for secret in secrets: retrieved_secret = client.get_secret(secret.name) print("Secret with name '{0}' and value {1} was found.".format( retrieved_secret.name, retrieved_secret.name)) # The bank account password got updated, so you want to update the secret in Key Vault to ensure it reflects the # new password. Calling set_secret on an existing secret creates a new version of the secret in the Key Vault # with the new value. updated_secret = client.set_secret(bank_secret.name, "newSecretValue") print("Secret with name '{0}' was updated with new value '{1}'".format( updated_secret.name, updated_secret.value)) # You need to check all the different values your bank account password secret had previously. Lets print all # the versions of this secret. print("\n.. List versions of the secret using its name") secret_versions = client.list_properties_of_secret_versions( bank_secret.name) for secret_version in secret_versions: print("Bank Secret with name '{0}' has version: '{1}'.".format( secret_version.name, secret_version.version)) # The bank account and storage accounts got closed. Let's delete bank and storage accounts secrets. # Calling result() on the method will immediately return the `DeletedSecret`, but calling wait() blocks # until the secret is deleted server-side. print("\n.. Deleting secrets...") client.begin_delete_secret(bank_secret.name).wait() client.begin_delete_secret(storage_secret.name).wait() # You can list all the deleted and non-purged secrets, assuming Key Vault is soft-delete enabled. print("\n.. List deleted secrets from the Key Vault") deleted_secrets = client.list_deleted_secrets() for deleted_secret in deleted_secrets:
def run_sample(): # Instantiate a secret client that will be used to call the service. Notice that the client is using default Azure # credentials. To make default credentials work, ensure that environment variables 'AZURE_CLIENT_ID', # 'AZURE_CLIENT_SECRET' and 'AZURE_TENANT_ID' are set with the service principal credentials. VAULT_ENDPOINT = os.environ["VAULT_ENDPOINT"] credential = DefaultAzureCredential() client = SecretClient(vault_endpoint=VAULT_ENDPOINT, credential=credential) try: # Let's create secrets holding storage and bank accounts credentials. If the secret # already exists in the Key Vault, then a new version of the secret is created. print("\n.. Create Secret") bank_secret = client.set_secret("listOpsBankSecretName", "listOpsSecretValue1") storage_secret = client.set_secret("listOpsStorageSecretName", "listOpsSecretValue2") print("Secret with name '{0}' was created.".format(bank_secret.name)) print("Secret with name '{0}' was created.".format(storage_secret.name)) # You need to check if any of the secrets are sharing same values. # Let's list the secrets and print their values. # List operations don 't return the secrets with value information. # So, for each returned secret we call get_secret to get the secret with its value information. print("\n.. List secrets from the Key Vault") secrets = client.list_properties_of_secrets() for secret in secrets: retrieved_secret = client.get_secret(secret.name) print( "Secret with name '{0}' and value {1} was found.".format(retrieved_secret.name, retrieved_secret.name) ) # The bank account password got updated, so you want to update the secret in Key Vault to ensure it reflects the # new password. Calling set_secret on an existing secret creates a new version of the secret in the Key Vault # with the new value. updated_secret = client.set_secret(bank_secret.name, "newSecretValue") print( "Secret with name '{0}' was updated with new value '{1}'".format(updated_secret.name, updated_secret.value) ) # You need to check all the different values your bank account password secret had previously. Lets print all # the versions of this secret. print("\n.. List versions of the secret using its name") secret_versions = client.list_properties_of_secret_versions(bank_secret.name) for secret_version in secret_versions: print( "Bank Secret with name '{0}' has version: '{1}'.".format( secret_version.name, secret_version.version ) ) # The bank account and storage accounts got closed. Let's delete bank and storage accounts secrets. # Calling result() on the method will immediately return the `DeletedSecret`, but calling wait() blocks # until the secret is deleted server-side. print("\n.. Deleting secrets...") client.begin_delete_secret(bank_secret.name).wait() client.begin_delete_secret(storage_secret.name).wait() # You can list all the deleted and non-purged secrets, assuming Key Vault is soft-delete enabled. print("\n.. List deleted secrets from the Key Vault") deleted_secrets = client.list_deleted_secrets() for deleted_secret in deleted_secrets: print( "Secret with name '{0}' has recovery id '{1}'".format(deleted_secret.name, deleted_secret.recovery_id) ) except HttpResponseError as e: if "(NotSupported)" in e.message: print("\n{0} Please enable soft-delete on Key Vault to perform this operation.".format(e.message)) else: print("\nrun_sample has caught an error. {0}".format(e.message)) finally: print("\nrun_sample done")