Given an Azure configuration, fetch a list of available Azure key vaults which can be used to back a group.

  • Published on Jul 8, 2025
  • 4 minute(s) read
Prev Next
Post
/sys/v1/groups/hmg/azure_vaults

Given an Azure configuration, fetch a list of available Azure key vaults which can be used to back a group.

Security
HTTP
Type bearer
API Key: apiKeyAuth
Header parameter nameAuthorization
Body parameters
Expand All
OneOf
object
object
kind
string Required
Valid values[ "Ncipher" ]
url
string Required
tls

TLS client settings.

OneOf
object
object
mode
string Required
Valid values[ "disabled" ]
object
object
mode
string Required
Valid values[ "opportunistic" ]
object
object
mode
string Required
Valid values[ "required" ]
validate_hostname
boolean Required
ca

CA settings.

OneOf
CaConfigVariantCaSet
object (CaConfigVariantCaSet)
ca_set
string Required

Predefined CA sets.

Valid values[ "global_roots" ]
CaConfigVariantPinned
object (CaConfigVariantPinned)
pinned
Array of string Required
string (byte)
client_key
string (byte)
client_cert
string (byte)
slot
integer Required
pin
string
hsm_order
integer (int32) | null

The priority of this HmgConfig. This is used when a group is configured with an HmgRedundancyScheme, and is otherwise unused. (See the docs for HmgRedundancyScheme for more information about the interpretation of this field.)

object
object
kind
string Required
Valid values[ "Safenet" ]
url
string Required
tls

TLS client settings.

OneOf
object
object
mode
string Required
Valid values[ "disabled" ]
object
object
mode
string Required
Valid values[ "opportunistic" ]
object
object
mode
string Required
Valid values[ "required" ]
validate_hostname
boolean Required
ca

CA settings.

OneOf
CaConfigVariantCaSet
object (CaConfigVariantCaSet)
ca_set
string Required

Predefined CA sets.

Valid values[ "global_roots" ]
CaConfigVariantPinned
object (CaConfigVariantPinned)
pinned
Array of string Required
string (byte)
client_key
string (byte)
client_cert
string (byte)
slot
integer Required
pin
string
hsm_order
integer (int32) | null

The priority of this HmgConfig. This is used when a group is configured with an HmgRedundancyScheme, and is otherwise unused. (See the docs for HmgRedundancyScheme for more information about the interpretation of this field.)

object
object
kind
string Required
Valid values[ "AwsCloudHsm" ]
url
string Required
tls

TLS client settings.

OneOf
object
object
mode
string Required
Valid values[ "disabled" ]
object
object
mode
string Required
Valid values[ "opportunistic" ]
object
object
mode
string Required
Valid values[ "required" ]
validate_hostname
boolean Required
ca

CA settings.

OneOf
CaConfigVariantCaSet
object (CaConfigVariantCaSet)
ca_set
string Required

Predefined CA sets.

Valid values[ "global_roots" ]
CaConfigVariantPinned
object (CaConfigVariantPinned)
pinned
Array of string Required
string (byte)
client_key
string (byte)
client_cert
string (byte)
slot
integer Required
pin
string
hsm_order
integer (int32) | null

The priority of this HmgConfig. This is used when a group is configured with an HmgRedundancyScheme, and is otherwise unused. (See the docs for HmgRedundancyScheme for more information about the interpretation of this field.)

object
object
kind
string Required
Valid values[ "AwsKms" ]
url
string Required
tls

TLS client settings.

OneOf
object
object
mode
string Required
Valid values[ "disabled" ]
object
object
mode
string Required
Valid values[ "opportunistic" ]
object
object
mode
string Required
Valid values[ "required" ]
validate_hostname
boolean Required
ca

CA settings.

OneOf
CaConfigVariantCaSet
object (CaConfigVariantCaSet)
ca_set
string Required

Predefined CA sets.

Valid values[ "global_roots" ]
CaConfigVariantPinned
object (CaConfigVariantPinned)
pinned
Array of string Required
string (byte)
client_key
string (byte)
client_cert
string (byte)
access_key
string | null
secret_key
string
region
string

AWS KMS resources are hosted in multiple locations world-wide and each AWS Region is a separate geographic area https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html

Valid values[ "us-east-1", "us-east-2", "us-west-1", "us-west-2", "af-south-1", "ap-east-1", "ap-southeast-3", "ap-southeast-4", "ap-south-1", "ap-south-2", "ap-northeast-3", "ap-northeast-2", "ap-southeast-1", "ap-southeast-2", "ap-northeast-1", "ca-central-1", "ca-west-1", "eu-central-1", "eu-central-2", "eu-west-1", "eu-west-2", "eu-south-1", "eu-south-2", "eu-west-3", "eu-north-1", "me-south-1", "me-central-1", "sa-east-1", "us-gov-east-1", "us-gov-west-1", "il-central-1" ]
service
string

Specifies the AWS service. Only kms is supported for now.

Valid values[ "kms", "kms-fips" ]
account_id
string | null
object
object
kind
string Required
Valid values[ "Fortanix" ]
url
string Required
tls

TLS client settings.

OneOf
object
object
mode
string Required
Valid values[ "disabled" ]
object
object
mode
string Required
Valid values[ "opportunistic" ]
object
object
mode
string Required
Valid values[ "required" ]
validate_hostname
boolean Required
ca

CA settings.

OneOf
CaConfigVariantCaSet
object (CaConfigVariantCaSet)
ca_set
string Required

Predefined CA sets.

Valid values[ "global_roots" ]
CaConfigVariantPinned
object (CaConfigVariantPinned)
pinned
Array of string Required
string (byte)
client_key
string (byte)
client_cert
string (byte)
pin
string
object
object
kind
string Required
Valid values[ "FortanixFipsCluster" ]
url
string Required
tls

TLS client settings.

OneOf
object
object
mode
string Required
Valid values[ "disabled" ]
object
object
mode
string Required
Valid values[ "opportunistic" ]
object
object
mode
string Required
Valid values[ "required" ]
validate_hostname
boolean Required
ca

CA settings.

OneOf
CaConfigVariantCaSet
object (CaConfigVariantCaSet)
ca_set
string Required

Predefined CA sets.

Valid values[ "global_roots" ]
CaConfigVariantPinned
object (CaConfigVariantPinned)
pinned
Array of string Required
string (byte)
client_key
string (byte)
client_cert
string (byte)
pin
string
credentials
Array of string | null
string
hsm_order
integer (int32) | null

The priority of this HmgConfig. This is used when a group is configured with an HmgRedundancyScheme, and is otherwise unused. (See the docs for HmgRedundancyScheme for more information about the interpretation of this field.)

object
object
kind
string Required
Valid values[ "AzureKeyVault" ]
url
string Required
tls

TLS client settings.

OneOf
object
object
mode
string Required
Valid values[ "disabled" ]
object
object
mode
string Required
Valid values[ "opportunistic" ]
object
object
mode
string Required
Valid values[ "required" ]
validate_hostname
boolean Required
ca

CA settings.

OneOf
CaConfigVariantCaSet
object (CaConfigVariantCaSet)
ca_set
string Required

Predefined CA sets.

Valid values[ "global_roots" ]
CaConfigVariantPinned
object (CaConfigVariantPinned)
pinned
Array of string Required
string (byte)
client_key
string (byte)
client_cert
string (byte)
auth_config
OneOf
object
object
mode
string Required
Valid values[ "client_secret" ]
client_secret
string Required
object
object
mode
string Required
Valid values[ "token_auth_config" ]
client_cert
string (byte) Required
client_key
string (byte) Required
secret_key
string

Deprecated, left this for backward compatibility. Should use auth_config.

tenant_id
string (uuid) Required

A tenant ID is a unique way to identify an Azure AD instance within an Azure subscription.

client_id
string (uuid) Required

The client ID is the unique Application ID assigned to your app by Azure AD when the app was registered.

subscription_id
string (uuid) Required

A subscription ID is a unique alphanumeric string that identifies your Azure subscription.

key_vault_type
string

Types of Azure Key Vault based on the protection level.

Valid values[ "STANDARD", "PREMIUM", "MANAGED" ]
endpoints
object
management
string Required

The API endpoint for managing Azure APIs and resources.

key_vault
string Required

The API endpoint for Azure Key Vault (for Standard and Premium SKUs).

key_vault_managed_hsm
string Required

The API endpoint for Azure Key Vault Managed HSM.

iam
string Required

The API endpoint for Azure AD (and authentication).

object
object
kind
string Required
Valid values[ "GcpKeyRing" ]
service_account_email
string Required

Email for the service account to be used.

project_id
string Required

The project ID is a unique identifier for a project

location
string Required

For a given project in GCP KMS, resources can be created in one of many locations. These represent the geographical regions where a resource is stored and can be accessed. A key's location impacts the performance of applications using the key. https://cloud.google.com/kms/docs/locations

key_ring
string | null

A key ring organizes keys in a specific GCP location and allows you to manage access control on groups of keys. https://cloud.google.com/kms/docs/resource-hierarchy#key_rings

private_key
string (byte)

Private component of the service account key pair that can be obtained from the GCP cloud console. It is used to authenticate the requests made by DSM to the GCP cloud.

Responses
2XX

Success result

Array of object
object
id
string
name
string
vault_type
string

Types of Azure Key Vault based on the protection level.

Valid values[ "STANDARD", "PREMIUM", "MANAGED" ]
location
string
tags
object | null
property*
string additionalProperties
retention
integer | null
Minimum0
Maximum4294967295
uri
string