bank_cert_name) for certificate_version in certificate_versions: print( "Bank Certificate with name '{0}' with version '{1}' has tags: '{2}'." .format(certificate_version.name, certificate_version.version, certificate_version.tags)) # The bank account and storage accounts got closed. Let's delete bank and storage accounts certificates. # We call wait() to ensure the certificate is deleted server side because the following method requires # server-side deletion to run properly. In most situations you will not have to call wait(). client.begin_delete_certificate(bank_cert_name).wait() client.begin_delete_certificate(storage_cert_name).wait() # You can list all the deleted and non-purged certificates, assuming Key Vault is soft-delete enabled. print("\n.. List deleted certificates from the Key Vault") deleted_certificates = client.list_deleted_certificates() for deleted_certificate in deleted_certificates: print("Certificate with name '{0}' has recovery id '{1}'".format( deleted_certificate.name, deleted_certificate.recovery_id)) except HttpResponseError as e: if "(NotSupported)" in e.message: print( "\n{0} Please enable soft delete on Key Vault to perform this operation." .format(e.message)) else: print("\nrun_sample has caught an error. {0}".format(e.message)) finally: print("\nrun_sample done")
tenant_id=os.environ["KEYVAULT_TENANT_ID"], client_id=os.environ["KEYVAULT_CLIENT_ID"], client_secret=os.environ["KEYVAULT_CLIENT_SECRET"]) cert_client = CertificateClient(os.environ["AZURE_KEYVAULT_URL"], credential) key_client = KeyClient(os.environ["AZURE_KEYVAULT_URL"], credential) secret_client = SecretClient(os.environ["AZURE_KEYVAULT_URL"], credential) test_certificates = [ c for c in cert_client.list_properties_of_certificates() if c.name.startswith("livekvtest") ] for certificate in test_certificates: cert_client.begin_delete_certificate(certificate.name).wait() deleted_test_certificates = [ c for c in cert_client.list_deleted_certificates() if c.name.startswith("livekvtest") ] for certificate in deleted_test_certificates: cert_client.purge_deleted_certificate(certificate.name) test_keys = [ k for k in key_client.list_properties_of_keys() if k.name.startswith("livekvtest") ] for key in test_keys: key_client.begin_delete_key(key.name).wait() deleted_test_keys = [ k for k in key_client.list_deleted_keys() if k.name.startswith("livekvtest") ]
def deleted_certificate_recovery(self): """ a sample of enumerating, retrieving, recovering and purging deleted certificates from a key vault """ # create a vault enabling the soft delete feature vault = self.create_vault() # create a certificate client credential = DefaultAzureCredential() certificate_client = CertificateClient( vault_url=vault.properties.vault_uri, credential=credential) # create certificates in the vault cert_to_recover = get_name('cert') cert_to_purge = get_name('cert') create_certificate_poller = certificate_client.begin_create_certificate( cert_to_recover, policy=CertificatePolicy.get_default()) created_certificate = create_certificate_poller.result() print('created certificate {}'.format(created_certificate.name)) create_certificate_poller = certificate_client.begin_create_certificate( cert_to_purge, policy=CertificatePolicy.get_default()) created_certificate = create_certificate_poller.result() print('created certificate {}'.format(created_certificate.name)) # list the vault certificates certificates = certificate_client.list_properties_of_certificates() print('list the vault certificates') for certificate in certificates: print(certificate.name) # delete the certificates deleted_certificate_poller = certificate_client.begin_delete_certificate( cert_to_recover) deleted_certificate = deleted_certificate_poller.result() deleted_certificate_poller.wait() print('deleted certificate {}'.format(deleted_certificate.name)) deleted_certificate_poller = certificate_client.begin_delete_certificate( cert_to_purge) deleted_certificate = deleted_certificate_poller.result() deleted_certificate_poller.wait() print('deleted certificate {}'.format(deleted_certificate.name)) # list the deleted certificates deleted_certs = certificate_client.list_deleted_certificates() print('deleted certificates:') for deleted_cert in deleted_certs: print(deleted_cert.name) # recover a deleted certificate recovered_certificate_poller = certificate_client.begin_recover_deleted_certificate( cert_to_recover) recovered_certificate_certificate = recovered_certificate_poller.result( ) print('recovered certificate {}'.format( recovered_certificate_certificate.name)) # purge a deleted certificate certificate_client.purge_deleted_certificate(cert_to_purge) time.sleep(50) print('purged certificate {}'.format(cert_to_purge)) # list the vault certificates certificates = certificate_client.list_properties_of_certificates() print("all of the certificates in the client's vault:") for certificate in certificates: print(certificate.name)
tenant_id=os.environ["KEYVAULT_TENANT_ID"], client_id=os.environ["KEYVAULT_CLIENT_ID"], client_secret=os.environ["KEYVAULT_CLIENT_SECRET"]) cert_client = CertificateClient(os.environ["AZURE_KEYVAULT_URL"], credential) key_client = KeyClient(os.environ["AZURE_KEYVAULT_URL"], credential) secret_client = SecretClient(os.environ["AZURE_KEYVAULT_URL"], credential) test_certificates = [ c for c in cert_client.list_properties_of_certificates() if c.name.startswith("livekvtest") ] for certificate in test_certificates: cert_client.begin_delete_certificate(certificate.name).wait() deleted_test_certificates = [ c for c in cert_client.list_deleted_certificates(include_pending=True) if c.name.startswith("livekvtest") ] for certificate in deleted_test_certificates: cert_client.purge_deleted_certificate(certificate.name) test_keys = [ k for k in key_client.list_properties_of_keys() if k.name.startswith("livekvtest") ] for key in test_keys: key_client.begin_delete_key(key.name).wait() deleted_test_keys = [ k for k in key_client.list_deleted_keys() if k.name.startswith("livekvtest") ]