def deleted_key_recovery(self):
"""
a sample of enumerating, retrieving, recovering and purging deleted keys from a key vault
"""
# create a vault enabling the soft delete feature
vault = self.create_vault()
# create a key client
credential = DefaultAzureCredential()
key_client = KeyClient(vault_url=vault.properties.vault_uri,
credential=credential)
# create keys in the vault
key_to_recover = get_name('key')
key_to_purge = get_name('key')
key = key_client.create_key(key_to_recover, 'RSA')
print('created key {}'.format(key.name))
key = key_client.create_key(key_to_purge, 'RSA')
print('created key {}'.format(key.name))
# list the vault keys
keys = key_client.list_properties_of_keys()
print("keys:")
for key in keys:
print(key.name)
# delete the keys
key_client.begin_delete_key(key_to_recover).wait()
print('deleted key {}'.format(key_to_recover))
key_client.begin_delete_key(key_to_purge).wait()
print('deleted key {}'.format(key_to_purge))
# list the deleted keys
deleted_keys = key_client.list_deleted_keys()
print("deleted keys:")
for deleted_key in deleted_keys:
print(deleted_key.name)
# recover a deleted key
recover_key_poller = key_client.begin_recover_deleted_key(
key_to_recover)
recovered_key = recover_key_poller.result()
print('recovered key {}'.format(recovered_key.name))
# purge a deleted key
key_client.purge_deleted_key(key_to_purge)
time.sleep(50)
print('purged key {}'.format(key_to_purge))
# list the vaults key
keys = key_client.list_properties_of_keys()
print("all of the keys in the client's vault:")
for key in keys:
print(key.name)
credential = DefaultAzureCredential()
client = KeyClient(vault_endpoint=VAULT_ENDPOINT, credential=credential)
try:
print("\n.. Create keys")
rsa_key = client.create_rsa_key("rsaKeyName")
ec_key = client.create_ec_key("ecKeyName")
print("Created key '{0}' of type '{1}'.".format(rsa_key.name, rsa_key.key_type))
print("Created key '{0}' of type '{1}'.".format(ec_key.name, ec_key.key_type))
print("\n.. Delete the keys")
for key_name in (ec_key.name, rsa_key.name):
deleted_key = client.begin_delete_key(key_name).result()
print("Deleted key '{0}'".format(deleted_key.name))
print("\n.. Recover a deleted key")
recovered_key = client.begin_recover_deleted_key(rsa_key.name).result()
print("Recovered key '{0}'".format(recovered_key.name))
# deleting the recovered key so it doesn't outlast this script
client.begin_delete_key(recovered_key.name).wait()
print("\n.. Purge keys")
for key_name in (ec_key.name, rsa_key.name):
client.purge_deleted_key(key_name)
print("Purged '{}'".format(key_name))
except HttpResponseError as e:
if "(NotSupported)" in e.message:
print("\n{0} Please enable soft delete on Key Vault to perform this operation.".format(e.message))
else:
print("\nrun_sample has caught an error. {0}".format(e.message))
print("\n.. Create keys")
rsa_key = client.create_rsa_key("rsaKeyName")
ec_key = client.create_ec_key("ecKeyName")
print("Created key '{0}' of type '{1}'.".format(rsa_key.name,
rsa_key.key_type))
print("Created key '{0}' of type '{1}'.".format(ec_key.name, ec_key.key_type))
print("\n.. Delete the keys")
for key_name in (ec_key.name, rsa_key.name):
client.begin_delete_key(key_name).wait()
print("Deleted key '{0}'".format(key_name))
# A deleted key can only be recovered if the Key Vault is soft-delete enabled.
print("\n.. Recover a deleted key")
recover_key_poller = client.begin_recover_deleted_key(rsa_key.name)
recovered_key = recover_key_poller.result()
# This wait is just to ensure recovery is complete before we delete the key again
recover_key_poller.wait()
print("Recovered key '{0}'".format(recovered_key.name))
# To permanently delete the key, the deleted key needs to be purged.
# Calling result() on the method will immediately return the `DeletedKey`, but calling wait() blocks
# until the key is deleted server-side so it can be purged.
client.begin_delete_key(recovered_key.name).wait()
# Keys will still purge eventually on their scheduled purge date, but calling `purge_deleted_key` immediately
# purges.
print("\n.. Purge keys")
for key_name in (ec_key.name, rsa_key.name):
