Exemplo n.º 1
0
    async def recover_deleted_key(self, name: str,
                                  **kwargs: Mapping[str, Any]) -> Key:
        """Recovers the deleted key to its latest version.

        The Recover Deleted Key operation is applicable for deleted keys in
        soft-delete enabled vaults. It recovers the deleted key back to its
        latest version under /keys. An attempt to recover an non-deleted key
        will return an error. Consider this the inverse of the delete operation
        on soft-delete enabled vaults. This operation requires the keys/recover
        permission.

        :param name: The name of the deleted key.
        :type name: str
        :returns: The recovered deleted key
        :rtype: ~azure.keyvault.keys._models.Key

        Example:
            .. literalinclude:: ../tests/test_samples_keys_async.py
                :start-after: [START recover_deleted_key]
                :end-before: [END recover_deleted_key]
                :language: python
                :caption: Recovers the specified soft-deleted key
                :dedent: 8
        """
        bundle = await self._client.recover_deleted_key(
            self.vault_url, name, **kwargs)
        return Key._from_key_bundle(bundle)
Exemplo n.º 2
0
    async def restore_key(self, backup: bytes, **kwargs: Mapping[str, Any]) -> Key:
        """Restores a backed up key to a vault.

        Imports a previously backed up key into Azure Key Vault, restoring the
        key, its key identifier, attributes and access control policies. The
        RESTORE operation may be used to import a previously backed up key.
        Individual versions of a key cannot be restored. The key is restored in
        its entirety with the same key name as it had when it was backed up. If
        the key name is not available in the target Key Vault, the RESTORE
        operation will be rejected. While the key name is retained during
        restore, the final key identifier will change if the key is restored to
        a different vault. Restore will restore all versions and preserve
        version identifiers. The RESTORE operation is subject to security
        constraints: The target Key Vault must be owned by the same Microsoft
        Azure Subscription as the source Key Vault The user must have RESTORE
        permission in the target Key Vault. This operation requires the
        keys/restore permission.

        :param backup: The raw bytes of the key backup
        :type backup: bytes
        :returns: The restored key
        :rtype: ~azure.keyvault.keys._models.Key
        :raises: ~azure.core.exceptions.ResourceExistsError if the client failed to retrieve the key

        Example:
            .. literalinclude:: ../tests/test_samples_keys_async.py
                :start-after: [START restore_key]
                :end-before: [END restore_key]
                :language: python
                :caption: Restores a backed up key to the vault
                :dedent: 8
        """
        bundle = await self._client.restore_key(self.vault_url, backup, error_map={409: ResourceExistsError}, **kwargs)
        return Key._from_key_bundle(bundle)
Exemplo n.º 3
0
    async def get_key(self, name: str, version: Optional[str] = None, **kwargs: Mapping[str, Any]) -> Key:
        """Gets the public part of a stored key.

        The get key operation is applicable to all key types. If the requested
        key is symmetric, then no key material is released in the response.
        This operation requires the keys/get permission.

        :param name: The name of the key to get.
        :type name: str
        :param version: Retrieves a specific version of a key. If the version is None or an empty string,
         the latest version of the key is returned
        :type version: str
        :returns: Key
        :rtype: ~azure.keyvault.keys._models.Key
        :raises: ~azure.core.exceptions.ResourceNotFoundError if the client failed to retrieve the key

        Example:
            .. literalinclude:: ../tests/test_samples_keys_async.py
                :start-after: [START get_key]
                :end-before: [END get_key]
                :language: python
                :caption: Retrieves a key from the key vault
                :dedent: 8
        """
        if version is None:
            version = ""

        bundle = await self._client.get_key(
            self.vault_url, name, version, error_map={404: ResourceNotFoundError}, **kwargs
        )
        return Key._from_key_bundle(bundle)
Exemplo n.º 4
0
    async def import_key(self,
                         name: str,
                         key: List[str],
                         hsm: Optional[bool] = None,
                         enabled: Optional[bool] = None,
                         not_before: Optional[datetime] = None,
                         expires: Optional[datetime] = None,
                         tags: Optional[Dict[str, str]] = None,
                         **kwargs: Mapping[str, Any]) -> Key:
        """Imports an externally created key, stores it, and returns the key to the client.

        The import key operation may be used to import any key type into an
        Azure Key Vault. If the named key already exists, Azure Key Vault
        creates a new version of the key. This operation requires the
        keys/import permission.

        :param name: Name for the imported key.
        :type name: str
        :param key: The Json web key
        :type key: ~azure.security.keyvault.v7_0.models.JsonWebKey
        :param hsm: Whether to import as a hardware key (HSM) or software key.
        :type hsm: bool
        :param enabled: Determines whether the object is enabled.
        :type enabled: bool
        :param expires: Expiry date of the key  in UTC.
        :type expires: datetime.datetime
        :param not_before: Not before date of the key in UTC
        :type not_before: datetime.datetime
        :param tags: Application specific metadata in the form of key-value
         pairs.
        :type tags: Dict[str, str]
        :returns: The imported key
        :rtype: ~azure.keyvault.keys._models.Key

        """
        if enabled is not None or not_before is not None or expires is not None:
            attributes = self._client.models.KeyAttributes(
                enabled=enabled, not_before=not_before, expires=expires)
        else:
            attributes = None
        bundle = await self._client.import_key(self.vault_url,
                                               name,
                                               key=key,
                                               hsm=hsm,
                                               key_attributes=attributes,
                                               tags=tags,
                                               **kwargs)
        return Key._from_key_bundle(bundle)
Exemplo n.º 5
0
    async def create_key(self,
                         name: str,
                         key_type: str,
                         size: Optional[int] = None,
                         curve: Optional[str] = None,
                         key_operations: Optional[List[str]] = None,
                         enabled: Optional[bool] = None,
                         expires: Optional[datetime] = None,
                         not_before: Optional[datetime] = None,
                         tags: Optional[Dict[str, str]] = None,
                         **kwargs: Mapping[str, Any]) -> Key:
        """Creates a new key, stores it, then returns the key to the client.

        The create key operation can be used to create any key type in Azure
        Key Vault. If the named key already exists, Azure Key Vault creates a
        new version of the key. It requires the keys/create permission.

        :param name: The name for the new key. The system will generate
         the version name for the new key.
        :type name: str
        :param key_type: The type of key to create. For valid values, see
         JsonWebKeyType. Possible values include: 'EC', 'EC-HSM', 'RSA',
         'RSA-HSM', 'oct'
        :param size: The key size in bits. For example: 2048, 3072, or
         4096 for RSA.
        :type size: int
        :param curve: Elliptic curve name. If none then defaults to 'P-256'. For valid values, see
         JsonWebKeyCurveName. Possible values include: 'P-256', 'P-384',
         'P-521', 'SECP256K1'
        :type curve: str or
        :type key_type: str or ~azure.keyvault.keys._generated.v7_0.models.JsonWebKeyType
        :param key_operations: Supported key operations.
        :type key_operations: list[str or
         ~azure.keyvault.keys._generated.v7_0.models.JsonWebKeyOperation]
        :param enabled: Determines whether the object is enabled.
        :type enabled: bool
        :param expires: Expiry date of the key in UTC.
        :type expires: datetime.datetime
        :param not_before: Not before date of the key in UTC
        :type not_before: datetime.datetime
        :param tags: Application specific metadata in the form of key-value
         pairs.
        :type tags: Dict[str, str]
        :returns: The created key
        :rtype: ~azure.keyvault.keys._models.Key

        Example:
            .. literalinclude:: ../tests/test_samples_keys_async.py
                :start-after: [START create_key]
                :end-before: [END create_key]
                :language: python
                :caption: Creates a key in the key vault
                :dedent: 8
        """
        if enabled is not None or not_before is not None or expires is not None:
            attributes = self._client.models.KeyAttributes(
                enabled=enabled, not_before=not_before, expires=expires)
        else:
            attributes = None

        bundle = await self._client.create_key(
            self.vault_url,
            name,
            key_type,
            size,
            key_attributes=attributes,
            key_ops=key_operations,
            tags=tags,
            curve=curve,
            **kwargs,
        )
        return Key._from_key_bundle(bundle)
Exemplo n.º 6
0
    async def update_key(self,
                         name: str,
                         version: Optional[str] = None,
                         key_operations: Optional[List[str]] = None,
                         enabled: Optional[bool] = None,
                         not_before: Optional[datetime] = None,
                         expires: Optional[datetime] = None,
                         tags: Optional[Dict[str, str]] = None,
                         **kwargs: Mapping[str, Any]) -> Key:
        """The update key operation changes specified attributes of a stored key
        and can be applied to any key type and key version stored in Azure Key
        Vault.

        In order to perform this operation, the key must already exist in the
        Key Vault. Note: The cryptographic material of a key itself cannot be
        changed. This operation requires the keys/update permission.

        :param name: The name of key to update.
        :type name: str
        :param version: The version of the key to update.
        :type version: str
        :param key_operations: Json web key operations. For more information on
         possible key operations, see JsonWebKeyOperation.
        :type key_operations: list[str or
         ~azure.keyvault.keys._generated.v7_0.models.JsonWebKeyOperation]
        :param enabled: Determines whether the object is enabled.
        :type enabled: bool
        :param expires: Expiry date of the key in UTC.
        :type expires: datetime.datetime
        :param not_before: Not before date of the key in UTC
        :type not_before: datetime.datetime
        :param tags: Application specific metadata in the form of key-value
         pairs.
        :type tags: Dict[str, str]
        :returns: The updated key
        :rtype: ~azure.security.keyvault.v7_0.models.Key
        :raises: ~azure.core.exceptions.ResourceNotFoundError if the client failed to retrieve the key

        Example:
            .. literalinclude:: ../tests/test_samples_keys_async.py
                :start-after: [START update_key]
                :end-before: [END update_key]
                :language: python
                :caption: Updates a key in the key vault
                :dedent: 8
        """
        if enabled is not None or not_before is not None or expires is not None:
            attributes = self._client.models.KeyAttributes(
                enabled=enabled, not_before=not_before, expires=expires)
        else:
            attributes = None

        bundle = await self._client.update_key(
            self.vault_url,
            name,
            key_version=version or "",
            key_ops=key_operations,
            tags=tags,
            key_attributes=attributes,
            error_map={404: ResourceNotFoundError},
            **kwargs,
        )
        return Key._from_key_bundle(bundle)