Skip to content

[Keyvault] aes key size support#33522

Open
MaddyMicrosoft wants to merge 3 commits into
Azure:devfrom
MaddyMicrosoft:keyvault/aes-key-size-support
Open

[Keyvault] aes key size support#33522
MaddyMicrosoft wants to merge 3 commits into
Azure:devfrom
MaddyMicrosoft:keyvault/aes-key-size-support

Conversation

@MaddyMicrosoft

@MaddyMicrosoft MaddyMicrosoft commented Jun 10, 2026

Copy link
Copy Markdown
Member

Related command
az keyvault key show
az keyvault key list

Description
Add AES key size support to Key Vault key output by surfacing keySize in the transformed results for az keyvault key show and az keyvault key list.

This PR:

  • upgrades azure-keyvault-keys from 4.11.0 to 4.12.0b1 so AES key size is available from the SDK
  • adds keySize to key output in transform_key_output
  • adds keySize to list output in transform_key_list_output
  • adds unit tests covering AES keys, AES-HSM keys, RSA keys, deleted keys, list output, and passthrough/empty input behavior

Effect:

  • customers can see AES key size directly in CLI output for supported Key Vault keys
  • non-AES keys continue to return keySize as None when not provided by the SDK
  • deleted key output preserves existing deletion metadata while also surfacing keySize

Testing Guide
Run the new transformer unit tests:
python -m pytest src/azure-cli/azure/cli/command_modules/keyvault/tests/latest/test_transformers.py

Validate command output manually with AES keys:

  • az keyvault key show --vault-name <vault-name> --name <aes-key-name>
    • verify attributes.keySize is present, for example 128 or 256
  • az keyvault key list --vault-name <vault-name>
    • verify each AES key item includes keySize
  • az keyvault key show --vault-name <vault-name> --name <rsa-key-name>
    • verify attributes.keySize is present and remains null/None when the SDK does not provide a value

If available, also validate deleted key output:

  • az keyvault key show-deleted --vault-name <vault-name> --name <deleted-aes-key-name>
    • verify deletion fields are preserved and attributes.keySize is included

History Notes
[Key Vault] az keyvault key show/list: Add AES key size to output

This checklist is used to make sure that common guidelines for a pull request are followed.

@MaddyMicrosoft
{KeyVault} Bump azure-keyvault-keys to 4.12.0b1
cd46220 
Pulls in KeyProperties.key_size so CLI can surface key_size for AES (oct/oct-HSM) and RSA keys in a follow-up change.
@MaddyMicrosoft
{KeyVault} Surface key_size for AES and RSA keys in az keyvault key s…
4ae9a34 
…how/list
@MaddyMicrosoft
Unit tests added
277451c
@azure-client-tools-bot-prd

azure-client-tools-bot-prd Bot commented Jun 10, 2026
edited
Loading

Copy link
Copy Markdown
️✔️AzureCLI-FullTest
️✔️acr
️✔️latest
️✔️3.12
️✔️3.14
️✔️acs
️✔️latest
️✔️3.12
️✔️3.14
️✔️advisor
️✔️latest
️✔️3.12
️✔️3.14
️✔️ams
️✔️latest
️✔️3.12
️✔️3.14
️✔️apim
️✔️latest
️✔️3.12
️✔️3.14
️✔️appconfig
️✔️latest
️✔️3.12
️✔️3.14
️✔️appservice
️✔️latest
️✔️3.12
️✔️3.14
️✔️aro
️✔️latest
️✔️3.12
️✔️3.14
️✔️backup
️✔️latest
️✔️3.12
️✔️3.14
️✔️batch
️✔️latest
️✔️3.12
️✔️3.14
️✔️batchai
️✔️latest
️✔️3.12
️✔️3.14
️✔️billing
️✔️latest
️✔️3.12
️✔️3.14
️✔️botservice
️✔️latest
️✔️3.12
️✔️3.14
️✔️cdn
️✔️latest
️✔️3.12
️✔️3.14
️✔️cloud
️✔️latest
️✔️3.12
️✔️3.14
️✔️cognitiveservices
️✔️latest
️✔️3.12
️✔️3.14
️✔️compute_recommender
️✔️latest
️✔️3.12
️✔️3.14
️✔️computefleet
️✔️latest
️✔️3.12
️✔️3.14
️✔️config
️✔️latest
️✔️3.12
️✔️3.14
️✔️configure
️✔️latest
️✔️3.12
️✔️3.14
️✔️consumption
️✔️latest
️✔️3.12
️✔️3.14
️✔️container
️✔️latest
️✔️3.12
️✔️3.14
️✔️containerapp
️✔️latest
️✔️3.12
️✔️3.14
️✔️core
️✔️latest
️✔️3.12
️✔️3.14
️✔️cosmosdb
️✔️latest
️✔️3.12
️✔️3.14
️✔️databoxedge
️✔️latest
️✔️3.12
️✔️3.14
️✔️dls
️✔️latest
️✔️3.12
️✔️3.14
️✔️dms
️✔️latest
️✔️3.12
️✔️3.14
️✔️eventgrid
️✔️latest
️✔️3.12
️✔️3.14
️✔️eventhubs
️✔️latest
️✔️3.12
️✔️3.14
️✔️feedback
️✔️latest
️✔️3.12
️✔️3.14
️✔️find
️✔️latest
️✔️3.12
️✔️3.14
️✔️hdinsight
️✔️latest
️✔️3.12
️✔️3.14
️✔️identity
️✔️latest
️✔️3.12
️✔️3.14
️✔️iot
️✔️latest
️✔️3.12
️✔️3.14
️✔️keyvault
️✔️latest
️✔️3.12
️✔️3.14
️✔️lab
️✔️latest
️✔️3.12
️✔️3.14
️✔️managedservices
️✔️latest
️✔️3.12
️✔️3.14
️✔️maps
️✔️latest
️✔️3.12
️✔️3.14
️✔️marketplaceordering
️✔️latest
️✔️3.12
️✔️3.14
️✔️monitor
️✔️latest
️✔️3.12
️✔️3.14
️✔️mysql
️✔️latest
️✔️3.12
️✔️3.14
️✔️netappfiles
️✔️latest
️✔️3.12
️✔️3.14
️✔️network
️✔️latest
️✔️3.12
️✔️3.14
️✔️policyinsights
️✔️latest
️✔️3.12
️✔️3.14
️✔️postgresql
️✔️latest
️✔️3.12
️✔️3.14
️✔️privatedns
️✔️latest
️✔️3.12
️✔️3.14
️✔️profile
️✔️latest
️✔️3.12
️✔️3.14
️✔️rdbms
️✔️latest
️✔️3.12
️✔️3.14
️✔️redis
️✔️latest
️✔️3.12
️✔️3.14
️✔️relay
️✔️latest
️✔️3.12
️✔️3.14
️✔️resource
️✔️latest
️✔️3.12
️✔️3.14
️✔️role
️✔️latest
️✔️3.12
️✔️3.14
️✔️search
️✔️latest
️✔️3.12
️✔️3.14
️✔️security
️✔️latest
️✔️3.12
️✔️3.14
️✔️servicebus
️✔️latest
️✔️3.12
️✔️3.14
️✔️serviceconnector
️✔️latest
️✔️3.12
️✔️3.14
️✔️servicefabric
️✔️latest
️✔️3.12
️✔️3.14
️✔️signalr
️✔️latest
️✔️3.12
️✔️3.14
️✔️sql
️✔️latest
️✔️3.12
️✔️3.14
️✔️sqlvm
️✔️latest
️✔️3.12
️✔️3.14
️✔️storage
️✔️latest
️✔️3.12
️✔️3.14
️✔️synapse
️✔️latest
️✔️3.12
️✔️3.14
️✔️telemetry
️✔️latest
️✔️3.12
️✔️3.14
️✔️util
️✔️latest
️✔️3.12
️✔️3.14
️✔️vm
️✔️latest
️✔️3.12
️✔️3.14

@azure-client-tools-bot-prd

azure-client-tools-bot-prd Bot commented Jun 10, 2026
edited
Loading

Copy link
Copy Markdown
❌AzureCLI-BreakingChangeTest
❌network
rule cmd_name rule_message suggest_message
1008 - ParaPropAdd network vnet list cmd network vnet list update parameter resource_group: added property required=True please remove property required=True for parameter resource_group of cmd network vnet list

Please submit your Breaking Change Pre-announcement ASAP if you haven't already. Please note:

  • Breaking changes can only be merged during the designated breaking change window
  • A pre-announcement must be released at least one month in advance

For more details on how to introduce breaking changes, refer to the documentation: azure-cli/doc/how_to_introduce_breaking_changes.md

@microsoft-github-policy-service microsoft-github-policy-service Bot added the Auto-Assign Auto assign by bot label Jun 10, 2026
@yonzhan yonzhan assigned notyashhh and unassigned evelyn-ys Jun 10, 2026
@yonzhan

yonzhan commented Jun 10, 2026

Copy link
Copy Markdown
Collaborator

Keyvault

@MaddyMicrosoft MaddyMicrosoft marked this pull request as ready for review June 10, 2026 05:42
Copilot AI review requested due to automatic review settings June 10, 2026 05:42
Copilot AI reviewed Jun 10, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the Key Vault key output transformers so az keyvault key show and az keyvault key list surface AES key size (keySize) in CLI output, and adds unit tests to validate the new behavior across key types (including deleted keys).

Changes:

  • Update Key Vault key transformers to include keySize in both show and list transformed outputs.
  • Add unit tests covering AES/AES-HSM, RSA, deleted keys, list output, and passthrough behavior.
  • Bump the azure-keyvault-keys dependency version pin.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
src/azure-cli/setup.py Updates the pinned azure-keyvault-keys dependency version used by the CLI package.
src/azure-cli/requirements.py3.windows.txt Updates Windows pinned dependency for azure-keyvault-keys.
src/azure-cli/requirements.py3.Linux.txt Updates Linux pinned dependency for azure-keyvault-keys.
src/azure-cli/requirements.py3.Darwin.txt Updates macOS pinned dependency for azure-keyvault-keys.
src/azure-cli/azure/cli/command_modules/keyvault/_transformers.py Surfaces keySize in transformed outputs for key show/list (including deleted key handling).
src/azure-cli/azure/cli/command_modules/keyvault/tests/latest/test_transformers.py Adds transformer-focused unit tests to cover keySize behavior and edge cases.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/azure-cli/azure/cli/command_modules/keyvault/tests/latest/test_transformers.py
Comment on lines +8 to +9
from azure.keyvault.keys import JsonWebKey, KeyProperties, KeyVaultKey
from azure.keyvault.keys._models import DeletedKey
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@evelyn-ys evelyn-ys Awaiting requested review from evelyn-ys

@yonzhan yonzhan Awaiting requested review from yonzhan yonzhan is a code owner

@notyashhh notyashhh Awaiting requested review from notyashhh notyashhh is a code owner

@isra-fel isra-fel Awaiting requested review from isra-fel isra-fel is a code owner

@xuming-ms xuming-ms Awaiting requested review from xuming-ms xuming-ms is a code owner

@teresaritorto teresaritorto Awaiting requested review from teresaritorto teresaritorto is a code owner

@necusjz necusjz Awaiting requested review from necusjz necusjz is a code owner

@DanielMicrosoft DanielMicrosoft Awaiting requested review from DanielMicrosoft DanielMicrosoft is a code owner

@bebound bebound Awaiting requested review from bebound bebound is a code owner

@jiasli jiasli Awaiting requested review from jiasli jiasli is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@notyashhh notyashhh

Labels

act-identity-squad Auto-Assign Auto assign by bot KeyVault az keyvault

Projects

None yet

Milestone

July 2026 (2026-07-07)

Development

Successfully merging this pull request may close these issues.

5 participants

@MaddyMicrosoft @yonzhan @evelyn-ys @notyashhh