def run_sample():
# Instantiate a secret client that will be used to call the service.
# Notice that the client is using default Azure credentials.
# To make default credentials work, ensure that environment variables 'AZURE_CLIENT_ID',
# 'AZURE_CLIENT_SECRET' and 'AZURE_TENANT_ID' are set with the service principal credentials.
VAULT_URL = os.environ["VAULT_URL"]
credential = DefaultAzureCredential()
client = SecretClient(vault_url=VAULT_URL, credential=credential)
try:
# Let's create secrets holding storage and bank accounts credentials. If the secret
# already exists in the Key Vault, then a new version of the secret is created.
print("\n1. Create Secret")
bank_secret = client.set_secret("recoverPurgeBankSecretName",
"recoverPurgeSecretValue1")
storage_secret = client.set_secret("recoverPurgeStorageSecretName",
"recoverPurgeSecretValue2")
print("Secret with name '{0}' was created.".format(bank_secret.name))
print("Secret with name '{0}' was created.".format(
storage_secret.name))
# The storage account was closed, need to delete its credentials from the Key Vault.
print("\n2. Delete a Secret")
secret = client.delete_secret(bank_secret.name)
time.sleep(20)
print("Secret with name '{0}' was deleted on date {1}.".format(
secret.name, secret.deleted_date))
# We accidentally deleted the bank account secret. Let's recover it.
# A deleted secret can only be recovered if the Key Vault is soft-delete enabled.
print("\n3. Recover Deleted Secret")
recovered_secret = client.recover_deleted_secret(bank_secret.name)
print("Recovered Secret with name '{0}'.".format(
recovered_secret.name))
# Let's delete storage account now.
# If the keyvault is soft-delete enabled, then for permanent deletion deleted secret needs to be purged.
client.delete_secret(storage_secret.name)
# To ensure secret is deleted on the server side.
print("\nDeleting Storage Secret...")
time.sleep(20)
# To ensure permanent deletion, we might need to purge the secret.
print("\n4. Purge Deleted Secret")
client.purge_deleted_secret(storage_secret.name)
print("Secret has been permanently deleted.")
except HttpResponseError as e:
if "(NotSupported)" in e.message:
print(
"\n{0} Please enable soft delete on Key Vault to perform this operation."
.format(e.message))
else:
print("\nrun_sample has caught an error. {0}".format(e.message))
finally:
print("\nrun_sample done")
storage_secret = client.set_secret("recoverPurgeStorageSecretName",
"recoverPurgeSecretValue2")
print("Secret with name '{0}' was created.".format(bank_secret.name))
print("Secret with name '{0}' was created.".format(storage_secret.name))
# The storage account was closed, need to delete its credentials from the Key Vault.
print("\n.. Delete a Secret")
secret = client.delete_secret(bank_secret.name)
time.sleep(20)
print("Secret with name '{0}' was deleted on date {1}.".format(
secret.name, secret.deleted_date))
# We accidentally deleted the bank account secret. Let's recover it.
# A deleted secret can only be recovered if the Key Vault is soft-delete enabled.
print("\n.. Recover Deleted Secret")
recovered_secret = client.recover_deleted_secret(bank_secret.name)
print("Recovered Secret with name '{0}'.".format(recovered_secret.name))
# Let's delete storage account now.
# If the keyvault is soft-delete enabled, then for permanent deletion deleted secret needs to be purged.
client.delete_secret(storage_secret.name)
# To ensure secret is deleted on the server side.
print("\nDeleting Storage Secret...")
time.sleep(20)
# To ensure permanent deletion, we might need to purge the secret.
print("\n.. Purge Deleted Secret")
client.purge_deleted_secret(storage_secret.name)
print("Secret has been permanently deleted.")
