def deleted_secret_recovery(self):
"""
a sample of enumerating, retrieving, recovering and purging deleted secrets from a key vault
"""
# create a vault enabling the soft delete feature
vault = self.create_vault()
# create a secret client
credential = DefaultAzureCredential()
secret_client = SecretClient(vault_url=vault.properties.vault_uri,
credential=credential)
# create secrets in the vault
secret_to_recover = get_name('secret')
secret_to_purge = get_name('secret')
secret = secret_client.set_secret(secret_to_recover,
"secret to restore")
print('created secret {}'.format(secret.name))
secret = secret_client.set_secret(secret_to_purge, "secret to purge")
print('created secret {}'.format(secret.name))
# list the name of all of the secrets in the client's vault
secret_properties = secret_client.list_properties_of_secrets()
print("all of the secrets in the client's vault:")
for secret_property in secret_properties:
print(secret_property.name)
# delete the secrets
delete_secret_poller = secret_client.begin_delete_secret(
secret_to_recover)
deleted_secret = delete_secret_poller.result()
delete_secret_poller.wait()
print('deleted secret {}'.format(deleted_secret.name))
delete_secret_poller = secret_client.begin_delete_secret(
secret_to_purge)
deleted_secret = delete_secret_poller.result()
delete_secret_poller.wait()
print('deleted secret {}'.format(deleted_secret.name))
# list the deleted secrets
deleted_secrets = secret_client.list_deleted_secrets()
print("all of the deleted secrets in the client's vault:")
for deleted_secret in deleted_secrets:
print(deleted_secret.name)
# recover a deleted secret
recover_secret_poller = secret_client.begin_recover_deleted_secret(
secret_to_recover)
recovered_secret = recover_secret_poller.result()
print('recovered secret {}'.format(recovered_secret.name))
# purge a deleted secret
secret_client.purge_deleted_secret(secret_to_purge)
time.sleep(50)
print('purged secret {}'.format(secret_to_purge))
# list the name of all of the secrets in the client's vault
secret_properties = secret_client.list_properties_of_secrets()
print("all of the secrets in the client's vault:")
for secret_property in secret_properties:
print(secret_property.name)
"recoverPurgeSecretValue1")
storage_secret = client.set_secret("recoverPurgeStorageSecretName",
"recoverPurgeSecretValue2")
print("Secret with name '{0}' was created.".format(bank_secret.name))
print("Secret with name '{0}' was created.".format(storage_secret.name))
# The storage account was closed, need to delete its credentials from the Key Vault.
print("\n.. Delete a Secret")
secret = client.begin_delete_secret(bank_secret.name).result()
print("Secret with name '{0}' was deleted on date {1}.".format(
secret.name, secret.deleted_date))
# We accidentally deleted the bank account secret. Let's recover it.
# A deleted secret can only be recovered if the Key Vault is soft-delete enabled.
print("\n.. Recover Deleted Secret")
recovered_secret = client.begin_recover_deleted_secret(
bank_secret.name).result()
print("Recovered Secret with name '{0}'.".format(recovered_secret.name))
# Let's delete storage account now.
# If the keyvault is soft-delete enabled, then for permanent deletion deleted secret needs to be purged.
# Calling result() on the method will immediately return the `DeletedSecret`, but calling wait() blocks
# until the secret is deleted server-side so it can be purged.
print("\n.. Deleting secret...")
client.begin_delete_secret(storage_secret.name).wait()
# To ensure permanent deletion, we might need to purge the secret.
print("\n.. Purge Deleted Secret")
client.purge_deleted_secret(storage_secret.name)
print("Secret has been permanently deleted.")
except HttpResponseError as e:
"recoverPurgeSecretValue2")
print("Secret with name '{0}' was created.".format(bank_secret.name))
print("Secret with name '{0}' was created.".format(storage_secret.name))
# The storage account was closed, so we need to delete its credentials from the Key Vault.
print("\n.. Delete a Secret")
delete_secret_poller = client.begin_delete_secret(bank_secret.name)
secret = delete_secret_poller.result()
delete_secret_poller.wait()
print("Secret with name '{0}' was deleted on date {1}.".format(
secret.name, secret.deleted_date))
# We accidentally deleted the bank account secret. Let's recover it.
# A deleted secret can only be recovered if the Key Vault is soft-delete enabled.
print("\n.. Recover Deleted Secret")
recover_secret_poller = client.begin_recover_deleted_secret(
bank_secret.name)
recovered_secret = recover_secret_poller.result()
# This wait is just to ensure recovery is complete before we delete the secret again
recover_secret_poller.wait()
print("Recovered Secret with name '{0}'.".format(recovered_secret.name))
# Let's delete the storage secret now.
# If the keyvault is soft-delete enabled, then for permanent deletion, the deleted secret needs to be purged.
# Calling result() on the method will immediately return the `DeletedSecret`, but calling wait() blocks
# until the secret is deleted server-side so it can be purged.
print("\n.. Deleting secret...")
client.begin_delete_secret(storage_secret.name).wait()
# Secrets will still purge eventually on their scheduled purge date, but calling `purge_deleted_secret` immediately
# purges.
