azure.mgmt.keyvault.v2016_10_01.models module

class azure.mgmt.keyvault.v2016_10_01.models.AccessPolicyEntry(*, tenant_id: str, object_id: str, permissions: _models.Permissions, application_id: str | None = None, **kwargs: Any)

Bases: Model

An identity that have access to the key vault. All identities in the array must use the same tenant ID as the key vault’s tenant ID.

All required parameters must be populated in order to send to server.

Variables:

• tenant_id (str) – The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. Required.

• object_id (str) – The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. Required.

• application_id (str) – Application ID of the client making request on behalf of a principal.

• permissions (Permissions) – Permissions the identity has for keys, secrets and certificates. Required.

Keyword Arguments:

• tenant_id (str) – The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. Required.

• object_id (str) – The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. Required.

• application_id (str) – Application ID of the client making request on behalf of a principal.

• permissions (Permissions) – Permissions the identity has for keys, secrets and certificates. Required.

class azure.mgmt.keyvault.v2016_10_01.models.AccessPolicyUpdateKind(*values)

Bases: str, Enum

AccessPolicyUpdateKind.

ADD = 'add'

REMOVE = 'remove'

REPLACE = 'replace'

class azure.mgmt.keyvault.v2016_10_01.models.CertificatePermissions(*values)

Bases: str, Enum

CertificatePermissions.

CREATE = 'create'

DELETE = 'delete'

DELETEISSUERS = 'deleteissuers'

GET = 'get'

GETISSUERS = 'getissuers'

IMPORT = 'import'

IMPORT_ENUM = 'import'

LIST = 'list'

LISTISSUERS = 'listissuers'

MANAGECONTACTS = 'managecontacts'

MANAGEISSUERS = 'manageissuers'

PURGE = 'purge'

RECOVER = 'recover'

SETISSUERS = 'setissuers'

UPDATE = 'update'

class azure.mgmt.keyvault.v2016_10_01.models.CheckNameAvailabilityResult(**kwargs: Any)

Bases: Model

The CheckNameAvailability operation response.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

• name_available (bool) – A boolean value that indicates whether the name is available for you to use. If true, the name is available. If false, the name has already been taken or is invalid and cannot be used.

• reason (str or Reason) – The reason that a vault name could not be used. The Reason element is only returned if NameAvailable is false. Known values are: “AccountNameInvalid” and “AlreadyExists”.

• message (str) – An error message explaining the Reason value in more detail.

class azure.mgmt.keyvault.v2016_10_01.models.CreateMode(*values)

Bases: str, Enum

The vault’s create mode to indicate whether the vault need to be recovered or not.

DEFAULT = 'default'

RECOVER = 'recover'

class azure.mgmt.keyvault.v2016_10_01.models.DeletedVault(*, properties: _models.DeletedVaultProperties | None = None, **kwargs: Any)

Bases: Model

Deleted vault information with extended details.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

• id (str) – The resource ID for the deleted key vault.

• name (str) – The name of the key vault.

• type (str) – The resource type of the key vault.

• properties (DeletedVaultProperties) – Properties of the vault.

Keyword Arguments:

properties (DeletedVaultProperties) – Properties of the vault.

class azure.mgmt.keyvault.v2016_10_01.models.DeletedVaultListResult(*, value: List[_models.DeletedVault] | None = None, next_link: str | None = None, **kwargs: Any)

Bases: Model

List of vaults.

Variables:

• value (list[DeletedVault]) – The list of deleted vaults.

• next_link (str) – The URL to get the next set of deleted vaults.

Keyword Arguments:

• value (list[DeletedVault]) – The list of deleted vaults.

• next_link (str) – The URL to get the next set of deleted vaults.

class azure.mgmt.keyvault.v2016_10_01.models.DeletedVaultProperties(**kwargs: Any)

Bases: Model

Properties of the deleted vault.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

• vault_id (str) – The resource id of the original vault.

• location (str) – The location of the original vault.

• deletion_date (datetime) – The deleted date.

• scheduled_purge_date (datetime) – The scheduled purged date.

• tags (dict[str, str]) – Tags of the original vault.

class azure.mgmt.keyvault.v2016_10_01.models.KeyPermissions(*values)

Bases: str, Enum

KeyPermissions.

BACKUP = 'backup'

CREATE = 'create'

DECRYPT = 'decrypt'

DELETE = 'delete'

ENCRYPT = 'encrypt'

GET = 'get'

IMPORT = 'import'

IMPORT_ENUM = 'import'

LIST = 'list'

PURGE = 'purge'

RECOVER = 'recover'

RESTORE = 'restore'

SIGN = 'sign'

UNWRAP_KEY = 'unwrapKey'

UPDATE = 'update'

VERIFY = 'verify'

WRAP_KEY = 'wrapKey'

class azure.mgmt.keyvault.v2016_10_01.models.LogSpecification(*, name: str | None = None, display_name: str | None = None, blob_duration: str | None = None, **kwargs: Any)

Bases: Model

Log specification of operation.

Variables:

• name (str) – Name of log specification.

• display_name (str) – Display name of log specification.

• blob_duration (str) – Blob duration of specification.

Keyword Arguments:

• name (str) – Name of log specification.

• display_name (str) – Display name of log specification.

• blob_duration (str) – Blob duration of specification.

class azure.mgmt.keyvault.v2016_10_01.models.Operation(*, name: str | None = None, display: _models.OperationDisplay | None = None, origin: str | None = None, service_specification: _models.ServiceSpecification | None = None, **kwargs: Any)

Bases: Model

Key Vault REST API operation definition.

Variables:

• name (str) – Operation name: {provider}/{resource}/{operation}.

• display (OperationDisplay) – Display metadata associated with the operation.

• origin (str) – The origin of operations.

• service_specification (ServiceSpecification) – One property of operation, include metric specifications.

Keyword Arguments:

• name (str) – Operation name: {provider}/{resource}/{operation}.

• display (OperationDisplay) – Display metadata associated with the operation.

• origin (str) – The origin of operations.

• service_specification (ServiceSpecification) – One property of operation, include metric specifications.

class azure.mgmt.keyvault.v2016_10_01.models.OperationDisplay(*, provider: str | None = None, resource: str | None = None, operation: str | None = None, description: str | None = None, **kwargs: Any)

Bases: Model

Display metadata associated with the operation.

Variables:

• provider (str) – Service provider: Microsoft Key Vault.

• resource (str) – Resource on which the operation is performed etc.

• operation (str) – Type of operation: get, read, delete, etc.

• description (str) – Description of operation.

Keyword Arguments:

• provider (str) – Service provider: Microsoft Key Vault.

• resource (str) – Resource on which the operation is performed etc.

• operation (str) – Type of operation: get, read, delete, etc.

• description (str) – Description of operation.

class azure.mgmt.keyvault.v2016_10_01.models.OperationListResult(*, value: List[_models.Operation] | None = None, next_link: str | None = None, **kwargs: Any)

Bases: Model

Result of the request to list Storage operations. It contains a list of operations and a URL link to get the next set of results.

Variables:

• value (list[Operation]) – List of Storage operations supported by the Storage resource provider.

• next_link (str) – The URL to get the next set of operations.

Keyword Arguments:

• value (list[Operation]) – List of Storage operations supported by the Storage resource provider.

• next_link (str) – The URL to get the next set of operations.

class azure.mgmt.keyvault.v2016_10_01.models.Permissions(*, keys: List[str | _models.KeyPermissions] | None = None, secrets: List[str | _models.SecretPermissions] | None = None, certificates: List[str | _models.CertificatePermissions] | None = None, storage: List[str | _models.StoragePermissions] | None = None, **kwargs: Any)

Bases: Model

Permissions the identity has for keys, secrets, certificates and storage.

Variables:

• keys (list[str or KeyPermissions]) – Permissions to keys.

• secrets (list[str or SecretPermissions]) – Permissions to secrets.

• certificates (list[str or CertificatePermissions]) – Permissions to certificates.

• storage (list[str or StoragePermissions]) – Permissions to storage accounts.

Keyword Arguments:

• keys (list[str or KeyPermissions]) – Permissions to keys.

• secrets (list[str or SecretPermissions]) – Permissions to secrets.

• certificates (list[str or CertificatePermissions]) – Permissions to certificates.

• storage (list[str or StoragePermissions]) – Permissions to storage accounts.

class azure.mgmt.keyvault.v2016_10_01.models.Reason(*values)

Bases: str, Enum

The reason that a vault name could not be used. The Reason element is only returned if NameAvailable is false.

ACCOUNT_NAME_INVALID = 'AccountNameInvalid'

ALREADY_EXISTS = 'AlreadyExists'

class azure.mgmt.keyvault.v2016_10_01.models.Resource(*, location: str, tags: Dict[str, str] | None = None, **kwargs: Any)

Bases: Model

Key Vault resource.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to server.

Variables:

• id (str) – The Azure Resource Manager resource ID for the key vault.

• name (str) – The name of the key vault.

• type (str) – The resource type of the key vault.

• location (str) – The supported Azure location where the key vault should be created. Required.

• tags (dict[str, str]) – The tags that will be assigned to the key vault.

Keyword Arguments:

• location (str) – The supported Azure location where the key vault should be created. Required.

• tags (dict[str, str]) – The tags that will be assigned to the key vault.

class azure.mgmt.keyvault.v2016_10_01.models.ResourceListResult(*, value: List[_models.Resource] | None = None, next_link: str | None = None, **kwargs: Any)

Bases: Model

List of vault resources.

Variables:

• value (list[Resource]) – The list of vault resources.

• next_link (str) – The URL to get the next set of vault resources.

Keyword Arguments:

• value (list[Resource]) – The list of vault resources.

• next_link (str) – The URL to get the next set of vault resources.

class azure.mgmt.keyvault.v2016_10_01.models.SecretPermissions(*values)

Bases: str, Enum

SecretPermissions.

BACKUP = 'backup'

DELETE = 'delete'

GET = 'get'

LIST = 'list'

PURGE = 'purge'

RECOVER = 'recover'

RESTORE = 'restore'

SET = 'set'

class azure.mgmt.keyvault.v2016_10_01.models.ServiceSpecification(*, log_specifications: List[_models.LogSpecification] | None = None, **kwargs: Any)

Bases: Model

One property of operation, include log specifications.

Variables:

log_specifications (list[LogSpecification]) – Log specifications of operation.

Keyword Arguments:

log_specifications (list[LogSpecification]) – Log specifications of operation.

class azure.mgmt.keyvault.v2016_10_01.models.Sku(*, family: str | _models.SkuFamily = 'A', name: str | _models.SkuName, **kwargs: Any)

Bases: Model

SKU details.

All required parameters must be populated in order to send to server.

Variables:

• family (str or SkuFamily) – SKU family name. “A”

• name (str or SkuName) – SKU name to specify whether the key vault is a standard vault or a premium vault. Required. Known values are: “standard” and “premium”.

Keyword Arguments:

• family (str or SkuFamily) – SKU family name. “A”

• name (str or SkuName) – SKU name to specify whether the key vault is a standard vault or a premium vault. Required. Known values are: “standard” and “premium”.

class azure.mgmt.keyvault.v2016_10_01.models.SkuFamily(*values)

Bases: str, Enum

SKU family name.

A = 'A'

class azure.mgmt.keyvault.v2016_10_01.models.SkuName(*values)

Bases: str, Enum

SKU name to specify whether the key vault is a standard vault or a premium vault.

PREMIUM = 'premium'

STANDARD = 'standard'

class azure.mgmt.keyvault.v2016_10_01.models.StoragePermissions(*values)

Bases: str, Enum

StoragePermissions.

BACKUP = 'backup'

DELETE = 'delete'

DELETESAS = 'deletesas'

GET = 'get'

GETSAS = 'getsas'

LIST = 'list'

LISTSAS = 'listsas'

PURGE = 'purge'

RECOVER = 'recover'

REGENERATEKEY = 'regeneratekey'

RESTORE = 'restore'

SET = 'set'

SETSAS = 'setsas'

UPDATE = 'update'

class azure.mgmt.keyvault.v2016_10_01.models.Vault(*, location: str, properties: _models.VaultProperties, tags: Dict[str, str] | None = None, **kwargs: Any)

Bases: Resource

Resource information with extended details.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to server.

Variables:

• id (str) – The Azure Resource Manager resource ID for the key vault.

• name (str) – The name of the key vault.

• type (str) – The resource type of the key vault.

• location (str) – The supported Azure location where the key vault should be created. Required.

• tags (dict[str, str]) – The tags that will be assigned to the key vault.

• properties (VaultProperties) – Properties of the vault. Required.

Keyword Arguments:

• location (str) – The supported Azure location where the key vault should be created. Required.

• tags (dict[str, str]) – The tags that will be assigned to the key vault.

• properties (VaultProperties) – Properties of the vault. Required.

class azure.mgmt.keyvault.v2016_10_01.models.VaultAccessPolicyParameters(*, properties: _models.VaultAccessPolicyProperties, **kwargs: Any)

Bases: Model

Parameters for updating the access policy in a vault.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to server.

Variables:

• id (str) – The resource id of the access policy.

• name (str) – The resource name of the access policy.

• type (str) – The resource name of the access policy.

• location (str) – The resource type of the access policy.

• properties (VaultAccessPolicyProperties) – Properties of the access policy. Required.

Keyword Arguments:

properties (VaultAccessPolicyProperties) – Properties of the access policy. Required.

class azure.mgmt.keyvault.v2016_10_01.models.VaultAccessPolicyProperties(*, access_policies: List[_models.AccessPolicyEntry], **kwargs: Any)

Bases: Model

Properties of the vault access policy.

All required parameters must be populated in order to send to server.

Variables:

access_policies (list[AccessPolicyEntry]) – An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault’s tenant ID. Required.

Keyword Arguments:

access_policies (list[AccessPolicyEntry]) – An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault’s tenant ID. Required.

class azure.mgmt.keyvault.v2016_10_01.models.VaultCheckNameAvailabilityParameters(*, name: str, **kwargs: Any)

Bases: Model

The parameters used to check the availability of the vault name.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to server.

Variables:

• name (str) – The vault name. Required.

• type (str) – The type of resource, Microsoft.KeyVault/vaults. Required. Default value is “Microsoft.KeyVault/vaults”.

Keyword Arguments:

name (str) – The vault name. Required.

type = 'Microsoft.KeyVault/vaults'

class azure.mgmt.keyvault.v2016_10_01.models.VaultCreateOrUpdateParameters(*, location: str, properties: _models.VaultProperties, tags: Dict[str, str] | None = None, **kwargs: Any)

Bases: Model

Parameters for creating or updating a vault.

All required parameters must be populated in order to send to server.

Variables:

• location (str) – The supported Azure location where the key vault should be created. Required.

• tags (dict[str, str]) – The tags that will be assigned to the key vault.

• properties (VaultProperties) – Properties of the vault. Required.

Keyword Arguments:

• location (str) – The supported Azure location where the key vault should be created. Required.

• tags (dict[str, str]) – The tags that will be assigned to the key vault.

• properties (VaultProperties) – Properties of the vault. Required.

class azure.mgmt.keyvault.v2016_10_01.models.VaultListResult(*, value: List[_models.Vault] | None = None, next_link: str | None = None, **kwargs: Any)

Bases: Model

List of vaults.

Variables:

• value (list[Vault]) – The list of vaults.

• next_link (str) – The URL to get the next set of vaults.

Keyword Arguments:

• value (list[Vault]) – The list of vaults.

• next_link (str) – The URL to get the next set of vaults.

class azure.mgmt.keyvault.v2016_10_01.models.VaultPatchParameters(*, tags: Dict[str, str] | None = None, properties: _models.VaultPatchProperties | None = None, **kwargs: Any)

Bases: Model

Parameters for creating or updating a vault.

Variables:

• tags (dict[str, str]) – The tags that will be assigned to the key vault.

• properties (VaultPatchProperties) – Properties of the vault.

Keyword Arguments:

• tags (dict[str, str]) – The tags that will be assigned to the key vault.

• properties (VaultPatchProperties) – Properties of the vault.

class azure.mgmt.keyvault.v2016_10_01.models.VaultPatchProperties(*, tenant_id: str | None = None, sku: _models.Sku | None = None, access_policies: List[_models.AccessPolicyEntry] | None = None, enabled_for_deployment: bool | None = None, enabled_for_disk_encryption: bool | None = None, enabled_for_template_deployment: bool | None = None, enable_soft_delete: bool | None = None, create_mode: str | _models.CreateMode | None = None, enable_purge_protection: bool | None = None, **kwargs: Any)

Bases: Model

Properties of the vault.

Variables:

• tenant_id (str) – The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

• sku (Sku) – SKU details.

• access_policies (list[AccessPolicyEntry]) – An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault’s tenant ID.

• enabled_for_deployment (bool) – Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.

• enabled_for_disk_encryption (bool) – Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.

• enabled_for_template_deployment (bool) – Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.

• enable_soft_delete (bool) – Property specifying whether recoverable deletion (‘soft’ delete) is enabled for this key vault. The property may not be set to false.

• create_mode (str or CreateMode) – The vault’s create mode to indicate whether the vault need to be recovered or not. Known values are: “recover” and “default”.

• enable_purge_protection (bool) – Property specifying whether protection against purge is enabled for this vault; it is only effective if soft delete is also enabled. Once activated, the property may no longer be reset to false.

Keyword Arguments:

• tenant_id (str) – The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

• sku (Sku) – SKU details.

• access_policies (list[AccessPolicyEntry]) – An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault’s tenant ID.

• enabled_for_deployment (bool) – Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.

• enabled_for_disk_encryption (bool) – Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.

• enabled_for_template_deployment (bool) – Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.

• enable_soft_delete (bool) – Property specifying whether recoverable deletion (‘soft’ delete) is enabled for this key vault. The property may not be set to false.

• create_mode (str or CreateMode) – The vault’s create mode to indicate whether the vault need to be recovered or not. Known values are: “recover” and “default”.

• enable_purge_protection (bool) – Property specifying whether protection against purge is enabled for this vault; it is only effective if soft delete is also enabled. Once activated, the property may no longer be reset to false.

class azure.mgmt.keyvault.v2016_10_01.models.VaultProperties(*, tenant_id: str, sku: _models.Sku, access_policies: List[_models.AccessPolicyEntry] | None = None, vault_uri: str | None = None, enabled_for_deployment: bool | None = None, enabled_for_disk_encryption: bool | None = None, enabled_for_template_deployment: bool | None = None, enable_soft_delete: bool | None = None, create_mode: str | _models.CreateMode | None = None, enable_purge_protection: bool | None = None, **kwargs: Any)

Bases: Model

Properties of the vault.

All required parameters must be populated in order to send to server.

Variables:

• tenant_id (str) – The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. Required.

• sku (Sku) – SKU details. Required.

• access_policies (list[AccessPolicyEntry]) – An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault’s tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required.

• vault_uri (str) – The URI of the vault for performing operations on keys and secrets.

• enabled_for_deployment (bool) – Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.

• enabled_for_disk_encryption (bool) – Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.

• enabled_for_template_deployment (bool) – Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.

• enable_soft_delete (bool) – Property specifying whether recoverable deletion is enabled for this key vault. Setting this property to true activates the soft delete feature, whereby vaults or vault entities can be recovered after deletion. Enabling this functionality is irreversible - that is, the property does not accept false as its value.

• create_mode (str or CreateMode) – The vault’s create mode to indicate whether the vault need to be recovered or not. Known values are: “recover” and “default”.

• enable_purge_protection (bool) – Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.

Keyword Arguments:

• tenant_id (str) – The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. Required.

• sku (Sku) – SKU details. Required.

• access_policies (list[AccessPolicyEntry]) – An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault’s tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required.

• vault_uri (str) – The URI of the vault for performing operations on keys and secrets.

• enabled_for_deployment (bool) – Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.

• enabled_for_disk_encryption (bool) – Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.

• enabled_for_template_deployment (bool) – Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.

• enable_soft_delete (bool) – Property specifying whether recoverable deletion is enabled for this key vault. Setting this property to true activates the soft delete feature, whereby vaults or vault entities can be recovered after deletion. Enabling this functionality is irreversible - that is, the property does not accept false as its value.

• create_mode (str or CreateMode) – The vault’s create mode to indicate whether the vault need to be recovered or not. Known values are: “recover” and “default”.

• enable_purge_protection (bool) – Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.