async def recover_deleted_key(self, name: str,
**kwargs: Mapping[str, Any]) -> Key:
"""Recovers the deleted key to its latest version.
The Recover Deleted Key operation is applicable for deleted keys in
soft-delete enabled vaults. It recovers the deleted key back to its
latest version under /keys. An attempt to recover an non-deleted key
will return an error. Consider this the inverse of the delete operation
on soft-delete enabled vaults. This operation requires the keys/recover
permission.
:param name: The name of the deleted key.
:type name: str
:returns: The recovered deleted key
:rtype: ~azure.keyvault.keys._models.Key
Example:
.. literalinclude:: ../tests/test_samples_keys_async.py
:start-after: [START recover_deleted_key]
:end-before: [END recover_deleted_key]
:language: python
:caption: Recovers the specified soft-deleted key
:dedent: 8
"""
bundle = await self._client.recover_deleted_key(
self.vault_url, name, **kwargs)
return Key._from_key_bundle(bundle)
async def restore_key(self, backup: bytes, **kwargs: Mapping[str, Any]) -> Key:
"""Restores a backed up key to a vault.
Imports a previously backed up key into Azure Key Vault, restoring the
key, its key identifier, attributes and access control policies. The
RESTORE operation may be used to import a previously backed up key.
Individual versions of a key cannot be restored. The key is restored in
its entirety with the same key name as it had when it was backed up. If
the key name is not available in the target Key Vault, the RESTORE
operation will be rejected. While the key name is retained during
restore, the final key identifier will change if the key is restored to
a different vault. Restore will restore all versions and preserve
version identifiers. The RESTORE operation is subject to security
constraints: The target Key Vault must be owned by the same Microsoft
Azure Subscription as the source Key Vault The user must have RESTORE
permission in the target Key Vault. This operation requires the
keys/restore permission.
:param backup: The raw bytes of the key backup
:type backup: bytes
:returns: The restored key
:rtype: ~azure.keyvault.keys._models.Key
:raises: ~azure.core.exceptions.ResourceExistsError if the client failed to retrieve the key
Example:
.. literalinclude:: ../tests/test_samples_keys_async.py
:start-after: [START restore_key]
:end-before: [END restore_key]
:language: python
:caption: Restores a backed up key to the vault
:dedent: 8
"""
bundle = await self._client.restore_key(self.vault_url, backup, error_map={409: ResourceExistsError}, **kwargs)
return Key._from_key_bundle(bundle)
async def get_key(self, name: str, version: Optional[str] = None, **kwargs: Mapping[str, Any]) -> Key:
"""Gets the public part of a stored key.
The get key operation is applicable to all key types. If the requested
key is symmetric, then no key material is released in the response.
This operation requires the keys/get permission.
:param name: The name of the key to get.
:type name: str
:param version: Retrieves a specific version of a key. If the version is None or an empty string,
the latest version of the key is returned
:type version: str
:returns: Key
:rtype: ~azure.keyvault.keys._models.Key
:raises: ~azure.core.exceptions.ResourceNotFoundError if the client failed to retrieve the key
Example:
.. literalinclude:: ../tests/test_samples_keys_async.py
:start-after: [START get_key]
:end-before: [END get_key]
:language: python
:caption: Retrieves a key from the key vault
:dedent: 8
"""
if version is None:
version = ""
bundle = await self._client.get_key(
self.vault_url, name, version, error_map={404: ResourceNotFoundError}, **kwargs
)
return Key._from_key_bundle(bundle)
async def import_key(self,
name: str,
key: List[str],
hsm: Optional[bool] = None,
enabled: Optional[bool] = None,
not_before: Optional[datetime] = None,
expires: Optional[datetime] = None,
tags: Optional[Dict[str, str]] = None,
**kwargs: Mapping[str, Any]) -> Key:
"""Imports an externally created key, stores it, and returns the key to the client.
The import key operation may be used to import any key type into an
Azure Key Vault. If the named key already exists, Azure Key Vault
creates a new version of the key. This operation requires the
keys/import permission.
:param name: Name for the imported key.
:type name: str
:param key: The Json web key
:type key: ~azure.security.keyvault.v7_0.models.JsonWebKey
:param hsm: Whether to import as a hardware key (HSM) or software key.
:type hsm: bool
:param enabled: Determines whether the object is enabled.
:type enabled: bool
:param expires: Expiry date of the key in UTC.
:type expires: datetime.datetime
:param not_before: Not before date of the key in UTC
:type not_before: datetime.datetime
:param tags: Application specific metadata in the form of key-value
pairs.
:type tags: Dict[str, str]
:returns: The imported key
:rtype: ~azure.keyvault.keys._models.Key
"""
if enabled is not None or not_before is not None or expires is not None:
attributes = self._client.models.KeyAttributes(
enabled=enabled, not_before=not_before, expires=expires)
else:
attributes = None
bundle = await self._client.import_key(self.vault_url,
name,
key=key,
hsm=hsm,
key_attributes=attributes,
tags=tags,
**kwargs)
return Key._from_key_bundle(bundle)
async def create_key(self,
name: str,
key_type: str,
size: Optional[int] = None,
curve: Optional[str] = None,
key_operations: Optional[List[str]] = None,
enabled: Optional[bool] = None,
expires: Optional[datetime] = None,
not_before: Optional[datetime] = None,
tags: Optional[Dict[str, str]] = None,
**kwargs: Mapping[str, Any]) -> Key:
"""Creates a new key, stores it, then returns the key to the client.
The create key operation can be used to create any key type in Azure
Key Vault. If the named key already exists, Azure Key Vault creates a
new version of the key. It requires the keys/create permission.
:param name: The name for the new key. The system will generate
the version name for the new key.
:type name: str
:param key_type: The type of key to create. For valid values, see
JsonWebKeyType. Possible values include: 'EC', 'EC-HSM', 'RSA',
'RSA-HSM', 'oct'
:param size: The key size in bits. For example: 2048, 3072, or
4096 for RSA.
:type size: int
:param curve: Elliptic curve name. If none then defaults to 'P-256'. For valid values, see
JsonWebKeyCurveName. Possible values include: 'P-256', 'P-384',
'P-521', 'SECP256K1'
:type curve: str or
:type key_type: str or ~azure.keyvault.keys._generated.v7_0.models.JsonWebKeyType
:param key_operations: Supported key operations.
:type key_operations: list[str or
~azure.keyvault.keys._generated.v7_0.models.JsonWebKeyOperation]
:param enabled: Determines whether the object is enabled.
:type enabled: bool
:param expires: Expiry date of the key in UTC.
:type expires: datetime.datetime
:param not_before: Not before date of the key in UTC
:type not_before: datetime.datetime
:param tags: Application specific metadata in the form of key-value
pairs.
:type tags: Dict[str, str]
:returns: The created key
:rtype: ~azure.keyvault.keys._models.Key
Example:
.. literalinclude:: ../tests/test_samples_keys_async.py
:start-after: [START create_key]
:end-before: [END create_key]
:language: python
:caption: Creates a key in the key vault
:dedent: 8
"""
if enabled is not None or not_before is not None or expires is not None:
attributes = self._client.models.KeyAttributes(
enabled=enabled, not_before=not_before, expires=expires)
else:
attributes = None
bundle = await self._client.create_key(
self.vault_url,
name,
key_type,
size,
key_attributes=attributes,
key_ops=key_operations,
tags=tags,
curve=curve,
**kwargs,
)
return Key._from_key_bundle(bundle)
async def update_key(self,
name: str,
version: Optional[str] = None,
key_operations: Optional[List[str]] = None,
enabled: Optional[bool] = None,
not_before: Optional[datetime] = None,
expires: Optional[datetime] = None,
tags: Optional[Dict[str, str]] = None,
**kwargs: Mapping[str, Any]) -> Key:
"""The update key operation changes specified attributes of a stored key
and can be applied to any key type and key version stored in Azure Key
Vault.
In order to perform this operation, the key must already exist in the
Key Vault. Note: The cryptographic material of a key itself cannot be
changed. This operation requires the keys/update permission.
:param name: The name of key to update.
:type name: str
:param version: The version of the key to update.
:type version: str
:param key_operations: Json web key operations. For more information on
possible key operations, see JsonWebKeyOperation.
:type key_operations: list[str or
~azure.keyvault.keys._generated.v7_0.models.JsonWebKeyOperation]
:param enabled: Determines whether the object is enabled.
:type enabled: bool
:param expires: Expiry date of the key in UTC.
:type expires: datetime.datetime
:param not_before: Not before date of the key in UTC
:type not_before: datetime.datetime
:param tags: Application specific metadata in the form of key-value
pairs.
:type tags: Dict[str, str]
:returns: The updated key
:rtype: ~azure.security.keyvault.v7_0.models.Key
:raises: ~azure.core.exceptions.ResourceNotFoundError if the client failed to retrieve the key
Example:
.. literalinclude:: ../tests/test_samples_keys_async.py
:start-after: [START update_key]
:end-before: [END update_key]
:language: python
:caption: Updates a key in the key vault
:dedent: 8
"""
if enabled is not None or not_before is not None or expires is not None:
attributes = self._client.models.KeyAttributes(
enabled=enabled, not_before=not_before, expires=expires)
else:
attributes = None
bundle = await self._client.update_key(
self.vault_url,
name,
key_version=version or "",
key_ops=key_operations,
tags=tags,
key_attributes=attributes,
error_map={404: ResourceNotFoundError},
**kwargs,
)
return Key._from_key_bundle(bundle)
