print("\n.. Delete a Certificate") deleted_bank_poller = client.begin_delete_certificate(bank_cert_name) deleted_bank_certificate = deleted_bank_poller.result() # To ensure certificate is deleted on the server side. deleted_bank_poller.wait() print( "Certificate with name '{0}' was deleted on date {1}.".format( deleted_bank_certificate.name, deleted_bank_certificate.deleted_on ) ) # We accidentally deleted the bank account certificate. Let's recover it. # A deleted certificate can only be recovered if the Key Vault is soft-delete enabled. print("\n.. Recover Deleted Certificate") recovered_bank_poller = client.begin_recover_deleted_certificate(deleted_bank_certificate.name) recovered_bank_certificate = recovered_bank_poller.result() # To ensure certificate is recovered on the server side. recovered_bank_poller.wait() print("Recovered Certificate with name '{0}'.".format(recovered_bank_certificate.name)) # Let's delete the storage certificate now. # If the keyvault is soft-delete enabled, then for permanent deletion deleted certificate needs to be purged. client.begin_delete_certificate(storage_cert_name).wait() # Certificates will still purge eventually on their scheduled purge date, but calling `purge_deleted_certificate` immediately # purges. print("\n.. Purge Deleted Certificate") client.purge_deleted_certificate(storage_cert_name) print("Certificate has been permanently deleted.")
def deleted_certificate_recovery(self): """ a sample of enumerating, retrieving, recovering and purging deleted certificates from a key vault """ # create a vault enabling the soft delete feature vault = self.create_vault() # create a certificate client credential = DefaultAzureCredential() certificate_client = CertificateClient( vault_url=vault.properties.vault_uri, credential=credential) # create certificates in the vault cert_to_recover = get_name('cert') cert_to_purge = get_name('cert') create_certificate_poller = certificate_client.begin_create_certificate( cert_to_recover, policy=CertificatePolicy.get_default()) created_certificate = create_certificate_poller.result() print('created certificate {}'.format(created_certificate.name)) create_certificate_poller = certificate_client.begin_create_certificate( cert_to_purge, policy=CertificatePolicy.get_default()) created_certificate = create_certificate_poller.result() print('created certificate {}'.format(created_certificate.name)) # list the vault certificates certificates = certificate_client.list_properties_of_certificates() print('list the vault certificates') for certificate in certificates: print(certificate.name) # delete the certificates deleted_certificate_poller = certificate_client.begin_delete_certificate( cert_to_recover) deleted_certificate = deleted_certificate_poller.result() deleted_certificate_poller.wait() print('deleted certificate {}'.format(deleted_certificate.name)) deleted_certificate_poller = certificate_client.begin_delete_certificate( cert_to_purge) deleted_certificate = deleted_certificate_poller.result() deleted_certificate_poller.wait() print('deleted certificate {}'.format(deleted_certificate.name)) # list the deleted certificates deleted_certs = certificate_client.list_deleted_certificates() print('deleted certificates:') for deleted_cert in deleted_certs: print(deleted_cert.name) # recover a deleted certificate recovered_certificate_poller = certificate_client.begin_recover_deleted_certificate( cert_to_recover) recovered_certificate_certificate = recovered_certificate_poller.result( ) print('recovered certificate {}'.format( recovered_certificate_certificate.name)) # purge a deleted certificate certificate_client.purge_deleted_certificate(cert_to_purge) time.sleep(50) print('purged certificate {}'.format(cert_to_purge)) # list the vault certificates certificates = certificate_client.list_properties_of_certificates() print("all of the certificates in the client's vault:") for certificate in certificates: print(certificate.name)