2021-03-23 21:14:25 +00:00
|
|
|
|
---
|
|
|
|
|
|
layout: api
|
|
|
|
|
|
page_title: Azure Key Vault - Key Management - Secrets Engines - HTTP API
|
|
|
|
|
|
description: The Azure Key Vault API documentation for the Key Management secrets engine.
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
|
|
# Azure Key Vault (API)
|
|
|
|
|
|
|
|
|
|
|
|
The Key Management secrets engine supports lifecycle management of keys in named
|
|
|
|
|
|
[Azure Key Vault](https://docs.microsoft.com/en-us/azure/key-vault/) instances.
|
|
|
|
|
|
This is accomplished by configuring a KMS provider resource with the `azurekeyvault`
|
|
|
|
|
|
provider and other provider-specific parameter values.
|
|
|
|
|
|
|
|
|
|
|
|
The following sections provide API documentation that is specific to Azure Key Vault.
|
|
|
|
|
|
|
|
|
|
|
|
## Create/Update KMS Provider
|
|
|
|
|
|
|
|
|
|
|
|
This endpoint creates or updates a KMS provider. If a KMS provider with the given `name`
|
|
|
|
|
|
does not exist, it will be created. If the KMS provider exists, it will be updated with
|
|
|
|
|
|
the given parameter values.
|
|
|
|
|
|
|
|
|
|
|
|
| Method | Path |
|
|
|
|
|
|
| :----- | :------------------- |
|
|
|
|
|
|
| `PUT` | `/keymgmt/kms/:name` |
|
|
|
|
|
|
|
|
|
|
|
|
### Parameters
|
|
|
|
|
|
|
|
|
|
|
|
- `name` `(string: <required>)` – Specifies the name of the KMS provider to create or update.
|
|
|
|
|
|
This is provided as part of the request URL.
|
|
|
|
|
|
|
|
|
|
|
|
- `provider` `(string: <required>)` – Specifies the name of a KMS provider that's external to
|
|
|
|
|
|
Vault. Must be set to `azurekeyvault`. Cannot be changed after creation.
|
|
|
|
|
|
|
|
|
|
|
|
- `key_collection` `(string: <required>)` – Refers to the name of an existing Azure Key Vault
|
|
|
|
|
|
instance. Cannot be changed after creation.
|
|
|
|
|
|
|
|
|
|
|
|
- `credentials` `(map<string|string>: nil)` – The credentials to use for authentication with
|
|
|
|
|
|
Azure Key Vault. Supplying values for this parameter is optional, as credentials may also
|
|
|
|
|
|
be specified as environment variables. Environment variables will take precedence over
|
|
|
|
|
|
credentials provided via this parameter.
|
|
|
|
|
|
|
2021-04-06 17:49:04 +00:00
|
|
|
|
- `tenant_id` `(string: <required>)` - The tenant ID for the Azure Active Directory
|
|
|
|
|
|
organization. May also be specified by the `AZURE_TENANT_ID` environment variable.
|
|
|
|
|
|
- `client_id` `(string: <required or MSI>)` - The client ID for credentials to invoke the
|
|
|
|
|
|
Azure APIs. May also be specified by the `AZURE_CLIENT_ID` environment variable.
|
|
|
|
|
|
- `client_secret` `(string: <required or MSI>)` - The client secret for credentials to invoke
|
|
|
|
|
|
the Azure APIs. May also be specified by the `AZURE_CLIENT_SECRET` environment variable.
|
|
|
|
|
|
- `environment` `(string: "AzurePublicCloud")` - The Azure Cloud environment API endpoints to
|
|
|
|
|
|
use. May also be specified by the `AZURE_ENVIRONMENT` environment variable.
|
