async def run_sample():
# Instantiate a secret client that will be used to call the service.
# Notice that the client is using default Azure credentials.
# To make default credentials work, ensure that environment variables 'AZURE_CLIENT_ID',
# 'AZURE_CLIENT_SECRET' and 'AZURE_TENANT_ID' are set with the service principal credentials.
VAULT_URL = os.environ["VAULT_URL"]
credential = DefaultAzureCredential()
client = SecretClient(vault_url=VAULT_URL, credential=credential)
try:
# Let's create secrets holding storage and bank accounts credentials. If the secret
# already exists in the Key Vault, then a new version of the secret is created.
print("\n.. Create Secret")
bank_secret = await client.set_secret("listOpsBankSecretName",
"listOpsSecretValue1")
storage_secret = await client.set_secret("listOpsStorageSecretName",
"listOpsSecretValue2")
print("Secret with name '{0}' was created.".format(bank_secret.name))
print("Secret with name '{0}' was created.".format(
storage_secret.name))
# You need to check if any of the secrets are sharing same values.
# Let's list the secrets and print their values.
# List operations don 't return the secrets with value information.
# So, for each returned secret we call get_secret to get the secret with its value information.
print("\n.. List secrets from the Key Vault")
secrets = client.list_secrets()
async for secret in secrets:
retrieved_secret = await client.get_secret(secret.name)
print("Secret with name '{0}' with value '{1}' was found.".format(
retrieved_secret.name, retrieved_secret.value))
# The bank account password got updated, so you want to update the secret in Key Vault to ensure it reflects the
# new password. Calling set_secret on an existing secret creates a new version of the secret in the Key Vault
# with the new value.
updated_secret = await client.set_secret(bank_secret.name,
"newSecretValue")
print("Secret with name '{0}' was updated with new value '{1}'".format(
updated_secret.name, updated_secret.value))
# You need to check all the different values your bank account password secret had previously. Lets print all
# the versions of this secret.
print("\n.. List versions of the secret using its name")
secret_versions = client.list_secret_versions(bank_secret.name)
async for secret in secret_versions:
print("Bank Secret with name '{0}' has version: '{1}'".format(
secret.name, secret.version))
# The bank account and storage accounts got closed. Let's delete bank and storage accounts secrets.
await client.delete_secret(bank_secret.name)
await client.delete_secret(storage_secret.name)
# To ensure secret is deleted on the server side.
print("\nDeleting secrets...")
await asyncio.sleep(20)
# You can list all the deleted and non-purged secrets, assuming Key Vault is soft-delete enabled.
print("\n.. List deleted secrets from the Key Vault")
deleted_secrets = client.list_deleted_secrets()
async for deleted_secret in deleted_secrets:
print("Secret with name '{0}' has recovery id '{1}'".format(
deleted_secret.name, deleted_secret.recovery_id))
except HttpResponseError as e:
if "(NotSupported)" in e.message:
print(
"\n{0} Please enable soft delete on Key Vault to perform this operation."
.format(e.message))
else:
print("\nrun_sample has caught an error. {0}".format(e.message))
finally:
print("\nrun_sample done")
class ListSecretsTest(PerfStressTest):
def __init__(self, arguments):
super().__init__(arguments)
# Auth configuration
self.credential = DefaultAzureCredential()
self.async_credential = AsyncDefaultAzureCredential()
# Create clients
vault_url = self.get_from_env("AZURE_KEYVAULT_URL")
self.client = SecretClient(vault_url, self.credential,
**self._client_kwargs)
self.async_client = AsyncSecretClient(vault_url, self.async_credential,
**self._client_kwargs)
self.secret_names = [
"livekvtestlistperfsecret{}".format(i)
for i in range(self.args.count)
]
async def global_setup(self):
"""The global setup is run only once."""
# Validate that vault contains 0 secrets (including soft-deleted secrets), since additional secrets
# (including soft-deleted) impact performance.
async for secret in self.async_client.list_properties_of_secrets():
raise Exception(
"KeyVault %s must contain 0 secrets (including soft-deleted) before starting perf test"
% self.async_client.vault_url)
async for secret in self.async_client.list_deleted_secrets():
raise Exception(
"KeyVault %s must contain 0 secrets (including soft-deleted) before starting perf test"
% self.async_client.vault_url)
await super().global_setup()
create = [
self.async_client.set_secret(name, "secret-value")
for name in self.secret_names
]
await asyncio.wait(create)
async def global_cleanup(self):
"""The global cleanup is run only once."""
delete = [
self.async_client.delete_secret(name) for name in self.secret_names
]
await asyncio.wait(delete)
purge = [
self.async_client.purge_deleted_secret(name)
for name in self.secret_names
]
await asyncio.wait(purge)
await super().global_cleanup()
async def close(self):
"""This is run after cleanup."""
await self.async_client.close()
await self.async_credential.close()
await super().close()
def run_sync(self):
"""The synchronous perf test."""
secret_properties = self.client.list_properties_of_secrets()
# enumerate secrets to exercise paging code
list(secret_properties)
async def run_async(self):
"""The asynchronous perf test."""
secret_properties = self.async_client.list_properties_of_secrets()
# enumerate secrets to exercise paging code
async for _ in secret_properties:
pass
@staticmethod
def add_arguments(parser):
super(ListSecretsTest, ListSecretsTest).add_arguments(parser)
parser.add_argument("--count",
nargs="?",
type=int,
help="Number of secrets to list. Defaults to 10",
default=10)
