class KeyVaultCertificates: def __init__(self): # DefaultAzureCredential() expects the following environment variables: # * AZURE_CLIENT_ID # * AZURE_CLIENT_SECRET # * AZURE_TENANT_ID credential = DefaultAzureCredential() self.certificate_client = CertificateClient( vault_url=os.environ["AZURE_PROJECT_URL"], credential=credential) self.certificate_name = "cert-name-" + uuid.uuid1().hex def create_certificate(self): self.certificate_client.begin_create_certificate( name=self.certificate_name, policy=CertificatePolicy.get_default()).wait() print("\tdone") def get_certificate(self): print("Getting a certificate...") certificate = self.certificate_client.get_certificate( name=self.certificate_name) print(f"\tdone, certificate: {certificate.name}.") def delete_certificate(self): print("Deleting a certificate...") deleted_certificate = self.certificate_client.delete_certificate( name=self.certificate_name) print("\tdone: " + deleted_certificate.name) def run(self): print("") print("------------------------") print("Key Vault - Certificates\nIdentity - Credential") print("------------------------") print("1) Create a certificate") print("2) Get that certificate") print("3) Delete that certificate (Clean up the resource)") print("") try: self.create_certificate() self.get_certificate() finally: self.delete_certificate()
# A long running poller is returned for the create certificate operation. create_certificate_poller = client.begin_create_certificate( name=cert_name, policy=CertificatePolicy.get_default()) # The result call awaits the completion of the create certificate operation and returns the final result. # It will return a certificate if creation is successful, and will return the CertificateOperation if not. certificate = create_certificate_poller.result() print("Certificate with name '{0}' created.".format(cert_name)) # Backups are good to have, if in case certificates gets deleted accidentally. # For long term storage, it is ideal to write the backup to a file. print("\n.. Create a backup for an existing certificate") certificate_backup = client.backup_certificate(name=cert_name) print("Backup created for certificate with name '{0}'.".format(cert_name)) # The storage account certificate is no longer in use, so you can delete it. print("\n.. Delete the certificate") client.delete_certificate(name=cert_name) print("Deleted certificate '{0}'".format(cert_name)) # In future, if the certificate is required again, we can use the backup value to restore it in the Key Vault. print("\n.. Restore the certificate from the backup") certificate = client.restore_certificate_backup(certificate_backup) print("Restored Certificate with name '{0}'".format(certificate.name)) except HttpResponseError as e: print("\nrun_sample has caught an error. {0}".format(e.message)) finally: print("\nrun_sample done")
print("\n.. Get a Certificate by name") bank_certificate = client.get_certificate(name=cert_name) print("Certificate with name '{0}' was found'.".format(bank_certificate.name)) # After one year, the bank account is still active, and we have decided to update the tags. print("\n.. Update a Certificate by name") tags = {"a": "b"} updated_certificate = client.update_certificate_properties(name=bank_certificate.name, tags=tags) print( "Certificate with name '{0}' was updated on date '{1}'".format( bank_certificate.name, updated_certificate.properties.updated_on ) ) print( "Certificate with name '{0}' was updated with tags '{1}'".format( bank_certificate.name, updated_certificate.properties.tags ) ) # The bank account was closed, need to delete its credentials from the Key Vault. print("\n.. Delete Certificate") deleted_certificate = client.delete_certificate(name=bank_certificate.name) print("Deleting Certificate..") print("Certificate with name '{0}' was deleted.".format(deleted_certificate.name)) except HttpResponseError as e: print("\nrun_sample has caught an error. {0}".format(e.message)) finally: print("\nrun_sample done")
print( "Certificate with name '{0}' was created again with tags '{1}'".format( bank_cert_name, tags)) # You need to check all the different tags your bank account certificate had previously. Let's print # all the versions of this certificate. print("\n.. List versions of the certificate using its name") certificate_versions = client.list_certificate_versions(bank_cert_name) for certificate_version in certificate_versions: print( "Bank Certificate with name '{0}' with version '{1}' has tags: '{2}'." .format(certificate_version.name, certificate_version.version, certificate_version.tags)) # The bank account and storage accounts got closed. Let's delete bank and storage accounts certificates. client.delete_certificate(name=bank_cert_name) client.delete_certificate(name=storage_cert_name) # You can list all the deleted and non-purged certificates, assuming Key Vault is soft-delete enabled. print("\n.. List deleted certificates from the Key Vault") deleted_certificates = client.list_deleted_certificates() for deleted_certificate in deleted_certificates: print("Certificate with name '{0}' has recovery id '{1}'".format( deleted_certificate.name, deleted_certificate.recovery_id)) except HttpResponseError as e: if "(NotSupported)" in e.message: print( "\n{0} Please enable soft delete on Key Vault to perform this operation." .format(e.message)) else: