Skip to content

[Key Vault] Added ExternalKey model, create_external_key method, external_key property#47200

Open
ncamillucci wants to merge 6 commits into
mainfrom
ncamillucci/keys-2026-01-01-preview-v3
Open

[Key Vault] Added ExternalKey model, create_external_key method, external_key property#47200
ncamillucci wants to merge 6 commits into
mainfrom
ncamillucci/keys-2026-01-01-preview-v3

Conversation

@ncamillucci
Copy link
Copy Markdown
Member

@ncamillucci ncamillucci commented May 28, 2026

Description

  • Added the ExternalKey model and the new KeyClient.create_external_key method for registering a Key Vault key whose material is held in an external HSM.
  • Added the KeyProperties.external_key read-only property.

All SDK Contribution checklist:

  • The pull request does not introduce [breaking changes]
  • CHANGELOG is updated for new features, bug fixes or other significant changes.
  • I have read the contribution guidelines.

General Guidelines and Best Practices

  • Title of the pull request is clear and informative.
  • There are a small number of commits, each of which have an informative message. This means that previously merged commits do not appear in the history of the PR. For more information on cleaning up the commits in your PR, see this page.

Testing Guidelines

  • Pull request includes test coverage for the included changes.

@ncamillucci ncamillucci force-pushed the ncamillucci/keys-2026-01-01-preview-v3 branch from ae7bf29 to bae1660 Compare May 28, 2026 13:02
@ncamillucci ncamillucci changed the title Ncamillucci/keys 2026 01 01 preview v3 [Key Vault] Added ExternalKey model, create_external_key method, external_key property May 28, 2026
@ncamillucci ncamillucci force-pushed the ncamillucci/keys-2026-01-01-preview-v3 branch from bae1660 to 92a7c54 Compare May 28, 2026 14:25
@ncamillucci ncamillucci force-pushed the ncamillucci/keys-2026-01-01-preview-v3 branch from 92a7c54 to 56778a1 Compare May 28, 2026 14:25
@ncamillucci ncamillucci marked this pull request as ready for review May 28, 2026 14:27
@ncamillucci ncamillucci requested a review from a team as a code owner May 28, 2026 14:27
Copilot AI review requested due to automatic review settings May 28, 2026 14:27
Copilot AI reviewed May 28, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Introduces External Key Management (EKM) support to azure-keyvault-keys so Managed HSM keys can reference key material owned by an external HSM. The new public surface is the ExternalKey model, KeyClient.create_external_key (sync + async), and the read-only KeyProperties.external_key property, all gated on the 2026-01-01-preview API version and Managed HSM. The PR also bundles unrelated generated-utility performance changes (scalar fast paths in serialization.Deserializer.__call__, XML field plan caching, and rest_field(deserializer=...) support) that are not mentioned in the description or CHANGELOG.

Changes:

  • Add ExternalKey model, KeyClient.create_external_key (sync/async), and KeyProperties.external_key, plumbed through _get_attributes and KeyAttributes.external_key.
  • Add sync/async unit tests and [START/END create_external_key] snippet tests gated on Managed HSM + default API version, including EKM_EXTERNAL_ID sanitization and preparer plumbing.
  • Add external_key_operations.py / ..._async.py samples and unrelated generated-layer perf changes in _generated/_utils/{serialization,model_base}.py.

Reviewed changes

Copilot reviewed 17 out of 17 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
azure/keyvault/keys/init.py Export ExternalKey from the public package.
azure/keyvault/keys/_models.py Add ExternalKey model and KeyProperties.external_key property.
azure/keyvault/keys/_client.py Import ExternalKey, extend _get_attributes, add create_external_key.
azure/keyvault/keys/aio/_client.py Async mirror of _get_attributes and create_external_key.
azure/keyvault/keys/_generated/_utils/serialization.py Adds scalar fast path to Deserializer.__call__ (unrelated to ExternalKey).
azure/keyvault/keys/_generated/_utils/model_base.py Adds XML scalar deserializers, _xml_field_plan, and rest_field(deserializer=...) (unrelated to ExternalKey).
tests/conftest.py Sanitize EKM_EXTERNAL_ID to fake-external-key.
tests/_test_case.py, tests/_async_test_case.py Propagate ekm_external_id through the preparer.
tests/test_key_client.py, tests/test_keys_async.py Sync/async live tests for create_external_key round-trip.
tests/test_samples_keys.py, tests/test_samples_keys_async.py Snippet tests for [START/END create_external_key].
samples/external_key_operations.py, ..._async.py New samples; use MANAGED_HSM_URL rather than the conventional VAULT_URL.
CHANGELOG.md Move 4.12.0b2 to 2026-05-29 and document the new EKM surface.
assets.json Bump recorded-test asset tag.

Comment thread sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_generated/_utils/model_base.py
Comment thread sdk/keyvault/azure-keyvault-keys/samples/external_key_operations.py
Comment thread sdk/keyvault/azure-keyvault-keys/samples/external_key_operations_async.py
@ncamillucci ncamillucci force-pushed the ncamillucci/keys-2026-01-01-preview-v3 branch from 56778a1 to 596db0e Compare May 28, 2026 15:21
@ncamillucci ncamillucci force-pushed the ncamillucci/keys-2026-01-01-preview-v3 branch from 596db0e to db65fc6 Compare May 28, 2026 16:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

KeyVault

Projects

Azure SDK for Key Vault
Status: Untriaged

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ncamillucci