azkeys

package module
v1.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 6, 2024 License: MIT Imports: 13 Imported by: 36

README

Azure Key Vault Keys client module for Go

  • Cryptographic key management (this module) - create, store, and control access to the keys used to encrypt your data
  • Managed HSM administration (azadmin) - role-based access control (RBAC), settings, and vault-level backup and restore options
  • Certificate management (azcertificates) - create, manage, and deploy public and private SSL/TLS certificates
  • Secrets management (azsecrets) - securely store and control access to tokens, passwords, certificates, API keys, and other secrets

Source code | Package (pkg.go.dev) | Product documentation | Samples

Getting started

Install packages

Install azkeys and azidentity with go get:

go get github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys
go get github.com/Azure/azure-sdk-for-go/sdk/azidentity

azidentity is used for Azure Active Directory authentication as demonstrated below.

Prerequisites
  • An Azure subscription
  • A supported Go version (the Azure SDK supports the two most recent Go releases)
  • A key vault. If you need to create one, see the Key Vault documentation for instructions on doing so in the Azure Portal or with the Azure CLI.
Authentication

This document demonstrates using azidentity.NewDefaultAzureCredential to authenticate. This credential type works in both local development and production environments. We recommend using a managed identity in production.

Client accepts any azidentity credential. See the azidentity documentation for more information about other credential types.

Create a client

Constructing the client requires your vault's URL, which you can get from the Azure CLI or the Azure Portal.

import (
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		// TODO: handle error
	}

	client, err := azkeys.NewClient("https://<TODO: your vault name>.vault.azure.net", cred, nil)
	if err != nil {
		// TODO: handle error
	}
}

Key concepts

Keys

Azure Key Vault can create and store RSA and elliptic curve keys. Both can optionally be protected by hardware security modules (HSMs). Azure Key Vault can also perform cryptographic operations with them. For more information about keys and supported operations and algorithms, see the Key Vault documentation.

Client can create keys in the vault, get existing keys from the vault, update key metadata, and delete keys, as shown in the examples below.

Examples

Get started with our examples.

Troubleshooting

Error Handling

All methods which send HTTP requests return *azcore.ResponseError when these requests fail. ResponseError has error details and the raw response from Key Vault.

import "github.com/Azure/azure-sdk-for-go/sdk/azcore"

resp, err := client.GetKey(context.Background(), "keyName", nil)
if err != nil {
    var httpErr *azcore.ResponseError
    if errors.As(err, &httpErr) {
        // TODO: investigate httpErr
    } else {
        // TODO: not an HTTP error
    }
}
Logging

This module uses the logging implementation in azcore. To turn on logging for all Azure SDK modules, set AZURE_SDK_GO_LOGGING to all. By default the logger writes to stderr. Use the azcore/log package to control log output. For example, logging only HTTP request and response events, and printing them to stdout:

import azlog "github.com/Azure/azure-sdk-for-go/sdk/azcore/log"

// Print log events to stdout
azlog.SetListener(func(cls azlog.Event, msg string) {
	fmt.Println(msg)
})

// Includes only requests and responses in logs
azlog.SetEvents(azlog.EventRequest, azlog.EventResponse)
Accessing http.Response

You can access the raw *http.Response returned by Key Vault using the runtime.WithCaptureResponse method and a context passed to any client method.

import "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"

var response *http.Response
ctx := runtime.WithCaptureResponse(context.TODO(), &response)
_, err = client.GetKey(ctx, "keyName", nil)
if err != nil {
    // TODO: handle error
}
// TODO: do something with response
Additional Documentation

For more extensive documentation on Azure Key Vault, see the API reference documentation.

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.

When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information, see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

Impressions

Documentation

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type BackupKeyOptions

type BackupKeyOptions struct {
}

BackupKeyOptions contains the optional parameters for the Client.BackupKey method.

type BackupKeyResponse

type BackupKeyResponse struct {
	// The backup key result, containing the backup blob.
	BackupKeyResult
}

BackupKeyResponse contains the response from method Client.BackupKey.

type BackupKeyResult

type BackupKeyResult struct {
	// READ-ONLY; The backup blob containing the backed up key.
	Value []byte
}

BackupKeyResult - The backup key result, containing the backup blob.

func (BackupKeyResult) MarshalJSON

func (b BackupKeyResult) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type BackupKeyResult.

func (*BackupKeyResult) UnmarshalJSON

func (b *BackupKeyResult) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type BackupKeyResult.

type Client

type Client struct {
	// contains filtered or unexported fields
}

Client contains the methods for the Client group. Don't use this type directly, use a constructor function instead.

func NewClient

func NewClient(vaultURL string, credential azcore.TokenCredential, options *ClientOptions) (*Client, error)

NewClient creates a client that accesses a Key Vault's keys. You should validate that vaultURL references a valid Key Vault or Managed HSM. See https://aka.ms/azsdk/blog/vault-uri for details.

Example
package main

import (
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys"
)

func main() {
	vaultURL := "https://<TODO: your vault name>.vault.azure.net"
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		// TODO: handle error
	}

	client, err := azkeys.NewClient(vaultURL, cred, nil)
	if err != nil {
		// TODO: handle error
	}

	_ = client
}
Output:

func (*Client) BackupKey

func (client *Client) BackupKey(ctx context.Context, name string, options *BackupKeyOptions) (BackupKeyResponse, error)

BackupKey - The Key Backup operation exports a key from Azure Key Vault in a protected form. Note that this operation does NOT return key material in a form that can be used outside the Azure Key Vault system, the returned key material is either protected to a Azure Key Vault HSM or to Azure Key Vault itself. The intent of this operation is to allow a client to GENERATE a key in one Azure Key Vault instance, BACKUP the key, and then RESTORE it into another Azure Key Vault instance. The BACKUP operation may be used to export, in protected form, any key type from Azure Key Vault. Individual versions of a key cannot be backed up. BACKUP / RESTORE can be performed within geographical boundaries only; meaning that a BACKUP from one geographical area cannot be restored to another geographical area. For example, a backup from the US geographical area cannot be restored in an EU geographical area. This operation requires the key/backup permission. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 7.5

  • name - The name of the key.
  • options - BackupKeyOptions contains the optional parameters for the Client.BackupKey method.

func (*Client) CreateKey

func (client *Client) CreateKey(ctx context.Context, name string, parameters CreateKeyParameters, options *CreateKeyOptions) (CreateKeyResponse, error)

CreateKey - The create key operation can be used to create any key type in Azure Key Vault. If the named key already exists, Azure Key Vault creates a new version of the key. It requires the keys/create permission. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 7.5

  • name - The name for the new key. The system will generate the version name for the new key. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information.
  • parameters - The parameters to create a key.
  • options - CreateKeyOptions contains the optional parameters for the Client.CreateKey method.
Example (Ec)
package main

import (
	"context"
	"fmt"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys"
)

var client azkeys.Client

func main() {
	params := azkeys.CreateKeyParameters{
		Curve: to.Ptr(azkeys.CurveNameP256K),
		Kty:   to.Ptr(azkeys.KeyTypeEC),
	}
	// if a key with the same name already exists, a new version of that key is created
	resp, err := client.CreateKey(context.TODO(), "key-name", params, nil)
	if err != nil {
		// TODO: handle error
	}
	fmt.Println(*resp.Key.KID)
}
Output:

Example (Rsa)
package main

import (
	"context"
	"fmt"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys"
)

var client azkeys.Client

func main() {
	params := azkeys.CreateKeyParameters{
		KeySize: to.Ptr(int32(2048)),
		Kty:     to.Ptr(azkeys.KeyTypeRSA),
	}
	// if a key with the same name already exists, a new version of that key is created
	resp, err := client.CreateKey(context.TODO(), "key-name", params, nil)
	if err != nil {
		// TODO: handle error
	}
	fmt.Println(*resp.Key.KID)
}
Output:

func (*Client) Decrypt

func (client *Client) Decrypt(ctx context.Context, name string, version string, parameters KeyOperationParameters, options *DecryptOptions) (DecryptResponse, error)

Decrypt - The DECRYPT operation decrypts a well-formed block of ciphertext using the target encryption key and specified algorithm. This operation is the reverse of the ENCRYPT operation; only a single block of data may be decrypted, the size of this block is dependent on the target key and the algorithm to be used. The DECRYPT operation applies to asymmetric and symmetric keys stored in Azure Key Vault since it uses the private portion of the key. This operation requires the keys/decrypt permission. Microsoft recommends not to use CBC algorithms for decryption without first ensuring the integrity of the ciphertext using an HMAC, for example. See https://docs.microsoft.com/dotnet/standard/security/vulnerabilities-cbc-mode for more information. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 7.5

  • name - The name of the key.
  • version - The version of the key.
  • parameters - The parameters for the decryption operation.
  • options - DecryptOptions contains the optional parameters for the Client.Decrypt method.

func (*Client) DeleteKey

func (client *Client) DeleteKey(ctx context.Context, name string, options *DeleteKeyOptions) (DeleteKeyResponse, error)

DeleteKey - The delete key operation cannot be used to remove individual versions of a key. This operation removes the cryptographic material associated with the key, which means the key is not usable for Sign/Verify, Wrap/Unwrap or Encrypt/Decrypt operations. This operation requires the keys/delete permission. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 7.5

  • name - The name of the key to delete.
  • options - DeleteKeyOptions contains the optional parameters for the Client.DeleteKey method.
Example
package main

import (
	"context"
	"fmt"

	"github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys"
)

var client azkeys.Client

func main() {
	// DeleteKey returns when Key Vault has begun deleting the key. That can take several
	// seconds to complete, so it may be necessary to wait before performing other operations
	// on the deleted key.
	resp, err := client.DeleteKey(context.TODO(), "key-name", nil)
	if err != nil {
		// TODO: handle error
	}

	// In a soft-delete enabled vault, deleted keys can be recovered until they're purged (permanently deleted).
	fmt.Printf("Key will be purged at %v", resp.ScheduledPurgeDate)
}
Output:

func (*Client) Encrypt

func (client *Client) Encrypt(ctx context.Context, name string, version string, parameters KeyOperationParameters, options *EncryptOptions) (EncryptResponse, error)

Encrypt - The ENCRYPT operation encrypts an arbitrary sequence of bytes using an encryption key that is stored in Azure Key Vault. Note that the ENCRYPT operation only supports a single block of data, the size of which is dependent on the target key and the encryption algorithm to be used. The ENCRYPT operation is only strictly necessary for symmetric keys stored in Azure Key Vault since protection with an asymmetric key can be performed using public portion of the key. This operation is supported for asymmetric keys as a convenience for callers that have a key-reference but do not have access to the public key material. This operation requires the keys/encrypt permission. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 7.5

  • name - The name of the key.
  • version - The version of the key.
  • parameters - The parameters for the encryption operation.
  • options - EncryptOptions contains the optional parameters for the Client.Encrypt method.

func (*Client) GetDeletedKey

func (client *Client) GetDeletedKey(ctx context.Context, name string, options *GetDeletedKeyOptions) (GetDeletedKeyResponse, error)

GetDeletedKey - The Get Deleted Key operation is applicable for soft-delete enabled vaults. While the operation can be invoked on any vault, it will return an error if invoked on a non soft-delete enabled vault. This operation requires the keys/get permission. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 7.5

  • name - The name of the key.
  • options - GetDeletedKeyOptions contains the optional parameters for the Client.GetDeletedKey method.

func (*Client) GetKey

func (client *Client) GetKey(ctx context.Context, name string, version string, options *GetKeyOptions) (GetKeyResponse, error)

GetKey - The get key operation is applicable to all key types. If the requested key is symmetric, then no key material is released in the response. This operation requires the keys/get permission. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 7.5

  • name - The name of the key to get.
  • version - Adding the version parameter retrieves a specific version of a key. This URI fragment is optional. If not specified, the latest version of the key is returned.
  • options - GetKeyOptions contains the optional parameters for the Client.GetKey method.
Example
package main

import (
	"context"
	"fmt"

	"github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys"
)

var client azkeys.Client

func main() {
	// passing an empty string for the version parameter gets the latest version of the key
	resp, err := client.GetKey(context.TODO(), "key-name", "", nil)
	if err != nil {
		// TODO: handle error
	}
	fmt.Println(*resp.Key.KID)
}
Output:

func (*Client) GetKeyRotationPolicy

func (client *Client) GetKeyRotationPolicy(ctx context.Context, name string, options *GetKeyRotationPolicyOptions) (GetKeyRotationPolicyResponse, error)

GetKeyRotationPolicy - The GetKeyRotationPolicy operation returns the specified key policy resources in the specified key vault. This operation requires the keys/get permission. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 7.5

  • name - The name of the key in a given key vault.
  • options - GetKeyRotationPolicyOptions contains the optional parameters for the Client.GetKeyRotationPolicy method.

func (*Client) GetRandomBytes

func (client *Client) GetRandomBytes(ctx context.Context, parameters GetRandomBytesParameters, options *GetRandomBytesOptions) (GetRandomBytesResponse, error)

GetRandomBytes - Get the requested number of bytes containing random values from a managed HSM. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 7.5

  • parameters - The request object to get random bytes.
  • options - GetRandomBytesOptions contains the optional parameters for the Client.GetRandomBytes method.

func (*Client) ImportKey

func (client *Client) ImportKey(ctx context.Context, name string, parameters ImportKeyParameters, options *ImportKeyOptions) (ImportKeyResponse, error)

ImportKey - The import key operation may be used to import any key type into an Azure Key Vault. If the named key already exists, Azure Key Vault creates a new version of the key. This operation requires the keys/import permission. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 7.5

  • name - Name for the imported key. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information.
  • parameters - The parameters to import a key.
  • options - ImportKeyOptions contains the optional parameters for the Client.ImportKey method.

func (*Client) NewListDeletedKeyPropertiesPager added in v0.12.0

func (client *Client) NewListDeletedKeyPropertiesPager(options *ListDeletedKeyPropertiesOptions) *runtime.Pager[ListDeletedKeyPropertiesResponse]

NewListDeletedKeyPropertiesPager - Retrieves a list of the keys in the Key Vault as JSON Web Key structures that contain the public part of a deleted key. This operation includes deletion-specific information. The Get Deleted Keys operation is applicable for vaults enabled for soft-delete. While the operation can be invoked on any vault, it will return an error if invoked on a non soft-delete enabled vault. This operation requires the keys/list permission.

Generated from API version 7.5

  • options - ListDeletedKeyPropertiesOptions contains the optional parameters for the Client.NewListDeletedKeyPropertiesPager method.

func (*Client) NewListKeyPropertiesPager added in v0.12.0

func (client *Client) NewListKeyPropertiesPager(options *ListKeyPropertiesOptions) *runtime.Pager[ListKeyPropertiesResponse]

NewListKeyPropertiesPager - Retrieves a list of the keys in the Key Vault as JSON Web Key structures that contain the public part of a stored key. The LIST operation is applicable to all key types, however only the base key identifier, attributes, and tags are provided in the response. Individual versions of a key are not listed in the response. This operation requires the keys/list permission.

Generated from API version 7.5

  • options - ListKeyPropertiesOptions contains the optional parameters for the Client.NewListKeyPropertiesPager method.
Example
package main

import (
	"context"
	"fmt"

	"github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys"
)

var client azkeys.Client

func main() {
	pager := client.NewListKeyPropertiesPager(nil)
	for pager.More() {
		resp, err := pager.NextPage(context.TODO())
		if err != nil {
			// TODO: handle error
		}
		for _, key := range resp.Value {
			fmt.Println(*key.KID)
		}
	}
}
Output:

func (*Client) NewListKeyPropertiesVersionsPager added in v0.12.0

func (client *Client) NewListKeyPropertiesVersionsPager(name string, options *ListKeyPropertiesVersionsOptions) *runtime.Pager[ListKeyPropertiesVersionsResponse]

NewListKeyPropertiesVersionsPager - The full key identifier, attributes, and tags are provided in the response. This operation requires the keys/list permission.

Generated from API version 7.5

  • name - The name of the key.
  • options - ListKeyPropertiesVersionsOptions contains the optional parameters for the Client.NewListKeyPropertiesVersionsPager method.

func (*Client) PurgeDeletedKey

func (client *Client) PurgeDeletedKey(ctx context.Context, name string, options *PurgeDeletedKeyOptions) (PurgeDeletedKeyResponse, error)

PurgeDeletedKey - The Purge Deleted Key operation is applicable for soft-delete enabled vaults. While the operation can be invoked on any vault, it will return an error if invoked on a non soft-delete enabled vault. This operation requires the keys/purge permission. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 7.5

  • name - The name of the key
  • options - PurgeDeletedKeyOptions contains the optional parameters for the Client.PurgeDeletedKey method.
Example
package main

import (
	"context"

	"github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys"
)

var client azkeys.Client

func main() {
	// this loop purges all the deleted keys in the vault
	pager := client.NewListDeletedKeyPropertiesPager(nil)
	for pager.More() {
		page, err := pager.NextPage(context.TODO())
		if err != nil {
			// TODO: handle error
		}
		for _, key := range page.Value {
			_, err := client.PurgeDeletedKey(context.TODO(), key.KID.Name(), nil)
			if err != nil {
				// TODO: handle error
			}
		}
	}
}
Output:

func (*Client) RecoverDeletedKey

func (client *Client) RecoverDeletedKey(ctx context.Context, name string, options *RecoverDeletedKeyOptions) (RecoverDeletedKeyResponse, error)

RecoverDeletedKey - The Recover Deleted Key operation is applicable for deleted keys in soft-delete enabled vaults. It recovers the deleted key back to its latest version under /keys. An attempt to recover an non-deleted key will return an error. Consider this the inverse of the delete operation on soft-delete enabled vaults. This operation requires the keys/recover permission. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 7.5

  • name - The name of the deleted key.
  • options - RecoverDeletedKeyOptions contains the optional parameters for the Client.RecoverDeletedKey method.

func (*Client) Release

func (client *Client) Release(ctx context.Context, name string, version string, parameters ReleaseParameters, options *ReleaseOptions) (ReleaseResponse, error)

Release - The release key operation is applicable to all key types. The target key must be marked exportable. This operation requires the keys/release permission. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 7.5

  • name - The name of the key to get.
  • version - Adding the version parameter retrieves a specific version of a key.
  • parameters - The parameters for the key release operation.
  • options - ReleaseOptions contains the optional parameters for the Client.Release method.

func (*Client) RestoreKey

func (client *Client) RestoreKey(ctx context.Context, parameters RestoreKeyParameters, options *RestoreKeyOptions) (RestoreKeyResponse, error)

RestoreKey - Imports a previously backed up key into Azure Key Vault, restoring the key, its key identifier, attributes and access control policies. The RESTORE operation may be used to import a previously backed up key. Individual versions of a key cannot be restored. The key is restored in its entirety with the same key name as it had when it was backed up. If the key name is not available in the target Key Vault, the RESTORE operation will be rejected. While the key name is retained during restore, the final key identifier will change if the key is restored to a different vault. Restore will restore all versions and preserve version identifiers. The RESTORE operation is subject to security constraints: The target Key Vault must be owned by the same Microsoft Azure Subscription as the source Key Vault The user must have RESTORE permission in the target Key Vault. This operation requires the keys/restore permission. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 7.5

  • parameters - The parameters to restore the key.
  • options - RestoreKeyOptions contains the optional parameters for the Client.RestoreKey method.

func (*Client) RotateKey

func (client *Client) RotateKey(ctx context.Context, name string, options *RotateKeyOptions) (RotateKeyResponse, error)

RotateKey - The operation will rotate the key based on the key policy. It requires the keys/rotate permission. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 7.5

  • name - The name of key to be rotated. The system will generate a new version in the specified key.
  • options - RotateKeyOptions contains the optional parameters for the Client.RotateKey method.

func (*Client) Sign

func (client *Client) Sign(ctx context.Context, name string, version string, parameters SignParameters, options *SignOptions) (SignResponse, error)

Sign - The SIGN operation is applicable to asymmetric and symmetric keys stored in Azure Key Vault since this operation uses the private portion of the key. This operation requires the keys/sign permission. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 7.5

  • name - The name of the key.
  • version - The version of the key.
  • parameters - The parameters for the signing operation.
  • options - SignOptions contains the optional parameters for the Client.Sign method.

func (*Client) UnwrapKey

func (client *Client) UnwrapKey(ctx context.Context, name string, version string, parameters KeyOperationParameters, options *UnwrapKeyOptions) (UnwrapKeyResponse, error)

UnwrapKey - The UNWRAP operation supports decryption of a symmetric key using the target key encryption key. This operation is the reverse of the WRAP operation. The UNWRAP operation applies to asymmetric and symmetric keys stored in Azure Key Vault since it uses the private portion of the key. This operation requires the keys/unwrapKey permission. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 7.5

  • name - The name of the key.
  • version - The version of the key.
  • parameters - The parameters for the key operation.
  • options - UnwrapKeyOptions contains the optional parameters for the Client.UnwrapKey method.

func (*Client) UpdateKey

func (client *Client) UpdateKey(ctx context.Context, name string, version string, parameters UpdateKeyParameters, options *UpdateKeyOptions) (UpdateKeyResponse, error)

UpdateKey - In order to perform this operation, the key must already exist in the Key Vault. Note: The cryptographic material of a key itself cannot be changed. This operation requires the keys/update permission. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 7.5

  • name - The name of key to update.
  • version - The version of the key to update.
  • parameters - The parameters of the key to update.
  • options - UpdateKeyOptions contains the optional parameters for the Client.UpdateKey method.
Example

UpdateKey updates the properties of a key previously stored in the key vault

package main

import (
	"context"
	"fmt"
	"time"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys"
)

var client azkeys.Client

func main() {
	params := azkeys.UpdateKeyParameters{
		KeyAttributes: &azkeys.KeyAttributes{
			Expires: to.Ptr(time.Now().Add(48 * time.Hour)),
		},
		// Key Vault doesn't interpret tags. The keys and values are up to your application.
		Tags: map[string]*string{"expiration-extended": to.Ptr("true")},
	}
	// passing an empty string for the version parameter updates the latest version of the key
	updateResp, err := client.UpdateKey(context.TODO(), "key-name", "", params, nil)
	if err != nil {
		// TODO: handle error
	}
	fmt.Printf("Enabled key %s", *updateResp.Key.KID)
}
Output:

func (*Client) UpdateKeyRotationPolicy

func (client *Client) UpdateKeyRotationPolicy(ctx context.Context, name string, keyRotationPolicy KeyRotationPolicy, options *UpdateKeyRotationPolicyOptions) (UpdateKeyRotationPolicyResponse, error)

UpdateKeyRotationPolicy - Set specified members in the key policy. Leave others as undefined. This operation requires the keys/update permission. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 7.5

  • name - The name of the key in the given vault.
  • keyRotationPolicy - The policy for the key.
  • options - UpdateKeyRotationPolicyOptions contains the optional parameters for the Client.UpdateKeyRotationPolicy method.
Example

UpdateKeyRotationPolicy allows you to configure automatic key rotation for a key by specifying a rotation policy, and Client.RotateKey allows you to rotate a key on demand. See Azure Key Vault documentation for more information about key rotation.

package main

import (
	"context"
	"fmt"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys"
)

var client azkeys.Client

func main() {
	// this policy rotates the key every 18 months
	policy := azkeys.KeyRotationPolicy{
		LifetimeActions: []*azkeys.LifetimeAction{
			{
				Action: &azkeys.LifetimeActionType{
					Type: to.Ptr(azkeys.KeyRotationPolicyActionRotate),
				},
				Trigger: &azkeys.LifetimeActionTrigger{
					TimeAfterCreate: to.Ptr("P18M"),
				},
			},
		},
	}
	resp, err := client.UpdateKeyRotationPolicy(context.TODO(), "key-name", policy, nil)
	if err != nil {
		// TODO: handle error
	}
	fmt.Printf("Updated key rotation policy at: %v", resp.Attributes.Updated)
}
Output:

func (*Client) Verify

func (client *Client) Verify(ctx context.Context, name string, version string, parameters VerifyParameters, options *VerifyOptions) (VerifyResponse, error)

Verify - The VERIFY operation is applicable to symmetric keys stored in Azure Key Vault. VERIFY is not strictly necessary for asymmetric keys stored in Azure Key Vault since signature verification can be performed using the public portion of the key but this operation is supported as a convenience for callers that only have a key-reference and not the public portion of the key. This operation requires the keys/verify permission. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 7.5

  • name - The name of the key.
  • version - The version of the key.
  • parameters - The parameters for verify operations.
  • options - VerifyOptions contains the optional parameters for the Client.Verify method.

func (*Client) WrapKey

func (client *Client) WrapKey(ctx context.Context, name string, version string, parameters KeyOperationParameters, options *WrapKeyOptions) (WrapKeyResponse, error)

WrapKey - The WRAP operation supports encryption of a symmetric key using a key encryption key that has previously been stored in an Azure Key Vault. The WRAP operation is only strictly necessary for symmetric keys stored in Azure Key Vault since protection with an asymmetric key can be performed using the public portion of the key. This operation is supported for asymmetric keys as a convenience for callers that have a key-reference but do not have access to the public key material. This operation requires the keys/wrapKey permission. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 7.5

  • name - The name of the key.
  • version - The version of the key.
  • parameters - The parameters for wrap operation.
  • options - WrapKeyOptions contains the optional parameters for the Client.WrapKey method.

type ClientOptions

type ClientOptions struct {
	azcore.ClientOptions

	// DisableChallengeResourceVerification controls whether the policy requires the
	// authentication challenge resource to match the Key Vault or Managed HSM domain.
	// See https://aka.ms/azsdk/blog/vault-uri for more information.
	DisableChallengeResourceVerification bool
}

ClientOptions contains optional settings for Client.

type CreateKeyOptions

type CreateKeyOptions struct {
}

CreateKeyOptions contains the optional parameters for the Client.CreateKey method.

type CreateKeyParameters

type CreateKeyParameters struct {
	// REQUIRED; The type of key to create.
	Kty *KeyType

	// Elliptic curve name.
	Curve *CurveName

	// The attributes of a key managed by the key vault service.
	KeyAttributes *KeyAttributes
	KeyOps        []*KeyOperation

	// The key size in bits. For example: 2048, 3072, or 4096 for RSA.
	KeySize *int32

	// The public exponent for a RSA key.
	PublicExponent *int32

	// The policy rules under which the key can be exported.
	ReleasePolicy *KeyReleasePolicy

	// Application specific metadata in the form of key-value pairs.
	Tags map[string]*string
}

CreateKeyParameters - The key create parameters.

func (CreateKeyParameters) MarshalJSON

func (c CreateKeyParameters) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type CreateKeyParameters.

func (*CreateKeyParameters) UnmarshalJSON

func (c *CreateKeyParameters) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type CreateKeyParameters.

type CreateKeyResponse

type CreateKeyResponse struct {
	// A KeyBundle consisting of a WebKey plus its attributes.
	KeyBundle
}

CreateKeyResponse contains the response from method Client.CreateKey.

type CurveName added in v0.12.0

type CurveName string

CurveName - Elliptic curve name.

const (
	// CurveNameP256 - The NIST P-256 elliptic curve, AKA SECG curve SECP256R1.
	CurveNameP256 CurveName = "P-256"
	// CurveNameP256K - The SECG SECP256K1 elliptic curve.
	CurveNameP256K CurveName = "P-256K"
	// CurveNameP384 - The NIST P-384 elliptic curve, AKA SECG curve SECP384R1.
	CurveNameP384 CurveName = "P-384"
	// CurveNameP521 - The NIST P-521 elliptic curve, AKA SECG curve SECP521R1.
	CurveNameP521 CurveName = "P-521"
)

func PossibleCurveNameValues added in v0.12.0

func PossibleCurveNameValues() []CurveName

PossibleCurveNameValues returns the possible values for the CurveName const type.

type DecryptOptions

type DecryptOptions struct {
}

DecryptOptions contains the optional parameters for the Client.Decrypt method.

type DecryptResponse

type DecryptResponse struct {
	// The key operation result.
	KeyOperationResult
}

DecryptResponse contains the response from method Client.Decrypt.

type DeleteKeyOptions

type DeleteKeyOptions struct {
}

DeleteKeyOptions contains the optional parameters for the Client.DeleteKey method.

type DeleteKeyResponse

type DeleteKeyResponse struct {
	// A DeletedKey consisting of a WebKey plus its Attributes and deletion info
	DeletedKey
}

DeleteKeyResponse contains the response from method Client.DeleteKey.

type DeletedKey added in v0.12.0

type DeletedKey struct {
	// The key management attributes.
	Attributes *KeyAttributes

	// The Json web key.
	Key *JSONWebKey

	// The url of the recovery object, used to identify and recover the deleted key.
	RecoveryID *string

	// The policy rules under which the key can be exported.
	ReleasePolicy *KeyReleasePolicy

	// Application specific metadata in the form of key-value pairs.
	Tags map[string]*string

	// READ-ONLY; The time when the key was deleted, in UTC
	DeletedDate *time.Time

	// READ-ONLY; True if the key's lifetime is managed by key vault. If this is a key backing a certificate, then managed will
	// be true.
	Managed *bool

	// READ-ONLY; The time when the key is scheduled to be purged, in UTC
	ScheduledPurgeDate *time.Time
}

DeletedKey - A DeletedKey consisting of a WebKey plus its Attributes and deletion info

func (DeletedKey) MarshalJSON added in v0.12.0

func (d DeletedKey) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type DeletedKey.

func (*DeletedKey) UnmarshalJSON added in v0.12.0

func (d *DeletedKey) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type DeletedKey.

type DeletedKeyProperties added in v0.12.0

type DeletedKeyProperties struct {
	// The key management attributes.
	Attributes *KeyAttributes

	// Key identifier.
	KID *ID

	// The url of the recovery object, used to identify and recover the deleted key.
	RecoveryID *string

	// Application specific metadata in the form of key-value pairs.
	Tags map[string]*string

	// READ-ONLY; The time when the key was deleted, in UTC
	DeletedDate *time.Time

	// READ-ONLY; True if the key's lifetime is managed by key vault. If this is a key backing a certificate, then managed will
	// be true.
	Managed *bool

	// READ-ONLY; The time when the key is scheduled to be purged, in UTC
	ScheduledPurgeDate *time.Time
}

DeletedKeyProperties - The deleted key item containing the deleted key metadata and information about deletion.

func (DeletedKeyProperties) MarshalJSON added in v0.12.0

func (d DeletedKeyProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type DeletedKeyProperties.

func (*DeletedKeyProperties) UnmarshalJSON added in v0.12.0

func (d *DeletedKeyProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type DeletedKeyProperties.

type DeletedKeyPropertiesListResult added in v0.12.0

type DeletedKeyPropertiesListResult struct {
	// READ-ONLY; The URL to get the next set of deleted keys.
	NextLink *string

	// READ-ONLY; A response message containing a list of deleted keys in the vault along with a link to the next page of deleted
	// keys
	Value []*DeletedKeyProperties
}

DeletedKeyPropertiesListResult - A list of keys that have been deleted in this vault.

func (DeletedKeyPropertiesListResult) MarshalJSON added in v0.12.0

func (d DeletedKeyPropertiesListResult) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type DeletedKeyPropertiesListResult.

func (*DeletedKeyPropertiesListResult) UnmarshalJSON added in v0.12.0

func (d *DeletedKeyPropertiesListResult) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type DeletedKeyPropertiesListResult.

type EncryptOptions

type EncryptOptions struct {
}

EncryptOptions contains the optional parameters for the Client.Encrypt method.

type EncryptResponse

type EncryptResponse struct {
	// The key operation result.
	KeyOperationResult
}

EncryptResponse contains the response from method Client.Encrypt.

type EncryptionAlgorithm added in v0.12.0

type EncryptionAlgorithm string

EncryptionAlgorithm - algorithm identifier

const (
	EncryptionAlgorithmA128CBC    EncryptionAlgorithm = "A128CBC"
	EncryptionAlgorithmA128CBCPAD EncryptionAlgorithm = "A128CBCPAD"
	EncryptionAlgorithmA128GCM    EncryptionAlgorithm = "A128GCM"
	EncryptionAlgorithmA128KW     EncryptionAlgorithm = "A128KW"
	EncryptionAlgorithmA192CBC    EncryptionAlgorithm = "A192CBC"
	EncryptionAlgorithmA192CBCPAD EncryptionAlgorithm = "A192CBCPAD"
	EncryptionAlgorithmA192GCM    EncryptionAlgorithm = "A192GCM"
	EncryptionAlgorithmA192KW     EncryptionAlgorithm = "A192KW"
	EncryptionAlgorithmA256CBC    EncryptionAlgorithm = "A256CBC"
	EncryptionAlgorithmA256CBCPAD EncryptionAlgorithm = "A256CBCPAD"
	EncryptionAlgorithmA256GCM    EncryptionAlgorithm = "A256GCM"
	EncryptionAlgorithmA256KW     EncryptionAlgorithm = "A256KW"
	EncryptionAlgorithmRSA15      EncryptionAlgorithm = "RSA1_5"
	EncryptionAlgorithmRSAOAEP    EncryptionAlgorithm = "RSA-OAEP"
	EncryptionAlgorithmRSAOAEP256 EncryptionAlgorithm = "RSA-OAEP-256"
)

func PossibleEncryptionAlgorithmValues added in v0.12.0

func PossibleEncryptionAlgorithmValues() []EncryptionAlgorithm

PossibleEncryptionAlgorithmValues returns the possible values for the EncryptionAlgorithm const type.

type GetDeletedKeyOptions

type GetDeletedKeyOptions struct {
}

GetDeletedKeyOptions contains the optional parameters for the Client.GetDeletedKey method.

type GetDeletedKeyResponse

type GetDeletedKeyResponse struct {
	// A DeletedKey consisting of a WebKey plus its Attributes and deletion info
	DeletedKey
}

GetDeletedKeyResponse contains the response from method Client.GetDeletedKey.

type GetKeyOptions

type GetKeyOptions struct {
}

GetKeyOptions contains the optional parameters for the Client.GetKey method.

type GetKeyResponse

type GetKeyResponse struct {
	// A KeyBundle consisting of a WebKey plus its attributes.
	KeyBundle
}

GetKeyResponse contains the response from method Client.GetKey.

type GetKeyRotationPolicyOptions

type GetKeyRotationPolicyOptions struct {
}

GetKeyRotationPolicyOptions contains the optional parameters for the Client.GetKeyRotationPolicy method.

type GetKeyRotationPolicyResponse

type GetKeyRotationPolicyResponse struct {
	// Management policy for a key.
	KeyRotationPolicy
}

GetKeyRotationPolicyResponse contains the response from method Client.GetKeyRotationPolicy.

type GetRandomBytesOptions

type GetRandomBytesOptions struct {
}

GetRandomBytesOptions contains the optional parameters for the Client.GetRandomBytes method.

type GetRandomBytesParameters added in v0.12.0

type GetRandomBytesParameters struct {
	// REQUIRED; The requested number of random bytes.
	Count *int32
}

GetRandomBytesParameters - The get random bytes request object.

func (GetRandomBytesParameters) MarshalJSON added in v0.12.0

func (g GetRandomBytesParameters) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type GetRandomBytesParameters.

func (*GetRandomBytesParameters) UnmarshalJSON added in v0.12.0

func (g *GetRandomBytesParameters) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type GetRandomBytesParameters.

type GetRandomBytesResponse

type GetRandomBytesResponse struct {
	// The get random bytes response object containing the bytes.
	RandomBytes
}

GetRandomBytesResponse contains the response from method Client.GetRandomBytes.

type ID

type ID string

ID is a key's unique ID, containing its version, if any, and name.

func (*ID) Name

func (i *ID) Name() string

Name of the key.

func (*ID) Version

func (i *ID) Version() string

Version of the key. This returns an empty string when the ID contains no version.

type ImportKeyOptions

type ImportKeyOptions struct {
}

ImportKeyOptions contains the optional parameters for the Client.ImportKey method.

type ImportKeyParameters

type ImportKeyParameters struct {
	// REQUIRED; The Json web key
	Key *JSONWebKey

	// Whether to import as a hardware key (HSM) or software key.
	HSM *bool

	// The key management attributes.
	KeyAttributes *KeyAttributes

	// The policy rules under which the key can be exported.
	ReleasePolicy *KeyReleasePolicy

	// Application specific metadata in the form of key-value pairs.
	Tags map[string]*string
}

ImportKeyParameters - The key import parameters.

func (ImportKeyParameters) MarshalJSON

func (i ImportKeyParameters) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ImportKeyParameters.

func (*ImportKeyParameters) UnmarshalJSON

func (i *ImportKeyParameters) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ImportKeyParameters.

type ImportKeyResponse

type ImportKeyResponse struct {
	// A KeyBundle consisting of a WebKey plus its attributes.
	KeyBundle
}

ImportKeyResponse contains the response from method Client.ImportKey.

type JSONWebKey

type JSONWebKey struct {
	// Elliptic curve name.
	Crv *CurveName

	// RSA private exponent, or the D component of an EC private key.
	D []byte

	// RSA private key parameter.
	DP []byte

	// RSA private key parameter.
	DQ []byte

	// RSA public exponent.
	E []byte

	// Symmetric key.
	K []byte

	// Key identifier.
	KID    *ID
	KeyOps []*KeyOperation

	// JsonWebKey Key Type (kty), as defined in https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40.
	Kty *KeyType

	// RSA modulus.
	N []byte

	// RSA secret prime.
	P []byte

	// RSA secret prime, with p < q.
	Q []byte

	// RSA private key parameter.
	QI []byte

	// Protected Key, used with 'Bring Your Own Key'.
	T []byte

	// X component of an EC public key.
	X []byte

	// Y component of an EC public key.
	Y []byte
}

JSONWebKey - As of http://tools.ietf.org/html/draft-ietf-jose-json-web-key-18

func (JSONWebKey) MarshalJSON

func (j JSONWebKey) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type JSONWebKey.

func (*JSONWebKey) UnmarshalJSON

func (j *JSONWebKey) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type JSONWebKey.

type KeyAttributes

type KeyAttributes struct {
	// Determines whether the object is enabled.
	Enabled *bool

	// Expiry date in UTC.
	Expires *time.Time

	// Indicates if the private key can be exported. Release policy must be provided when creating the first version of an exportable
	// key.
	Exportable *bool

	// Not before date in UTC.
	NotBefore *time.Time

	// READ-ONLY; Creation time in UTC.
	Created *time.Time

	// READ-ONLY; The underlying HSM Platform.
	HSMPlatform *string

	// READ-ONLY; softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0.
	RecoverableDays *int32

	// READ-ONLY; Reflects the deletion recovery level currently in effect for keys in the current vault. If it contains 'Purgeable'
	// the key can be permanently deleted by a privileged user; otherwise, only the system
	// can purge the key, at the end of the retention interval.
	RecoveryLevel *string

	// READ-ONLY; Last updated time in UTC.
	Updated *time.Time
}

KeyAttributes - The attributes of a key managed by the key vault service.

func (KeyAttributes) MarshalJSON

func (k KeyAttributes) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type KeyAttributes.

func (*KeyAttributes) UnmarshalJSON

func (k *KeyAttributes) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type KeyAttributes.

type KeyBundle

type KeyBundle struct {
	// The key management attributes.
	Attributes *KeyAttributes

	// The Json web key.
	Key *JSONWebKey

	// The policy rules under which the key can be exported.
	ReleasePolicy *KeyReleasePolicy

	// Application specific metadata in the form of key-value pairs.
	Tags map[string]*string

	// READ-ONLY; True if the key's lifetime is managed by key vault. If this is a key backing a certificate, then managed will
	// be true.
	Managed *bool
}

KeyBundle - A KeyBundle consisting of a WebKey plus its attributes.

func (KeyBundle) MarshalJSON

func (k KeyBundle) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type KeyBundle.

func (*KeyBundle) UnmarshalJSON

func (k *KeyBundle) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type KeyBundle.

type KeyEncryptionAlgorithm

type KeyEncryptionAlgorithm string

KeyEncryptionAlgorithm - The encryption algorithm to use to protected the exported key material

const (
	KeyEncryptionAlgorithmCKMRSAAESKEYWRAP KeyEncryptionAlgorithm = "CKM_RSA_AES_KEY_WRAP"
	KeyEncryptionAlgorithmRSAAESKEYWRAP256 KeyEncryptionAlgorithm = "RSA_AES_KEY_WRAP_256"
	KeyEncryptionAlgorithmRSAAESKEYWRAP384 KeyEncryptionAlgorithm = "RSA_AES_KEY_WRAP_384"
)

func PossibleKeyEncryptionAlgorithmValues

func PossibleKeyEncryptionAlgorithmValues() []KeyEncryptionAlgorithm

PossibleKeyEncryptionAlgorithmValues returns the possible values for the KeyEncryptionAlgorithm const type.

type KeyOperation added in v0.12.0

type KeyOperation string

KeyOperation - JSON web key operations. For more information, see JsonWebKeyOperation.

const (
	KeyOperationDecrypt KeyOperation = "decrypt"
	KeyOperationEncrypt KeyOperation = "encrypt"

	KeyOperationImport    KeyOperation = "import"
	KeyOperationSign      KeyOperation = "sign"
	KeyOperationUnwrapKey KeyOperation = "unwrapKey"
	KeyOperationVerify    KeyOperation = "verify"
	KeyOperationWrapKey   KeyOperation = "wrapKey"
)

func PossibleKeyOperationValues added in v0.12.0

func PossibleKeyOperationValues() []KeyOperation

PossibleKeyOperationValues returns the possible values for the KeyOperation const type.

type KeyOperationParameters added in v0.12.0

type KeyOperationParameters struct {
	// REQUIRED; algorithm identifier
	Algorithm *EncryptionAlgorithm

	// REQUIRED
	Value []byte

	// Additional data to authenticate but not encrypt/decrypt when using authenticated crypto algorithms.
	AdditionalAuthenticatedData []byte

	// The tag to authenticate when performing decryption with an authenticated algorithm.
	AuthenticationTag []byte

	// Cryptographically random, non-repeating initialization vector for symmetric algorithms.
	IV []byte
}

KeyOperationParameters - The key operations parameters.

func (KeyOperationParameters) MarshalJSON added in v0.12.0

func (k KeyOperationParameters) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type KeyOperationParameters.

func (*KeyOperationParameters) UnmarshalJSON added in v0.12.0

func (k *KeyOperationParameters) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type KeyOperationParameters.

type KeyOperationResult

type KeyOperationResult struct {
	// READ-ONLY
	AdditionalAuthenticatedData []byte

	// READ-ONLY
	AuthenticationTag []byte

	// READ-ONLY
	IV []byte

	// READ-ONLY; Key identifier
	KID *ID

	// READ-ONLY
	Result []byte
}

KeyOperationResult - The key operation result.

func (KeyOperationResult) MarshalJSON

func (k KeyOperationResult) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type KeyOperationResult.

func (*KeyOperationResult) UnmarshalJSON

func (k *KeyOperationResult) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type KeyOperationResult.

type KeyProperties added in v0.12.0

type KeyProperties struct {
	// The key management attributes.
	Attributes *KeyAttributes

	// Key identifier.
	KID *ID

	// Application specific metadata in the form of key-value pairs.
	Tags map[string]*string

	// READ-ONLY; True if the key's lifetime is managed by key vault. If this is a key backing a certificate, then managed will
	// be true.
	Managed *bool
}

KeyProperties - The key item containing key metadata.

func (KeyProperties) MarshalJSON added in v0.12.0

func (k KeyProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type KeyProperties.

func (*KeyProperties) UnmarshalJSON added in v0.12.0

func (k *KeyProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type KeyProperties.

type KeyPropertiesListResult added in v0.12.0

type KeyPropertiesListResult struct {
	// READ-ONLY; The URL to get the next set of keys.
	NextLink *string

	// READ-ONLY; A response message containing a list of keys in the key vault along with a link to the next page of keys.
	Value []*KeyProperties
}

KeyPropertiesListResult - The key list result.

func (KeyPropertiesListResult) MarshalJSON added in v0.12.0

func (k KeyPropertiesListResult) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type KeyPropertiesListResult.

func (*KeyPropertiesListResult) UnmarshalJSON added in v0.12.0

func (k *KeyPropertiesListResult) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type KeyPropertiesListResult.

type KeyReleasePolicy

type KeyReleasePolicy struct {
	// Content type and version of key release policy
	ContentType *string

	// Blob encoding the policy rules under which the key can be released. Blob must be base64 URL encoded.
	EncodedPolicy []byte

	// Defines the mutability state of the policy. Once marked immutable, this flag cannot be reset and the policy cannot be changed
	// under any circumstances.
	Immutable *bool
}

KeyReleasePolicy - The policy rules under which the key can be exported.

func (KeyReleasePolicy) MarshalJSON

func (k KeyReleasePolicy) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type KeyReleasePolicy.

func (*KeyReleasePolicy) UnmarshalJSON

func (k *KeyReleasePolicy) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type KeyReleasePolicy.

type KeyReleaseResult

type KeyReleaseResult struct {
	// READ-ONLY; A signed object containing the released key.
	Value *string
}

KeyReleaseResult - The release result, containing the released key.

func (KeyReleaseResult) MarshalJSON

func (k KeyReleaseResult) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type KeyReleaseResult.

func (*KeyReleaseResult) UnmarshalJSON

func (k *KeyReleaseResult) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type KeyReleaseResult.

type KeyRotationPolicy

type KeyRotationPolicy struct {
	// The key rotation policy attributes.
	Attributes *KeyRotationPolicyAttributes

	// Actions that will be performed by Key Vault over the lifetime of a key. For preview, lifetimeActions can only have two
	// items at maximum: one for rotate, one for notify. Notification time would be
	// default to 30 days before expiry and it is not configurable.
	LifetimeActions []*LifetimeAction

	// READ-ONLY; The key policy id.
	ID *string
}

KeyRotationPolicy - Management policy for a key.

func (KeyRotationPolicy) MarshalJSON

func (k KeyRotationPolicy) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type KeyRotationPolicy.

func (*KeyRotationPolicy) UnmarshalJSON

func (k *KeyRotationPolicy) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type KeyRotationPolicy.

type KeyRotationPolicyAction

type KeyRotationPolicyAction string

KeyRotationPolicyAction - The type of the action. The value should be compared case-insensitively.

const (
	// KeyRotationPolicyActionNotify - Trigger Event Grid events. Defaults to 30 days before expiry. Key Vault only.
	KeyRotationPolicyActionNotify KeyRotationPolicyAction = "Notify"
	// KeyRotationPolicyActionRotate - Rotate the key based on the key policy.
	KeyRotationPolicyActionRotate KeyRotationPolicyAction = "Rotate"
)

func PossibleKeyRotationPolicyActionValues

func PossibleKeyRotationPolicyActionValues() []KeyRotationPolicyAction

PossibleKeyRotationPolicyActionValues returns the possible values for the KeyRotationPolicyAction const type.

type KeyRotationPolicyAttributes

type KeyRotationPolicyAttributes struct {
	// The expiryTime will be applied on the new key version. It should be at least 28 days. It will be in ISO 8601 Format. Examples:
	// 90 days: P90D, 3 months: P3M, 48 hours: PT48H, 1 year and 10 days: P1Y10D
	ExpiryTime *string

	// READ-ONLY; The key rotation policy created time in UTC.
	Created *time.Time

	// READ-ONLY; The key rotation policy's last updated time in UTC.
	Updated *time.Time
}

KeyRotationPolicyAttributes - The key rotation policy attributes.

func (KeyRotationPolicyAttributes) MarshalJSON

func (k KeyRotationPolicyAttributes) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type KeyRotationPolicyAttributes.

func (*KeyRotationPolicyAttributes) UnmarshalJSON

func (k *KeyRotationPolicyAttributes) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type KeyRotationPolicyAttributes.

type KeyType added in v0.12.0

type KeyType string

KeyType - JsonWebKey Key Type (kty), as defined in https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40.

const (
	// KeyTypeEC - Elliptic Curve.
	KeyTypeEC KeyType = "EC"
	// KeyTypeECHSM - Elliptic Curve with a private key which is stored in the HSM.
	KeyTypeECHSM KeyType = "EC-HSM"
	// KeyTypeOct - Octet sequence (used to represent symmetric keys)
	KeyTypeOct KeyType = "oct"
	// KeyTypeOctHSM - Octet sequence (used to represent symmetric keys) which is stored the HSM.
	KeyTypeOctHSM KeyType = "oct-HSM"
	// KeyTypeRSA - RSA (https://tools.ietf.org/html/rfc3447)
	KeyTypeRSA KeyType = "RSA"
	// KeyTypeRSAHSM - RSA with a private key which is stored in the HSM.
	KeyTypeRSAHSM KeyType = "RSA-HSM"
)

func PossibleKeyTypeValues added in v0.12.0

func PossibleKeyTypeValues() []KeyType

PossibleKeyTypeValues returns the possible values for the KeyType const type.

type KeyVerifyResult

type KeyVerifyResult struct {
	// READ-ONLY; True if the signature is verified, otherwise false.
	Value *bool
}

KeyVerifyResult - The key verify result.

func (KeyVerifyResult) MarshalJSON

func (k KeyVerifyResult) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type KeyVerifyResult.

func (*KeyVerifyResult) UnmarshalJSON

func (k *KeyVerifyResult) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type KeyVerifyResult.

type LifetimeAction added in v0.12.0

type LifetimeAction struct {
	// The action that will be executed.
	Action *LifetimeActionType

	// The condition that will execute the action.
	Trigger *LifetimeActionTrigger
}

LifetimeAction - Action and its trigger that will be performed by Key Vault over the lifetime of a key.

func (LifetimeAction) MarshalJSON added in v0.12.0

func (l LifetimeAction) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type LifetimeAction.

func (*LifetimeAction) UnmarshalJSON added in v0.12.0

func (l *LifetimeAction) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type LifetimeAction.

type LifetimeActionTrigger added in v0.12.0

type LifetimeActionTrigger struct {
	// Time after creation to attempt to rotate. It only applies to rotate. It will be in ISO 8601 duration format. Example: 90
	// days : "P90D"
	TimeAfterCreate *string

	// Time before expiry to attempt to rotate or notify. It will be in ISO 8601 duration format. Example: 90 days : "P90D"
	TimeBeforeExpiry *string
}

LifetimeActionTrigger - A condition to be satisfied for an action to be executed.

func (LifetimeActionTrigger) MarshalJSON added in v0.12.0

func (l LifetimeActionTrigger) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type LifetimeActionTrigger.

func (*LifetimeActionTrigger) UnmarshalJSON added in v0.12.0

func (l *LifetimeActionTrigger) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type LifetimeActionTrigger.

type LifetimeActionType added in v0.12.0

type LifetimeActionType struct {
	// The type of the action. The value should be compared case-insensitively.
	Type *KeyRotationPolicyAction
}

LifetimeActionType - The action that will be executed.

func (LifetimeActionType) MarshalJSON added in v0.12.0

func (l LifetimeActionType) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type LifetimeActionType.

func (*LifetimeActionType) UnmarshalJSON added in v0.12.0

func (l *LifetimeActionType) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type LifetimeActionType.

type ListDeletedKeyPropertiesOptions added in v0.12.0

type ListDeletedKeyPropertiesOptions struct {
}

ListDeletedKeyPropertiesOptions contains the optional parameters for the Client.NewListDeletedKeyPropertiesPager method.

type ListDeletedKeyPropertiesResponse added in v0.12.0

type ListDeletedKeyPropertiesResponse struct {
	// A list of keys that have been deleted in this vault.
	DeletedKeyPropertiesListResult
}

ListDeletedKeyPropertiesResponse contains the response from method Client.NewListDeletedKeyPropertiesPager.

type ListKeyPropertiesOptions added in v0.12.0

type ListKeyPropertiesOptions struct {
}

ListKeyPropertiesOptions contains the optional parameters for the Client.NewListKeyPropertiesPager method.

type ListKeyPropertiesResponse added in v0.12.0

type ListKeyPropertiesResponse struct {
	// The key list result.
	KeyPropertiesListResult
}

ListKeyPropertiesResponse contains the response from method Client.NewListKeyPropertiesPager.

type ListKeyPropertiesVersionsOptions added in v0.12.0

type ListKeyPropertiesVersionsOptions struct {
}

ListKeyPropertiesVersionsOptions contains the optional parameters for the Client.NewListKeyPropertiesVersionsPager method.

type ListKeyPropertiesVersionsResponse added in v0.12.0

type ListKeyPropertiesVersionsResponse struct {
	// The key list result.
	KeyPropertiesListResult
}

ListKeyPropertiesVersionsResponse contains the response from method Client.NewListKeyPropertiesVersionsPager.

type PurgeDeletedKeyOptions

type PurgeDeletedKeyOptions struct {
}

PurgeDeletedKeyOptions contains the optional parameters for the Client.PurgeDeletedKey method.

type PurgeDeletedKeyResponse

type PurgeDeletedKeyResponse struct {
}

PurgeDeletedKeyResponse contains the response from method Client.PurgeDeletedKey.

type RandomBytes

type RandomBytes struct {
	// REQUIRED; The bytes encoded as a base64url string.
	Value []byte
}

RandomBytes - The get random bytes response object containing the bytes.

func (RandomBytes) MarshalJSON

func (r RandomBytes) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type RandomBytes.

func (*RandomBytes) UnmarshalJSON

func (r *RandomBytes) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type RandomBytes.

type RecoverDeletedKeyOptions

type RecoverDeletedKeyOptions struct {
}

RecoverDeletedKeyOptions contains the optional parameters for the Client.RecoverDeletedKey method.

type RecoverDeletedKeyResponse

type RecoverDeletedKeyResponse struct {
	// A KeyBundle consisting of a WebKey plus its attributes.
	KeyBundle
}

RecoverDeletedKeyResponse contains the response from method Client.RecoverDeletedKey.

type ReleaseOptions

type ReleaseOptions struct {
}

ReleaseOptions contains the optional parameters for the Client.Release method.

type ReleaseParameters

type ReleaseParameters struct {
	// REQUIRED; The attestation assertion for the target of the key release.
	TargetAttestationToken *string

	// The encryption algorithm to use to protected the exported key material
	Algorithm *KeyEncryptionAlgorithm

	// A client provided nonce for freshness.
	Nonce *string
}

ReleaseParameters - The release key parameters.

func (ReleaseParameters) MarshalJSON

func (r ReleaseParameters) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ReleaseParameters.

func (*ReleaseParameters) UnmarshalJSON

func (r *ReleaseParameters) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ReleaseParameters.

type ReleaseResponse

type ReleaseResponse struct {
	// The release result, containing the released key.
	KeyReleaseResult
}

ReleaseResponse contains the response from method Client.Release.

type RestoreKeyOptions

type RestoreKeyOptions struct {
}

RestoreKeyOptions contains the optional parameters for the Client.RestoreKey method.

type RestoreKeyParameters

type RestoreKeyParameters struct {
	// REQUIRED; The backup blob associated with a key bundle.
	KeyBackup []byte
}

RestoreKeyParameters - The key restore parameters.

func (RestoreKeyParameters) MarshalJSON

func (r RestoreKeyParameters) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type RestoreKeyParameters.

func (*RestoreKeyParameters) UnmarshalJSON

func (r *RestoreKeyParameters) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type RestoreKeyParameters.

type RestoreKeyResponse

type RestoreKeyResponse struct {
	// A KeyBundle consisting of a WebKey plus its attributes.
	KeyBundle
}

RestoreKeyResponse contains the response from method Client.RestoreKey.

type RotateKeyOptions

type RotateKeyOptions struct {
}

RotateKeyOptions contains the optional parameters for the Client.RotateKey method.

type RotateKeyResponse

type RotateKeyResponse struct {
	// A KeyBundle consisting of a WebKey plus its attributes.
	KeyBundle
}

RotateKeyResponse contains the response from method Client.RotateKey.

type SignOptions

type SignOptions struct {
}

SignOptions contains the optional parameters for the Client.Sign method.

type SignParameters

type SignParameters struct {
	// REQUIRED; The signing/verification algorithm identifier.
	Algorithm *SignatureAlgorithm

	// REQUIRED
	Value []byte
}

SignParameters - The key operations parameters.

func (SignParameters) MarshalJSON

func (s SignParameters) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SignParameters.

func (*SignParameters) UnmarshalJSON

func (s *SignParameters) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SignParameters.

type SignResponse

type SignResponse struct {
	// The key operation result.
	KeyOperationResult
}

SignResponse contains the response from method Client.Sign.

type SignatureAlgorithm added in v0.12.0

type SignatureAlgorithm string

SignatureAlgorithm - The signing/verification algorithm identifier.

const (
	// SignatureAlgorithmES256 - ECDSA using P-256 and SHA-256, as described in https://tools.ietf.org/html/rfc7518.
	SignatureAlgorithmES256 SignatureAlgorithm = "ES256"
	// SignatureAlgorithmES256K - ECDSA using P-256K and SHA-256, as described in https://tools.ietf.org/html/rfc7518
	SignatureAlgorithmES256K SignatureAlgorithm = "ES256K"
	// SignatureAlgorithmES384 - ECDSA using P-384 and SHA-384, as described in https://tools.ietf.org/html/rfc7518
	SignatureAlgorithmES384 SignatureAlgorithm = "ES384"
	// SignatureAlgorithmES512 - ECDSA using P-521 and SHA-512, as described in https://tools.ietf.org/html/rfc7518
	SignatureAlgorithmES512 SignatureAlgorithm = "ES512"
	// SignatureAlgorithmPS256 - RSASSA-PSS using SHA-256 and MGF1 with SHA-256, as described in https://tools.ietf.org/html/rfc7518
	SignatureAlgorithmPS256 SignatureAlgorithm = "PS256"
	// SignatureAlgorithmPS384 - RSASSA-PSS using SHA-384 and MGF1 with SHA-384, as described in https://tools.ietf.org/html/rfc7518
	SignatureAlgorithmPS384 SignatureAlgorithm = "PS384"
	// SignatureAlgorithmPS512 - RSASSA-PSS using SHA-512 and MGF1 with SHA-512, as described in https://tools.ietf.org/html/rfc7518
	SignatureAlgorithmPS512 SignatureAlgorithm = "PS512"
	// SignatureAlgorithmRS256 - RSASSA-PKCS1-v1_5 using SHA-256, as described in https://tools.ietf.org/html/rfc7518
	SignatureAlgorithmRS256 SignatureAlgorithm = "RS256"
	// SignatureAlgorithmRS384 - RSASSA-PKCS1-v1_5 using SHA-384, as described in https://tools.ietf.org/html/rfc7518
	SignatureAlgorithmRS384 SignatureAlgorithm = "RS384"
	// SignatureAlgorithmRS512 - RSASSA-PKCS1-v1_5 using SHA-512, as described in https://tools.ietf.org/html/rfc7518
	SignatureAlgorithmRS512 SignatureAlgorithm = "RS512"
)

func PossibleSignatureAlgorithmValues added in v0.12.0

func PossibleSignatureAlgorithmValues() []SignatureAlgorithm

PossibleSignatureAlgorithmValues returns the possible values for the SignatureAlgorithm const type.

type UnwrapKeyOptions

type UnwrapKeyOptions struct {
}

UnwrapKeyOptions contains the optional parameters for the Client.UnwrapKey method.

type UnwrapKeyResponse

type UnwrapKeyResponse struct {
	// The key operation result.
	KeyOperationResult
}

UnwrapKeyResponse contains the response from method Client.UnwrapKey.

type UpdateKeyOptions

type UpdateKeyOptions struct {
}

UpdateKeyOptions contains the optional parameters for the Client.UpdateKey method.

type UpdateKeyParameters

type UpdateKeyParameters struct {
	// The attributes of a key managed by the key vault service.
	KeyAttributes *KeyAttributes

	// Json web key operations.
	KeyOps []*KeyOperation

	// The policy rules under which the key can be exported.
	ReleasePolicy *KeyReleasePolicy

	// Application specific metadata in the form of key-value pairs.
	Tags map[string]*string
}

UpdateKeyParameters - The key update parameters.

func (UpdateKeyParameters) MarshalJSON

func (u UpdateKeyParameters) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type UpdateKeyParameters.

func (*UpdateKeyParameters) UnmarshalJSON

func (u *UpdateKeyParameters) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type UpdateKeyParameters.

type UpdateKeyResponse

type UpdateKeyResponse struct {
	// A KeyBundle consisting of a WebKey plus its attributes.
	KeyBundle
}

UpdateKeyResponse contains the response from method Client.UpdateKey.

type UpdateKeyRotationPolicyOptions

type UpdateKeyRotationPolicyOptions struct {
}

UpdateKeyRotationPolicyOptions contains the optional parameters for the Client.UpdateKeyRotationPolicy method.

type UpdateKeyRotationPolicyResponse

type UpdateKeyRotationPolicyResponse struct {
	// Management policy for a key.
	KeyRotationPolicy
}

UpdateKeyRotationPolicyResponse contains the response from method Client.UpdateKeyRotationPolicy.

type VerifyOptions

type VerifyOptions struct {
}

VerifyOptions contains the optional parameters for the Client.Verify method.

type VerifyParameters

type VerifyParameters struct {
	// REQUIRED; The signing/verification algorithm.
	Algorithm *SignatureAlgorithm

	// REQUIRED; The digest used for signing.
	Digest []byte

	// REQUIRED; The signature to be verified.
	Signature []byte
}

VerifyParameters - The key verify parameters.

func (VerifyParameters) MarshalJSON

func (v VerifyParameters) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type VerifyParameters.

func (*VerifyParameters) UnmarshalJSON

func (v *VerifyParameters) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type VerifyParameters.

type VerifyResponse

type VerifyResponse struct {
	// The key verify result.
	KeyVerifyResult
}

VerifyResponse contains the response from method Client.Verify.

type WrapKeyOptions

type WrapKeyOptions struct {
}

WrapKeyOptions contains the optional parameters for the Client.WrapKey method.

type WrapKeyResponse

type WrapKeyResponse struct {
	// The key operation result.
	KeyOperationResult
}

WrapKeyResponse contains the response from method Client.WrapKey.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL