RochesterX/PasswordManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
511a3459c45959f4e54c21edf489ecbdf8ff8bb3
PasswordManager/node_modules/@azure/keyvault-keys/dist/esm/index.d.ts
RochesterX 6e820464d5 Initial
2025-11-12 10:13:24 -05:00

766 lines
35 KiB
TypeScript
Raw Blame History

import type { TokenCredential } from "@azure/core-auth";
import { logger } from "./log.js";
import { PageSettings, PagedAsyncIterableIterator } from "@azure/core-paging";
import { PollOperationState, PollerLike } from "@azure/core-lro";
import { DeletionRecoveryLevel, KnownDeletionRecoveryLevel } from "./generated/models/index.js";
import { BackupKeyOptions, BeginDeleteKeyOptions, BeginRecoverDeletedKeyOptions, CreateEcKeyOptions, CreateKeyOptions, CreateOctKeyOptions, CreateRsaKeyOptions, CryptographyClientOptions, CryptographyOptions, DeletedKey, GetCryptographyClientOptions, GetDeletedKeyOptions, GetKeyAttestationOptions, GetKeyOptions, GetKeyRotationPolicyOptions, GetRandomBytesOptions, ImportKeyOptions, JsonWebKey, KeyAttestation, KeyClientOptions, KeyExportEncryptionAlgorithm, KeyOperation, KeyPollerOptions, KeyProperties, KeyReleasePolicy, KeyRotationLifetimeAction, KeyRotationPolicy, KeyRotationPolicyAction, KeyRotationPolicyProperties, KeyType, KeyVaultKey, KnownKeyOperations, ListDeletedKeysOptions, ListPropertiesOfKeyVersionsOptions, ListPropertiesOfKeysOptions, PurgeDeletedKeyOptions, ReleaseKeyOptions, ReleaseKeyResult, RestoreKeyBackupOptions, RotateKeyOptions, UpdateKeyPropertiesOptions, UpdateKeyRotationPolicyOptions } from "./keysModels.js";
import { CryptographyClient } from "./cryptographyClient.js";
import { AesCbcDecryptParameters, AesCbcEncryptParameters, AesCbcEncryptionAlgorithm, AesGcmDecryptParameters, AesGcmEncryptParameters, AesGcmEncryptionAlgorithm, DecryptOptions, DecryptParameters, DecryptResult, EncryptOptions, EncryptParameters, EncryptResult, EncryptionAlgorithm, KeyCurveName, KeyWrapAlgorithm, KnownKeyExportEncryptionAlgorithm, KnownEncryptionAlgorithms, KnownKeyTypes, KnownKeyCurveNames, KnownSignatureAlgorithms, RsaDecryptParameters, RsaEncryptParameters, RsaEncryptionAlgorithm, SignOptions, SignResult, SignatureAlgorithm, UnwrapKeyOptions, UnwrapResult, VerifyDataOptions, VerifyOptions, VerifyResult, WrapKeyOptions, WrapResult } from "./cryptographyClientModels.js";
import { KeyVaultKeyIdentifier, parseKeyVaultKeyIdentifier } from "./identifier.js";
export { CryptographyClientOptions, KeyClientOptions, BackupKeyOptions, CreateEcKeyOptions, CreateKeyOptions, CreateRsaKeyOptions, CreateOctKeyOptions, CryptographyClient, CryptographyOptions, RsaEncryptionAlgorithm, RsaDecryptParameters, AesGcmEncryptionAlgorithm, AesGcmDecryptParameters, AesCbcEncryptionAlgorithm, AesCbcDecryptParameters, DecryptParameters, DecryptOptions, DecryptResult, DeletedKey, DeletionRecoveryLevel, KnownDeletionRecoveryLevel, RsaEncryptParameters, AesGcmEncryptParameters, AesCbcEncryptParameters, EncryptParameters, EncryptOptions, EncryptResult, GetDeletedKeyOptions, GetKeyAttestationOptions, GetKeyOptions, GetRandomBytesOptions, ImportKeyOptions, JsonWebKey, KeyAttestation, KeyCurveName, KnownKeyCurveNames, KnownKeyExportEncryptionAlgorithm, EncryptionAlgorithm, KnownEncryptionAlgorithms, KeyOperation, KnownKeyOperations, KeyType, KnownKeyTypes, KeyPollerOptions, BeginDeleteKeyOptions, BeginRecoverDeletedKeyOptions, KeyProperties, SignatureAlgorithm, KnownSignatureAlgorithms, KeyVaultKey, KeyWrapAlgorithm, ListPropertiesOfKeysOptions, ListPropertiesOfKeyVersionsOptions, ListDeletedKeysOptions, PageSettings, PagedAsyncIterableIterator, KeyVaultKeyIdentifier, parseKeyVaultKeyIdentifier, PollOperationState, PollerLike, PurgeDeletedKeyOptions, RestoreKeyBackupOptions, RotateKeyOptions, SignOptions, SignResult, UnwrapKeyOptions, UnwrapResult, UpdateKeyPropertiesOptions, VerifyOptions, VerifyDataOptions, VerifyResult, WrapKeyOptions, WrapResult, ReleaseKeyOptions, ReleaseKeyResult, KeyReleasePolicy, KeyExportEncryptionAlgorithm, GetCryptographyClientOptions, KeyRotationPolicyAction, KeyRotationPolicyProperties, KeyRotationPolicy, KeyRotationLifetimeAction, UpdateKeyRotationPolicyOptions, GetKeyRotationPolicyOptions, logger, };
/**
* The KeyClient provides methods to manage {@link KeyVaultKey} in the
* Azure Key Vault. The client supports creating, retrieving, updating,
* deleting, purging, backing up, restoring and listing KeyVaultKeys. The
* client also supports listing {@link DeletedKey} for a soft-delete enabled Azure Key
* Vault.
*/
export declare class KeyClient {
/**
* The base URL to the vault
*/
readonly vaultUrl: string;
/**
* A reference to the auto-generated Key Vault HTTP client.
*/
private readonly client;
/**
* A reference to the credential that was used to construct this client.
* Later used to instantiate a {@link CryptographyClient} with the same credential.
*/
private readonly credential;
/**
* Creates an instance of KeyClient.
*
* Example usage:
* ```ts snippet:ReadmeSampleCreateClient
* import { DefaultAzureCredential } from "@azure/identity";
* import { KeyClient } from "@azure/keyvault-keys";
*
* const credential = new DefaultAzureCredential();
*
* // Build the URL to reach your key vault
* const vaultName = "<YOUR KEYVAULT NAME>";
* const url = `https://${vaultName}.vault.azure.net`; // or `https://${vaultName}.managedhsm.azure.net` for managed HSM.
*
* // Lastly, create our keys client and connect to the service
* const client = new KeyClient(url, credential);
* ```
* @param vaultUrl - the URL of the Key Vault. It should have this shape: `https://${your-key-vault-name}.vault.azure.net`. You should validate that this URL references a valid Key Vault or Managed HSM resource. See https://aka.ms/azsdk/blog/vault-uri for details.
* @param credential - An object that implements the `TokenCredential` interface used to authenticate requests to the service. Use the \@azure/identity package to create a credential that suits your needs.
* @param pipelineOptions - Pipeline options used to configure Key Vault API requests. Omit this parameter to use the default pipeline configuration.
*/
constructor(vaultUrl: string, credential: TokenCredential, pipelineOptions?: KeyClientOptions);
/**
* The create key operation can be used to create any key type in Azure Key Vault. If the named key
* already exists, Azure Key Vault creates a new version of the key. It requires the keys/create
* permission.
*
* Example usage:
* ```ts snippet:ReadmeSampleCreateKey
* import { DefaultAzureCredential } from "@azure/identity";
* import { KeyClient } from "@azure/keyvault-keys";
*
* const credential = new DefaultAzureCredential();
*
* const vaultName = "<YOUR KEYVAULT NAME>";
* const url = `https://${vaultName}.vault.azure.net`;
*
* const client = new KeyClient(url, credential);
*
* const keyName = "MyKeyName";
* const result = await client.createKey(keyName, "RSA");
* console.log("result: ", result);
* ```
* Creates a new key, stores it, then returns key parameters and properties to the client.
* @param name - The name of the key.
* @param keyType - The type of the key. One of the following: 'EC', 'EC-HSM', 'RSA', 'RSA-HSM', 'oct'.
* @param options - The optional parameters.
*/
createKey(name: string, keyType: KeyType, options?: CreateKeyOptions): Promise<KeyVaultKey>;
/**
* The createEcKey method creates a new elliptic curve key in Azure Key Vault. If the named key
* already exists, Azure Key Vault creates a new version of the key. It requires the keys/create
* permission.
*
* Example usage:
* ```ts snippet:ReadmeSampleCreateEcKey
* import { DefaultAzureCredential } from "@azure/identity";
* import { KeyClient } from "@azure/keyvault-keys";
*
* const credential = new DefaultAzureCredential();
*
* const vaultName = "<YOUR KEYVAULT NAME>";
* const url = `https://${vaultName}.vault.azure.net`;
*
* const client = new KeyClient(url, credential);
*
* const keyName = "MyKeyName";
* const result = await client.createEcKey(keyName, { curve: "P-256" });
* console.log("result: ", result);
* ```
* Creates a new key, stores it, then returns key parameters and properties to the client.
* @param name - The name of the key.
* @param options - The optional parameters.
*/
createEcKey(name: string, options?: CreateEcKeyOptions): Promise<KeyVaultKey>;
/**
* The createRSAKey method creates a new RSA key in Azure Key Vault. If the named key
* already exists, Azure Key Vault creates a new version of the key. It requires the keys/create
* permission.
*
* Example usage:
* ```ts snippet:ReadmeSampleCreateRsaKey
* import { DefaultAzureCredential } from "@azure/identity";
* import { KeyClient } from "@azure/keyvault-keys";
*
* const credential = new DefaultAzureCredential();
*
* const vaultName = "<YOUR KEYVAULT NAME>";
* const url = `https://${vaultName}.vault.azure.net`;
*
* const client = new KeyClient(url, credential);
*
* const keyName = "MyKeyName";
* const result = await client.createRsaKey("MyKey", { keySize: 2048 });
* console.log("result: ", result);
* ```
* Creates a new key, stores it, then returns key parameters and properties to the client.
* @param name - The name of the key.
* @param options - The optional parameters.
*/
createRsaKey(name: string, options?: CreateRsaKeyOptions): Promise<KeyVaultKey>;
/**
* The createOctKey method creates a new OCT key in Azure Key Vault. If the named key
* already exists, Azure Key Vault creates a new version of the key. It requires the keys/create
* permission.
*
* Example usage:
* ```ts snippet:ReadmeSampleCreateOctKey
* import { DefaultAzureCredential } from "@azure/identity";
* import { KeyClient } from "@azure/keyvault-keys";
*
* const credential = new DefaultAzureCredential();
*
* const vaultName = "<YOUR KEYVAULT NAME>";
* const url = `https://${vaultName}.vault.azure.net`;
*
* const client = new KeyClient(url, credential);
*
* const keyName = "MyKeyName";
* const result = await client.createOctKey("MyKey", { hsm: true });
* console.log("result: ", result);
* ```
* Creates a new key, stores it, then returns key parameters and properties to the client.
* @param name - The name of the key.
* @param options - The optional parameters.
*/
createOctKey(name: string, options?: CreateOctKeyOptions): Promise<KeyVaultKey>;
/**
* The import key operation may be used to import any key type into an Azure Key Vault. If the
* named key already exists, Azure Key Vault creates a new version of the key. This operation
* requires the keys/import permission.
*
* Example usage:
* ```ts snippet:ReadmeSampleImportKey
* import { DefaultAzureCredential } from "@azure/identity";
* import { KeyClient } from "@azure/keyvault-keys";
*
* const credential = new DefaultAzureCredential();
*
* const vaultName = "<YOUR KEYVAULT NAME>";
* const url = `https://${vaultName}.vault.azure.net`;
*
* const client = new KeyClient(url, credential);
*
* const jsonWebKey = {
* kty: "RSA",
* kid: "test-key-123",
* use: "sig",
* alg: "RS256",
* n: new Uint8Array([112, 34, 56, 98, 123, 244, 200, 99]),
* e: new Uint8Array([1, 0, 1]),
* d: new Uint8Array([45, 67, 89, 23, 144, 200, 76, 233]),
* p: new Uint8Array([34, 89, 100, 77, 204, 56, 29, 77]),
* q: new Uint8Array([78, 99, 201, 45, 188, 34, 67, 90]),
* dp: new Uint8Array([23, 45, 78, 56, 200, 144, 32, 67]),
* dq: new Uint8Array([12, 67, 89, 144, 99, 56, 23, 45]),
* qi: new Uint8Array([78, 90, 45, 201, 34, 67, 120, 55]),
* };
*
* const result = await client.importKey("MyKey", jsonWebKey);
* ```
* Imports an externally created key, stores it, and returns key parameters and properties
* to the client.
* @param name - Name for the imported key.
* @param key - The JSON web key.
* @param options - The optional parameters.
*/
importKey(name: string, key: JsonWebKey, options?: ImportKeyOptions): Promise<KeyVaultKey>;
/**
* Gets a {@link CryptographyClient} for the given key.
*
* Example usage:
* ```ts snippet:ReadmeSampleGetCryptographyClient
* import { DefaultAzureCredential } from "@azure/identity";
* import { KeyClient } from "@azure/keyvault-keys";
*
* const credential = new DefaultAzureCredential();
*
* const vaultName = "<YOUR KEYVAULT NAME>";
* const url = `https://${vaultName}.vault.azure.net`;
*
* const client = new KeyClient(url, credential);
*
* // Get a cryptography client for a given key
* const cryptographyClient = client.getCryptographyClient("MyKey");
* ```
* @param name - The name of the key used to perform cryptographic operations.
* @param version - Optional version of the key used to perform cryptographic operations.
* @returns - A {@link CryptographyClient} using the same options, credentials, and http client as this {@link KeyClient}
*/
getCryptographyClient(keyName: string, options?: GetCryptographyClientOptions): CryptographyClient;
/**
* The delete operation applies to any key stored in Azure Key Vault. Individual versions
* of a key can not be deleted, only all versions of a given key at once.
*
* This function returns a Long Running Operation poller that allows you to wait indefinitely until the key is deleted.
*
* This operation requires the keys/delete permission.
*
* Example usage:
* ```ts snippet:ReadmeSampleDeleteKey
* import { DefaultAzureCredential } from "@azure/identity";
* import { KeyClient } from "@azure/keyvault-keys";
*
* const credential = new DefaultAzureCredential();
*
* const vaultName = "<YOUR KEYVAULT NAME>";
* const url = `https://${vaultName}.vault.azure.net`;
*
* const client = new KeyClient(url, credential);
*
* const keyName = "MyKeyName";
*
* const poller = await client.beginDeleteKey(keyName);
* await poller.pollUntilDone();
* ```
* Deletes a key from a specified key vault.
* @param name - The name of the key.
* @param options - The optional parameters.
*/
beginDeleteKey(name: string, options?: BeginDeleteKeyOptions): Promise<PollerLike<PollOperationState<DeletedKey>, DeletedKey>>;
/**
* The updateKeyProperties method changes specified properties of an existing stored key. Properties that
* are not specified in the request are left unchanged. The value of a key itself cannot be
* changed. This operation requires the keys/set permission.
*
* Example usage:
* ```ts snippet:ReadmeSampleUpdateKeyProperties
* import { DefaultAzureCredential } from "@azure/identity";
* import { KeyClient } from "@azure/keyvault-keys";
*
* const credential = new DefaultAzureCredential();
*
* const vaultName = "<YOUR KEYVAULT NAME>";
* const url = `https://${vaultName}.vault.azure.net`;
*
* const client = new KeyClient(url, credential);
*
* const keyName = "MyKeyName";
*
* const result = await client.createKey(keyName, "RSA");
* await client.updateKeyProperties(keyName, result.properties.version, {
* enabled: false,
* });
* ```
* Updates the properties associated with a specified key in a given key vault.
* @param name - The name of the key.
* @param keyVersion - The version of the key.
* @param options - The optional parameters.
*/
updateKeyProperties(name: string, keyVersion: string, options?: UpdateKeyPropertiesOptions): Promise<KeyVaultKey>;
/**
* The updateKeyProperties method changes specified properties of the latest version of an existing stored key. Properties that
* are not specified in the request are left unchanged. The value of a key itself cannot be
* changed. This operation requires the keys/set permission.
*
* Example usage:
* ```ts snippet:ReadmeSampleUpdateKeyProperties
* import { DefaultAzureCredential } from "@azure/identity";
* import { KeyClient } from "@azure/keyvault-keys";
*
* const credential = new DefaultAzureCredential();
*
* const vaultName = "<YOUR KEYVAULT NAME>";
* const url = `https://${vaultName}.vault.azure.net`;
*
* const client = new KeyClient(url, credential);
*
* const keyName = "MyKeyName";
*
* const result = await client.createKey(keyName, "RSA");
* await client.updateKeyProperties(keyName, result.properties.version, {
* enabled: false,
* });
* ```
* Updates the properties associated with a specified key in a given key vault.
* @param name - The name of the key.
* @param keyVersion - The version of the key.
* @param options - The optional parameters.
*/
updateKeyProperties(name: string, options?: UpdateKeyPropertiesOptions): Promise<KeyVaultKey>;
/**
* Standardizes an overloaded arguments collection for the updateKeyProperties method.
*
* @param args - The arguments collection.
* @returns - The standardized arguments collection.
*/
private disambiguateUpdateKeyPropertiesArgs;
/**
* The getKey method gets a specified key and is applicable to any key stored in Azure Key Vault.
* This operation requires the keys/get permission.
*
* Example usage:
* ```ts snippet:ReadmeSampleGetKey
* import { DefaultAzureCredential } from "@azure/identity";
* import { KeyClient } from "@azure/keyvault-keys";
*
* const credential = new DefaultAzureCredential();
*
* const vaultName = "<YOUR KEYVAULT NAME>";
* const url = `https://${vaultName}.vault.azure.net`;
*
* const client = new KeyClient(url, credential);
*
* const keyName = "MyKeyName";
*
* const latestKey = await client.getKey(keyName);
* console.log(`Latest version of the key ${keyName}: `, latestKey);
*
* const specificKey = await client.getKey(keyName, { version: latestKey.properties.version! });
* console.log(`The key ${keyName} at the version ${latestKey.properties.version!}: `, specificKey);
* ```
* Get a specified key from a given key vault.
* @param name - The name of the key.
* @param options - The optional parameters.
*/
getKey(name: string, options?: GetKeyOptions): Promise<KeyVaultKey>;
/**
* The getKeyAttestation method gets a specified key and its attestation blob and is applicable to any key stored in Azure Key Vault Managed HSM.
* This operation requires the keys/get permission.
*
* Example usage:
* ```ts snippet:ReadmeSampleGetKeyAttestation
* import { DefaultAzureCredential } from "@azure/identity";
* import { KeyClient } from "@azure/keyvault-keys";
*
* const credential = new DefaultAzureCredential();
*
* const vaultName = "<YOUR KEYVAULT MANAGED HSM NAME>";
* const url = `https://${vaultName}.managedhsm.azure.net`;
*
* const client = new KeyClient(url, credential);
*
* const keyName = "MyKeyName";
*
* const latestKey = await client.getKeyAttestation(keyName);
* console.log(`Latest version of the key ${keyName}: `, latestKey);
*
* const specificKey = await client.getKeyAttestation(keyName, {
* version: latestKey.properties.version!,
* });
* console.log(`The key ${keyName} at the version ${latestKey.properties.version!}: `, specificKey);
* ```
* Get a specified key from a given key vault.
* @param name - The name of the key.
* @param options - The optional parameters.
*/
getKeyAttestation(name: string, options?: GetKeyAttestationOptions): Promise<KeyVaultKey>;
/**
* The getDeletedKey method returns the specified deleted key along with its properties.
* This operation requires the keys/get permission.
*
* Example usage:
* ```ts snippet:ReadmeSampleGetDeletedKey
* import { DefaultAzureCredential } from "@azure/identity";
* import { KeyClient } from "@azure/keyvault-keys";
*
* const credential = new DefaultAzureCredential();
*
* const vaultName = "<YOUR KEYVAULT NAME>";
* const url = `https://${vaultName}.vault.azure.net`;
*
* const client = new KeyClient(url, credential);
*
* const keyName = "MyKeyName";
*
* await client.getDeletedKey(keyName);
* ```
* Gets the specified deleted key.
* @param name - The name of the key.
* @param options - The optional parameters.
*/
getDeletedKey(name: string, options?: GetDeletedKeyOptions): Promise<DeletedKey>;
/**
* The purge deleted key operation removes the key permanently, without the possibility of
* recovery. This operation can only be enabled on a soft-delete enabled vault. This operation
* requires the keys/purge permission.
*
* Example usage:
* ```ts snippet:ReadmeSamplePurgeDeletedKey
* import { DefaultAzureCredential } from "@azure/identity";
* import { KeyClient } from "@azure/keyvault-keys";
*
* const credential = new DefaultAzureCredential();
*
* const vaultName = "<YOUR KEYVAULT NAME>";
* const url = `https://${vaultName}.vault.azure.net`;
*
* const client = new KeyClient(url, credential);
*
* const keyName = "MyKeyName";
*
* const deletePoller = await client.beginDeleteKey(keyName);
* await deletePoller.pollUntilDone();
*
* await client.purgeDeletedKey(keyName);
* ```
* Permanently deletes the specified key.
* @param name - The name of the key.
* @param options - The optional parameters.
*/
purgeDeletedKey(name: string, options?: PurgeDeletedKeyOptions): Promise<void>;
/**
* Recovers the deleted key in the specified vault. This operation can only be performed on a
* soft-delete enabled vault.
*
* This function returns a Long Running Operation poller that allows you to wait indefinitely until the deleted key is recovered.
*
* This operation requires the keys/recover permission.
*
* Example usage:
* ```ts snippet:ReadmeSampleRecoverDeletedKey
* import { DefaultAzureCredential } from "@azure/identity";
* import { KeyClient } from "@azure/keyvault-keys";
*
* const credential = new DefaultAzureCredential();
*
* const vaultName = "<YOUR KEYVAULT NAME>";
* const url = `https://${vaultName}.vault.azure.net`;
*
* const client = new KeyClient(url, credential);
*
* const keyName = "MyKeyName";
*
* const deletePoller = await client.beginDeleteKey(keyName);
* await deletePoller.pollUntilDone();
*
* const recoverPoller = await client.beginRecoverDeletedKey(keyName);
* const recoveredKey = await recoverPoller.pollUntilDone();
* ```
* Recovers the deleted key to the latest version.
* @param name - The name of the deleted key.
* @param options - The optional parameters.
*/
beginRecoverDeletedKey(name: string, options?: BeginRecoverDeletedKeyOptions): Promise<PollerLike<PollOperationState<DeletedKey>, DeletedKey>>;
/**
* Requests that a backup of the specified key be downloaded to the client. All versions of the
* key will be downloaded. This operation requires the keys/backup permission.
*
* Example usage:
* ```ts snippet:ReadmeSampleBackupKey
* import { DefaultAzureCredential } from "@azure/identity";
* import { KeyClient } from "@azure/keyvault-keys";
*
* const credential = new DefaultAzureCredential();
*
* const vaultName = "<YOUR KEYVAULT NAME>";
* const url = `https://${vaultName}.vault.azure.net`;
*
* const client = new KeyClient(url, credential);
*
* const keyName = "MyKeyName";
*
* const backupContents = await client.backupKey(keyName);
* ```
* Backs up the specified key.
* @param name - The name of the key.
* @param options - The optional parameters.
*/
backupKey(name: string, options?: BackupKeyOptions): Promise<Uint8Array | undefined>;
/**
* Restores a backed up key, and all its versions, to a vault. This operation requires the
* keys/restore permission.
*
* Example usage:
* ```ts snippet:ReadmeSampleRestoreKeyBackup
* import { DefaultAzureCredential } from "@azure/identity";
* import { KeyClient } from "@azure/keyvault-keys";
*
* const credential = new DefaultAzureCredential();
*
* const vaultName = "<YOUR KEYVAULT NAME>";
* const url = `https://${vaultName}.vault.azure.net`;
*
* const client = new KeyClient(url, credential);
*
* const keyName = "MyKeyName";
*
* const backupContents = await client.backupKey(keyName);
*
* const key = await client.restoreKeyBackup(backupContents);
* ```
* Restores a backed up key to a vault.
* @param backup - The backup blob associated with a key bundle.
* @param options - The optional parameters.
*/
restoreKeyBackup(backup: Uint8Array, options?: RestoreKeyBackupOptions): Promise<KeyVaultKey>;
/**
* Gets the requested number of bytes containing random values from a managed HSM.
* This operation requires the managedHsm/rng permission.
*
* Example usage:
* ```ts snippet:ReadmeSampleGetRandomBytes
* import { DefaultAzureCredential } from "@azure/identity";
* import { KeyClient } from "@azure/keyvault-keys";
*
* const credential = new DefaultAzureCredential();
*
* const vaultName = "<YOUR KEYVAULT NAME>";
* const url = `https://${vaultName}.vault.azure.net`;
*
* const client = new KeyClient(url, credential);
*
* const bytes = await client.getRandomBytes(10);
* ```
* @param count - The number of bytes to generate between 1 and 128 inclusive.
* @param options - The optional parameters.
*/
getRandomBytes(count: number, options?: GetRandomBytesOptions): Promise<Uint8Array>;
/**
* Rotates the key based on the key policy by generating a new version of the key. This operation requires the keys/rotate permission.
*
* Example usage:
* ```ts snippet:ReadmeSampleKeyRotation
* import { DefaultAzureCredential } from "@azure/identity";
* import { KeyClient } from "@azure/keyvault-keys";
*
* const credential = new DefaultAzureCredential();
*
* const vaultName = "<YOUR KEYVAULT NAME>";
* const url = `https://${vaultName}.vault.azure.net`;
*
* const client = new KeyClient(url, credential);
*
* const keyName = "MyKeyName";
*
* // Set the key's automated rotation policy to rotate the key 30 days before expiry.
* const policy = await client.updateKeyRotationPolicy(keyName, {
* lifetimeActions: [
* {
* action: "Rotate",
* timeBeforeExpiry: "P30D",
* },
* ],
* // You may also specify the duration after which any newly rotated key will expire.
* // In this case, any new key versions will expire after 90 days.
* expiresIn: "P90D",
* });
*
* // You can get the current key rotation policy of a given key by calling the getKeyRotationPolicy method.
* const currentPolicy = await client.getKeyRotationPolicy(keyName);
*
* // Finally, you can rotate a key on-demand by creating a new version of the given key.
* const rotatedKey = await client.rotateKey(keyName);
* ```
*
* @param name - The name of the key to rotate.
* @param options - The optional parameters.
*/
rotateKey(name: string, options?: RotateKeyOptions): Promise<KeyVaultKey>;
/**
* Releases a key from a managed HSM.
*
* The release key operation is applicable to all key types. The operation requires the key to be marked exportable and the keys/release permission.
*
* Example usage:
* ```ts snippet:ReadmeSampleReleaseKey
* import { DefaultAzureCredential } from "@azure/identity";
* import { KeyClient } from "@azure/keyvault-keys";
*
* const credential = new DefaultAzureCredential();
*
* const vaultName = "<YOUR KEYVAULT NAME>";
* const url = `https://${vaultName}.vault.azure.net`;
*
* const client = new KeyClient(url, credential);
*
* const keyName = "MyKeyName";
*
* const result = await client.releaseKey("myKey", "<attestation-target>");
* ```
*
* @param name - The name of the key.
* @param targetAttestationToken - The attestation assertion for the target of the key release.
* @param options - The optional parameters.
*/
releaseKey(name: string, targetAttestationToken: string, options?: ReleaseKeyOptions): Promise<ReleaseKeyResult>;
/**
* Gets the rotation policy of a Key Vault Key.
* By default, all keys have a policy that will notify 30 days before expiry.
*
* This operation requires the keys/get permission.
* Example usage:
* ```ts snippet:ReadmeSampleGetKeyRotationPolicy
* import { DefaultAzureCredential } from "@azure/identity";
* import { KeyClient } from "@azure/keyvault-keys";
*
* const credential = new DefaultAzureCredential();
*
* const vaultName = "<YOUR KEYVAULT NAME>";
* const url = `https://${vaultName}.vault.azure.net`;
*
* const client = new KeyClient(url, credential);
*
* const keyName = "MyKeyName";
*
* const result = await client.getKeyRotationPolicy(keyName);
* ```
*
* @param keyName - The name of the key.
* @param options - The optional parameters.
*/
getKeyRotationPolicy(keyName: string, options?: GetKeyRotationPolicyOptions): Promise<KeyRotationPolicy>;
/**
* Updates the rotation policy of a Key Vault Key.
* This operation requires the keys/update permission.
*
* Example usage:
* ```ts snippet:ReadmeSampleUpdateKeyRotationPolicy
* import { DefaultAzureCredential } from "@azure/identity";
* import { KeyClient } from "@azure/keyvault-keys";
*
* const credential = new DefaultAzureCredential();
*
* const vaultName = "<YOUR KEYVAULT NAME>";
* const url = `https://${vaultName}.vault.azure.net`;
*
* const client = new KeyClient(url, credential);
*
* const keyName = "MyKeyName";
*
* const myPolicy = await client.getKeyRotationPolicy(keyName);
*
* const setPolicy = await client.updateKeyRotationPolicy(keyName, myPolicy);
* ```
*
* @param keyName - The name of the key.
* @param policyProperties - The {@link KeyRotationPolicyProperties} for the policy.
* @param options - The optional parameters.
*/
updateKeyRotationPolicy(keyName: string, policy: KeyRotationPolicyProperties, options?: UpdateKeyRotationPolicyOptions): Promise<KeyRotationPolicy>;
/**
* Iterates all versions of the given key in the vault. The full key identifier, properties, and tags are provided
* in the response. This operation requires the keys/list permission.
*
* Example usage:
* ```ts snippet:ReadmeSampleListKeys
* import { DefaultAzureCredential } from "@azure/identity";
* import { KeyClient } from "@azure/keyvault-keys";
*
* const credential = new DefaultAzureCredential();
*
* const vaultName = "<YOUR KEYVAULT NAME>";
* const url = `https://${vaultName}.vault.azure.net`;
*
* const client = new KeyClient(url, credential);
*
* const keyName = "MyKeyName";
*
* for await (const keyProperties of client.listPropertiesOfKeys()) {
* console.log("Key properties: ", keyProperties);
* }
*
* for await (const deletedKey of client.listDeletedKeys()) {
* console.log("Deleted: ", deletedKey);
* }
*
* for await (const versionProperties of client.listPropertiesOfKeyVersions(keyName)) {
* console.log("Version properties: ", versionProperties);
* }
* ```
* @param name - Name of the key to fetch versions for
* @param options - The optional parameters.
*/
listPropertiesOfKeyVersions(name: string, options?: ListPropertiesOfKeyVersionsOptions): PagedAsyncIterableIterator<KeyProperties>;
/**
* Iterates the latest version of all keys in the vault. The full key identifier and properties are provided
* in the response. No values are returned for the keys. This operations requires the keys/list permission.
*
* Example usage:
* ```ts snippet:ReadmeSampleListKeys
* import { DefaultAzureCredential } from "@azure/identity";
* import { KeyClient } from "@azure/keyvault-keys";
*
* const credential = new DefaultAzureCredential();
*
* const vaultName = "<YOUR KEYVAULT NAME>";
* const url = `https://${vaultName}.vault.azure.net`;
*
* const client = new KeyClient(url, credential);
*
* const keyName = "MyKeyName";
*
* for await (const keyProperties of client.listPropertiesOfKeys()) {
* console.log("Key properties: ", keyProperties);
* }
*
* for await (const deletedKey of client.listDeletedKeys()) {
* console.log("Deleted: ", deletedKey);
* }
*
* for await (const versionProperties of client.listPropertiesOfKeyVersions(keyName)) {
* console.log("Version properties: ", versionProperties);
* }
* ```
* List all keys in the vault
* @param options - The optional parameters.
*/
listPropertiesOfKeys(options?: ListPropertiesOfKeysOptions): PagedAsyncIterableIterator<KeyProperties>;
/**
* Iterates the deleted keys in the vault. The full key identifier and properties are provided
* in the response. No values are returned for the keys. This operations requires the keys/list permission.
*
* Example usage:
* ```ts snippet:ReadmeSampleListKeys
* import { DefaultAzureCredential } from "@azure/identity";
* import { KeyClient } from "@azure/keyvault-keys";
*
* const credential = new DefaultAzureCredential();
*
* const vaultName = "<YOUR KEYVAULT NAME>";
* const url = `https://${vaultName}.vault.azure.net`;
*
* const client = new KeyClient(url, credential);
*
* const keyName = "MyKeyName";
*
* for await (const keyProperties of client.listPropertiesOfKeys()) {
* console.log("Key properties: ", keyProperties);
* }
*
* for await (const deletedKey of client.listDeletedKeys()) {
* console.log("Deleted: ", deletedKey);
* }
*
* for await (const versionProperties of client.listPropertiesOfKeyVersions(keyName)) {
* console.log("Version properties: ", versionProperties);
* }
* ```
* List all keys in the vault
* @param options - The optional parameters.
*/
listDeletedKeys(options?: ListDeletedKeysOptions): PagedAsyncIterableIterator<DeletedKey>;
}
//# sourceMappingURL=index.d.ts.map
Reference in New Issue View Git Blame Copy Permalink