print("\n.. Delete a Certificate")
deleted_bank_poller = client.begin_delete_certificate(bank_cert_name)
deleted_bank_certificate = deleted_bank_poller.result()
# To ensure certificate is deleted on the server side.
deleted_bank_poller.wait()
print(
"Certificate with name '{0}' was deleted on date {1}.".format(
deleted_bank_certificate.name, deleted_bank_certificate.deleted_on
)
)
# We accidentally deleted the bank account certificate. Let's recover it.
# A deleted certificate can only be recovered if the Key Vault is soft-delete enabled.
print("\n.. Recover Deleted Certificate")
recovered_bank_poller = client.begin_recover_deleted_certificate(deleted_bank_certificate.name)
recovered_bank_certificate = recovered_bank_poller.result()
# To ensure certificate is recovered on the server side.
recovered_bank_poller.wait()
print("Recovered Certificate with name '{0}'.".format(recovered_bank_certificate.name))
# Let's delete the storage certificate now.
# If the keyvault is soft-delete enabled, then for permanent deletion deleted certificate needs to be purged.
client.begin_delete_certificate(storage_cert_name).wait()
# Certificates will still purge eventually on their scheduled purge date, but calling `purge_deleted_certificate` immediately
# purges.
print("\n.. Purge Deleted Certificate")
client.purge_deleted_certificate(storage_cert_name)
print("Certificate has been permanently deleted.")
def deleted_certificate_recovery(self):
"""
a sample of enumerating, retrieving, recovering and purging deleted certificates from a key vault
"""
# create a vault enabling the soft delete feature
vault = self.create_vault()
# create a certificate client
credential = DefaultAzureCredential()
certificate_client = CertificateClient(
vault_url=vault.properties.vault_uri, credential=credential)
# create certificates in the vault
cert_to_recover = get_name('cert')
cert_to_purge = get_name('cert')
create_certificate_poller = certificate_client.begin_create_certificate(
cert_to_recover, policy=CertificatePolicy.get_default())
created_certificate = create_certificate_poller.result()
print('created certificate {}'.format(created_certificate.name))
create_certificate_poller = certificate_client.begin_create_certificate(
cert_to_purge, policy=CertificatePolicy.get_default())
created_certificate = create_certificate_poller.result()
print('created certificate {}'.format(created_certificate.name))
# list the vault certificates
certificates = certificate_client.list_properties_of_certificates()
print('list the vault certificates')
for certificate in certificates:
print(certificate.name)
# delete the certificates
deleted_certificate_poller = certificate_client.begin_delete_certificate(
cert_to_recover)
deleted_certificate = deleted_certificate_poller.result()
deleted_certificate_poller.wait()
print('deleted certificate {}'.format(deleted_certificate.name))
deleted_certificate_poller = certificate_client.begin_delete_certificate(
cert_to_purge)
deleted_certificate = deleted_certificate_poller.result()
deleted_certificate_poller.wait()
print('deleted certificate {}'.format(deleted_certificate.name))
# list the deleted certificates
deleted_certs = certificate_client.list_deleted_certificates()
print('deleted certificates:')
for deleted_cert in deleted_certs:
print(deleted_cert.name)
# recover a deleted certificate
recovered_certificate_poller = certificate_client.begin_recover_deleted_certificate(
cert_to_recover)
recovered_certificate_certificate = recovered_certificate_poller.result(
)
print('recovered certificate {}'.format(
recovered_certificate_certificate.name))
# purge a deleted certificate
certificate_client.purge_deleted_certificate(cert_to_purge)
time.sleep(50)
print('purged certificate {}'.format(cert_to_purge))
# list the vault certificates
certificates = certificate_client.list_properties_of_certificates()
print("all of the certificates in the client's vault:")
for certificate in certificates:
print(certificate.name)
