v1.14.6/website/content/api-docs/secret/key-management/azurekeyvault.mdx - hashicorp/vault - Git at Google

 ---
 layout: api
 page_title: Azure Key Vault - Key Management - Secrets Engines - HTTP API
 description: The Azure Key Vault API documentation for the Key Management secrets engine.
 ---

 # Azure key Vault (API)

 The Key Management secrets engine supports lifecycle management of keys in named
 [Azure Key Vault](https://docs.microsoft.com/en-us/azure/key-vault/) instances.
 This is accomplished by configuring a KMS provider resource with the `azurekeyvault`
 provider and other provider-specific parameter values.

 The following sections provide API documentation that is specific to Azure Key Vault.

 ## Create/Update KMS provider

 This endpoint creates or updates a KMS provider. If a KMS provider with the given `name`
 does not exist, it will be created. If the KMS provider exists, it will be updated with
 the given parameter values.

 | Method | Path                 |
 | :----- | :------------------- |
 | `POST` | `/keymgmt/kms/:name` |

 ### Parameters

 - `name` `(string: <required>)` – Specifies the name of the KMS provider to create or update.
   This is provided as part of the request URL.

 - `provider` `(string: <required>)` – Specifies the name of a KMS provider that's external to
   Vault. Must be set to `azurekeyvault`. Cannot be changed after creation.

 - `key_collection` `(string: <required>)` – Refers to the name of an existing Azure Key Vault
   instance. Cannot be changed after creation.

 - `credentials` `(map<string|string>: nil)` – The credentials to use for authentication with
   Azure Key Vault. Supplying values for this parameter is optional, as credentials may also
   be specified as environment variables. Environment variables will take precedence over
   credentials provided via this parameter.

   - `tenant_id` `(string: <required>)` - The tenant ID for the Azure Active Directory
     organization. May also be specified by the `AZURE_TENANT_ID` environment variable.
   - `client_id` `(string: <required or MSI>)` - The client ID for credentials to invoke the
     Azure APIs. May also be specified by the `AZURE_CLIENT_ID` environment variable.
   - `client_secret` `(string: <required or MSI>)` - The client secret for credentials to invoke
     the Azure APIs. May also be specified by the `AZURE_CLIENT_SECRET` environment variable.
   - `environment` `(string: "AzurePublicCloud")` - The Azure Cloud environment API endpoints to
     use. May also be specified by the `AZURE_ENVIRONMENT` environment variable.
	---
	layout: api
	page_title: Azure Key Vault - Key Management - Secrets Engines - HTTP API
	description: The Azure Key Vault API documentation for the Key Management secrets engine.
	---

	# Azure key Vault (API)

	The Key Management secrets engine supports lifecycle management of keys in named
	[Azure Key Vault](https://docs.microsoft.com/en-us/azure/key-vault/) instances.
	This is accomplished by configuring a KMS provider resource with the `azurekeyvault`
	provider and other provider-specific parameter values.

	The following sections provide API documentation that is specific to Azure Key Vault.

	## Create/Update KMS provider

	This endpoint creates or updates a KMS provider. If a KMS provider with the given `name`
	does not exist, it will be created. If the KMS provider exists, it will be updated with
	the given parameter values.

	\| Method \| Path \|
	\| :----- \| :------------------- \|
	\| `POST` \| `/keymgmt/kms/:name` \|

	### Parameters

	- `name` `(string: <required>)` – Specifies the name of the KMS provider to create or update.
	This is provided as part of the request URL.

	- `provider` `(string: <required>)` – Specifies the name of a KMS provider that's external to
	Vault. Must be set to `azurekeyvault`. Cannot be changed after creation.

	- `key_collection` `(string: <required>)` – Refers to the name of an existing Azure Key Vault
	instance. Cannot be changed after creation.

	- `credentials` `(map<string\|string>: nil)` – The credentials to use for authentication with
	Azure Key Vault. Supplying values for this parameter is optional, as credentials may also
	be specified as environment variables. Environment variables will take precedence over
	credentials provided via this parameter.

	- `tenant_id` `(string: <required>)` - The tenant ID for the Azure Active Directory
	organization. May also be specified by the `AZURE_TENANT_ID` environment variable.
	- `client_id` `(string: <required or MSI>)` - The client ID for credentials to invoke the
	Azure APIs. May also be specified by the `AZURE_CLIENT_ID` environment variable.
	- `client_secret` `(string: <required or MSI>)` - The client secret for credentials to invoke
	the Azure APIs. May also be specified by the `AZURE_CLIENT_SECRET` environment variable.
	- `environment` `(string: "AzurePublicCloud")` - The Azure Cloud environment API endpoints to
	use. May also be specified by the `AZURE_ENVIRONMENT` environment variable.