- Challenge authentication policy preserves request options (#8999)
- Updated
msrest
requirement to >=0.6.0
- Removed
KeyClient.get_cryptography_client()
andCryptographyClient.get_key()
- Moved the optional parameters of several methods into kwargs (
docs
detail the new keyword arguments):
create_key
now has positional parametersname
andkey_type
create_ec_key
andcreate_rsa_key
now have one positional parameter,name
update_key_properties
now has two positional parameters,name
and (optional)version
import_key
now has positional parametersname
andkey
CryptographyClient
operations return class instances instead of tuples and renamed the following properties- Renamed the
decrypted_bytes
property ofDecryptResult
toplaintext
- Renamed the
unwrapped_bytes
property ofUnwrapResult
tokey
- Renamed the
result
property ofVerifyResult
tois_valid
- Renamed the
- Renamed the
UnwrapKeyResult
andWrapKeyResult
classes toUnwrapResult
andWrapResult
- Renamed
list_keys
tolist_properties_of_keys
- Renamed
list_key_versions
tolist_properties_of_key_versions
- Renamed sync method
delete_key
tobegin_delete_key
- The sync method
begin_delete_key
and asyncdelete_key
now return pollers that return aDeletedKey
- Renamed
Key
toKeyVaultKey
KeyVaultKey
propertiescreated
,expires
, andupdated
renamed tocreated_on
,expires_on
, andupdated_on
- The
vault_endpoint
parameter ofKeyClient
has been renamed tovault_url
- The property
vault_endpoint
has been renamed tovault_url
in all models
- Now all
CryptographyClient
returns includekey_id
andalgorithm
properties
- Enums
JsonWebKeyCurveName
,JsonWebKeyOperation
, andJsonWebKeyType
have been renamed toKeyCurveName
,KeyOperation
, andKeyType
, respectively. Key
now has attributeproperties
, which holds certain properties of the key, such asversion
. This changes the shape of the returnedKey
type, as certain properties ofKey
(such asversion
) have to be accessed through theproperties
property. See the updated docs for details.update_key
has been renamed toupdate_key_properties
- The
vault_url
parameter ofKeyClient
has been renamed tovault_endpoint
- The property
vault_url
has been renamed tovault_endpoint
in all models
- The
key
argument toimport_key
should be an instance ofazure.keyvault.keys.JsonWebKey
(#7590)
CryptographyClient
methodswrap
andunwrap
are renamedwrap_key
andunwrap_key
, respectively.
CryptographyClient
performs encrypt, verify and wrap operations locally when its key's public material is available (i.e., when it has keys/get permission).
- Removed
azure.core.Configuration
from the public API in preparation for a revamped configuration API. Staticcreate_config
methods have been renamed_create_config
, and will be removed in a future release. - Removed
wrap_key
andunwrap_key
fromKeyClient
. These are now available throughCryptographyClient
. - This version of the library requires
azure-core
1.0.0b2- If you later want to revert to a version requiring azure-core 1.0.0b1,
of this or another Azure SDK library, you must explicitly install azure-core
1.0.0b1 as well. For example:
pip install azure-core==1.0.0b1 azure-keyvault-keys==4.0.0b1
- If you later want to revert to a version requiring azure-core 1.0.0b1,
of this or another Azure SDK library, you must explicitly install azure-core
1.0.0b1 as well. For example:
- Added
CryptographyClient
, a client for performing cryptographic operations (encrypt/decrypt, wrap/unwrap, sign/verify) with a key. - Distributed tracing framework OpenCensus is now supported
- Added support for HTTP challenge based authentication, allowing clients to interact with vaults in sovereign clouds.
- Async clients use aiohttp for transport by default. See azure-core documentation for more information about using other transports.
Version 4.0.0b1 is the first preview of our efforts to create a user-friendly and Pythonic client library for Azure Key Vault. For more information about preview releases of other Azure SDK libraries, please visit https://aka.ms/azure-sdk-preview1-python.
This library is not a direct replacement for azure-keyvault
. Applications
using that library would require code changes to use azure-keyvault-keys
.
This package's
documentation
and
samples
demonstrate the new API.
- Packages scoped by functionality
azure-keyvault-keys
contains a client for key operations,azure-keyvault-secrets
contains a client for secret operations
- Client instances are scoped to vaults (an instance interacts with one vault only)
- Asynchronous API supported on Python 3.5.3+
- the
azure.keyvault.keys.aio
namespace contains an async equivalent of the synchronous client inazure.keyvault.keys
- the
- Authentication using
azure-identity
credentials- see this package's documentation , and the Azure Identity documentation for more information
- Certificate management APIs
- Cryptographic operations, e.g. sign, un/wrap_key, verify, en- and decrypt
- National cloud support. This release supports public global cloud vaults, e.g. https://{vault-name}.vault.azure.net