Jump to content

Connect SuperML | Leeroopedia MCP: Equip your AI agents with best practices, code verification, and debugging knowledge. Powered by Leeroo — building Organizational Superintelligence. Contact us at founders@leeroo.com.

Implementation:Microsoft Semantic kernel Concepts OpenAPI Resource

From Leeroopedia
Revision as of 11:39, 16 February 2026 by Admin (talk | contribs) (Auto-imported from implementations/Microsoft_Semantic_kernel_Concepts_OpenAPI_Resource.md)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Knowledge Sources
Domains OpenAPI, Azure_Key_Vault
Last Updated 2026-02-11 00:00 GMT

Overview

Concrete Swagger 2.0 OpenAPI specification for the Azure Key Vault REST API used as a sample connector resource in the Semantic Kernel Concepts samples.

Description

This file is a Swagger 2.0 JSON specification that describes a sample connector for the Azure Key Vault service. It defines endpoints for managing cryptographic keys and secrets via the Key Vault REST API (version 7.0). The specification includes the following operations:

  • Keys: ListKey (GET /keys), GetKey (GET /keys/{key-name}), CreateKey (POST /keys/{key-name}/create), Decrypt (POST /keys/{key-name}/decrypt), Encrypt (POST /keys/{key-name}/encrypt)
  • Secrets: ListSecret (GET /secrets), GetSecret (GET /secrets/{secret-name}), SetSecret (PUT /secrets/{secret-name}), ListSecretVersions (GET /secrets/{secret-name}/versions), GetSecretVersion (GET /secrets/{secret-name}/{secret-version})

The specification uses OAuth2 access code flow for security (oauth2_auth) with Azure AD authorization endpoints at login.windows.net. The host is set to my-key-vault.vault.azure.net as a placeholder.

Usage

This file is referenced in the Concepts sample project (sample number 22) to demonstrate how Semantic Kernel can import and use OpenAPI specifications as plugins. Developers use it to learn how to integrate external REST APIs (like Azure Key Vault) into Semantic Kernel pipelines via the OpenAPI plugin import mechanism.

Code Reference

Source Location

Signature

{
  "basePath": "/",
  "host": "my-key-vault.vault.azure.net",
  "info": {
    "description": "A sample connector for the Azure Key Vault service.",
    "title": "Azure Key Vault [Sample]",
    "version": "1.0"
  },
  "paths": {
    "/keys": { "get": { "operationId": "ListKey", "summary": "List keys" } },
    "/keys/{key-name}": { "get": { "operationId": "GetKey", "summary": "Get key" } },
    "/keys/{key-name}/create": { "post": { "operationId": "CreateKey", "summary": "Create key" } },
    "/keys/{key-name}/decrypt": { "post": { "operationId": "Decrypt", "summary": "Decrypt data" } },
    "/keys/{key-name}/encrypt": { "post": { "operationId": "Encrypt", "summary": "Encrypt data" } },
    "/secrets": { "get": { "operationId": "ListSecret", "summary": "List secrets" } },
    "/secrets/{secret-name}": {
      "get": { "operationId": "GetSecret", "summary": "Get secret" },
      "put": { "operationId": "SetSecret", "summary": "Create or update secret value" }
    }
  },
  "swagger": "2.0",
  "schemes": ["https"]
}

Import

// In Concepts sample 22, the spec is loaded as an embedded resource:
using var stream = typeof(Concepts).Assembly
    .GetManifestResourceStream("Resources.22-openapi.json");

// Or loaded from disk:
await kernel.ImportPluginFromOpenApiAsync("AzureKeyVault",
    Path.Combine("Resources", "22-openapi.json"));

I/O Contract

Inputs

Name Type Required Description
key-name string (path) yes Name of the cryptographic key in the vault (for key operations).
secret-name string (path) yes Name of the secret in the vault (for secret operations).
secret-version string (path) yes Version identifier of a secret (for GetSecretVersion).
api-version string (query) yes API version, defaults to "7.0". Marked as internal visibility.
maxresults string/integer (query) no Maximum number of results to return per page.
kty string (body) yes Key type for CreateKey: EC, EC-HSM, RSA, RSA-HSM, or oct.
alg string (body) yes Encryption algorithm for Encrypt/Decrypt: RSA-OAEP, RSA-OAEP-256, or RSA1_5.
value string (body) yes Data payload for encrypt/decrypt operations or secret value for SetSecret.

Outputs

Name Type Description
key object Key material including kid (key identifier), kty (key type), key_ops (operations), e (exponent), n (modulus).
attributes object Key/secret attributes: created, updated, enabled, recoverylevel timestamps.
value string Decrypted data, encrypted data, or secret value depending on the operation.
nextLink string Pagination link for list operations.

Usage Examples

Importing the Azure Key Vault Plugin

var kernel = Kernel.CreateBuilder()
    .AddAzureOpenAIChatCompletion(deploymentName, endpoint, apiKey)
    .Build();

await kernel.ImportPluginFromOpenApiAsync(
    "AzureKeyVault",
    Path.Combine("Resources", "22-openapi.json"),
    new OpenApiFunctionExecutionParameters
    {
        ServerUrlOverride = new Uri("https://my-vault.vault.azure.net")
    });

// Now the kernel can call Key Vault operations as functions:
var result = await kernel.InvokeAsync("AzureKeyVault", "ListKey");

Related Pages

Page Connections

Double-click a node to navigate. Hold to expand connections.
Principle
Implementation
Heuristic
Environment
Retrieved from "https://leeroopedia.com/index.php?title=Implementation:Microsoft_Semantic_kernel_Concepts_OpenAPI_Resource&oldid=3870"