class KeyVaultCertificates: def __init__(self): # DefaultAzureCredential() expects the following environment variables: # * AZURE_CLIENT_ID # * AZURE_CLIENT_SECRET # * AZURE_TENANT_ID credential = DefaultAzureCredential() self.certificate_client = CertificateClient( vault_url=os.environ["AZURE_PROJECT_URL"], credential=credential) self.certificate_name = "cert-name-" + uuid.uuid1().hex def create_certificate(self): print("creating certificate...") self.certificate_client.create_certificate(name=self.certificate_name) print("\tdone") def get_certificate(self): print("Getting a certificate...") certificate = self.certificate_client.get_certificate_with_policy( name=self.certificate_name) print("\tdone, certificate: %s." % certificate.name) def delete_certificate(self): print("Deleting a certificate...") deleted_certificate = self.certificate_client.delete_certificate( name=self.certificate_name) print("\tdone: " + deleted_certificate.name) def run(self): print("") print("------------------------") print("Key Vault - Certificates\nIdentity - Credential") print("------------------------") print("1) Create a certificate") print("2) Get that certificate") print("3) Delete that certificate (Clean up the resource)") print("") try: self.create_certificate() self.get_certificate() finally: self.delete_certificate()
# Instantiate a certificate client that will be used to call the service. # Notice that the client is using default Azure credentials. # To make default credentials work, ensure that environment variables 'AZURE_CLIENT_ID', # 'AZURE_CLIENT_SECRET' and 'AZURE_TENANT_ID' are set with the service principal credentials. VAULT_ENDPOINT = os.environ["VAULT_ENDPOINT"] credential = DefaultAzureCredential() client = CertificateClient(vault_endpoint=VAULT_ENDPOINT, credential=credential) try: print("\n.. Create Certificate") cert_name = "BackupRestoreCertificate" # Let's create a certificate for your key vault. # if the certificate already exists in the Key Vault, then a new version of the certificate is created. # A long running poller is returned for the create certificate operation. create_certificate_poller = client.create_certificate(name=cert_name) # The result call awaits the completion of the create certificate operation and returns the final result. # It will return a certificate if creation is successful, and will return the CertificateOperation if not. certificate = create_certificate_poller.result() print("Certificate with name '{0}' created.".format(cert_name)) # Backups are good to have, if in case certificates gets deleted accidentally. # For long term storage, it is ideal to write the backup to a file. print("\n.. Create a backup for an existing certificate") certificate_backup = client.backup_certificate(name=cert_name) print("Backup created for certificate with name '{0}'.".format(cert_name)) # The storage account certificate is no longer in use, so you can delete it. print("\n.. Delete the certificate") client.delete_certificate(name=cert_name)
# ---------------------------------------------------------------------------------------------------------- # Instantiate a certificate client that will be used to call the service. Notice that the client is using default # Azure credentials. To make default credentials work, ensure that environment variables 'AZURE_CLIENT_ID', # 'AZURE_CLIENT_SECRET' and 'AZURE_TENANT_ID' are set with the service principal credentials. VAULT_URL = os.environ["VAULT_URL"] credential = DefaultAzureCredential() client = CertificateClient(vault_url=VAULT_URL, credential=credential) try: # Let's create a certificate for holding storage and bank accounts credentials. If the certificate # already exists in the Key Vault, then a new version of the certificate is created. print("\n.. Create Certificate") bank_cert_name = "BankListCertificate" storage_cert_name = "StorageListCertificate" bank_certificate_poller = client.create_certificate(name=bank_cert_name) storage_certificate_poller = client.create_certificate( name=storage_cert_name) # await the creation of the bank and storage certificate bank_certificate_poller.wait() storage_certificate_poller.wait() print("Certificate with name '{0}' was created.".format(bank_cert_name)) print("Certificate with name '{0}' was created.".format(storage_cert_name)) # Let's list the certificates. print("\n.. List certificates from the Key Vault") certificates = client.list_certificates() for certificate in certificates: print("Certificate with name '{0}' was found.".format(
# Alternatively, if you would like to use our default policy, don't pass a policy parameter to # our certificate creation method cert_policy = CertificatePolicy(key_properties=KeyProperties( exportable=True, key_type='RSA', key_size=2048, reuse_key=False), content_type=SecretContentType.PKCS12, issuer_name='Self', subject_name='CN=*.microsoft.com', validity_in_months=24, san_dns_names=['sdk.azure-int.net']) cert_name = "HelloWorldCertificate" # create_certificate returns a poller. Calling result() on the poller will return the certificate # if creation is successful, and the CertificateOperation if not. The wait() call on the poller will # wait until the long running operation is complete. certificate = client.create_certificate(name=cert_name, policy=cert_policy).result() print("Certificate with name '{0}' created".format(certificate.name)) # Let's get the bank certificate using its name print("\n.. Get a Certificate by name") bank_certificate = client.get_certificate_with_policy(name=cert_name) print("Certificate with name '{0}' was found'.".format( bank_certificate.name)) # After one year, the bank account is still active, and we have decided to update the tags. print("\n.. Update a Certificate by name") tags = {"a": "b"} updated_certificate = client.update_certificate(name=bank_certificate.name, tags=tags) print("Certificate with name '{0}' was updated on date '{1}'".format( bank_certificate.name, updated_certificate.updated))
# Instantiate a certificate client that will be used to call the service. Notice that the client is using default # Azure credentials. To make default credentials work, ensure that environment variables 'AZURE_CLIENT_ID', # 'AZURE_CLIENT_SECRET' and 'AZURE_TENANT_ID' are set with the service principal credentials. VAULT_ENDPOINT = os.environ["VAULT_ENDPOINT"] credential = DefaultAzureCredential() client = CertificateClient(vault_endpoint=VAULT_ENDPOINT, credential=credential) try: # Let's create a certificate for holding storage and bank accounts credentials. If the certificate # already exists in the Key Vault, then a new version of the certificate is created. print("\n.. Create Certificate") bank_cert_name = "BankListCertificate" storage_cert_name = "StorageListCertificate" bank_certificate_poller = client.create_certificate(name=bank_cert_name) storage_certificate_poller = client.create_certificate( name=storage_cert_name) # await the creation of the bank and storage certificate bank_certificate = bank_certificate_poller.result() storage_certificate = storage_certificate_poller.result() print("Certificate with name '{0}' was created.".format( bank_certificate.name)) print("Certificate with name '{0}' was created.".format( storage_certificate.name)) # Let's list the certificates. print("\n.. List certificates from the Key Vault") certificates = client.list_certificates()
# Instantiate a certificate client that will be used to call the service. # Notice that the client is using default Azure credentials. # To make default credentials work, ensure that environment variables 'AZURE_CLIENT_ID', # 'AZURE_CLIENT_SECRET' and 'AZURE_TENANT_ID' are set with the service principal credentials. VAULT_ENDPOINT = os.environ["VAULT_ENDPOINT"] credential = DefaultAzureCredential() client = CertificateClient(vault_endpoint=VAULT_ENDPOINT, credential=credential) try: # Let's create certificates holding storage and bank accounts credentials. If the certificate # already exists in the Key Vault, then a new version of the certificate is created. print("\n.. Create Certificates") bank_cert_name = "BankRecoverCertificate" storage_cert_name = "ServerRecoverCertificate" bank_certificate_poller = client.create_certificate(name=bank_cert_name) storage_certificate_poller = client.create_certificate(name=storage_cert_name) bank_certificate = bank_certificate_poller.result() storage_certificate = storage_certificate_poller.result() print("Certificate with name '{0}' was created.".format(bank_certificate.name)) print("Certificate with name '{0}' was created.".format(storage_certificate.name)) # The storage account was closed, need to delete its credentials from the Key Vault. print("\n.. Delete a Certificate") deleted_bank_certificate = client.delete_certificate(name=bank_cert_name) # To ensure certificate is deleted on the server side. time.sleep(30) print( "Certificate with name '{0}' was deleted on date {1}.".format(
# Before creating your certificate, let's create the management policy for your certificate. # Here you specify the properties of the key, secret, and issuer backing your certificate, # the X509 component of your certificate, and any lifetime actions you would like to be taken # on your certificate # Alternatively, if you would like to use our default policy, don't pass a policy parameter to # our certificate creation method cert_policy = CertificatePolicy(key_properties=KeyProperties( exportable=True, key_type='RSA', key_size=2048, reuse_key=False), content_type=SecretContentType.PKCS12, issuer_name='Self', subject_name='CN=*.microsoft.com', validity_in_months=24, san_dns_names=['sdk.azure-int.net']) cert_name = "HelloWorldCertificate" create_certificate_poller = client.create_certificate(name=cert_name, policy=cert_policy) create_certificate_poller.wait() print("Certificate with name '{0}' created".format(cert_name)) # Let's get the bank certificate using its name print("\n.. Get a Certificate by name") bank_certificate = client.get_certificate_with_policy(name=cert_name) print("Certificate with name '{0}' was found'.".format( bank_certificate.name)) # After one year, the bank account is still active, and we have decided to update the tags. print("\n.. Update a Certificate by name") tags = {"a": "b"} updated_certificate = client.update_certificate(name=bank_certificate.name, tags=tags) print("Certificate with name '{0}' was updated on date '{1}'".format(