azure.mgmt.keyvault.v2023_02_01.models module

class azure.mgmt.keyvault.v2023_02_01.models.AccessPolicyEntry(*, tenant_id: str, object_id: str, permissions: _models.Permissions, application_id: str | None = None, **kwargs: Any)

Bases: Model

An identity that have access to the key vault. All identities in the array must use the same tenant ID as the key vault’s tenant ID.

All required parameters must be populated in order to send to server.

Variables:

• tenant_id (str) – The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. Required.

• object_id (str) – The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. Required.

• application_id (str) – Application ID of the client making request on behalf of a principal.

• permissions (Permissions) – Permissions the identity has for keys, secrets and certificates. Required.

Keyword Arguments:

• tenant_id (str) – The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. Required.

• object_id (str) – The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. Required.

• application_id (str) – Application ID of the client making request on behalf of a principal.

• permissions (Permissions) – Permissions the identity has for keys, secrets and certificates. Required.

class azure.mgmt.keyvault.v2023_02_01.models.AccessPolicyUpdateKind(*values)

Bases: str, Enum

AccessPolicyUpdateKind.

ADD = 'add'

REMOVE = 'remove'

REPLACE = 'replace'

class azure.mgmt.keyvault.v2023_02_01.models.Action(*, type: str | _models.KeyRotationPolicyActionType | None = None, **kwargs: Any)

Bases: Model

Action.

Variables:

type (str or KeyRotationPolicyActionType) – The type of the action. The value should be compared case-insensitively. Known values are: “Rotate” and “Notify”.

Keyword Arguments:

type (str or KeyRotationPolicyActionType) – The type of the action. The value should be compared case-insensitively. Known values are: “Rotate” and “Notify”.

class azure.mgmt.keyvault.v2023_02_01.models.ActionsRequired(*values)

Bases: str, Enum

A message indicating if changes on the service provider require any updates on the consumer.

NONE = 'None'

class azure.mgmt.keyvault.v2023_02_01.models.ActivationStatus(*values)

Bases: str, Enum

Activation Status.

ACTIVE = 'Active'

The managed HSM Pool is active.

FAILED = 'Failed'

Failed to activate managed hsm.

NOT_ACTIVATED = 'NotActivated'

The managed HSM Pool is not yet activated.

UNKNOWN = 'Unknown'

An unknown error occurred while activating managed hsm.

class azure.mgmt.keyvault.v2023_02_01.models.Attributes(*, enabled: bool | None = None, not_before: datetime | None = None, expires: datetime | None = None, **kwargs: Any)

Bases: Model

The object attributes managed by the KeyVault service.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

• enabled (bool) – Determines whether the object is enabled.

• not_before (datetime) – Not before date in seconds since 1970-01-01T00:00:00Z.

• expires (datetime) – Expiry date in seconds since 1970-01-01T00:00:00Z.

• created (datetime) – Creation time in seconds since 1970-01-01T00:00:00Z.

• updated (datetime) – Last updated time in seconds since 1970-01-01T00:00:00Z.

Keyword Arguments:

• enabled (bool) – Determines whether the object is enabled.

• not_before (datetime) – Not before date in seconds since 1970-01-01T00:00:00Z.

• expires (datetime) – Expiry date in seconds since 1970-01-01T00:00:00Z.

class azure.mgmt.keyvault.v2023_02_01.models.CertificatePermissions(*values)

Bases: str, Enum

CertificatePermissions.

ALL = 'all'

BACKUP = 'backup'

CREATE = 'create'

DELETE = 'delete'

DELETEISSUERS = 'deleteissuers'

GET = 'get'

GETISSUERS = 'getissuers'

IMPORT = 'import'

IMPORT_ENUM = 'import'

LIST = 'list'

LISTISSUERS = 'listissuers'

MANAGECONTACTS = 'managecontacts'

MANAGEISSUERS = 'manageissuers'

PURGE = 'purge'

RECOVER = 'recover'

RESTORE = 'restore'

SETISSUERS = 'setissuers'

UPDATE = 'update'

class azure.mgmt.keyvault.v2023_02_01.models.CheckMhsmNameAvailabilityParameters(*, name: str, **kwargs: Any)

Bases: Model

The parameters used to check the availability of the managed hsm name.

All required parameters must be populated in order to send to server.

Variables:

name (str) – The managed hsm name. Required.

Keyword Arguments:

name (str) – The managed hsm name. Required.

class azure.mgmt.keyvault.v2023_02_01.models.CheckMhsmNameAvailabilityResult(**kwargs: Any)

Bases: Model

The CheckMhsmNameAvailability operation response.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

• name_available (bool) – A boolean value that indicates whether the name is available for you to use. If true, the name is available. If false, the name has already been taken or is invalid and cannot be used.

• reason (str or Reason) – The reason that a managed hsm name could not be used. The reason element is only returned if NameAvailable is false. Known values are: “AccountNameInvalid” and “AlreadyExists”.

• message (str) – An error message explaining the Reason value in more detail.

class azure.mgmt.keyvault.v2023_02_01.models.CheckNameAvailabilityResult(**kwargs: Any)

Bases: Model

The CheckNameAvailability operation response.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

• name_available (bool) – A boolean value that indicates whether the name is available for you to use. If true, the name is available. If false, the name has already been taken or is invalid and cannot be used.

• reason (str or Reason) – The reason that a vault name could not be used. The Reason element is only returned if NameAvailable is false. Known values are: “AccountNameInvalid” and “AlreadyExists”.

• message (str) – An error message explaining the Reason value in more detail.

class azure.mgmt.keyvault.v2023_02_01.models.CloudErrorBody(*, code: str | None = None, message: str | None = None, **kwargs: Any)

Bases: Model

An error response from Key Vault resource provider.

Variables:

• code (str) – Error code. This is a mnemonic that can be consumed programmatically.

• message (str) – User friendly error message. The message is typically localized and may vary with service version.

Keyword Arguments:

• code (str) – Error code. This is a mnemonic that can be consumed programmatically.

• message (str) – User friendly error message. The message is typically localized and may vary with service version.

class azure.mgmt.keyvault.v2023_02_01.models.CreateMode(*values)

Bases: str, Enum

The vault’s create mode to indicate whether the vault need to be recovered or not.

DEFAULT = 'default'

RECOVER = 'recover'

class azure.mgmt.keyvault.v2023_02_01.models.DeletedManagedHsm(*, properties: _models.DeletedManagedHsmProperties | None = None, **kwargs: Any)

Bases: Model

DeletedManagedHsm.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

• id (str) – The Azure Resource Manager resource ID for the deleted managed HSM Pool.

• name (str) – The name of the managed HSM Pool.

• type (str) – The resource type of the managed HSM Pool.

• properties (DeletedManagedHsmProperties) – Properties of the deleted managed HSM.

Keyword Arguments:

properties (DeletedManagedHsmProperties) – Properties of the deleted managed HSM.

class azure.mgmt.keyvault.v2023_02_01.models.DeletedManagedHsmListResult(*, value: List[_models.DeletedManagedHsm] | None = None, next_link: str | None = None, **kwargs: Any)

Bases: Model

List of deleted managed HSM Pools.

Variables:

• value (list[DeletedManagedHsm]) – The list of deleted managed HSM Pools.

• next_link (str) – The URL to get the next set of deleted managed HSM Pools.

Keyword Arguments:

• value (list[DeletedManagedHsm]) – The list of deleted managed HSM Pools.

• next_link (str) – The URL to get the next set of deleted managed HSM Pools.

class azure.mgmt.keyvault.v2023_02_01.models.DeletedManagedHsmProperties(**kwargs: Any)

Bases: Model

Properties of the deleted managed HSM.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

• mhsm_id (str) – The resource id of the original managed HSM.

• location (str) – The location of the original managed HSM.

• deletion_date (datetime) – The deleted date.

• scheduled_purge_date (datetime) – The scheduled purged date.

• purge_protection_enabled (bool) – Purge protection status of the original managed HSM.

• tags (dict[str, str]) – Tags of the original managed HSM.

class azure.mgmt.keyvault.v2023_02_01.models.DeletedVault(*, properties: _models.DeletedVaultProperties | None = None, **kwargs: Any)

Bases: Model

Deleted vault information with extended details.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

• id (str) – The resource ID for the deleted key vault.

• name (str) – The name of the key vault.

• type (str) – The resource type of the key vault.

• properties (DeletedVaultProperties) – Properties of the vault.

Keyword Arguments:

properties (DeletedVaultProperties) – Properties of the vault.

class azure.mgmt.keyvault.v2023_02_01.models.DeletedVaultListResult(*, value: List[_models.DeletedVault] | None = None, next_link: str | None = None, **kwargs: Any)

Bases: Model

List of vaults.

Variables:

• value (list[DeletedVault]) – The list of deleted vaults.

• next_link (str) – The URL to get the next set of deleted vaults.

Keyword Arguments:

• value (list[DeletedVault]) – The list of deleted vaults.

• next_link (str) – The URL to get the next set of deleted vaults.

class azure.mgmt.keyvault.v2023_02_01.models.DeletedVaultProperties(**kwargs: Any)

Bases: Model

Properties of the deleted vault.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

• vault_id (str) – The resource id of the original vault.

• location (str) – The location of the original vault.

• deletion_date (datetime) – The deleted date.

• scheduled_purge_date (datetime) – The scheduled purged date.

• tags (dict[str, str]) – Tags of the original vault.

• purge_protection_enabled (bool) – Purge protection status of the original vault.

class azure.mgmt.keyvault.v2023_02_01.models.DeletionRecoveryLevel(*values)

Bases: str, Enum

The deletion recovery level currently in effect for the object. If it contains ‘Purgeable’, then the object can be permanently deleted by a privileged user; otherwise, only the system can purge the object at the end of the retention interval.

PURGEABLE = 'Purgeable'

RECOVERABLE = 'Recoverable'

RECOVERABLE_PROTECTED_SUBSCRIPTION = 'Recoverable+ProtectedSubscription'

RECOVERABLE_PURGEABLE = 'Recoverable+Purgeable'

class azure.mgmt.keyvault.v2023_02_01.models.DimensionProperties(*, name: str | None = None, display_name: str | None = None, to_be_exported_for_shoebox: bool | None = None, **kwargs: Any)

Bases: Model

Type of operation: get, read, delete, etc.

Variables:

• name (str) – Name of dimension.

• display_name (str) – Display name of dimension.

• to_be_exported_for_shoebox (bool) – Property to specify whether the dimension should be exported for Shoebox.

Keyword Arguments:

• name (str) – Name of dimension.

• display_name (str) – Display name of dimension.

• to_be_exported_for_shoebox (bool) – Property to specify whether the dimension should be exported for Shoebox.

class azure.mgmt.keyvault.v2023_02_01.models.Error(**kwargs: Any)

Bases: Model

The server error.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

• code (str) – The error code.

• message (str) – The error message.

• inner_error (Error) – The inner error, contains a more specific error code.

class azure.mgmt.keyvault.v2023_02_01.models.GeoReplicationRegionProvisioningState(*values)

Bases: str, Enum

The current provisioning state.

CLEANUP = 'Cleanup'

DELETING = 'Deleting'

FAILED = 'Failed'

PREPROVISIONING = 'Preprovisioning'

PROVISIONING = 'Provisioning'

SUCCEEDED = 'Succeeded'

class azure.mgmt.keyvault.v2023_02_01.models.IPRule(*, value: str, **kwargs: Any)

Bases: Model

A rule governing the accessibility of a vault from a specific ip address or ip range.

All required parameters must be populated in order to send to server.

Variables:

value (str) – An IPv4 address range in CIDR notation, such as ‘124.56.78.91’ (simple IP address) or ‘124.56.78.0/24’ (all addresses that start with 124.56.78). Required.

Keyword Arguments:

value (str) – An IPv4 address range in CIDR notation, such as ‘124.56.78.91’ (simple IP address) or ‘124.56.78.0/24’ (all addresses that start with 124.56.78). Required.

class azure.mgmt.keyvault.v2023_02_01.models.IdentityType(*values)

Bases: str, Enum

The type of identity.

APPLICATION = 'Application'

KEY = 'Key'

MANAGED_IDENTITY = 'ManagedIdentity'

USER = 'User'

class azure.mgmt.keyvault.v2023_02_01.models.JsonWebKeyCurveName(*values)

Bases: str, Enum

The elliptic curve name. For valid values, see JsonWebKeyCurveName.

P256 = 'P-256'

P256_K = 'P-256K'

P384 = 'P-384'

P521 = 'P-521'

class azure.mgmt.keyvault.v2023_02_01.models.JsonWebKeyOperation(*values)

Bases: str, Enum

The permitted JSON web key operations of the key. For more information, see JsonWebKeyOperation.

DECRYPT = 'decrypt'

ENCRYPT = 'encrypt'

IMPORT = 'import'

IMPORT_ENUM = 'import'

RELEASE = 'release'

SIGN = 'sign'

UNWRAP_KEY = 'unwrapKey'

VERIFY = 'verify'

WRAP_KEY = 'wrapKey'

class azure.mgmt.keyvault.v2023_02_01.models.JsonWebKeyType(*values)

Bases: str, Enum

The type of the key. For valid values, see JsonWebKeyType.

EC = 'EC'

EC_HSM = 'EC-HSM'

RSA = 'RSA'

RSA_HSM = 'RSA-HSM'

class azure.mgmt.keyvault.v2023_02_01.models.Key(*, attributes: _models.KeyAttributes | None = None, kty: str | _models.JsonWebKeyType | None = None, key_ops: List[str | _models.JsonWebKeyOperation] | None = None, key_size: int | None = None, curve_name: str | _models.JsonWebKeyCurveName | None = None, rotation_policy: _models.RotationPolicy | None = None, release_policy: _models.KeyReleasePolicy | None = None, **kwargs: Any)

Bases: Resource

The key resource.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

• id (str) – Fully qualified identifier of the key vault resource.

• name (str) – Name of the key vault resource.

• type (str) – Resource type of the key vault resource.

• location (str) – Azure location of the key vault resource.

• tags (dict[str, str]) – Tags assigned to the key vault resource.

• attributes (KeyAttributes) – The attributes of the key.

• kty (str or JsonWebKeyType) – The type of the key. For valid values, see JsonWebKeyType. Known values are: “EC”, “EC-HSM”, “RSA”, and “RSA-HSM”.

• key_ops (list[str or JsonWebKeyOperation])

• key_size (int) – The key size in bits. For example: 2048, 3072, or 4096 for RSA.

• curve_name (str or JsonWebKeyCurveName) – The elliptic curve name. For valid values, see JsonWebKeyCurveName. Known values are: “P-256”, “P-384”, “P-521”, and “P-256K”.

• key_uri (str) – The URI to retrieve the current version of the key.

• key_uri_with_version (str) – The URI to retrieve the specific version of the key.

• rotation_policy (RotationPolicy) – Key rotation policy in response. It will be used for both output and input. Omitted if empty.

• release_policy (KeyReleasePolicy) – Key release policy in response. It will be used for both output and input. Omitted if empty.

Keyword Arguments:

• attributes (KeyAttributes) – The attributes of the key.

• kty (str or JsonWebKeyType) – The type of the key. For valid values, see JsonWebKeyType. Known values are: “EC”, “EC-HSM”, “RSA”, and “RSA-HSM”.

• key_ops (list[str or JsonWebKeyOperation])

• key_size (int) – The key size in bits. For example: 2048, 3072, or 4096 for RSA.

• curve_name (str or JsonWebKeyCurveName) – The elliptic curve name. For valid values, see JsonWebKeyCurveName. Known values are: “P-256”, “P-384”, “P-521”, and “P-256K”.

• rotation_policy (RotationPolicy) – Key rotation policy in response. It will be used for both output and input. Omitted if empty.

• release_policy (KeyReleasePolicy) – Key release policy in response. It will be used for both output and input. Omitted if empty.

class azure.mgmt.keyvault.v2023_02_01.models.KeyAttributes(*, enabled: bool | None = None, not_before: int | None = None, expires: int | None = None, exportable: bool = False, **kwargs: Any)

Bases: Model

The object attributes managed by the Azure Key Vault service.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

• enabled (bool) – Determines whether or not the object is enabled.

• not_before (int) – Not before date in seconds since 1970-01-01T00:00:00Z.

• expires (int) – Expiry date in seconds since 1970-01-01T00:00:00Z.

• created (int) – Creation time in seconds since 1970-01-01T00:00:00Z.

• updated (int) – Last updated time in seconds since 1970-01-01T00:00:00Z.

• recovery_level (str or DeletionRecoveryLevel) – The deletion recovery level currently in effect for the object. If it contains ‘Purgeable’, then the object can be permanently deleted by a privileged user; otherwise, only the system can purge the object at the end of the retention interval. Known values are: “Purgeable”, “Recoverable+Purgeable”, “Recoverable”, and “Recoverable+ProtectedSubscription”.

• exportable (bool) – Indicates if the private key can be exported.

Keyword Arguments:

• enabled (bool) – Determines whether or not the object is enabled.

• not_before (int) – Not before date in seconds since 1970-01-01T00:00:00Z.

• expires (int) – Expiry date in seconds since 1970-01-01T00:00:00Z.

• exportable (bool) – Indicates if the private key can be exported.

class azure.mgmt.keyvault.v2023_02_01.models.KeyCreateParameters(*, properties: _models.KeyProperties, tags: Dict[str, str] | None = None, **kwargs: Any)

Bases: Model

The parameters used to create a key.

All required parameters must be populated in order to send to server.

Variables:

• tags (dict[str, str]) – The tags that will be assigned to the key.

• properties (KeyProperties) – The properties of the key to be created. Required.

Keyword Arguments:

• tags (dict[str, str]) – The tags that will be assigned to the key.

• properties (KeyProperties) – The properties of the key to be created. Required.

class azure.mgmt.keyvault.v2023_02_01.models.KeyListResult(*, value: List[_models.Key] | None = None, next_link: str | None = None, **kwargs: Any)

Bases: Model

The page of keys.

Variables:

• value (list[Key]) – The key resources.

• next_link (str) – The URL to get the next page of keys.

Keyword Arguments:

• value (list[Key]) – The key resources.

• next_link (str) – The URL to get the next page of keys.

class azure.mgmt.keyvault.v2023_02_01.models.KeyPermissions(*values)

Bases: str, Enum

KeyPermissions.

ALL = 'all'

BACKUP = 'backup'

CREATE = 'create'

DECRYPT = 'decrypt'

DELETE = 'delete'

ENCRYPT = 'encrypt'

GET = 'get'

GETROTATIONPOLICY = 'getrotationpolicy'

IMPORT = 'import'

IMPORT_ENUM = 'import'

LIST = 'list'

PURGE = 'purge'

RECOVER = 'recover'

RELEASE = 'release'

RESTORE = 'restore'

ROTATE = 'rotate'

SETROTATIONPOLICY = 'setrotationpolicy'

SIGN = 'sign'

UNWRAP_KEY = 'unwrapKey'

UPDATE = 'update'

VERIFY = 'verify'

WRAP_KEY = 'wrapKey'

class azure.mgmt.keyvault.v2023_02_01.models.KeyProperties(*, attributes: _models.KeyAttributes | None = None, kty: str | _models.JsonWebKeyType | None = None, key_ops: List[str | _models.JsonWebKeyOperation] | None = None, key_size: int | None = None, curve_name: str | _models.JsonWebKeyCurveName | None = None, rotation_policy: _models.RotationPolicy | None = None, release_policy: _models.KeyReleasePolicy | None = None, **kwargs: Any)

Bases: Model

The properties of the key.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

• attributes (KeyAttributes) – The attributes of the key.

• kty (str or JsonWebKeyType) – The type of the key. For valid values, see JsonWebKeyType. Known values are: “EC”, “EC-HSM”, “RSA”, and “RSA-HSM”.

• key_ops (list[str or JsonWebKeyOperation])

• key_size (int) – The key size in bits. For example: 2048, 3072, or 4096 for RSA.

• curve_name (str or JsonWebKeyCurveName) – The elliptic curve name. For valid values, see JsonWebKeyCurveName. Known values are: “P-256”, “P-384”, “P-521”, and “P-256K”.

• key_uri (str) – The URI to retrieve the current version of the key.

• key_uri_with_version (str) – The URI to retrieve the specific version of the key.

• rotation_policy (RotationPolicy) – Key rotation policy in response. It will be used for both output and input. Omitted if empty.

• release_policy (KeyReleasePolicy) – Key release policy in response. It will be used for both output and input. Omitted if empty.

Keyword Arguments:

• attributes (KeyAttributes) – The attributes of the key.

• kty (str or JsonWebKeyType) – The type of the key. For valid values, see JsonWebKeyType. Known values are: “EC”, “EC-HSM”, “RSA”, and “RSA-HSM”.

• key_ops (list[str or JsonWebKeyOperation])

• key_size (int) – The key size in bits. For example: 2048, 3072, or 4096 for RSA.

• curve_name (str or JsonWebKeyCurveName) – The elliptic curve name. For valid values, see JsonWebKeyCurveName. Known values are: “P-256”, “P-384”, “P-521”, and “P-256K”.

• rotation_policy (RotationPolicy) – Key rotation policy in response. It will be used for both output and input. Omitted if empty.

• release_policy (KeyReleasePolicy) – Key release policy in response. It will be used for both output and input. Omitted if empty.

class azure.mgmt.keyvault.v2023_02_01.models.KeyReleasePolicy(*, content_type: str = 'application/json; charset=utf-8', data: bytes | None = None, **kwargs: Any)

Bases: Model

KeyReleasePolicy.

Variables:

• content_type (str) – Content type and version of key release policy.

• data (bytes) – Blob encoding the policy rules under which the key can be released.

Keyword Arguments:

• content_type (str) – Content type and version of key release policy.

• data (bytes) – Blob encoding the policy rules under which the key can be released.

class azure.mgmt.keyvault.v2023_02_01.models.KeyRotationPolicyActionType(*values)

Bases: str, Enum

The type of the action. The value should be compared case-insensitively.

NOTIFY = 'Notify'

Trigger Event Grid events. Defaults to 30 days before expiry. Key Vault only.

ROTATE = 'Rotate'

Rotate the key based on the key policy.

class azure.mgmt.keyvault.v2023_02_01.models.KeyRotationPolicyAttributes(*, expiry_time: str | None = None, **kwargs: Any)

Bases: Model

KeyRotationPolicyAttributes.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

• created (int) – Creation time in seconds since 1970-01-01T00:00:00Z.

• updated (int) – Last updated time in seconds since 1970-01-01T00:00:00Z.

• expiry_time (str) – The expiration time for the new key version. It should be in ISO8601 format. Eg: ‘P90D’, ‘P1Y’.

Keyword Arguments:

expiry_time (str) – The expiration time for the new key version. It should be in ISO8601 format. Eg: ‘P90D’, ‘P1Y’.

class azure.mgmt.keyvault.v2023_02_01.models.LifetimeAction(*, trigger: _models.Trigger | None = None, action: _models.Action | None = None, **kwargs: Any)

Bases: Model

LifetimeAction.

Variables:

• trigger (Trigger) – The trigger of key rotation policy lifetimeAction.

• action (Action) – The action of key rotation policy lifetimeAction.

Keyword Arguments:

• trigger (Trigger) – The trigger of key rotation policy lifetimeAction.

• action (Action) – The action of key rotation policy lifetimeAction.

class azure.mgmt.keyvault.v2023_02_01.models.LogSpecification(*, name: str | None = None, display_name: str | None = None, blob_duration: str | None = None, **kwargs: Any)

Bases: Model

Log specification of operation.

Variables:

• name (str) – Name of log specification.

• display_name (str) – Display name of log specification.

• blob_duration (str) – Blob duration of specification.

Keyword Arguments:

• name (str) – Name of log specification.

• display_name (str) – Display name of log specification.

• blob_duration (str) – Blob duration of specification.

class azure.mgmt.keyvault.v2023_02_01.models.MHSMGeoReplicatedRegion(*, name: str | None = None, is_primary: bool | None = None, **kwargs: Any)

Bases: Model

A region that this managed HSM Pool has been extended to.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

• name (str) – Name of the geo replicated region.

• provisioning_state (str or GeoReplicationRegionProvisioningState) – Provisioning state of the geo replicated region. Known values are: “Preprovisioning”, “Provisioning”, “Succeeded”, “Failed”, “Deleting”, and “Cleanup”.

• is_primary (bool) – A boolean value that indicates whether the region is the primary region or a secondary region.

Keyword Arguments:

• name (str) – Name of the geo replicated region.

• is_primary (bool) – A boolean value that indicates whether the region is the primary region or a secondary region.

class azure.mgmt.keyvault.v2023_02_01.models.MHSMIPRule(*, value: str, **kwargs: Any)

Bases: Model

A rule governing the accessibility of a managed HSM pool from a specific IP address or IP range.

All required parameters must be populated in order to send to server.

Variables:

value (str) – An IPv4 address range in CIDR notation, such as ‘124.56.78.91’ (simple IP address) or ‘124.56.78.0/24’ (all addresses that start with 124.56.78). Required.

Keyword Arguments:

value (str) – An IPv4 address range in CIDR notation, such as ‘124.56.78.91’ (simple IP address) or ‘124.56.78.0/24’ (all addresses that start with 124.56.78). Required.

class azure.mgmt.keyvault.v2023_02_01.models.MHSMNetworkRuleSet(*, bypass: str | _models.NetworkRuleBypassOptions | None = None, default_action: str | _models.NetworkRuleAction | None = None, ip_rules: List[_models.MHSMIPRule] | None = None, virtual_network_rules: List[_models.MHSMVirtualNetworkRule] | None = None, **kwargs: Any)

Bases: Model

A set of rules governing the network accessibility of a managed hsm pool.

Variables:

• bypass (str or NetworkRuleBypassOptions) – Tells what traffic can bypass network rules. This can be ‘AzureServices’ or ‘None’. If not specified the default is ‘AzureServices’. Known values are: “AzureServices” and “None”.

• default_action (str or NetworkRuleAction) – The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. Known values are: “Allow” and “Deny”.

• ip_rules (list[MHSMIPRule]) – The list of IP address rules.

• virtual_network_rules (list[MHSMVirtualNetworkRule]) – The list of virtual network rules.

Keyword Arguments:

• bypass (str or NetworkRuleBypassOptions) – Tells what traffic can bypass network rules. This can be ‘AzureServices’ or ‘None’. If not specified the default is ‘AzureServices’. Known values are: “AzureServices” and “None”.

• default_action (str or NetworkRuleAction) – The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. Known values are: “Allow” and “Deny”.

• ip_rules (list[MHSMIPRule]) – The list of IP address rules.

• virtual_network_rules (list[MHSMVirtualNetworkRule]) – The list of virtual network rules.

class azure.mgmt.keyvault.v2023_02_01.models.MHSMPrivateEndpoint(**kwargs: Any)

Bases: Model

Private endpoint object properties.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

id (str) – Full identifier of the private endpoint resource.

class azure.mgmt.keyvault.v2023_02_01.models.MHSMPrivateEndpointConnection(*, location: str | None = None, sku: _models.ManagedHsmSku | None = None, tags: Dict[str, str] | None = None, etag: str | None = None, private_endpoint: _models.MHSMPrivateEndpoint | None = None, private_link_service_connection_state: _models.MHSMPrivateLinkServiceConnectionState | None = None, provisioning_state: str | _models.PrivateEndpointConnectionProvisioningState | None = None, **kwargs: Any)

Bases: ManagedHsmResource

Private endpoint connection resource.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

• id (str) – The Azure Resource Manager resource ID for the managed HSM Pool.

• name (str) – The name of the managed HSM Pool.

• type (str) – The resource type of the managed HSM Pool.

• location (str) – The supported Azure location where the managed HSM Pool should be created.

• sku (ManagedHsmSku) – SKU details.

• tags (dict[str, str]) – Resource tags.

• system_data (SystemData) – Metadata pertaining to creation and last modification of the key vault resource.

• etag (str) – Modified whenever there is a change in the state of private endpoint connection.

• private_endpoint (MHSMPrivateEndpoint) – Properties of the private endpoint object.

• private_link_service_connection_state (MHSMPrivateLinkServiceConnectionState) – Approval state of the private link connection.

• provisioning_state (str or PrivateEndpointConnectionProvisioningState) – Provisioning state of the private endpoint connection. Known values are: “Succeeded”, “Creating”, “Updating”, “Deleting”, “Failed”, and “Disconnected”.

Keyword Arguments:

• location (str) – The supported Azure location where the managed HSM Pool should be created.

• sku (ManagedHsmSku) – SKU details.

• tags (dict[str, str]) – Resource tags.

• etag (str) – Modified whenever there is a change in the state of private endpoint connection.

• private_endpoint (MHSMPrivateEndpoint) – Properties of the private endpoint object.

• private_link_service_connection_state (MHSMPrivateLinkServiceConnectionState) – Approval state of the private link connection.

• provisioning_state (str or PrivateEndpointConnectionProvisioningState) – Provisioning state of the private endpoint connection. Known values are: “Succeeded”, “Creating”, “Updating”, “Deleting”, “Failed”, and “Disconnected”.

class azure.mgmt.keyvault.v2023_02_01.models.MHSMPrivateEndpointConnectionItem(*, id: str | None = None, etag: str | None = None, private_endpoint: _models.MHSMPrivateEndpoint | None = None, private_link_service_connection_state: _models.MHSMPrivateLinkServiceConnectionState | None = None, provisioning_state: str | _models.PrivateEndpointConnectionProvisioningState | None = None, **kwargs: Any)

Bases: Model

Private endpoint connection item.

Variables:

• id (str) – Id of private endpoint connection.

• etag (str) – Modified whenever there is a change in the state of private endpoint connection.

• private_endpoint (MHSMPrivateEndpoint) – Properties of the private endpoint object.

• private_link_service_connection_state (MHSMPrivateLinkServiceConnectionState) – Approval state of the private link connection.

• provisioning_state (str or PrivateEndpointConnectionProvisioningState) – Provisioning state of the private endpoint connection. Known values are: “Succeeded”, “Creating”, “Updating”, “Deleting”, “Failed”, and “Disconnected”.

Keyword Arguments:

• id (str) – Id of private endpoint connection.

• etag (str) – Modified whenever there is a change in the state of private endpoint connection.

• private_endpoint (MHSMPrivateEndpoint) – Properties of the private endpoint object.

• private_link_service_connection_state (MHSMPrivateLinkServiceConnectionState) – Approval state of the private link connection.

• provisioning_state (str or PrivateEndpointConnectionProvisioningState) – Provisioning state of the private endpoint connection. Known values are: “Succeeded”, “Creating”, “Updating”, “Deleting”, “Failed”, and “Disconnected”.

class azure.mgmt.keyvault.v2023_02_01.models.MHSMPrivateEndpointConnectionsListResult(*, value: List[_models.MHSMPrivateEndpointConnection] | None = None, next_link: str | None = None, **kwargs: Any)

Bases: Model

List of private endpoint connections associated with a managed HSM Pools.

Variables:

• value (list[MHSMPrivateEndpointConnection]) – The private endpoint connection associated with a managed HSM Pools.

• next_link (str) – The URL to get the next set of managed HSM Pools.

Keyword Arguments:

• value (list[MHSMPrivateEndpointConnection]) – The private endpoint connection associated with a managed HSM Pools.

• next_link (str) – The URL to get the next set of managed HSM Pools.

class azure.mgmt.keyvault.v2023_02_01.models.MHSMPrivateLinkResource(*, location: str | None = None, sku: _models.ManagedHsmSku | None = None, tags: Dict[str, str] | None = None, required_zone_names: List[str] | None = None, **kwargs: Any)

Bases: ManagedHsmResource

A private link resource.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

• id (str) – The Azure Resource Manager resource ID for the managed HSM Pool.

• name (str) – The name of the managed HSM Pool.

• type (str) – The resource type of the managed HSM Pool.

• location (str) – The supported Azure location where the managed HSM Pool should be created.

• sku (ManagedHsmSku) – SKU details.

• tags (dict[str, str]) – Resource tags.

• system_data (SystemData) – Metadata pertaining to creation and last modification of the key vault resource.

• group_id (str) – Group identifier of private link resource.

• required_members (list[str]) – Required member names of private link resource.

• required_zone_names (list[str]) – Required DNS zone names of the the private link resource.

Keyword Arguments:

• location (str) – The supported Azure location where the managed HSM Pool should be created.

• sku (ManagedHsmSku) – SKU details.

• tags (dict[str, str]) – Resource tags.

• required_zone_names (list[str]) – Required DNS zone names of the the private link resource.

class azure.mgmt.keyvault.v2023_02_01.models.MHSMPrivateLinkResourceListResult(*, value: List[_models.MHSMPrivateLinkResource] | None = None, **kwargs: Any)

Bases: Model

A list of private link resources.

Variables:

value (list[MHSMPrivateLinkResource]) – Array of private link resources.

Keyword Arguments:

value (list[MHSMPrivateLinkResource]) – Array of private link resources.

class azure.mgmt.keyvault.v2023_02_01.models.MHSMPrivateLinkServiceConnectionState(*, status: str | _models.PrivateEndpointServiceConnectionStatus | None = None, description: str | None = None, actions_required: str | _models.ActionsRequired | None = None, **kwargs: Any)

Bases: Model

An object that represents the approval state of the private link connection.

Variables:

• status (str or PrivateEndpointServiceConnectionStatus) – Indicates whether the connection has been approved, rejected or removed by the key vault owner. Known values are: “Pending”, “Approved”, “Rejected”, and “Disconnected”.

• description (str) – The reason for approval or rejection.

• actions_required (str or ActionsRequired) – A message indicating if changes on the service provider require any updates on the consumer. “None”

Keyword Arguments:

• status (str or PrivateEndpointServiceConnectionStatus) – Indicates whether the connection has been approved, rejected or removed by the key vault owner. Known values are: “Pending”, “Approved”, “Rejected”, and “Disconnected”.

• description (str) – The reason for approval or rejection.

• actions_required (str or ActionsRequired) – A message indicating if changes on the service provider require any updates on the consumer. “None”

class azure.mgmt.keyvault.v2023_02_01.models.MHSMRegionsListResult(*, value: List[_models.MHSMGeoReplicatedRegion] | None = None, next_link: str | None = None, **kwargs: Any)

Bases: Model

List of regions associated with a managed HSM Pools.

Variables:

• value (list[MHSMGeoReplicatedRegion]) – The region associated with a managed HSM Pools.

• next_link (str) – The URL to get the next set of managed HSM Pools.

Keyword Arguments:

• value (list[MHSMGeoReplicatedRegion]) – The region associated with a managed HSM Pools.

• next_link (str) – The URL to get the next set of managed HSM Pools.

class azure.mgmt.keyvault.v2023_02_01.models.MHSMVirtualNetworkRule(*, id: str, **kwargs: Any)

Bases: Model

A rule governing the accessibility of a managed hsm pool from a specific virtual network.

All required parameters must be populated in order to send to server.

Variables:

id (str) – Full resource id of a vnet subnet, such as ‘/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1’. Required.

Keyword Arguments:

id (str) – Full resource id of a vnet subnet, such as ‘/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1’. # pylint: disable=line-too-long Required.

class azure.mgmt.keyvault.v2023_02_01.models.ManagedHSMSecurityDomainProperties(**kwargs: Any)

Bases: Model

The security domain properties of the managed hsm.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

• activation_status (str or ActivationStatus) – Activation Status. Known values are: “Active”, “NotActivated”, “Unknown”, and “Failed”.

• activation_status_message (str) – Activation Status Message.

class azure.mgmt.keyvault.v2023_02_01.models.ManagedHsm(*, location: str | None = None, sku: _models.ManagedHsmSku | None = None, tags: Dict[str, str] | None = None, properties: _models.ManagedHsmProperties | None = None, **kwargs: Any)

Bases: ManagedHsmResource

Resource information with extended details.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

• id (str) – The Azure Resource Manager resource ID for the managed HSM Pool.

• name (str) – The name of the managed HSM Pool.

• type (str) – The resource type of the managed HSM Pool.

• location (str) – The supported Azure location where the managed HSM Pool should be created.

• sku (ManagedHsmSku) – SKU details.

• tags (dict[str, str]) – Resource tags.

• system_data (SystemData) – Metadata pertaining to creation and last modification of the key vault resource.

• properties (ManagedHsmProperties) – Properties of the managed HSM.

Keyword Arguments:

• location (str) – The supported Azure location where the managed HSM Pool should be created.

• sku (ManagedHsmSku) – SKU details.

• tags (dict[str, str]) – Resource tags.

• properties (ManagedHsmProperties) – Properties of the managed HSM.

class azure.mgmt.keyvault.v2023_02_01.models.ManagedHsmAction(*, type: str | _models.KeyRotationPolicyActionType | None = None, **kwargs: Any)

Bases: Model

ManagedHsmAction.

Variables:

type (str or KeyRotationPolicyActionType) – The type of the action. The value should be compared case-insensitively. Known values are: “Rotate” and “Notify”.

Keyword Arguments:

type (str or KeyRotationPolicyActionType) – The type of the action. The value should be compared case-insensitively. Known values are: “Rotate” and “Notify”.

class azure.mgmt.keyvault.v2023_02_01.models.ManagedHsmError(**kwargs: Any)

Bases: Model

The error exception.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

error (Error) – The server error.

class azure.mgmt.keyvault.v2023_02_01.models.ManagedHsmKey(*, tags: Dict[str, str] | None = None, attributes: _models.ManagedHsmKeyAttributes | None = None, kty: str | _models.JsonWebKeyType | None = None, key_ops: List[str | _models.JsonWebKeyOperation] | None = None, key_size: int | None = None, curve_name: str | _models.JsonWebKeyCurveName | None = None, rotation_policy: _models.ManagedHsmRotationPolicy | None = None, release_policy: _models.ManagedHsmKeyReleasePolicy | None = None, **kwargs: Any)

Bases: ProxyResourceWithoutSystemData

The key resource.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

• id (str) – Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. # pylint: disable=line-too-long

• name (str) – The name of the resource.

• type (str) – The type of the resource. E.g. “Microsoft.Compute/virtualMachines” or “Microsoft.Storage/storageAccounts”.

• tags (dict[str, str]) – Resource tags.

• attributes (ManagedHsmKeyAttributes) – The attributes of the key.

• kty (str or JsonWebKeyType) – The type of the key. For valid values, see JsonWebKeyType. Known values are: “EC”, “EC-HSM”, “RSA”, and “RSA-HSM”.

• key_ops (list[str or JsonWebKeyOperation])

• key_size (int) – The key size in bits. For example: 2048, 3072, or 4096 for RSA.

• curve_name (str or JsonWebKeyCurveName) – The elliptic curve name. For valid values, see JsonWebKeyCurveName. Known values are: “P-256”, “P-384”, “P-521”, and “P-256K”.

• key_uri (str) – The URI to retrieve the current version of the key.

• key_uri_with_version (str) – The URI to retrieve the specific version of the key.

• rotation_policy (ManagedHsmRotationPolicy) – Key rotation policy in response. It will be used for both output and input. Omitted if empty.

• release_policy (ManagedHsmKeyReleasePolicy) – Key release policy in response. It will be used for both output and input. Omitted if empty.

Keyword Arguments:

• tags (dict[str, str]) – Resource tags.

• attributes (ManagedHsmKeyAttributes) – The attributes of the key.

• kty (str or JsonWebKeyType) – The type of the key. For valid values, see JsonWebKeyType. Known values are: “EC”, “EC-HSM”, “RSA”, and “RSA-HSM”.

• key_ops (list[str or JsonWebKeyOperation])

• key_size (int) – The key size in bits. For example: 2048, 3072, or 4096 for RSA.

• curve_name (str or JsonWebKeyCurveName) – The elliptic curve name. For valid values, see JsonWebKeyCurveName. Known values are: “P-256”, “P-384”, “P-521”, and “P-256K”.

• rotation_policy (ManagedHsmRotationPolicy) – Key rotation policy in response. It will be used for both output and input. Omitted if empty.

• release_policy (ManagedHsmKeyReleasePolicy) – Key release policy in response. It will be used for both output and input. Omitted if empty.

class azure.mgmt.keyvault.v2023_02_01.models.ManagedHsmKeyAttributes(*, enabled: bool | None = None, not_before: int | None = None, expires: int | None = None, exportable: bool | None = None, **kwargs: Any)

Bases: Model

The object attributes managed by the Azure Key Vault service.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

• enabled (bool) – Determines whether or not the object is enabled.

• not_before (int) – Not before date in seconds since 1970-01-01T00:00:00Z.

• expires (int) – Expiry date in seconds since 1970-01-01T00:00:00Z.

• created (int) – Creation time in seconds since 1970-01-01T00:00:00Z.

• updated (int) – Last updated time in seconds since 1970-01-01T00:00:00Z.

• recovery_level (str or DeletionRecoveryLevel) – The deletion recovery level currently in effect for the object. If it contains ‘Purgeable’, then the object can be permanently deleted by a privileged user; otherwise, only the system can purge the object at the end of the retention interval. Known values are: “Purgeable”, “Recoverable+Purgeable”, “Recoverable”, and “Recoverable+ProtectedSubscription”.

• exportable (bool) – Indicates if the private key can be exported.

Keyword Arguments:

• enabled (bool) – Determines whether or not the object is enabled.

• not_before (int) – Not before date in seconds since 1970-01-01T00:00:00Z.

• expires (int) – Expiry date in seconds since 1970-01-01T00:00:00Z.

• exportable (bool) – Indicates if the private key can be exported.

class azure.mgmt.keyvault.v2023_02_01.models.ManagedHsmKeyCreateParameters(*, properties: _models.ManagedHsmKeyProperties, tags: Dict[str, str] | None = None, **kwargs: Any)

Bases: Model

The parameters used to create a key.

All required parameters must be populated in order to send to server.

Variables:

• tags (dict[str, str]) – The tags that will be assigned to the key.

• properties (ManagedHsmKeyProperties) – The properties of the key to be created. Required.

Keyword Arguments:

• tags (dict[str, str]) – The tags that will be assigned to the key.

• properties (ManagedHsmKeyProperties) – The properties of the key to be created. Required.

class azure.mgmt.keyvault.v2023_02_01.models.ManagedHsmKeyListResult(*, value: List[_models.ManagedHsmKey] | None = None, next_link: str | None = None, **kwargs: Any)

Bases: Model

The page of keys.

Variables:

• value (list[ManagedHsmKey]) – The key resources.

• next_link (str) – The URL to get the next page of keys.

Keyword Arguments:

• value (list[ManagedHsmKey]) – The key resources.

• next_link (str) – The URL to get the next page of keys.

class azure.mgmt.keyvault.v2023_02_01.models.ManagedHsmKeyProperties(*, attributes: _models.ManagedHsmKeyAttributes | None = None, kty: str | _models.JsonWebKeyType | None = None, key_ops: List[str | _models.JsonWebKeyOperation] | None = None, key_size: int | None = None, curve_name: str | _models.JsonWebKeyCurveName | None = None, rotation_policy: _models.ManagedHsmRotationPolicy | None = None, release_policy: _models.ManagedHsmKeyReleasePolicy | None = None, **kwargs: Any)

Bases: Model

The properties of the key.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

• attributes (ManagedHsmKeyAttributes) – The attributes of the key.

• kty (str or JsonWebKeyType) – The type of the key. For valid values, see JsonWebKeyType. Known values are: “EC”, “EC-HSM”, “RSA”, and “RSA-HSM”.

• key_ops (list[str or JsonWebKeyOperation])

• key_size (int) – The key size in bits. For example: 2048, 3072, or 4096 for RSA.

• curve_name (str or JsonWebKeyCurveName) – The elliptic curve name. For valid values, see JsonWebKeyCurveName. Known values are: “P-256”, “P-384”, “P-521”, and “P-256K”.

• key_uri (str) – The URI to retrieve the current version of the key.

• key_uri_with_version (str) – The URI to retrieve the specific version of the key.

• rotation_policy (ManagedHsmRotationPolicy) – Key rotation policy in response. It will be used for both output and input. Omitted if empty.

• release_policy (ManagedHsmKeyReleasePolicy) – Key release policy in response. It will be used for both output and input. Omitted if empty.

Keyword Arguments:

• attributes (ManagedHsmKeyAttributes) – The attributes of the key.

• kty (str or JsonWebKeyType) – The type of the key. For valid values, see JsonWebKeyType. Known values are: “EC”, “EC-HSM”, “RSA”, and “RSA-HSM”.

• key_ops (list[str or JsonWebKeyOperation])

• key_size (int) – The key size in bits. For example: 2048, 3072, or 4096 for RSA.

• curve_name (str or JsonWebKeyCurveName) – The elliptic curve name. For valid values, see JsonWebKeyCurveName. Known values are: “P-256”, “P-384”, “P-521”, and “P-256K”.

• rotation_policy (ManagedHsmRotationPolicy) – Key rotation policy in response. It will be used for both output and input. Omitted if empty.

• release_policy (ManagedHsmKeyReleasePolicy) – Key release policy in response. It will be used for both output and input. Omitted if empty.

class azure.mgmt.keyvault.v2023_02_01.models.ManagedHsmKeyReleasePolicy(*, content_type: str = 'application/json; charset=utf-8', data: bytes | None = None, **kwargs: Any)

Bases: Model

ManagedHsmKeyReleasePolicy.

Variables:

• content_type (str) – Content type and version of key release policy.

• data (bytes) – Blob encoding the policy rules under which the key can be released.

Keyword Arguments:

• content_type (str) – Content type and version of key release policy.

• data (bytes) – Blob encoding the policy rules under which the key can be released.

class azure.mgmt.keyvault.v2023_02_01.models.ManagedHsmKeyRotationPolicyAttributes(*, expiry_time: str | None = None, **kwargs: Any)

Bases: Model

ManagedHsmKeyRotationPolicyAttributes.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

• created (int) – Creation time in seconds since 1970-01-01T00:00:00Z.

• updated (int) – Last updated time in seconds since 1970-01-01T00:00:00Z.

• expiry_time (str) – The expiration time for the new key version. It should be in ISO8601 format. Eg: ‘P90D’, ‘P1Y’.

Keyword Arguments:

expiry_time (str) – The expiration time for the new key version. It should be in ISO8601 format. Eg: ‘P90D’, ‘P1Y’.

class azure.mgmt.keyvault.v2023_02_01.models.ManagedHsmLifetimeAction(*, trigger: _models.ManagedHsmTrigger | None = None, action: _models.ManagedHsmAction | None = None, **kwargs: Any)

Bases: Model

ManagedHsmLifetimeAction.

Variables:

• trigger (ManagedHsmTrigger) – The trigger of key rotation policy lifetimeAction.

• action (ManagedHsmAction) – The action of key rotation policy lifetimeAction.

Keyword Arguments:

• trigger (ManagedHsmTrigger) – The trigger of key rotation policy lifetimeAction.

• action (ManagedHsmAction) – The action of key rotation policy lifetimeAction.

class azure.mgmt.keyvault.v2023_02_01.models.ManagedHsmListResult(*, value: List[_models.ManagedHsm] | None = None, next_link: str | None = None, **kwargs: Any)

Bases: Model

List of managed HSM Pools.

Variables:

• value (list[ManagedHsm]) – The list of managed HSM Pools.

• next_link (str) – The URL to get the next set of managed HSM Pools.

Keyword Arguments:

• value (list[ManagedHsm]) – The list of managed HSM Pools.

• next_link (str) – The URL to get the next set of managed HSM Pools.

class azure.mgmt.keyvault.v2023_02_01.models.ManagedHsmProperties(*, tenant_id: str | None = None, initial_admin_object_ids: List[str] | None = None, enable_soft_delete: bool = True, soft_delete_retention_in_days: int = 90, enable_purge_protection: bool = True, create_mode: str | _models.CreateMode | None = None, network_acls: _models.MHSMNetworkRuleSet | None = None, regions: List[_models.MHSMGeoReplicatedRegion] | None = None, public_network_access: str | _models.PublicNetworkAccess = 'Enabled', **kwargs: Any)

Bases: Model

Properties of the managed HSM Pool.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

• tenant_id (str) – The Azure Active Directory tenant ID that should be used for authenticating requests to the managed HSM pool.

• initial_admin_object_ids (list[str]) – Array of initial administrators object ids for this managed hsm pool.

• hsm_uri (str) – The URI of the managed hsm pool for performing operations on keys.

• enable_soft_delete (bool) – Property to specify whether the ‘soft delete’ functionality is enabled for this managed HSM pool. Soft delete is enabled by default for all managed HSMs and is immutable.

• soft_delete_retention_in_days (int) – Soft deleted data retention days. When you delete an HSM or a key, it will remain recoverable for the configured retention period or for a default period of 90 days. It accepts values between 7 and 90.

• enable_purge_protection (bool) – Property specifying whether protection against purge is enabled for this managed HSM pool. Setting this property to true activates protection against purge for this managed HSM pool and its content - only the Managed HSM service may initiate a hard, irrecoverable deletion. Enabling this functionality is irreversible.

• create_mode (str or CreateMode) – The create mode to indicate whether the resource is being created or is being recovered from a deleted resource. Known values are: “recover” and “default”.

• status_message (str) – Resource Status Message.

• provisioning_state (str or ProvisioningState) – Provisioning state. Known values are: “Succeeded”, “Provisioning”, “Failed”, “Updating”, “Deleting”, “Activated”, “SecurityDomainRestore”, and “Restoring”.

• network_acls (MHSMNetworkRuleSet) – Rules governing the accessibility of the key vault from specific network locations.

• regions (list[MHSMGeoReplicatedRegion]) – List of all regions associated with the managed hsm pool.

• private_endpoint_connections (list[MHSMPrivateEndpointConnectionItem]) – List of private endpoint connections associated with the managed hsm pool.

• public_network_access (str or PublicNetworkAccess) – Control permission to the managed HSM from public networks. Known values are: “Enabled” and “Disabled”.

• scheduled_purge_date (datetime) – The scheduled purge date in UTC.

• security_domain_properties (ManagedHSMSecurityDomainProperties) – Managed HSM security domain properties.

Keyword Arguments:

• tenant_id (str) – The Azure Active Directory tenant ID that should be used for authenticating requests to the managed HSM pool.

• initial_admin_object_ids (list[str]) – Array of initial administrators object ids for this managed hsm pool.

• enable_soft_delete (bool) – Property to specify whether the ‘soft delete’ functionality is enabled for this managed HSM pool. Soft delete is enabled by default for all managed HSMs and is immutable.

• soft_delete_retention_in_days (int) – Soft deleted data retention days. When you delete an HSM or a key, it will remain recoverable for the configured retention period or for a default period of 90 days. It accepts values between 7 and 90.

• enable_purge_protection (bool) – Property specifying whether protection against purge is enabled for this managed HSM pool. Setting this property to true activates protection against purge for this managed HSM pool and its content - only the Managed HSM service may initiate a hard, irrecoverable deletion. Enabling this functionality is irreversible.

• create_mode (str or CreateMode) – The create mode to indicate whether the resource is being created or is being recovered from a deleted resource. Known values are: “recover” and “default”.

• network_acls (MHSMNetworkRuleSet) – Rules governing the accessibility of the key vault from specific network locations.

• regions (list[MHSMGeoReplicatedRegion]) – List of all regions associated with the managed hsm pool.

• public_network_access (str or PublicNetworkAccess) – Control permission to the managed HSM from public networks. Known values are: “Enabled” and “Disabled”.

class azure.mgmt.keyvault.v2023_02_01.models.ManagedHsmResource(*, location: str | None = None, sku: _models.ManagedHsmSku | None = None, tags: Dict[str, str] | None = None, **kwargs: Any)

Bases: Model

Managed HSM resource.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

• id (str) – The Azure Resource Manager resource ID for the managed HSM Pool.

• name (str) – The name of the managed HSM Pool.

• type (str) – The resource type of the managed HSM Pool.

• location (str) – The supported Azure location where the managed HSM Pool should be created.

• sku (ManagedHsmSku) – SKU details.

• tags (dict[str, str]) – Resource tags.

• system_data (SystemData) – Metadata pertaining to creation and last modification of the key vault resource.

Keyword Arguments:

• location (str) – The supported Azure location where the managed HSM Pool should be created.

• sku (ManagedHsmSku) – SKU details.

• tags (dict[str, str]) – Resource tags.

class azure.mgmt.keyvault.v2023_02_01.models.ManagedHsmRotationPolicy(*, attributes: _models.ManagedHsmKeyRotationPolicyAttributes | None = None, lifetime_actions: List[_models.ManagedHsmLifetimeAction] | None = None, **kwargs: Any)

Bases: Model

ManagedHsmRotationPolicy.

Variables:

• attributes (ManagedHsmKeyRotationPolicyAttributes) – The attributes of key rotation policy.

• lifetime_actions (list[ManagedHsmLifetimeAction]) – The lifetimeActions for key rotation action.

Keyword Arguments:

• attributes (ManagedHsmKeyRotationPolicyAttributes) – The attributes of key rotation policy.

• lifetime_actions (list[ManagedHsmLifetimeAction]) – The lifetimeActions for key rotation action.

class azure.mgmt.keyvault.v2023_02_01.models.ManagedHsmSku(*, family: str | _models.ManagedHsmSkuFamily = 'B', name: str | _models.ManagedHsmSkuName, **kwargs: Any)

Bases: Model

SKU details.

All required parameters must be populated in order to send to server.

Variables:

• family (str or ManagedHsmSkuFamily) – SKU Family of the managed HSM Pool. “B”

• name (str or ManagedHsmSkuName) – SKU of the managed HSM Pool. Required. Known values are: “Standard_B1”, “Custom_B32”, and “Custom_B6”.

Keyword Arguments:

• family (str or ManagedHsmSkuFamily) – SKU Family of the managed HSM Pool. “B”

• name (str or ManagedHsmSkuName) – SKU of the managed HSM Pool. Required. Known values are: “Standard_B1”, “Custom_B32”, and “Custom_B6”.

class azure.mgmt.keyvault.v2023_02_01.models.ManagedHsmSkuFamily(*values)

Bases: str, Enum

SKU Family of the managed HSM Pool.

B = 'B'

class azure.mgmt.keyvault.v2023_02_01.models.ManagedHsmSkuName(*values)

Bases: str, Enum

SKU of the managed HSM Pool.

CUSTOM_B32 = 'Custom_B32'

CUSTOM_B6 = 'Custom_B6'

STANDARD_B1 = 'Standard_B1'

class azure.mgmt.keyvault.v2023_02_01.models.ManagedHsmTrigger(*, time_after_create: str | None = None, time_before_expiry: str | None = None, **kwargs: Any)

Bases: Model

ManagedHsmTrigger.

Variables:

• time_after_create (str) – The time duration after key creation to rotate the key. It only applies to rotate. It will be in ISO 8601 duration format. Eg: ‘P90D’, ‘P1Y’.

• time_before_expiry (str) – The time duration before key expiring to rotate or notify. It will be in ISO 8601 duration format. Eg: ‘P90D’, ‘P1Y’.

Keyword Arguments:

• time_after_create (str) – The time duration after key creation to rotate the key. It only applies to rotate. It will be in ISO 8601 duration format. Eg: ‘P90D’, ‘P1Y’.

• time_before_expiry (str) – The time duration before key expiring to rotate or notify. It will be in ISO 8601 duration format. Eg: ‘P90D’, ‘P1Y’.

class azure.mgmt.keyvault.v2023_02_01.models.MetricSpecification(*, name: str | None = None, display_name: str | None = None, display_description: str | None = None, unit: str | None = None, aggregation_type: str | None = None, supported_aggregation_types: List[str] | None = None, supported_time_grain_types: List[str] | None = None, lock_aggregation_type: str | None = None, dimensions: List[_models.DimensionProperties] | None = None, fill_gap_with_zero: bool | None = None, internal_metric_name: str | None = None, **kwargs: Any)

Bases: Model

Metric specification of operation.

Variables:

• name (str) – Name of metric specification.

• display_name (str) – Display name of metric specification.

• display_description (str) – Display description of metric specification.

• unit (str) – The metric unit. Possible values include: ‘Bytes’, ‘Count’, ‘Milliseconds’.

• aggregation_type (str) – The metric aggregation type. Possible values include: ‘Average’, ‘Count’, ‘Total’.

• supported_aggregation_types (list[str]) – The supported aggregation types for the metrics.

• supported_time_grain_types (list[str]) – The supported time grain types for the metrics.

• lock_aggregation_type (str) – The metric lock aggregation type.

• dimensions (list[DimensionProperties]) – The dimensions of metric.

• fill_gap_with_zero (bool) – Property to specify whether to fill gap with zero.

• internal_metric_name (str) – The internal metric name.

Keyword Arguments:

• name (str) – Name of metric specification.

• display_name (str) – Display name of metric specification.

• display_description (str) – Display description of metric specification.

• unit (str) – The metric unit. Possible values include: ‘Bytes’, ‘Count’, ‘Milliseconds’.

• aggregation_type (str) – The metric aggregation type. Possible values include: ‘Average’, ‘Count’, ‘Total’.

• supported_aggregation_types (list[str]) – The supported aggregation types for the metrics.

• supported_time_grain_types (list[str]) – The supported time grain types for the metrics.

• lock_aggregation_type (str) – The metric lock aggregation type.

• dimensions (list[DimensionProperties]) – The dimensions of metric.

• fill_gap_with_zero (bool) – Property to specify whether to fill gap with zero.

• internal_metric_name (str) – The internal metric name.

class azure.mgmt.keyvault.v2023_02_01.models.NetworkRuleAction(*values)

Bases: str, Enum

The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.

ALLOW = 'Allow'

DENY = 'Deny'

class azure.mgmt.keyvault.v2023_02_01.models.NetworkRuleBypassOptions(*values)

Bases: str, Enum

Tells what traffic can bypass network rules. This can be ‘AzureServices’ or ‘None’. If not specified the default is ‘AzureServices’.

AZURE_SERVICES = 'AzureServices'

NONE = 'None'

class azure.mgmt.keyvault.v2023_02_01.models.NetworkRuleSet(*, bypass: str | _models.NetworkRuleBypassOptions | None = None, default_action: str | _models.NetworkRuleAction | None = None, ip_rules: List[_models.IPRule] | None = None, virtual_network_rules: List[_models.VirtualNetworkRule] | None = None, **kwargs: Any)

Bases: Model

A set of rules governing the network accessibility of a vault.

Variables:

• bypass (str or NetworkRuleBypassOptions) – Tells what traffic can bypass network rules. This can be ‘AzureServices’ or ‘None’. If not specified the default is ‘AzureServices’. Known values are: “AzureServices” and “None”.

• default_action (str or NetworkRuleAction) – The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. Known values are: “Allow” and “Deny”.

• ip_rules (list[IPRule]) – The list of IP address rules.

• virtual_network_rules (list[VirtualNetworkRule]) – The list of virtual network rules.

Keyword Arguments:

• bypass (str or NetworkRuleBypassOptions) – Tells what traffic can bypass network rules. This can be ‘AzureServices’ or ‘None’. If not specified the default is ‘AzureServices’. Known values are: “AzureServices” and “None”.

• default_action (str or NetworkRuleAction) – The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. Known values are: “Allow” and “Deny”.

• ip_rules (list[IPRule]) – The list of IP address rules.

• virtual_network_rules (list[VirtualNetworkRule]) – The list of virtual network rules.

class azure.mgmt.keyvault.v2023_02_01.models.Operation(*, name: str | None = None, display: _models.OperationDisplay | None = None, origin: str | None = None, is_data_action: bool | None = None, service_specification: _models.ServiceSpecification | None = None, **kwargs: Any)

Bases: Model

Key Vault REST API operation definition.

Variables:

• name (str) – Operation name: {provider}/{resource}/{operation}.

• display (OperationDisplay) – Display metadata associated with the operation.

• origin (str) – The origin of operations.

• is_data_action (bool) – Property to specify whether the action is a data action.

• service_specification (ServiceSpecification) – One property of operation, include metric specifications.

Keyword Arguments:

• name (str) – Operation name: {provider}/{resource}/{operation}.

• display (OperationDisplay) – Display metadata associated with the operation.

• origin (str) – The origin of operations.

• is_data_action (bool) – Property to specify whether the action is a data action.

• service_specification (ServiceSpecification) – One property of operation, include metric specifications.

class azure.mgmt.keyvault.v2023_02_01.models.OperationDisplay(*, provider: str | None = None, resource: str | None = None, operation: str | None = None, description: str | None = None, **kwargs: Any)

Bases: Model

Display metadata associated with the operation.

Variables:

• provider (str) – Service provider: Microsoft Key Vault.

• resource (str) – Resource on which the operation is performed etc.

• operation (str) – Type of operation: get, read, delete, etc.

• description (str) – Description of operation.

Keyword Arguments:

• provider (str) – Service provider: Microsoft Key Vault.

• resource (str) – Resource on which the operation is performed etc.

• operation (str) – Type of operation: get, read, delete, etc.

• description (str) – Description of operation.

class azure.mgmt.keyvault.v2023_02_01.models.OperationListResult(*, value: List[_models.Operation] | None = None, next_link: str | None = None, **kwargs: Any)

Bases: Model

Result of the request to list Storage operations. It contains a list of operations and a URL link to get the next set of results.

Variables:

• value (list[Operation]) – List of Storage operations supported by the Storage resource provider.

• next_link (str) – The URL to get the next set of operations.

Keyword Arguments:

• value (list[Operation]) – List of Storage operations supported by the Storage resource provider.

• next_link (str) – The URL to get the next set of operations.

class azure.mgmt.keyvault.v2023_02_01.models.Permissions(*, keys: List[str | _models.KeyPermissions] | None = None, secrets: List[str | _models.SecretPermissions] | None = None, certificates: List[str | _models.CertificatePermissions] | None = None, storage: List[str | _models.StoragePermissions] | None = None, **kwargs: Any)

Bases: Model

Permissions the identity has for keys, secrets, certificates and storage.

Variables:

• keys (list[str or KeyPermissions]) – Permissions to keys.

• secrets (list[str or SecretPermissions]) – Permissions to secrets.

• certificates (list[str or CertificatePermissions]) – Permissions to certificates.

• storage (list[str or StoragePermissions]) – Permissions to storage accounts.

Keyword Arguments:

• keys (list[str or KeyPermissions]) – Permissions to keys.

• secrets (list[str or SecretPermissions]) – Permissions to secrets.

• certificates (list[str or CertificatePermissions]) – Permissions to certificates.

• storage (list[str or StoragePermissions]) – Permissions to storage accounts.

class azure.mgmt.keyvault.v2023_02_01.models.PrivateEndpoint(**kwargs: Any)

Bases: Model

Private endpoint object properties.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

id (str) – Full identifier of the private endpoint resource.

class azure.mgmt.keyvault.v2023_02_01.models.PrivateEndpointConnection(*, etag: str | None = None, private_endpoint: _models.PrivateEndpoint | None = None, private_link_service_connection_state: _models.PrivateLinkServiceConnectionState | None = None, provisioning_state: str | _models.PrivateEndpointConnectionProvisioningState | None = None, **kwargs: Any)

Bases: Resource

Private endpoint connection resource.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

• id (str) – Fully qualified identifier of the key vault resource.

• name (str) – Name of the key vault resource.

• type (str) – Resource type of the key vault resource.

• location (str) – Azure location of the key vault resource.

• tags (dict[str, str]) – Tags assigned to the key vault resource.

• etag (str) – Modified whenever there is a change in the state of private endpoint connection.

• private_endpoint (PrivateEndpoint) – Properties of the private endpoint object.

• private_link_service_connection_state (PrivateLinkServiceConnectionState) – Approval state of the private link connection.

• provisioning_state (str or PrivateEndpointConnectionProvisioningState) – Provisioning state of the private endpoint connection. Known values are: “Succeeded”, “Creating”, “Updating”, “Deleting”, “Failed”, and “Disconnected”.

Keyword Arguments:

• etag (str) – Modified whenever there is a change in the state of private endpoint connection.

• private_endpoint (PrivateEndpoint) – Properties of the private endpoint object.

• private_link_service_connection_state (PrivateLinkServiceConnectionState) – Approval state of the private link connection.

• provisioning_state (str or PrivateEndpointConnectionProvisioningState) – Provisioning state of the private endpoint connection. Known values are: “Succeeded”, “Creating”, “Updating”, “Deleting”, “Failed”, and “Disconnected”.

class azure.mgmt.keyvault.v2023_02_01.models.PrivateEndpointConnectionItem(*, id: str | None = None, etag: str | None = None, private_endpoint: _models.PrivateEndpoint | None = None, private_link_service_connection_state: _models.PrivateLinkServiceConnectionState | None = None, provisioning_state: str | _models.PrivateEndpointConnectionProvisioningState | None = None, **kwargs: Any)

Bases: Model

Private endpoint connection item.

Variables:

• id (str) – Id of private endpoint connection.

• etag (str) – Modified whenever there is a change in the state of private endpoint connection.

• private_endpoint (PrivateEndpoint) – Properties of the private endpoint object.

• private_link_service_connection_state (PrivateLinkServiceConnectionState) – Approval state of the private link connection.

• provisioning_state (str or PrivateEndpointConnectionProvisioningState) – Provisioning state of the private endpoint connection. Known values are: “Succeeded”, “Creating”, “Updating”, “Deleting”, “Failed”, and “Disconnected”.

Keyword Arguments:

• id (str) – Id of private endpoint connection.

• etag (str) – Modified whenever there is a change in the state of private endpoint connection.

• private_endpoint (PrivateEndpoint) – Properties of the private endpoint object.

• private_link_service_connection_state (PrivateLinkServiceConnectionState) – Approval state of the private link connection.

• provisioning_state (str or PrivateEndpointConnectionProvisioningState) – Provisioning state of the private endpoint connection. Known values are: “Succeeded”, “Creating”, “Updating”, “Deleting”, “Failed”, and “Disconnected”.

class azure.mgmt.keyvault.v2023_02_01.models.PrivateEndpointConnectionListResult(*, value: List[_models.PrivateEndpointConnection] | None = None, next_link: str | None = None, **kwargs: Any)

Bases: Model

List of private endpoint connections.

Variables:

• value (list[PrivateEndpointConnection]) – The list of private endpoint connections.

• next_link (str) – The URL to get the next set of private endpoint connections.

Keyword Arguments:

• value (list[PrivateEndpointConnection]) – The list of private endpoint connections.

• next_link (str) – The URL to get the next set of private endpoint connections.

class azure.mgmt.keyvault.v2023_02_01.models.PrivateEndpointConnectionProvisioningState(*values)

Bases: str, Enum

The current provisioning state.

CREATING = 'Creating'

DELETING = 'Deleting'

DISCONNECTED = 'Disconnected'

FAILED = 'Failed'

SUCCEEDED = 'Succeeded'

UPDATING = 'Updating'

class azure.mgmt.keyvault.v2023_02_01.models.PrivateEndpointServiceConnectionStatus(*values)

Bases: str, Enum

The private endpoint connection status.

APPROVED = 'Approved'

DISCONNECTED = 'Disconnected'

PENDING = 'Pending'

REJECTED = 'Rejected'

class azure.mgmt.keyvault.v2023_02_01.models.PrivateLinkResource(*, required_zone_names: List[str] | None = None, **kwargs: Any)

Bases: Resource

A private link resource.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

• id (str) – Fully qualified identifier of the key vault resource.

• name (str) – Name of the key vault resource.

• type (str) – Resource type of the key vault resource.

• location (str) – Azure location of the key vault resource.

• tags (dict[str, str]) – Tags assigned to the key vault resource.

• group_id (str) – Group identifier of private link resource.

• required_members (list[str]) – Required member names of private link resource.

• required_zone_names (list[str]) – Required DNS zone names of the the private link resource.

Keyword Arguments:

required_zone_names (list[str]) – Required DNS zone names of the the private link resource.

class azure.mgmt.keyvault.v2023_02_01.models.PrivateLinkResourceListResult(*, value: List[_models.PrivateLinkResource] | None = None, **kwargs: Any)

Bases: Model

A list of private link resources.

Variables:

value (list[PrivateLinkResource]) – Array of private link resources.

Keyword Arguments:

value (list[PrivateLinkResource]) – Array of private link resources.

class azure.mgmt.keyvault.v2023_02_01.models.PrivateLinkServiceConnectionState(*, status: str | _models.PrivateEndpointServiceConnectionStatus | None = None, description: str | None = None, actions_required: str | _models.ActionsRequired | None = None, **kwargs: Any)

Bases: Model

An object that represents the approval state of the private link connection.

Variables:

• status (str or PrivateEndpointServiceConnectionStatus) – Indicates whether the connection has been approved, rejected or removed by the key vault owner. Known values are: “Pending”, “Approved”, “Rejected”, and “Disconnected”.

• description (str) – The reason for approval or rejection.

• actions_required (str or ActionsRequired) – A message indicating if changes on the service provider require any updates on the consumer. “None”

Keyword Arguments:

• status (str or PrivateEndpointServiceConnectionStatus) – Indicates whether the connection has been approved, rejected or removed by the key vault owner. Known values are: “Pending”, “Approved”, “Rejected”, and “Disconnected”.

• description (str) – The reason for approval or rejection.

• actions_required (str or ActionsRequired) – A message indicating if changes on the service provider require any updates on the consumer. “None”

class azure.mgmt.keyvault.v2023_02_01.models.ProvisioningState(*values)

Bases: str, Enum

Provisioning state.

ACTIVATED = 'Activated'

The managed HSM pool is ready for normal use.

DELETING = 'Deleting'

The managed HSM Pool is currently being deleted.

FAILED = 'Failed'

Provisioning of the managed HSM Pool has failed.

PROVISIONING = 'Provisioning'

The managed HSM Pool is currently being provisioned.

RESTORING = 'Restoring'

The managed HSM pool is being restored from full HSM backup.

SECURITY_DOMAIN_RESTORE = 'SecurityDomainRestore'

The managed HSM pool is waiting for a security domain restore action.

SUCCEEDED = 'Succeeded'

The managed HSM Pool has been full provisioned.

UPDATING = 'Updating'

The managed HSM Pool is currently being updated.

class azure.mgmt.keyvault.v2023_02_01.models.ProxyResourceWithoutSystemData(*, tags: Dict[str, str] | None = None, **kwargs: Any)

Bases: Model

Common fields that are returned in the response for all Azure Resource Manager resources.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

• id (str) – Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. # pylint: disable=line-too-long

• name (str) – The name of the resource.

• type (str) – The type of the resource. E.g. “Microsoft.Compute/virtualMachines” or “Microsoft.Storage/storageAccounts”.

• tags (dict[str, str]) – Resource tags.

Keyword Arguments:

tags (dict[str, str]) – Resource tags.

class azure.mgmt.keyvault.v2023_02_01.models.PublicNetworkAccess(*values)

Bases: str, Enum

Control permission to the managed HSM from public networks.

DISABLED = 'Disabled'

ENABLED = 'Enabled'

class azure.mgmt.keyvault.v2023_02_01.models.Reason(*values)

Bases: str, Enum

The reason that a vault name could not be used. The Reason element is only returned if NameAvailable is false.

ACCOUNT_NAME_INVALID = 'AccountNameInvalid'

ALREADY_EXISTS = 'AlreadyExists'

class azure.mgmt.keyvault.v2023_02_01.models.Resource(**kwargs: Any)

Bases: Model

Key Vault resource.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

• id (str) – Fully qualified identifier of the key vault resource.

• name (str) – Name of the key vault resource.

• type (str) – Resource type of the key vault resource.

• location (str) – Azure location of the key vault resource.

• tags (dict[str, str]) – Tags assigned to the key vault resource.

class azure.mgmt.keyvault.v2023_02_01.models.ResourceListResult(*, value: List[_models.Resource] | None = None, next_link: str | None = None, **kwargs: Any)

Bases: Model

List of vault resources.

Variables:

• value (list[Resource]) – The list of vault resources.

• next_link (str) – The URL to get the next set of vault resources.

Keyword Arguments:

• value (list[Resource]) – The list of vault resources.

• next_link (str) – The URL to get the next set of vault resources.

class azure.mgmt.keyvault.v2023_02_01.models.RotationPolicy(*, attributes: _models.KeyRotationPolicyAttributes | None = None, lifetime_actions: List[_models.LifetimeAction] | None = None, **kwargs: Any)

Bases: Model

RotationPolicy.

Variables:

• attributes (KeyRotationPolicyAttributes) – The attributes of key rotation policy.

• lifetime_actions (list[LifetimeAction]) – The lifetimeActions for key rotation action.

Keyword Arguments:

• attributes (KeyRotationPolicyAttributes) – The attributes of key rotation policy.

• lifetime_actions (list[LifetimeAction]) – The lifetimeActions for key rotation action.

class azure.mgmt.keyvault.v2023_02_01.models.Secret(*, properties: _models.SecretProperties, **kwargs: Any)

Bases: Resource

Resource information with extended details.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to server.

Variables:

• id (str) – Fully qualified identifier of the key vault resource.

• name (str) – Name of the key vault resource.

• type (str) – Resource type of the key vault resource.

• location (str) – Azure location of the key vault resource.

• tags (dict[str, str]) – Tags assigned to the key vault resource.

• properties (SecretProperties) – Properties of the secret. Required.

Keyword Arguments:

properties (SecretProperties) – Properties of the secret. Required.

class azure.mgmt.keyvault.v2023_02_01.models.SecretAttributes(*, enabled: bool | None = None, not_before: datetime | None = None, expires: datetime | None = None, **kwargs: Any)

Bases: Attributes

The secret management attributes.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

• enabled (bool) – Determines whether the object is enabled.

• not_before (datetime) – Not before date in seconds since 1970-01-01T00:00:00Z.

• expires (datetime) – Expiry date in seconds since 1970-01-01T00:00:00Z.

• created (datetime) – Creation time in seconds since 1970-01-01T00:00:00Z.

• updated (datetime) – Last updated time in seconds since 1970-01-01T00:00:00Z.

Keyword Arguments:

• enabled (bool) – Determines whether the object is enabled.

• not_before (datetime) – Not before date in seconds since 1970-01-01T00:00:00Z.

• expires (datetime) – Expiry date in seconds since 1970-01-01T00:00:00Z.

class azure.mgmt.keyvault.v2023_02_01.models.SecretCreateOrUpdateParameters(*, properties: _models.SecretProperties, tags: Dict[str, str] | None = None, **kwargs: Any)

Bases: Model

Parameters for creating or updating a secret.

All required parameters must be populated in order to send to server.

Variables:

• tags (dict[str, str]) – The tags that will be assigned to the secret.

• properties (SecretProperties) – Properties of the secret. Required.

Keyword Arguments:

• tags (dict[str, str]) – The tags that will be assigned to the secret.

• properties (SecretProperties) – Properties of the secret. Required.

class azure.mgmt.keyvault.v2023_02_01.models.SecretListResult(*, value: List[_models.Secret] | None = None, next_link: str | None = None, **kwargs: Any)

Bases: Model

List of secrets.

Variables:

• value (list[Secret]) – The list of secrets.

• next_link (str) – The URL to get the next set of secrets.

Keyword Arguments:

• value (list[Secret]) – The list of secrets.

• next_link (str) – The URL to get the next set of secrets.

class azure.mgmt.keyvault.v2023_02_01.models.SecretPatchParameters(*, tags: Dict[str, str] | None = None, properties: _models.SecretPatchProperties | None = None, **kwargs: Any)

Bases: Model

Parameters for patching a secret.

Variables:

• tags (dict[str, str]) – The tags that will be assigned to the secret.

• properties (SecretPatchProperties) – Properties of the secret.

Keyword Arguments:

• tags (dict[str, str]) – The tags that will be assigned to the secret.

• properties (SecretPatchProperties) – Properties of the secret.

class azure.mgmt.keyvault.v2023_02_01.models.SecretPatchProperties(*, value: str | None = None, content_type: str | None = None, attributes: _models.SecretAttributes | None = None, **kwargs: Any)

Bases: Model

Properties of the secret.

Variables:

• value (str) – The value of the secret.

• content_type (str) – The content type of the secret.

• attributes (SecretAttributes) – The attributes of the secret.

Keyword Arguments:

• value (str) – The value of the secret.

• content_type (str) – The content type of the secret.

• attributes (SecretAttributes) – The attributes of the secret.

class azure.mgmt.keyvault.v2023_02_01.models.SecretPermissions(*values)

Bases: str, Enum

SecretPermissions.

ALL = 'all'

BACKUP = 'backup'

DELETE = 'delete'

GET = 'get'

LIST = 'list'

PURGE = 'purge'

RECOVER = 'recover'

RESTORE = 'restore'

SET = 'set'

class azure.mgmt.keyvault.v2023_02_01.models.SecretProperties(*, value: str | None = None, content_type: str | None = None, attributes: _models.SecretAttributes | None = None, **kwargs: Any)

Bases: Model

Properties of the secret.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:

• value (str) – The value of the secret. NOTE: ‘value’ will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.

• content_type (str) – The content type of the secret.

• attributes (SecretAttributes) – The attributes of the secret.

• secret_uri (str) – The URI to retrieve the current version of the secret.

• secret_uri_with_version (str) – The URI to retrieve the specific version of the secret.

Keyword Arguments:

• value (str) – The value of the secret. NOTE: ‘value’ will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.

• content_type (str) – The content type of the secret.

• attributes (SecretAttributes) – The attributes of the secret.

class azure.mgmt.keyvault.v2023_02_01.models.ServiceSpecification(*, log_specifications: List[_models.LogSpecification] | None = None, metric_specifications: List[_models.MetricSpecification] | None = None, **kwargs: Any)

Bases: Model

One property of operation, include log specifications.

Variables:

• log_specifications (list[LogSpecification]) – Log specifications of operation.

• metric_specifications (list[MetricSpecification]) – Metric specifications of operation.

Keyword Arguments:

• log_specifications (list[LogSpecification]) – Log specifications of operation.

• metric_specifications (list[MetricSpecification]) – Metric specifications of operation.

class azure.mgmt.keyvault.v2023_02_01.models.Sku(*, family: str | _models.SkuFamily = 'A', name: str | _models.SkuName, **kwargs: Any)

Bases: Model

SKU details.

All required parameters must be populated in order to send to server.

Variables:

• family (str or SkuFamily) – SKU family name. “A”

• name (str or SkuName) – SKU name to specify whether the key vault is a standard vault or a premium vault. Required. Known values are: “standard” and “premium”.

Keyword Arguments:

• family (str or SkuFamily) – SKU family name. “A”

• name (str or SkuName) – SKU name to specify whether the key vault is a standard vault or a premium vault. Required. Known values are: “standard” and “premium”.

class azure.mgmt.keyvault.v2023_02_01.models.SkuFamily(*values)

Bases: str, Enum

SKU family name.

A = 'A'

class azure.mgmt.keyvault.v2023_02_01.models.SkuName(*values)

Bases: str, Enum

SKU name to specify whether the key vault is a standard vault or a premium vault.

PREMIUM = 'premium'

STANDARD = 'standard'

class azure.mgmt.keyvault.v2023_02_01.models.StoragePermissions(*values)

Bases: str, Enum

StoragePermissions.

ALL = 'all'

BACKUP = 'backup'

DELETE = 'delete'

DELETESAS = 'deletesas'

GET = 'get'

GETSAS = 'getsas'

LIST = 'list'

LISTSAS = 'listsas'

PURGE = 'purge'

RECOVER = 'recover'

REGENERATEKEY = 'regeneratekey'

RESTORE = 'restore'

SET = 'set'

SETSAS = 'setsas'

UPDATE = 'update'

class azure.mgmt.keyvault.v2023_02_01.models.SystemData(*, created_by: str | None = None, created_by_type: str | _models.IdentityType | None = None, created_at: datetime | None = None, last_modified_by: str | None = None, last_modified_by_type: str | _models.IdentityType | None = None, last_modified_at: datetime | None = None, **kwargs: Any)

Bases: Model

Metadata pertaining to creation and last modification of the key vault resource.

Variables:

• created_by (str) – The identity that created the key vault resource.

• created_by_type (str or IdentityType) – The type of identity that created the key vault resource. Known values are: “User”, “Application”, “ManagedIdentity”, and “Key”.

• created_at (datetime) – The timestamp of the key vault resource creation (UTC).

• last_modified_by (str) – The identity that last modified the key vault resource.

• last_modified_by_type (str or IdentityType) – The type of identity that last modified the key vault resource. Known values are: “User”, “Application”, “ManagedIdentity”, and “Key”.

• last_modified_at (datetime) – The timestamp of the key vault resource last modification (UTC).

Keyword Arguments:

• created_by (str) – The identity that created the key vault resource.

• created_by_type (str or IdentityType) – The type of identity that created the key vault resource. Known values are: “User”, “Application”, “ManagedIdentity”, and “Key”.

• created_at (datetime) – The timestamp of the key vault resource creation (UTC).

• last_modified_by (str) – The identity that last modified the key vault resource.

• last_modified_by_type (str or IdentityType) – The type of identity that last modified the key vault resource. Known values are: “User”, “Application”, “ManagedIdentity”, and “Key”.

• last_modified_at (datetime) – The timestamp of the key vault resource last modification (UTC).

class azure.mgmt.keyvault.v2023_02_01.models.Trigger(*, time_after_create: str | None = None, time_before_expiry: str | None = None, **kwargs: Any)

Bases: Model

Trigger.

Variables:

• time_after_create (str) – The time duration after key creation to rotate the key. It only applies to rotate. It will be in ISO 8601 duration format. Eg: ‘P90D’, ‘P1Y’.

• time_before_expiry (str) – The time duration before key expiring to rotate or notify. It will be in ISO 8601 duration format. Eg: ‘P90D’, ‘P1Y’.

Keyword Arguments:

• time_after_create (str) – The time duration after key creation to rotate the key. It only applies to rotate. It will be in ISO 8601 duration format. Eg: ‘P90D’, ‘P1Y’.

• time_before_expiry (str) – The time duration before key expiring to rotate or notify. It will be in ISO 8601 duration format. Eg: ‘P90D’, ‘P1Y’.

class azure.mgmt.keyvault.v2023_02_01.models.Vault(*, properties: _models.VaultProperties, location: str | None = None, tags: Dict[str, str] | None = None, **kwargs: Any)

Bases: Model

Resource information with extended details.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to server.

Variables:

• id (str) – Fully qualified identifier of the key vault resource.

• name (str) – Name of the key vault resource.

• type (str) – Resource type of the key vault resource.

• location (str) – Azure location of the key vault resource.

• tags (dict[str, str]) – Tags assigned to the key vault resource.

• system_data (SystemData) – System metadata for the key vault.

• properties (VaultProperties) – Properties of the vault. Required.

Keyword Arguments:

• location (str) – Azure location of the key vault resource.

• tags (dict[str, str]) – Tags assigned to the key vault resource.

• properties (VaultProperties) – Properties of the vault. Required.

class azure.mgmt.keyvault.v2023_02_01.models.VaultAccessPolicyParameters(*, properties: _models.VaultAccessPolicyProperties, **kwargs: Any)

Bases: Model

Parameters for updating the access policy in a vault.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to server.

Variables:

• id (str) – The resource id of the access policy.

• name (str) – The resource name of the access policy.

• type (str) – The resource name of the access policy.

• location (str) – The resource type of the access policy.

• properties (VaultAccessPolicyProperties) – Properties of the access policy. Required.

Keyword Arguments:

properties (VaultAccessPolicyProperties) – Properties of the access policy. Required.

class azure.mgmt.keyvault.v2023_02_01.models.VaultAccessPolicyProperties(*, access_policies: List[_models.AccessPolicyEntry], **kwargs: Any)

Bases: Model

Properties of the vault access policy.

All required parameters must be populated in order to send to server.

Variables:

access_policies (list[AccessPolicyEntry]) – An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault’s tenant ID. Required.

Keyword Arguments:

access_policies (list[AccessPolicyEntry]) – An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault’s tenant ID. Required.

class azure.mgmt.keyvault.v2023_02_01.models.VaultCheckNameAvailabilityParameters(*, name: str, **kwargs: Any)

Bases: Model

The parameters used to check the availability of the vault name.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to server.

Variables:

• name (str) – The vault name. Required.

• type (str) – The type of resource, Microsoft.KeyVault/vaults. Required. Default value is “Microsoft.KeyVault/vaults”.

Keyword Arguments:

name (str) – The vault name. Required.

type = 'Microsoft.KeyVault/vaults'

class azure.mgmt.keyvault.v2023_02_01.models.VaultCreateOrUpdateParameters(*, location: str, properties: _models.VaultProperties, tags: Dict[str, str] | None = None, **kwargs: Any)

Bases: Model

Parameters for creating or updating a vault.

All required parameters must be populated in order to send to server.

Variables:

• location (str) – The supported Azure location where the key vault should be created. Required.

• tags (dict[str, str]) – The tags that will be assigned to the key vault.

• properties (VaultProperties) – Properties of the vault. Required.

Keyword Arguments:

• location (str) – The supported Azure location where the key vault should be created. Required.

• tags (dict[str, str]) – The tags that will be assigned to the key vault.

• properties (VaultProperties) – Properties of the vault. Required.

class azure.mgmt.keyvault.v2023_02_01.models.VaultListResult(*, value: List[_models.Vault] | None = None, next_link: str | None = None, **kwargs: Any)

Bases: Model

List of vaults.

Variables:

• value (list[Vault]) – The list of vaults.

• next_link (str) – The URL to get the next set of vaults.

Keyword Arguments:

• value (list[Vault]) – The list of vaults.

• next_link (str) – The URL to get the next set of vaults.

class azure.mgmt.keyvault.v2023_02_01.models.VaultPatchParameters(*, tags: Dict[str, str] | None = None, properties: _models.VaultPatchProperties | None = None, **kwargs: Any)

Bases: Model

Parameters for creating or updating a vault.

Variables:

• tags (dict[str, str]) – The tags that will be assigned to the key vault.

• properties (VaultPatchProperties) – Properties of the vault.

Keyword Arguments:

• tags (dict[str, str]) – The tags that will be assigned to the key vault.

• properties (VaultPatchProperties) – Properties of the vault.

class azure.mgmt.keyvault.v2023_02_01.models.VaultPatchProperties(*, tenant_id: str | None = None, sku: _models.Sku | None = None, access_policies: List[_models.AccessPolicyEntry] | None = None, enabled_for_deployment: bool | None = None, enabled_for_disk_encryption: bool | None = None, enabled_for_template_deployment: bool | None = None, enable_soft_delete: bool | None = None, enable_rbac_authorization: bool | None = None, soft_delete_retention_in_days: int | None = None, create_mode: str | _models.CreateMode | None = None, enable_purge_protection: bool | None = None, network_acls: _models.NetworkRuleSet | None = None, public_network_access: str | None = None, **kwargs: Any)

Bases: Model

Properties of the vault.

Variables:

• tenant_id (str) – The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

• sku (Sku) – SKU details.

• access_policies (list[AccessPolicyEntry]) – An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault’s tenant ID.

• enabled_for_deployment (bool) – Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.

• enabled_for_disk_encryption (bool) – Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.

• enabled_for_template_deployment (bool) – Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.

• enable_soft_delete (bool) – Property to specify whether the ‘soft delete’ functionality is enabled for this key vault. Once set to true, it cannot be reverted to false.

• enable_rbac_authorization (bool) – Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the value of this property will not change.

• soft_delete_retention_in_days (int) – softDelete data retention days. It accepts >=7 and <=90.

• create_mode (str or CreateMode) – The vault’s create mode to indicate whether the vault need to be recovered or not. Known values are: “recover” and “default”.

• enable_purge_protection (bool) – Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.

• network_acls (NetworkRuleSet) – A collection of rules governing the accessibility of the vault from specific network locations.

• public_network_access (str) – Property to specify whether the vault will accept traffic from public internet. If set to ‘disabled’ all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.

Keyword Arguments:

• tenant_id (str) – The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

• sku (Sku) – SKU details.

• access_policies (list[AccessPolicyEntry]) – An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault’s tenant ID.

• enabled_for_deployment (bool) – Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.

• enabled_for_disk_encryption (bool) – Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.

• enabled_for_template_deployment (bool) – Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.

• enable_soft_delete (bool) – Property to specify whether the ‘soft delete’ functionality is enabled for this key vault. Once set to true, it cannot be reverted to false.

• enable_rbac_authorization (bool) – Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the value of this property will not change.

• soft_delete_retention_in_days (int) – softDelete data retention days. It accepts >=7 and <=90.

• create_mode (str or CreateMode) – The vault’s create mode to indicate whether the vault need to be recovered or not. Known values are: “recover” and “default”.

• enable_purge_protection (bool) – Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.

• network_acls (NetworkRuleSet) – A collection of rules governing the accessibility of the vault from specific network locations.

• public_network_access (str) – Property to specify whether the vault will accept traffic from public internet. If set to ‘disabled’ all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.

class azure.mgmt.keyvault.v2023_02_01.models.VaultProperties(*, tenant_id: str, sku: _models.Sku, access_policies: List[_models.AccessPolicyEntry] | None = None, vault_uri: str | None = None, enabled_for_deployment: bool | None = None, enabled_for_disk_encryption: bool | None = None, enabled_for_template_deployment: bool | None = None, enable_soft_delete: bool = True, soft_delete_retention_in_days: int = 90, enable_rbac_authorization: bool = False, create_mode: str | _models.CreateMode | None = None, enable_purge_protection: bool | None = None, network_acls: _models.NetworkRuleSet | None = None, provisioning_state: str | _models.VaultProvisioningState | None = None, public_network_access: str = 'enabled', **kwargs: Any)

Bases: Model

Properties of the vault.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to server.

Variables:

• tenant_id (str) – The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. Required.

• sku (Sku) – SKU details. Required.

• access_policies (list[AccessPolicyEntry]) – An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault’s tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required.

• vault_uri (str) – The URI of the vault for performing operations on keys and secrets.

• hsm_pool_resource_id (str) – The resource id of HSM Pool.

• enabled_for_deployment (bool) – Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.

• enabled_for_disk_encryption (bool) – Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.

• enabled_for_template_deployment (bool) – Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.

• enable_soft_delete (bool) – Property to specify whether the ‘soft delete’ functionality is enabled for this key vault. If it’s not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.

• soft_delete_retention_in_days (int) – softDelete data retention days. It accepts >=7 and <=90.

• enable_rbac_authorization (bool) – Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.

• create_mode (str or CreateMode) – The vault’s create mode to indicate whether the vault need to be recovered or not. Known values are: “recover” and “default”.

• enable_purge_protection (bool) – Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.

• network_acls (NetworkRuleSet) – Rules governing the accessibility of the key vault from specific network locations.

• provisioning_state (str or VaultProvisioningState) – Provisioning state of the vault. Known values are: “Succeeded” and “RegisteringDns”.

• private_endpoint_connections (list[PrivateEndpointConnectionItem]) – List of private endpoint connections associated with the key vault.

• public_network_access (str) – Property to specify whether the vault will accept traffic from public internet. If set to ‘disabled’ all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.

Keyword Arguments:

• tenant_id (str) – The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. Required.

• sku (Sku) – SKU details. Required.

• access_policies (list[AccessPolicyEntry]) – An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault’s tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required.

• vault_uri (str) – The URI of the vault for performing operations on keys and secrets.

• enabled_for_deployment (bool) – Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.

• enabled_for_disk_encryption (bool) – Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.

• enabled_for_template_deployment (bool) – Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.

• enable_soft_delete (bool) – Property to specify whether the ‘soft delete’ functionality is enabled for this key vault. If it’s not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.

• soft_delete_retention_in_days (int) – softDelete data retention days. It accepts >=7 and <=90.

• enable_rbac_authorization (bool) – Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.

• create_mode (str or CreateMode) – The vault’s create mode to indicate whether the vault need to be recovered or not. Known values are: “recover” and “default”.

• enable_purge_protection (bool) – Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.

• network_acls (NetworkRuleSet) – Rules governing the accessibility of the key vault from specific network locations.

• provisioning_state (str or VaultProvisioningState) – Provisioning state of the vault. Known values are: “Succeeded” and “RegisteringDns”.

• public_network_access (str) – Property to specify whether the vault will accept traffic from public internet. If set to ‘disabled’ all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.

class azure.mgmt.keyvault.v2023_02_01.models.VaultProvisioningState(*values)

Bases: str, Enum

Provisioning state of the vault.

REGISTERING_DNS = 'RegisteringDns'

SUCCEEDED = 'Succeeded'

class azure.mgmt.keyvault.v2023_02_01.models.VirtualNetworkRule(*, id: str, ignore_missing_vnet_service_endpoint: bool | None = None, **kwargs: Any)

Bases: Model

A rule governing the accessibility of a vault from a specific virtual network.

All required parameters must be populated in order to send to server.

Variables:

• id (str) – Full resource id of a vnet subnet, such as ‘/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1’. Required.

• ignore_missing_vnet_service_endpoint (bool) – Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.

Keyword Arguments:

• id (str) – Full resource id of a vnet subnet, such as ‘/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1’. # pylint: disable=line-too-long Required.

• ignore_missing_vnet_service_endpoint (bool) – Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.