Microsoft Entra · Schema

KeyCredential

Contains a key credential (certificate) associated with an application or service principal

Access ManagementAuthenticationAzure ADEntraIdentityIdentity GovernanceMicrosoftNetwork SecuritySecurityZero Trust

Properties

Name Type Description
keyId string Unique identifier for the key
displayName stringnull Friendly name for the key
type string Type of key credential
usage string Describes the purpose of the key
key string The certificate's raw data in byte array converted to Base64 string
startDateTime string The date and time at which the credential becomes valid
endDateTime string The date and time at which the credential expires
View JSON Schema on GitHub

JSON Schema

microsoft-entra-keycredential-schema.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "#/components/schemas/KeyCredential",
  "title": "KeyCredential",
  "type": "object",
  "description": "Contains a key credential (certificate) associated with an application or service principal",
  "properties": {
    "keyId": {
      "type": "string",
      "format": "uuid",
      "description": "Unique identifier for the key",
      "example": "500123"
    },
    "displayName": {
      "type": [
        "string",
        "null"
      ],
      "description": "Friendly name for the key",
      "example": "example_value"
    },
    "type": {
      "type": "string",
      "description": "Type of key credential",
      "enum": [
        "AsymmetricX509Cert",
        "X509CertAndPassword"
      ],
      "example": "AsymmetricX509Cert"
    },
    "usage": {
      "type": "string",
      "description": "Describes the purpose of the key",
      "enum": [
        "Sign",
        "Verify"
      ],
      "example": "Sign"
    },
    "key": {
      "type": "string",
      "format": "byte",
      "description": "The certificate's raw data in byte array converted to Base64 string",
      "example": "example_value"
    },
    "startDateTime": {
      "type": "string",
      "format": "date-time",
      "description": "The date and time at which the credential becomes valid",
      "example": "2026-01-15T10:30:00Z"
    },
    "endDateTime": {
      "type": "string",
      "format": "date-time",
      "description": "The date and time at which the credential expires",
      "example": "2026-01-15T10:30:00Z"
    }
  }
}