Ejemplo n.º 1
0
                key_cache[secret_bundle.id] = key
            return key

        # Setting the key_resolver_function will tell the service to automatically
        # try to decrypt retrieved blobs. The key_resolver is a function that
        # takes in a key_id and returns a corresponding key_encryption_key.
        self.block_blob_service.key_resolver_function = resolve_wrapped_aes_key_secret

        # Downloading works as usual with support for decrypting both entire blobs
        # and decrypting range gets.
        blob_full = self.block_blob_service.get_blob_to_bytes(container_name, block_blob_name)
        blob_range = self.block_blob_service.get_blob_to_bytes(container_name, block_blob_name,
                                                               start_range=len(data) // 2 + 5,
                                                               end_range=(3 * len(data) // 4) + 1)

        self.block_blob_service.delete_container(container_name)

    def _get_resource_reference(self, prefix):
        return '{}{}'.format(prefix, str(uuid.uuid4()).replace('-', ''))

    def _get_blob_reference(self, prefix='blob'):
        return self._get_resource_reference(prefix)

    def _create_container(self, prefix='container'):
        container_name = self._get_resource_reference(prefix)
        self.block_blob_service.create_container(container_name)
        return container_name

if __name__ == "__main__":
    run_all_samples([BlobEncryptionSample()])
Ejemplo n.º 2
0
        # create a key vault
        first_vault = self.create_vault()

        # create a key in the vault
        key_name = get_name('key')
        key = self.keyvault_data_client.create_key(first_vault.properties.vault_uri, key_name, 'RSA')
        print('created key {}\n{}'.format(key_name, self._serialize(key)))

        # list the keys in the vault
        keys = self.keyvault_data_client.get_keys(first_vault.properties.vault_uri)
        print('vault {} secrets:\n{}'.format(first_vault.name, self._serialize(keys)))

        # backup the key
        backup = self.keyvault_data_client.backup_key(first_vault.properties.vault_uri, key_name)
        print('backed up key {} value: {}'.format(key_name, backup))

        # create a second vault
        second_vault = self.create_vault()

        # restore the key to the new vault
        restored = self.keyvault_data_client.restore_key(second_vault.properties.vault_uri, backup.value)
        print('restored secret {}\n{}'.format(key_name, self._serialize(restored)))

        # list the keys in the new vault
        keys = self.keyvault_data_client.get_keys(second_vault.properties.vault_uri)
        print('vault {} secrets:\n{}'.format(second_vault.name, self._serialize(keys)))


if __name__ == "__main__":
    run_all_samples([BackupRestoreSample()])
Ejemplo n.º 3
0
        print('deleted certificate {}'.format(deleted_certificate.name))

        # list the deleted certificates
        deleted_certs = certificate_client.list_deleted_certificates()
        print('deleted certificates:')
        for deleted_cert in deleted_certs:
            print(deleted_cert.name)

        # recover a deleted certificate
        recovered_certificate_poller = certificate_client.begin_recover_deleted_certificate(
            cert_to_recover)
        recovered_certificate_certificate = recovered_certificate_poller.result(
        )
        print('recovered certificate {}'.format(
            recovered_certificate_certificate.name))

        # purge a deleted certificate
        certificate_client.purge_deleted_certificate(cert_to_purge)
        time.sleep(50)
        print('purged certificate {}'.format(cert_to_purge))

        # list the vault certificates
        certificates = certificate_client.list_properties_of_certificates()
        print("all of the certificates in the client's vault:")
        for certificate in certificates:
            print(certificate.name)


if __name__ == "__main__":
    run_all_samples([SoftDeleteSample()])
Ejemplo n.º 4
0
        default=None,
        help='the object id of the service principal to run the sample')
    parser.add_argument(
        '--client-secret',
        dest='client_secret',
        type=str,
        default=None,
        help=
        'the authentication secret of the service principal to run the sample')
    parser.add_argument('--samples',
                        nargs='*',
                        type=str,
                        help='names of specific samples to run')
    args = parser.parse_args()

    config = KeyVaultSampleConfig()

    if args.tenant_id:
        config.tenant_id = args.tenant_id
    if args.subscription_id:
        config.subscription_id = args.subscription_id
    if args.client_id:
        config.client_id = args.client_id
    if args.client_oid:
        config.client_oid = args.client_oid
    if args.client_secret:
        config.client_secret = args.client_secret

    run_all_samples([AuthenticationSample(config=config)],
                    requested=args.samples or [])
Ejemplo n.º 5
0
        vault = self.create_vault()

        import adal

        # create an adal authentication context
        auth_context = adal.AuthenticationContext('https://login.microsoftonline.com/%s' % self.config.tenant_id)

        # create a callback to supply the token type and access token on request
        def adal_callback(server, resource, scope):
            token = auth_context.acquire_token_with_client_credentials(resource=resource,
                                                                       client_id=self.config.client_id,
                                                                       client_secret=self.config.client_secret)
            return token['tokenType'], token['accessToken']

        # create a KeyVaultAuthentication instance which will callback to the supplied adal_callback
        auth = KeyVaultAuthentication(adal_callback)

        # create the KeyVaultClient using the created KeyVaultAuthentication instance
        client = KeyVaultClient(auth)

        # set and get a secret from the vault to validate the client is authenticated
        print('creating secret...')
        print(client.set_secret(vault.properties.vault_uri, 'auth-sample-secret', 'client is authenticated to the vault'))

        print('getting secret...')
        print(client.get_secret(vault.properties.vault_uri, 'auth-sample-secret', secret_version=KeyVaultId.version_none))


if __name__ == "__main__":
    run_all_samples([AuthenticationSample()])
Ejemplo n.º 6
0
from backup_restore_sample import BackupRestoreSample
from soft_delete_sample import SoftDeleteSample
from key_vault_sample_base import run_all_samples

if __name__ == "__main__":
    run_all_samples([BackupRestoreSample(), SoftDeleteSample()])
Ejemplo n.º 7
0
            print(user_code_info['message'])
            token = auth_context.acquire_token_with_device_code(
                resource=resource,
                client_id=xplat_client_id,
                user_code_info=user_code_info)
            return token['tokenType'], token['accessToken']

        # create a KeyVaultAuthentication instance which will callback to the supplied adal_callback
        auth = KeyVaultAuthentication(adal_callback)

        # create the KeyVaultClient using the created KeyVaultAuthentication instance
        client = KeyVaultClient(auth)

        # set and get a secret from the vault to validate the client is authenticated
        print('creating secret...')
        secret_bundle = client.set_secret(
            vault.properties.vault_uri, 'auth-sample-secret',
            'client is authenticated to the vault')
        print(secret_bundle)

        print('getting secret...')
        secret_bundle = client.get_secret(
            vault.properties.vault_uri,
            'auth-sample-secret',
            secret_version=KeyVaultId.version_none)
        print(secret_bundle)


if __name__ == "__main__":
    sys.exit(run_all_samples([AuthenticationSample()]))