def run_sample(): # Instantiate a secret client that will be used to call the service. # Notice that the client is using default Azure credentials. # To make default credentials work, ensure that environment variables 'AZURE_CLIENT_ID', # 'AZURE_CLIENT_SECRET' and 'AZURE_TENANT_ID' are set with the service principal credentials. VAULT_URL = os.environ["VAULT_URL"] credential = DefaultAzureCredential() client = SecretClient(vault_url=VAULT_URL, credential=credential) try: # Let's create secrets holding storage and bank accounts credentials. If the secret # already exists in the Key Vault, then a new version of the secret is created. print("\n1. Create Secret") bank_secret = client.set_secret("recoverPurgeBankSecretName", "recoverPurgeSecretValue1") storage_secret = client.set_secret("recoverPurgeStorageSecretName", "recoverPurgeSecretValue2") print("Secret with name '{0}' was created.".format(bank_secret.name)) print("Secret with name '{0}' was created.".format( storage_secret.name)) # The storage account was closed, need to delete its credentials from the Key Vault. print("\n2. Delete a Secret") secret = client.delete_secret(bank_secret.name) time.sleep(20) print("Secret with name '{0}' was deleted on date {1}.".format( secret.name, secret.deleted_date)) # We accidentally deleted the bank account secret. Let's recover it. # A deleted secret can only be recovered if the Key Vault is soft-delete enabled. print("\n3. Recover Deleted Secret") recovered_secret = client.recover_deleted_secret(bank_secret.name) print("Recovered Secret with name '{0}'.".format( recovered_secret.name)) # Let's delete storage account now. # If the keyvault is soft-delete enabled, then for permanent deletion deleted secret needs to be purged. client.delete_secret(storage_secret.name) # To ensure secret is deleted on the server side. print("\nDeleting Storage Secret...") time.sleep(20) # To ensure permanent deletion, we might need to purge the secret. print("\n4. Purge Deleted Secret") client.purge_deleted_secret(storage_secret.name) print("Secret has been permanently deleted.") except HttpResponseError as e: if "(NotSupported)" in e.message: print( "\n{0} Please enable soft delete on Key Vault to perform this operation." .format(e.message)) else: print("\nrun_sample has caught an error. {0}".format(e.message)) finally: print("\nrun_sample done")
storage_secret = client.set_secret("recoverPurgeStorageSecretName", "recoverPurgeSecretValue2") print("Secret with name '{0}' was created.".format(bank_secret.name)) print("Secret with name '{0}' was created.".format(storage_secret.name)) # The storage account was closed, need to delete its credentials from the Key Vault. print("\n.. Delete a Secret") secret = client.delete_secret(bank_secret.name) time.sleep(20) print("Secret with name '{0}' was deleted on date {1}.".format( secret.name, secret.deleted_date)) # We accidentally deleted the bank account secret. Let's recover it. # A deleted secret can only be recovered if the Key Vault is soft-delete enabled. print("\n.. Recover Deleted Secret") recovered_secret = client.recover_deleted_secret(bank_secret.name) print("Recovered Secret with name '{0}'.".format(recovered_secret.name)) # Let's delete storage account now. # If the keyvault is soft-delete enabled, then for permanent deletion deleted secret needs to be purged. client.delete_secret(storage_secret.name) # To ensure secret is deleted on the server side. print("\nDeleting Storage Secret...") time.sleep(20) # To ensure permanent deletion, we might need to purge the secret. print("\n.. Purge Deleted Secret") client.purge_deleted_secret(storage_secret.name) print("Secret has been permanently deleted.")