Azure Key Vault (API)
The Key Management secrets engine supports lifecycle management of keys in named
Azure Key Vault instances.
This is accomplished by configuring a KMS provider resource with the azurekeyvault
provider and other provider-specific parameter values.
The following sections provide API documentation that is specific to Azure Key Vault.
Create/Update KMS Provider
This endpoint creates or updates a KMS provider. If a KMS provider with the given name
does not exist, it will be created. If the KMS provider exists, it will be updated with
the given parameter values.
Method | Path |
---|---|
POST | /keymgmt/kms/:name |
Parameters
name
(string: <required>)
– Specifies the name of the KMS provider to create or update. This is provided as part of the request URL.provider
(string: <required>)
– Specifies the name of a KMS provider that's external to Vault. Must be set toazurekeyvault
. Cannot be changed after creation.key_collection
(string: <required>)
– Refers to the name of an existing Azure Key Vault instance. Cannot be changed after creation.credentials
(map<string|string>: nil)
– The credentials to use for authentication with Azure Key Vault. Supplying values for this parameter is optional, as credentials may also be specified as environment variables. Environment variables will take precedence over credentials provided via this parameter.tenant_id
(string: <required>)
- The tenant ID for the Azure Active Directory organization. May also be specified by theAZURE_TENANT_ID
environment variable.client_id
(string: <required or MSI>)
- The client ID for credentials to invoke the Azure APIs. May also be specified by theAZURE_CLIENT_ID
environment variable.client_secret
(string: <required or MSI>)
- The client secret for credentials to invoke the Azure APIs. May also be specified by theAZURE_CLIENT_SECRET
environment variable.environment
(string: "AzurePublicCloud")
- The Azure Cloud environment API endpoints to use. May also be specified by theAZURE_ENVIRONMENT
environment variable.