.keyvault.models.JsonWebKeyCurveName[source]

Bases: str, enum.Enum

An enumeration.

p_256 = 'P-256'

The NIST P-256 elliptic curve, AKA SECG curve SECP256R1.

p_256_k = 'P-256K'

The SECG SECP256K1 elliptic curve.

p_384 = 'P-384'

The NIST P-384 elliptic curve, AKA SECG curve SECP384R1.

p_521 = 'P-521'

The NIST P-521 elliptic curve, AKA SECG curve SECP521R1.

class azure.keyvault.models.DeletionRecoveryLevel[source]

Bases: str, enum.Enum

An enumeration.

purgeable = 'Purgeable'
recoverable = 'Recoverable'
recoverable_protected_subscription = 'Recoverable+ProtectedSubscription'
recoverable_purgeable = 'Recoverable+Purgeable'
class azure.keyvault.models.KeyUsageType[source]

Bases: str, enum.Enum

An enumeration.

c_rl_sign = 'cRLSign'
data_encipherment = 'dataEncipherment'
decipher_only = 'decipherOnly'
digital_signature = 'digitalSignature'
encipher_only = 'encipherOnly'
key_agreement = 'keyAgreement'
key_cert_sign = 'keyCertSign'
key_encipherment = 'keyEncipherment'
non_repudiation = 'nonRepudiation'
class azure.keyvault.models.ActionType[source]

Bases: str, enum.Enum

An enumeration.

auto_renew = 'AutoRenew'
email_contacts = 'EmailContacts'
class azure.keyvault.models.JsonWebKeyOperation[source]

Bases: str, enum.Enum

An enumeration.

decrypt = 'decrypt'
encrypt = 'encrypt'
sign = 'sign'
unwrap_key = 'unwrapKey'
verify = 'verify'
wrap_key = 'wrapKey'
class azure.keyvault.models.JsonWebKeyEncryptionAlgorithm[source]

Bases: str, enum.Enum

An enumeration.

rsa1_5 = 'RSA1_5'
rsa_oaep = 'RSA-OAEP'
rsa_oaep_256 = 'RSA-OAEP-256'
class azure.keyvault.models.JsonWebKeySignatureAlgorithm[source]

Bases: str, enum.Enum

An enumeration.

es256 = 'ES256'

ECDSA using P-256 and SHA-256, as described in https://tools.ietf.org/html/rfc7518.

es256_k = 'ES256K'

ECDSA using P-256K and SHA-256, as described in https://tools.ietf.org/html/rfc7518

es384 = 'ES384'

ECDSA using P-384 and SHA-384, as described in https://tools.ietf.org/html/rfc7518

es512 = 'ES512'

ECDSA using P-521 and SHA-512, as described in https://tools.ietf.org/html/rfc7518

ps256 = 'PS256'

RSASSA-PSS using SHA-256 and MGF1 with SHA-256, as described in https://tools.ietf.org/html/rfc7518

ps384 = 'PS384'

RSASSA-PSS using SHA-384 and MGF1 with SHA-384, as described in https://tools.ietf.org/html/rfc7518

ps512 = 'PS512'

RSASSA-PSS using SHA-512 and MGF1 with SHA-512, as described in https://tools.ietf.org/html/rfc7518

rs256 = 'RS256'

RSASSA-PKCS1-v1_5 using SHA-256, as described in https://tools.ietf.org/html/rfc7518

rs384 = 'RS384'

RSASSA-PKCS1-v1_5 using SHA-384, as described in https://tools.ietf.org/html/rfc7518

rs512 = 'RS512'

RSASSA-PKCS1-v1_5 using SHA-512, as described in https://tools.ietf.org/html/rfc7518

rsnull = 'RSNULL'

Reserved

class azure.keyvault.models.SasTokenType[source]

Bases: str, enum.Enum

An enumeration.

account = 'account'
service = 'service'