Azure Key Vault · Schema
Azure Key Vault Secret Bundle
A secret consisting of a value, id and its attributes as returned by the Azure Key Vault data plane API. Based on the SecretBundle definition from the Azure Key Vault REST API reference at https://learn.microsoft.com/en-us/rest/api/keyvault/secrets.
CertificatesCloud SecurityCryptographyKey ManagementSecrets ManagementSecurity
Properties
| Name | Type | Description |
|---|---|---|
| value | string | The secret value. |
| id | string | The secret id. The format is https://{vault-name}.vault.azure.net/secrets/{secret-name}/{secret-version}. |
| contentType | string | The content type of the secret (e.g., 'application/x-pkcs12', 'text/plain', 'application/json'). |
| attributes | object | |
| tags | object | Application specific metadata in the form of key-value pairs. |
| kid | string | If this is a secret backing a KV certificate, then this field specifies the corresponding key backing the KV certificate. |
| managed | boolean | True if the secret's lifetime is managed by key vault. If this is a secret backing a certificate, then managed will be true. |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://schema.api.gov/azure/key-vault/secret-bundle",
"title": "Azure Key Vault Secret Bundle",
"description": "A secret consisting of a value, id and its attributes as returned by the Azure Key Vault data plane API. Based on the SecretBundle definition from the Azure Key Vault REST API reference at https://learn.microsoft.com/en-us/rest/api/keyvault/secrets.",
"type": "object",
"properties": {
"value": {
"type": "string",
"description": "The secret value."
},
"id": {
"type": "string",
"format": "uri",
"description": "The secret id. The format is https://{vault-name}.vault.azure.net/secrets/{secret-name}/{secret-version}.",
"examples": [
"https://myvault.vault.azure.net/secrets/mysecret/4387e9f3d6e14c459867679a90fd0f79"
]
},
"contentType": {
"type": "string",
"description": "The content type of the secret (e.g., 'application/x-pkcs12', 'text/plain', 'application/json').",
"examples": [
"text/plain",
"application/x-pkcs12",
"application/x-pem-file"
]
},
"attributes": {
"$ref": "#/$defs/SecretAttributes"
},
"tags": {
"type": "object",
"additionalProperties": {
"type": "string"
},
"description": "Application specific metadata in the form of key-value pairs."
},
"kid": {
"type": "string",
"format": "uri",
"description": "If this is a secret backing a KV certificate, then this field specifies the corresponding key backing the KV certificate.",
"readOnly": true
},
"managed": {
"type": "boolean",
"description": "True if the secret's lifetime is managed by key vault. If this is a secret backing a certificate, then managed will be true.",
"readOnly": true
}
},
"required": [
"id"
],
"$defs": {
"SecretAttributes": {
"title": "Secret Attributes",
"description": "The secret management attributes.",
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "Determines whether the object is enabled.",
"default": true
},
"nbf": {
"type": "integer",
"description": "Not before date in UTC, encoded as a Unix timestamp (seconds since 1970-01-01T00:00:00Z). The secret is not usable before this time."
},
"exp": {
"type": "integer",
"description": "Expiry date in UTC, encoded as a Unix timestamp (seconds since 1970-01-01T00:00:00Z). The secret is not usable after this time."
},
"created": {
"type": "integer",
"description": "Creation time in UTC, encoded as a Unix timestamp.",
"readOnly": true
},
"updated": {
"type": "integer",
"description": "Last updated time in UTC, encoded as a Unix timestamp.",
"readOnly": true
},
"recoveryLevel": {
"$ref": "#/$defs/DeletionRecoveryLevel"
},
"recoverableDays": {
"type": "integer",
"minimum": 0,
"maximum": 90,
"description": "softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0.",
"readOnly": true
}
}
},
"DeletionRecoveryLevel": {
"title": "Deletion Recovery Level",
"description": "Reflects the deletion recovery level currently in effect for secrets in the current vault. If it contains 'Purgeable', the secret can be permanently deleted by a privileged user; otherwise, only the system can purge the secret at the end of the retention interval.",
"type": "string",
"enum": [
"Purgeable",
"Recoverable+Purgeable",
"Recoverable",
"Recoverable+ProtectedSubscription",
"CustomizedRecoverable+Purgeable",
"CustomizedRecoverable",
"CustomizedRecoverable+ProtectedSubscription"
]
},
"SecretSetParameters": {
"title": "Secret Set Parameters",
"description": "The request body for creating or updating a secret via PUT /secrets/{secret-name}.",
"type": "object",
"required": [
"value"
],
"properties": {
"value": {
"type": "string",
"description": "The value of the secret."
},
"tags": {
"type": "object",
"additionalProperties": {
"type": "string"
},
"description": "Application specific metadata in the form of key-value pairs."
},
"contentType": {
"type": "string",
"description": "Type of the secret value such as a password."
},
"attributes": {
"$ref": "#/$defs/SecretAttributes"
}
}
},
"SecretUpdateParameters": {
"title": "Secret Update Parameters",
"description": "The request body for updating secret attributes via PATCH /secrets/{secret-name}/{secret-version}.",
"type": "object",
"properties": {
"contentType": {
"type": "string",
"description": "Type of the secret value such as a password."
},
"attributes": {
"$ref": "#/$defs/SecretAttributes"
},
"tags": {
"type": "object",
"additionalProperties": {
"type": "string"
},
"description": "Application specific metadata in the form of key-value pairs."
}
}
},
"SecretItem": {
"title": "Secret Item",
"description": "The secret item containing secret metadata, as returned in list operations.",
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uri",
"description": "Secret identifier."
},
"attributes": {
"$ref": "#/$defs/SecretAttributes"
},
"tags": {
"type": "object",
"additionalProperties": {
"type": "string"
},
"description": "Application specific metadata in the form of key-value pairs."
},
"contentType": {
"type": "string",
"description": "Type of the secret value such as a password."
},
"managed": {
"type": "boolean",
"description": "True if the secret's lifetime is managed by key vault.",
"readOnly": true
}
}
},
"SecretListResult": {
"title": "Secret List Result",
"description": "The secret list result returned by GET /secrets.",
"type": "object",
"properties": {
"value": {
"type": "array",
"items": {
"$ref": "#/$defs/SecretItem"
},
"description": "A list of secrets.",
"readOnly": true
},
"nextLink": {
"type": "string",
"format": "uri",
"description": "The URL to get the next set of secrets.",
"readOnly": true
}
}
},
"DeletedSecretBundle": {
"title": "Deleted Secret Bundle",
"description": "A deleted secret consisting of its previous id, attributes, tags, and deletion information.",
"type": "object",
"allOf": [
{
"$ref": "#"
}
],
"properties": {
"recoveryId": {
"type": "string",
"format": "uri",
"description": "The url of the recovery object, used to identify and recover the deleted secret."
},
"scheduledPurgeDate": {
"type": "integer",
"description": "The time when the secret is scheduled to be purged, in UTC, encoded as a Unix timestamp.",
"readOnly": true
},
"deletedDate": {
"type": "integer",
"description": "The time when the secret was deleted, in UTC, encoded as a Unix timestamp.",
"readOnly": true
}
}
},
"KeyVaultError": {
"title": "Key Vault Error",
"description": "The key vault error exception.",
"type": "object",
"properties": {
"error": {
"type": "object",
"description": "The key vault server error.",
"properties": {
"code": {
"type": "string",
"description": "The error code.",
"readOnly": true
},
"message": {
"type": "string",
"description": "The error message.",
"readOnly": true
},
"innererror": {
"type": "object",
"description": "The key vault server inner error (recursive).",
"readOnly": true
}
},
"readOnly": true
}
},
"readOnly": true
}
},
"examples": [
{
"value": "mysecretvalue",
"id": "https://myvault.vault.azure.net/secrets/mysecret/4387e9f3d6e14c459867679a90fd0f79",
"attributes": {
"enabled": true,
"created": 1493938410,
"updated": 1493938410,
"recoveryLevel": "Recoverable+Purgeable"
}
}
]
}