/
keysModels.ts
715 lines (649 loc) · 18.6 KB
/
keysModels.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT license.
import * as coreClient from "@azure/core-client";
import { ExtendedCommonClientOptions } from "@azure/core-http-compat";
import {
DeletionRecoveryLevel,
JsonWebKeyOperation as KeyOperation,
JsonWebKeyType as KeyType,
KnownJsonWebKeyType as KnownKeyTypes,
} from "./generated/models";
import { KeyCurveName } from "./cryptographyClientModels";
export { KeyType, KnownKeyTypes, KeyOperation };
/**
* The latest supported Key Vault service API version
*/
export const LATEST_API_VERSION = "7.4-preview.1";
/**
* The optional parameters accepted by the KeyVault's KeyClient
*/
export interface KeyClientOptions extends ExtendedCommonClientOptions {
/**
* The version of the KeyVault's service API to make calls against.
*/
serviceVersion?: string;
/**
* Whether to disable verification that the authentication challenge resource matches the Key Vault or Managed HSM domain.
* Defaults to false.
*/
disableChallengeResourceVerification?: boolean;
}
/**
* The optional parameters accepted by the KeyVault's CryptographyClient
*/
export interface CryptographyClientOptions extends KeyClientOptions {}
/**
* As of http://tools.ietf.org/html/draft-ietf-jose-json-web-key-18
*/
export interface JsonWebKey {
/**
* Key identifier.
*/
kid?: string;
/**
* JsonWebKey Key Type (kty), as defined in
* https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40. Possible values include:
* 'EC', 'EC-HSM', 'RSA', 'RSA-HSM', 'oct', "oct-HSM"
*/
kty?: KeyType;
/**
* Json web key operations. For more
* information on possible key operations, see KeyOperation.
*/
keyOps?: KeyOperation[];
/**
* RSA modulus.
*/
n?: Uint8Array;
/**
* RSA public exponent.
*/
e?: Uint8Array;
/**
* RSA private exponent, or the D component of an EC private key.
*/
d?: Uint8Array;
/**
* RSA private key parameter.
*/
dp?: Uint8Array;
/**
* RSA private key parameter.
*/
dq?: Uint8Array;
/**
* RSA private key parameter.
*/
qi?: Uint8Array;
/**
* RSA secret prime.
*/
p?: Uint8Array;
/**
* RSA secret prime, with `p < q`.
*/
q?: Uint8Array;
/**
* Symmetric key.
*/
k?: Uint8Array;
/**
* HSM Token, used with 'Bring Your Own Key'.
*/
t?: Uint8Array;
/**
* Elliptic curve name. For valid values, see KeyCurveName. Possible values include:
* 'P-256', 'P-384', 'P-521', 'P-256K'
*/
crv?: KeyCurveName;
/**
* X component of an EC public key.
*/
x?: Uint8Array;
/**
* Y component of an EC public key.
*/
y?: Uint8Array;
}
/**
* An interface representing a Key Vault Key, with its name, value and {@link KeyProperties}.
*/
export interface KeyVaultKey {
/**
* The key value.
*/
key?: JsonWebKey;
/**
* The name of the key.
*/
name: string;
/**
* Key identifier.
*/
id?: string;
/**
* JsonWebKey Key Type (kty), as defined in
* https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40. Possible values include:
* 'EC', 'EC-HSM', 'RSA', 'RSA-HSM', 'oct', "oct-HSM"
*/
keyType?: KeyType;
/**
* Operations allowed on this key
*/
keyOperations?: KeyOperation[];
/**
* The properties of the key.
*/
properties: KeyProperties;
}
/**
* An interface representing the Properties of {@link KeyVaultKey}
*/
export interface KeyProperties {
/**
* Key identifier.
*/
id?: string;
/**
* The name of the key.
*/
name: string;
/**
* The vault URI.
*/
vaultUrl: string;
/**
* The version of the key. May be undefined.
*/
version?: string;
/**
* Determines whether the object is enabled.
*/
enabled?: boolean;
/**
* Not before date in UTC.
*/
notBefore?: Date;
/**
* Expiry date in UTC.
*/
expiresOn?: Date;
/**
* Application specific metadata in the form of key-value pairs.
*/
tags?: { [propertyName: string]: string };
/**
* Creation time in UTC.
* **NOTE: This property will not be serialized. It can only be populated by
* the server.**
*/
readonly createdOn?: Date;
/**
* Last updated time in UTC.
* **NOTE: This property will not be serialized. It can only be populated by
* the server.**
*/
readonly updatedOn?: Date;
/**
* Reflects the deletion recovery level currently in effect for keys in the current vault.
* If it contains 'Purgeable' the key can be permanently deleted by a privileged
* user; otherwise, only the system can purge the key, at the end of the
* retention interval. Possible values include: 'Purgeable',
* 'Recoverable+Purgeable', 'Recoverable',
* 'Recoverable+ProtectedSubscription'
* **NOTE: This property will not be serialized. It can only be populated by
* the server.**
*/
readonly recoveryLevel?: DeletionRecoveryLevel;
/**
* The retention dates of the softDelete data.
* The value should be `>=7` and `<=90` when softDelete enabled.
* **NOTE: This property will not be serialized. It can only be populated by the server.**
*/
recoverableDays?: number;
/**
* True if the secret's lifetime is managed by
* key vault. If this is a secret backing a certificate, then managed will be
* true.
* **NOTE: This property will not be serialized. It can only be populated by
* the server.**
*/
readonly managed?: boolean;
/**
* Indicates whether the private key can be exported.
*/
exportable?: boolean;
/**
* A {@link KeyReleasePolicy} object specifying the rules under which the key can be exported.
*/
releasePolicy?: KeyReleasePolicy;
}
/**
* An interface representing a deleted Key Vault Key.
*/
export interface DeletedKey {
/**
* The key value.
*/
key?: JsonWebKey;
/**
* The name of the key.
*/
name: string;
/**
* Key identifier.
*/
id?: string;
/**
* JsonWebKey Key Type (kty), as defined in
* https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40. Possible values include:
* 'EC', 'EC-HSM', 'RSA', 'RSA-HSM', 'oct', "oct-HSM"
*/
keyType?: KeyType;
/**
* Operations allowed on this key
*/
keyOperations?: KeyOperation[];
/**
* The properties of the key.
*/
properties: KeyProperties & {
/**
* The url of the recovery object, used to
* identify and recover the deleted key.
*/
readonly recoveryId?: string;
/**
* The time when the key is scheduled to be purged, in UTC
* **NOTE: This property will not be serialized. It can only be populated by
* the server.**
*/
readonly scheduledPurgeDate?: Date;
/**
* The time when the key was deleted, in UTC
* **NOTE: This property will not be serialized. It can only be populated by
* the server.**
*/
deletedOn?: Date;
};
}
/**
* The policy rules under which a key can be exported.
*/
export interface KeyReleasePolicy {
/**
* Content type and version of key release policy.
*
* Defaults to "application/json; charset=utf-8" if omitted.
*/
contentType?: string;
/**
* The policy rules under which the key can be released. Encoded based on the {@link KeyReleasePolicy.contentType}.
*
* For more information regarding the release policy grammar for Azure Key Vault, please refer to:
* - https://aka.ms/policygrammarkeys for Azure Key Vault release policy grammar.
* - https://aka.ms/policygrammarmhsm for Azure Managed HSM release policy grammar.
*/
encodedPolicy?: Uint8Array;
/** Marks a release policy as immutable. An immutable release policy cannot be changed or updated after being marked immutable. */
immutable?: boolean;
}
/**
* An interface representing the optional parameters that can be
* passed to {@link createKey}
*/
export interface CreateKeyOptions extends coreClient.OperationOptions {
/**
* Application specific metadata in the form of key-value pairs.
*/
tags?: { [propertyName: string]: string };
/**
* Json web key operations. For more
* information on possible key operations, see KeyOperation.
*/
keyOps?: KeyOperation[];
/**
* Determines whether the object is enabled.
*/
enabled?: boolean;
/**
* Not before date in UTC.
*/
notBefore?: Date;
/**
* Expiry date in UTC.
*/
readonly expiresOn?: Date;
/**
* The key size in bits. For example: 2048, 3072, or 4096 for RSA.
*/
keySize?: number;
/**
* Elliptic curve name. For valid values, see KeyCurveName.
* Possible values include: 'P-256', 'P-384', 'P-521', 'P-256K'
*/
curve?: KeyCurveName;
/**
* Whether to import as a hardware key (HSM) or software key.
*/
hsm?: boolean;
/**
* Indicates whether the private key can be exported.
*/
exportable?: boolean;
/**
* A {@link KeyReleasePolicy} object specifying the rules under which the key can be exported.
*/
releasePolicy?: KeyReleasePolicy;
}
/**
* An interface representing the optional parameters that can be
* passed to {@link beginDeleteKey} and {@link beginRecoverDeletedKey}
*/
export interface KeyPollerOptions extends coreClient.OperationOptions {
/**
* Time between each polling
*/
intervalInMs?: number;
/**
* A serialized poller, used to resume an existing operation
*/
resumeFrom?: string;
}
/**
* An interface representing the optional parameters that can be
* passed to {@link beginDeleteKey}
*/
export interface BeginDeleteKeyOptions extends KeyPollerOptions {}
/**
* An interface representing the optional parameters that can be
* passed to {@link beginRecoverDeletedKey}
*/
export interface BeginRecoverDeletedKeyOptions extends KeyPollerOptions {}
/**
* An interface representing the optional parameters that can be
* passed to {@link createOkpKey}
*/
export interface CreateOkpKeyOptions extends CreateKeyOptions {}
/**
* An interface representing the optional parameters that can be
* passed to {@link createEcKey}
*/
export interface CreateEcKeyOptions extends CreateKeyOptions {}
/**
* An interface representing the optional parameters that can be
* passed to {@link createRsaKey}
*/
export interface CreateRsaKeyOptions extends CreateKeyOptions {
/** The public exponent for a RSA key. */
publicExponent?: number;
}
/**
* An interface representing the optional parameters that can be
* passed to {@link createOctKey}
*/
export interface CreateOctKeyOptions extends CreateKeyOptions {}
/**
* An interface representing the optional parameters that can be
* passed to {@link importKey}
*/
export interface ImportKeyOptions extends coreClient.OperationOptions {
/**
* Application specific metadata in the form of key-value pairs.
*/
tags?: { [propertyName: string]: string };
/**
* Whether to import as a hardware key (HSM) or software key.
*/
hardwareProtected?: boolean;
/**
* Determines whether the object is enabled.
*/
enabled?: boolean;
/**
* Not before date in UTC.
*/
notBefore?: Date;
/**
* Expiry date in UTC.
*/
expiresOn?: Date;
/**
* Indicates whether the private key can be exported.
*/
exportable?: boolean;
/**
* A {@link KeyReleasePolicy} object specifying the rules under which the key can be exported.
*/
releasePolicy?: KeyReleasePolicy;
}
/**
* Options for {@link updateKeyProperties}.
*/
export interface UpdateKeyPropertiesOptions extends coreClient.OperationOptions {
/**
* Json web key operations. For more
* information on possible key operations, see KeyOperation.
*/
keyOps?: KeyOperation[];
/**
* Determines whether the object is enabled.
*/
enabled?: boolean;
/**
* Not before date in UTC.
*/
notBefore?: Date;
/**
* Expiry date in UTC.
*/
expiresOn?: Date;
/**
* Application specific metadata in the form of key-value pairs.
*/
tags?: { [propertyName: string]: string };
/**
* A {@link KeyReleasePolicy} object specifying the rules under which the key can be exported.
* Only valid if the key is marked exportable, which cannot be changed after key creation.
*/
releasePolicy?: KeyReleasePolicy;
}
/**
* Options for {@link getKey}.
*/
export interface GetKeyOptions extends coreClient.OperationOptions {
/**
* The version of the secret to retrieve. If not
* specified the latest version of the secret will be retrieved.
*/
version?: string;
}
/**
* An interface representing optional parameters for KeyClient paged operations passed to {@link listKeys}.
*/
export interface ListKeysOptions extends coreClient.OperationOptions {}
/**
* An interface representing optional parameters for KeyClient paged operations passed to {@link listPropertiesOfKeys}.
*/
export interface ListPropertiesOfKeysOptions extends coreClient.OperationOptions {}
/**
* An interface representing optional parameters for KeyClient paged operations passed to {@link listPropertiesOfKeyVersions}.
*/
export interface ListPropertiesOfKeyVersionsOptions extends coreClient.OperationOptions {}
/**
* An interface representing optional parameters for KeyClient paged operations passed to {@link listDeletedKeys}.
*/
export interface ListDeletedKeysOptions extends coreClient.OperationOptions {}
/**
* Options for {@link getDeletedKey}.
*/
export interface GetDeletedKeyOptions extends coreClient.OperationOptions {}
/**
* Options for {@link purgeDeletedKey}.
*/
export interface PurgeDeletedKeyOptions extends coreClient.OperationOptions {}
/**
* @internal
* Options for {@link recoverDeletedKey}.
*/
export interface RecoverDeletedKeyOptions extends coreClient.OperationOptions {}
/**
* @internal
* Options for {@link deleteKey}.
*/
export interface DeleteKeyOptions extends coreClient.OperationOptions {}
/**
* Options for {@link backupKey}.
*/
export interface BackupKeyOptions extends coreClient.OperationOptions {}
/**
* Options for {@link restoreKeyBackup}.
*/
export interface RestoreKeyBackupOptions extends coreClient.OperationOptions {}
/**
* An interface representing the options of the cryptography API methods, go to the {@link CryptographyClient} for more information.
*/
export interface CryptographyOptions extends coreClient.OperationOptions {}
/**
* Options for {@link KeyClient.getRandomBytes}
*/
export interface GetRandomBytesOptions extends coreClient.OperationOptions {}
/**
* Options for {@link KeyClient.releaseKey}
*/
export interface ReleaseKeyOptions extends coreClient.OperationOptions {
/** A client provided nonce for freshness. */
nonce?: string;
/** The {@link KeyExportEncryptionAlgorithm} to for protecting the exported key material. */
algorithm?: KeyExportEncryptionAlgorithm;
/**
* The version of the key to release. Defaults to the latest version of the key if omitted.
*/
version?: string;
}
/**
* Result of the {@link KeyClient.releaseKey} operation.
*/
export interface ReleaseKeyResult {
/** A signed token containing the released key. */
value: string;
}
/** Known values of {@link KeyOperation} that the service accepts. */
export enum KnownKeyOperations {
/** Key operation - encrypt */
Encrypt = "encrypt",
/** Key operation - decrypt */
Decrypt = "decrypt",
/** Key operation - sign */
Sign = "sign",
/** Key operation - verify */
Verify = "verify",
/** Key operation - wrapKey */
WrapKey = "wrapKey",
/** Key operation - unwrapKey */
UnwrapKey = "unwrapKey",
/** Key operation - import */
Import = "import",
}
/** Known values of {@link KeyExportEncryptionAlgorithm} that the service accepts. */
export enum KnownKeyExportEncryptionAlgorithm {
/** CKM_RSA_AES_KEY_WRAP Key Export Encryption Algorithm */
CkmRsaAesKeyWrap = "CKM_RSA_AES_KEY_WRAP",
/** RSA_AES_KEY_WRAP_256 Key Export Encryption Algorithm */
RsaAesKeyWrap256 = "RSA_AES_KEY_WRAP_256",
/** RSA_AES_KEY_WRAP_384 Key Export Encryption Algorithm */
RsaAesKeyWrap384 = "RSA_AES_KEY_WRAP_384",
}
/* eslint-disable tsdoc/syntax */
/**
* Defines values for KeyEncryptionAlgorithm.
* {@link KnownKeyExportEncryptionAlgorithm} can be used interchangeably with KeyEncryptionAlgorithm,
* this enum contains the known values that the service supports.
* ### Known values supported by the service
* **CKM_RSA_AES_KEY_WRAP** \
* **RSA_AES_KEY_WRAP_256** \
* **RSA_AES_KEY_WRAP_384**
*/
export type KeyExportEncryptionAlgorithm = string;
/* eslint-enable tsdoc/syntax */
/**
* Options for {@link KeyClient.getCryptographyClient}.
*/
export interface GetCryptographyClientOptions {
/**
* The version of the key to use for cryptographic operations.
*
* When undefined, the latest version of the key will be used.
*/
keyVersion?: string;
}
/**
* Options for {@link KeyClient.rotateKey}
*/
export interface RotateKeyOptions extends coreClient.OperationOptions {}
/**
* The properties of a key rotation policy that the client can set for a given key.
*
* You may also reset the key rotation policy to its default values by setting lifetimeActions to an empty array.
*/
export interface KeyRotationPolicyProperties {
/**
* Optional key expiration period used to define the duration after which a newly rotated key will expire, defined as an ISO 8601 duration.
*/
expiresIn?: string;
/**
* Actions that will be performed by Key Vault over the lifetime of a key.
*
* You may also pass an empty array to restore to its default values.
*/
lifetimeActions?: KeyRotationLifetimeAction[];
}
/**
* The complete key rotation policy that belongs to a key.
*/
export interface KeyRotationPolicy extends KeyRotationPolicyProperties {
/**
* The identifier of the Key Rotation Policy.
* May be undefined if a policy has not been explicitly set.
*/
readonly id?: string;
/**
* The created time in UTC.
* May be undefined if a policy has not been explicitly set.
*/
readonly createdOn?: Date;
/**
* The last updated time in UTC.
* May be undefined if a policy has not been explicitly set.
*/
readonly updatedOn?: Date;
}
/**
* An action and its corresponding trigger that will be performed by Key Vault over the lifetime of a key.
*/
export interface KeyRotationLifetimeAction {
/**
* Time after creation to attempt the specified action, defined as an ISO 8601 duration.
*/
timeAfterCreate?: string;
/**
* Time before expiry to attempt the specified action, defined as an ISO 8601 duration.
*/
timeBeforeExpiry?: string;
/**
* The action that will be executed.
*/
action: KeyRotationPolicyAction;
}
/**
* The action that will be executed.
*/
export type KeyRotationPolicyAction = "Rotate" | "Notify";
/**
* Options for {@link KeyClient.updateKeyRotationPolicy}
*/
export interface UpdateKeyRotationPolicyOptions extends coreClient.OperationOptions {}
/**
* Options for {@link KeyClient.getRotationPolicy}
*/
export interface GetKeyRotationPolicyOptions extends coreClient.OperationOptions {}