def deleted_secret_recovery(self): """ a sample of enumerating, retrieving, recovering and purging deleted secrets from a key vault """ # create a vault enabling the soft delete feature vault = self.create_vault() # create a secret client credential = DefaultAzureCredential() secret_client = SecretClient(vault_url=vault.properties.vault_uri, credential=credential) # create secrets in the vault secret_to_recover = get_name('secret') secret_to_purge = get_name('secret') secret = secret_client.set_secret(secret_to_recover, "secret to restore") print('created secret {}'.format(secret.name)) secret = secret_client.set_secret(secret_to_purge, "secret to purge") print('created secret {}'.format(secret.name)) # list the name of all of the secrets in the client's vault secret_properties = secret_client.list_properties_of_secrets() print("all of the secrets in the client's vault:") for secret_property in secret_properties: print(secret_property.name) # delete the secrets delete_secret_poller = secret_client.begin_delete_secret( secret_to_recover) deleted_secret = delete_secret_poller.result() delete_secret_poller.wait() print('deleted secret {}'.format(deleted_secret.name)) delete_secret_poller = secret_client.begin_delete_secret( secret_to_purge) deleted_secret = delete_secret_poller.result() delete_secret_poller.wait() print('deleted secret {}'.format(deleted_secret.name)) # list the deleted secrets deleted_secrets = secret_client.list_deleted_secrets() print("all of the deleted secrets in the client's vault:") for deleted_secret in deleted_secrets: print(deleted_secret.name) # recover a deleted secret recover_secret_poller = secret_client.begin_recover_deleted_secret( secret_to_recover) recovered_secret = recover_secret_poller.result() print('recovered secret {}'.format(recovered_secret.name)) # purge a deleted secret secret_client.purge_deleted_secret(secret_to_purge) time.sleep(50) print('purged secret {}'.format(secret_to_purge)) # list the name of all of the secrets in the client's vault secret_properties = secret_client.list_properties_of_secrets() print("all of the secrets in the client's vault:") for secret_property in secret_properties: print(secret_property.name)
"recoverPurgeSecretValue1") storage_secret = client.set_secret("recoverPurgeStorageSecretName", "recoverPurgeSecretValue2") print("Secret with name '{0}' was created.".format(bank_secret.name)) print("Secret with name '{0}' was created.".format(storage_secret.name)) # The storage account was closed, need to delete its credentials from the Key Vault. print("\n.. Delete a Secret") secret = client.begin_delete_secret(bank_secret.name).result() print("Secret with name '{0}' was deleted on date {1}.".format( secret.name, secret.deleted_date)) # We accidentally deleted the bank account secret. Let's recover it. # A deleted secret can only be recovered if the Key Vault is soft-delete enabled. print("\n.. Recover Deleted Secret") recovered_secret = client.begin_recover_deleted_secret( bank_secret.name).result() print("Recovered Secret with name '{0}'.".format(recovered_secret.name)) # Let's delete storage account now. # If the keyvault is soft-delete enabled, then for permanent deletion deleted secret needs to be purged. # Calling result() on the method will immediately return the `DeletedSecret`, but calling wait() blocks # until the secret is deleted server-side so it can be purged. print("\n.. Deleting secret...") client.begin_delete_secret(storage_secret.name).wait() # To ensure permanent deletion, we might need to purge the secret. print("\n.. Purge Deleted Secret") client.purge_deleted_secret(storage_secret.name) print("Secret has been permanently deleted.") except HttpResponseError as e:
"recoverPurgeSecretValue2") print("Secret with name '{0}' was created.".format(bank_secret.name)) print("Secret with name '{0}' was created.".format(storage_secret.name)) # The storage account was closed, so we need to delete its credentials from the Key Vault. print("\n.. Delete a Secret") delete_secret_poller = client.begin_delete_secret(bank_secret.name) secret = delete_secret_poller.result() delete_secret_poller.wait() print("Secret with name '{0}' was deleted on date {1}.".format( secret.name, secret.deleted_date)) # We accidentally deleted the bank account secret. Let's recover it. # A deleted secret can only be recovered if the Key Vault is soft-delete enabled. print("\n.. Recover Deleted Secret") recover_secret_poller = client.begin_recover_deleted_secret( bank_secret.name) recovered_secret = recover_secret_poller.result() # This wait is just to ensure recovery is complete before we delete the secret again recover_secret_poller.wait() print("Recovered Secret with name '{0}'.".format(recovered_secret.name)) # Let's delete the storage secret now. # If the keyvault is soft-delete enabled, then for permanent deletion, the deleted secret needs to be purged. # Calling result() on the method will immediately return the `DeletedSecret`, but calling wait() blocks # until the secret is deleted server-side so it can be purged. print("\n.. Deleting secret...") client.begin_delete_secret(storage_secret.name).wait() # Secrets will still purge eventually on their scheduled purge date, but calling `purge_deleted_secret` immediately # purges.