bank_cert_name)
for certificate_version in certificate_versions:
print(
"Bank Certificate with name '{0}' with version '{1}' has tags: '{2}'."
.format(certificate_version.name, certificate_version.version,
certificate_version.tags))
# The bank account and storage accounts got closed. Let's delete bank and storage accounts certificates.
# We call wait() to ensure the certificate is deleted server side because the following method requires
# server-side deletion to run properly. In most situations you will not have to call wait().
client.begin_delete_certificate(bank_cert_name).wait()
client.begin_delete_certificate(storage_cert_name).wait()
# You can list all the deleted and non-purged certificates, assuming Key Vault is soft-delete enabled.
print("\n.. List deleted certificates from the Key Vault")
deleted_certificates = client.list_deleted_certificates()
for deleted_certificate in deleted_certificates:
print("Certificate with name '{0}' has recovery id '{1}'".format(
deleted_certificate.name, deleted_certificate.recovery_id))
except HttpResponseError as e:
if "(NotSupported)" in e.message:
print(
"\n{0} Please enable soft delete on Key Vault to perform this operation."
.format(e.message))
else:
print("\nrun_sample has caught an error. {0}".format(e.message))
finally:
print("\nrun_sample done")
tenant_id=os.environ["KEYVAULT_TENANT_ID"],
client_id=os.environ["KEYVAULT_CLIENT_ID"],
client_secret=os.environ["KEYVAULT_CLIENT_SECRET"])
cert_client = CertificateClient(os.environ["AZURE_KEYVAULT_URL"], credential)
key_client = KeyClient(os.environ["AZURE_KEYVAULT_URL"], credential)
secret_client = SecretClient(os.environ["AZURE_KEYVAULT_URL"], credential)
test_certificates = [
c for c in cert_client.list_properties_of_certificates()
if c.name.startswith("livekvtest")
]
for certificate in test_certificates:
cert_client.begin_delete_certificate(certificate.name).wait()
deleted_test_certificates = [
c for c in cert_client.list_deleted_certificates()
if c.name.startswith("livekvtest")
]
for certificate in deleted_test_certificates:
cert_client.purge_deleted_certificate(certificate.name)
test_keys = [
k for k in key_client.list_properties_of_keys()
if k.name.startswith("livekvtest")
]
for key in test_keys:
key_client.begin_delete_key(key.name).wait()
deleted_test_keys = [
k for k in key_client.list_deleted_keys()
if k.name.startswith("livekvtest")
]
def deleted_certificate_recovery(self):
"""
a sample of enumerating, retrieving, recovering and purging deleted certificates from a key vault
"""
# create a vault enabling the soft delete feature
vault = self.create_vault()
# create a certificate client
credential = DefaultAzureCredential()
certificate_client = CertificateClient(
vault_url=vault.properties.vault_uri, credential=credential)
# create certificates in the vault
cert_to_recover = get_name('cert')
cert_to_purge = get_name('cert')
create_certificate_poller = certificate_client.begin_create_certificate(
cert_to_recover, policy=CertificatePolicy.get_default())
created_certificate = create_certificate_poller.result()
print('created certificate {}'.format(created_certificate.name))
create_certificate_poller = certificate_client.begin_create_certificate(
cert_to_purge, policy=CertificatePolicy.get_default())
created_certificate = create_certificate_poller.result()
print('created certificate {}'.format(created_certificate.name))
# list the vault certificates
certificates = certificate_client.list_properties_of_certificates()
print('list the vault certificates')
for certificate in certificates:
print(certificate.name)
# delete the certificates
deleted_certificate_poller = certificate_client.begin_delete_certificate(
cert_to_recover)
deleted_certificate = deleted_certificate_poller.result()
deleted_certificate_poller.wait()
print('deleted certificate {}'.format(deleted_certificate.name))
deleted_certificate_poller = certificate_client.begin_delete_certificate(
cert_to_purge)
deleted_certificate = deleted_certificate_poller.result()
deleted_certificate_poller.wait()
print('deleted certificate {}'.format(deleted_certificate.name))
# list the deleted certificates
deleted_certs = certificate_client.list_deleted_certificates()
print('deleted certificates:')
for deleted_cert in deleted_certs:
print(deleted_cert.name)
# recover a deleted certificate
recovered_certificate_poller = certificate_client.begin_recover_deleted_certificate(
cert_to_recover)
recovered_certificate_certificate = recovered_certificate_poller.result(
)
print('recovered certificate {}'.format(
recovered_certificate_certificate.name))
# purge a deleted certificate
certificate_client.purge_deleted_certificate(cert_to_purge)
time.sleep(50)
print('purged certificate {}'.format(cert_to_purge))
# list the vault certificates
certificates = certificate_client.list_properties_of_certificates()
print("all of the certificates in the client's vault:")
for certificate in certificates:
print(certificate.name)
tenant_id=os.environ["KEYVAULT_TENANT_ID"],
client_id=os.environ["KEYVAULT_CLIENT_ID"],
client_secret=os.environ["KEYVAULT_CLIENT_SECRET"])
cert_client = CertificateClient(os.environ["AZURE_KEYVAULT_URL"], credential)
key_client = KeyClient(os.environ["AZURE_KEYVAULT_URL"], credential)
secret_client = SecretClient(os.environ["AZURE_KEYVAULT_URL"], credential)
test_certificates = [
c for c in cert_client.list_properties_of_certificates()
if c.name.startswith("livekvtest")
]
for certificate in test_certificates:
cert_client.begin_delete_certificate(certificate.name).wait()
deleted_test_certificates = [
c for c in cert_client.list_deleted_certificates(include_pending=True)
if c.name.startswith("livekvtest")
]
for certificate in deleted_test_certificates:
cert_client.purge_deleted_certificate(certificate.name)
test_keys = [
k for k in key_client.list_properties_of_keys()
if k.name.startswith("livekvtest")
]
for key in test_keys:
key_client.begin_delete_key(key.name).wait()
deleted_test_keys = [
k for k in key_client.list_deleted_keys()
if k.name.startswith("livekvtest")
]
