def deleted_key_recovery(self):
"""
a sample of enumerating, retrieving, recovering and purging deleted keys from a key vault
"""
# create a vault enabling the soft delete feature
vault = self.create_vault()
# create a key client
credential = DefaultAzureCredential()
key_client = KeyClient(vault_url=vault.properties.vault_uri,
credential=credential)
# create keys in the vault
key_to_recover = get_name('key')
key_to_purge = get_name('key')
key = key_client.create_key(key_to_recover, 'RSA')
print('created key {}'.format(key.name))
key = key_client.create_key(key_to_purge, 'RSA')
print('created key {}'.format(key.name))
# list the vault keys
keys = key_client.list_properties_of_keys()
print("keys:")
for key in keys:
print(key.name)
# delete the keys
key_client.begin_delete_key(key_to_recover).wait()
print('deleted key {}'.format(key_to_recover))
key_client.begin_delete_key(key_to_purge).wait()
print('deleted key {}'.format(key_to_purge))
# list the deleted keys
deleted_keys = key_client.list_deleted_keys()
print("deleted keys:")
for deleted_key in deleted_keys:
print(deleted_key.name)
# recover a deleted key
recover_key_poller = key_client.begin_recover_deleted_key(
key_to_recover)
recovered_key = recover_key_poller.result()
print('recovered key {}'.format(recovered_key.name))
# purge a deleted key
key_client.purge_deleted_key(key_to_purge)
time.sleep(50)
print('purged key {}'.format(key_to_purge))
# list the vaults key
keys = key_client.list_properties_of_keys()
print("all of the keys in the client's vault:")
for key in keys:
print(key.name)
def backup_restore_key(self):
"""
backs up a key vault key and restores it to another key vault
"""
# create a key vault
first_vault = self.create_vault()
# create a key client
credential = DefaultAzureCredential()
first_key_client = KeyClient(
vault_url=first_vault.properties.vault_uri, credential=credential)
# create a key in the vault
key_name = get_name('key')
key = first_key_client.create_key(key_name, 'RSA')
print('created key {}'.format(key.name))
# list the keys in the vault
keys = first_key_client.list_properties_of_keys()
print("keys in the first vault:")
for key in keys:
print(key.name)
# backup the key
backup = first_key_client.backup_key(key_name)
print('backed up key {}'.format(key_name))
# create a second vault
second_vault = self.create_vault()
# create a key client
second_key_client = KeyClient(
vault_url=second_vault.properties.vault_uri, credential=credential)
# restore the key to the new vault
restored = second_key_client.restore_key_backup(backup)
print('restored secret {}'.format(restored.name))
# list the keys in the new vault
keys = second_key_client.list_properties_of_keys()
print("keys in the second vault:")
for key in keys:
print(key.name)
client = KeyClient(vault_url=VAULT_URL, credential=credential)
# Let's create keys with RSA and EC type. If the key
# already exists in the Key Vault, then a new version of the key is created.
print("\n.. Create Key")
rsa_key = client.create_rsa_key("rsaKeyName")
ec_key = client.create_ec_key("ecKeyName")
print("Key with name '{0}' was created of type '{1}'.".format(rsa_key.name, rsa_key.key_type))
print("Key with name '{0}' was created of type '{1}'.".format(ec_key.name, ec_key.key_type))
# You need to check the type of all the keys in the vault.
# Let's list the keys and print their key types.
# List operations don 't return the keys with their type information.
# So, for each returned key we call get_key to get the key with its type information.
print("\n.. List keys from the Key Vault")
keys = client.list_properties_of_keys()
for key in keys:
retrieved_key = client.get_key(key.name)
print(
"Key with name '{0}' with type '{1}' was found.".format(retrieved_key.name, retrieved_key.key_type)
)
# The rsa key size now should now be 3072, default - 2048. So you want to update the key in Key Vault to ensure
# it reflects the new key size. Calling create_rsa_key on an existing key creates a new version of the key in
# the Key Vault with the new key size.
new_key = client.create_rsa_key(rsa_key.name, size=3072)
print("New version was created for Key with name '{0}' with the updated size.".format(new_key.name))
# You should have more than one version of the rsa key at this time. Lets print all the versions of this key.
print("\n.. List versions of a key using its name")
key_versions = client.list_properties_of_key_versions(rsa_key.name)
test_certificates = [
c for c in cert_client.list_properties_of_certificates()
if c.name.startswith("livekvtest")
]
for certificate in test_certificates:
cert_client.begin_delete_certificate(certificate.name).wait()
deleted_test_certificates = [
c for c in cert_client.list_deleted_certificates()
if c.name.startswith("livekvtest")
]
for certificate in deleted_test_certificates:
cert_client.purge_deleted_certificate(certificate.name)
test_keys = [
k for k in key_client.list_properties_of_keys()
if k.name.startswith("livekvtest")
]
for key in test_keys:
key_client.begin_delete_key(key.name).wait()
deleted_test_keys = [
k for k in key_client.list_deleted_keys()
if k.name.startswith("livekvtest")
]
for key in deleted_test_keys:
key_client.purge_deleted_key(key.name)
test_secrets = [
s for s in secret_client.list_properties_of_secrets()
if s.name.startswith("livekvtest")
]
