def backup_restore_certificate(self):
"""
backs up a key vault certificate and restores it to another key vault
"""
# create a key vault
first_vault = self.create_vault()
# create a certificate client
credential = DefaultAzureCredential()
first_certificate_client = CertificateClient(
vault_url=first_vault.properties.vault_uri, credential=credential)
# add a certificate to the vault
certificate_name = get_name('certificate')
certificate = first_certificate_client.begin_create_certificate(
certificate_name, CertificatePolicy.get_default()).result()
print('created certificate {}'.format(certificate.name))
# list the certificates in the vault
certificate_properties = first_certificate_client.list_properties_of_certificates(
)
print("all of the certificates in the client's vault:")
for certificate_property in certificate_properties:
print(certificate_property.name)
# backup the certificate
backup = first_certificate_client.backup_certificate(certificate_name)
print('backed up certificate {}'.format(certificate_name))
# create a second vault
second_vault = self.create_vault()
# create a certificate client
second_certificate_client = CertificateClient(
vault_url=second_vault.properties.vault_uri, credential=credential)
# restore the certificate to the new vault
restored = second_certificate_client.restore_certificate_backup(backup)
print('restored certificate {}'.format(restored.name))
# list the certificates in the new vault
certificate_properties = second_certificate_client.list_properties_of_certificates(
)
print("all of the certificates in the new vault:")
for certificate_property in certificate_properties:
print(certificate_property.name)
# A long running poller is returned for the create certificate operation.
create_certificate_poller = client.begin_create_certificate(
name=cert_name, policy=CertificatePolicy.get_default())
# The result call awaits the completion of the create certificate operation and returns the final result.
# It will return a certificate if creation is successful, and will return the CertificateOperation if not.
certificate = create_certificate_poller.result()
print("Certificate with name '{0}' created.".format(cert_name))
# Backups are good to have, if in case certificates gets deleted accidentally.
# For long term storage, it is ideal to write the backup to a file.
print("\n.. Create a backup for an existing certificate")
certificate_backup = client.backup_certificate(name=cert_name)
print("Backup created for certificate with name '{0}'.".format(cert_name))
# The storage account certificate is no longer in use, so you can delete it.
print("\n.. Delete the certificate")
client.delete_certificate(name=cert_name)
print("Deleted certificate '{0}'".format(cert_name))
# In future, if the certificate is required again, we can use the backup value to restore it in the Key Vault.
print("\n.. Restore the certificate from the backup")
certificate = client.restore_certificate_backup(certificate_backup)
print("Restored Certificate with name '{0}'".format(certificate.name))
except HttpResponseError as e:
print("\nrun_sample has caught an error. {0}".format(e.message))
finally:
print("\nrun_sample done")
