def deleted_key_recovery(self): """ a sample of enumerating, retrieving, recovering and purging deleted keys from a key vault """ # create a vault enabling the soft delete feature vault = self.create_vault() # create a key client credential = DefaultAzureCredential() key_client = KeyClient(vault_url=vault.properties.vault_uri, credential=credential) # create keys in the vault key_to_recover = get_name('key') key_to_purge = get_name('key') key = key_client.create_key(key_to_recover, 'RSA') print('created key {}'.format(key.name)) key = key_client.create_key(key_to_purge, 'RSA') print('created key {}'.format(key.name)) # list the vault keys keys = key_client.list_properties_of_keys() print("keys:") for key in keys: print(key.name) # delete the keys key_client.begin_delete_key(key_to_recover).wait() print('deleted key {}'.format(key_to_recover)) key_client.begin_delete_key(key_to_purge).wait() print('deleted key {}'.format(key_to_purge)) # list the deleted keys deleted_keys = key_client.list_deleted_keys() print("deleted keys:") for deleted_key in deleted_keys: print(deleted_key.name) # recover a deleted key recover_key_poller = key_client.begin_recover_deleted_key( key_to_recover) recovered_key = recover_key_poller.result() print('recovered key {}'.format(recovered_key.name)) # purge a deleted key key_client.purge_deleted_key(key_to_purge) time.sleep(50) print('purged key {}'.format(key_to_purge)) # list the vaults key keys = key_client.list_properties_of_keys() print("all of the keys in the client's vault:") for key in keys: print(key.name)
credential = DefaultAzureCredential() client = KeyClient(vault_endpoint=VAULT_ENDPOINT, credential=credential) try: print("\n.. Create keys") rsa_key = client.create_rsa_key("rsaKeyName") ec_key = client.create_ec_key("ecKeyName") print("Created key '{0}' of type '{1}'.".format(rsa_key.name, rsa_key.key_type)) print("Created key '{0}' of type '{1}'.".format(ec_key.name, ec_key.key_type)) print("\n.. Delete the keys") for key_name in (ec_key.name, rsa_key.name): deleted_key = client.begin_delete_key(key_name).result() print("Deleted key '{0}'".format(deleted_key.name)) print("\n.. Recover a deleted key") recovered_key = client.begin_recover_deleted_key(rsa_key.name).result() print("Recovered key '{0}'".format(recovered_key.name)) # deleting the recovered key so it doesn't outlast this script client.begin_delete_key(recovered_key.name).wait() print("\n.. Purge keys") for key_name in (ec_key.name, rsa_key.name): client.purge_deleted_key(key_name) print("Purged '{}'".format(key_name)) except HttpResponseError as e: if "(NotSupported)" in e.message: print("\n{0} Please enable soft delete on Key Vault to perform this operation.".format(e.message)) else: print("\nrun_sample has caught an error. {0}".format(e.message))
print("\n.. Create keys") rsa_key = client.create_rsa_key("rsaKeyName") ec_key = client.create_ec_key("ecKeyName") print("Created key '{0}' of type '{1}'.".format(rsa_key.name, rsa_key.key_type)) print("Created key '{0}' of type '{1}'.".format(ec_key.name, ec_key.key_type)) print("\n.. Delete the keys") for key_name in (ec_key.name, rsa_key.name): client.begin_delete_key(key_name).wait() print("Deleted key '{0}'".format(key_name)) # A deleted key can only be recovered if the Key Vault is soft-delete enabled. print("\n.. Recover a deleted key") recover_key_poller = client.begin_recover_deleted_key(rsa_key.name) recovered_key = recover_key_poller.result() # This wait is just to ensure recovery is complete before we delete the key again recover_key_poller.wait() print("Recovered key '{0}'".format(recovered_key.name)) # To permanently delete the key, the deleted key needs to be purged. # Calling result() on the method will immediately return the `DeletedKey`, but calling wait() blocks # until the key is deleted server-side so it can be purged. client.begin_delete_key(recovered_key.name).wait() # Keys will still purge eventually on their scheduled purge date, but calling `purge_deleted_key` immediately # purges. print("\n.. Purge keys") for key_name in (ec_key.name, rsa_key.name):