def deleted_key_recovery(self): """ a sample of enumerating, retrieving, recovering and purging deleted keys from a key vault """ # create a vault enabling the soft delete feature vault = self.create_vault() # create a key client credential = DefaultAzureCredential() key_client = KeyClient(vault_url=vault.properties.vault_uri, credential=credential) # create keys in the vault key_to_recover = get_name('key') key_to_purge = get_name('key') key = key_client.create_key(key_to_recover, 'RSA') print('created key {}'.format(key.name)) key = key_client.create_key(key_to_purge, 'RSA') print('created key {}'.format(key.name)) # list the vault keys keys = key_client.list_properties_of_keys() print("keys:") for key in keys: print(key.name) # delete the keys key_client.begin_delete_key(key_to_recover).wait() print('deleted key {}'.format(key_to_recover)) key_client.begin_delete_key(key_to_purge).wait() print('deleted key {}'.format(key_to_purge)) # list the deleted keys deleted_keys = key_client.list_deleted_keys() print("deleted keys:") for deleted_key in deleted_keys: print(deleted_key.name) # recover a deleted key recover_key_poller = key_client.begin_recover_deleted_key( key_to_recover) recovered_key = recover_key_poller.result() print('recovered key {}'.format(recovered_key.name)) # purge a deleted key key_client.purge_deleted_key(key_to_purge) time.sleep(50) print('purged key {}'.format(key_to_purge)) # list the vaults key keys = key_client.list_properties_of_keys() print("all of the keys in the client's vault:") for key in keys: print(key.name)
def backup_restore_key(self): """ backs up a key vault key and restores it to another key vault """ # create a key vault first_vault = self.create_vault() # create a key client credential = DefaultAzureCredential() first_key_client = KeyClient( vault_url=first_vault.properties.vault_uri, credential=credential) # create a key in the vault key_name = get_name('key') key = first_key_client.create_key(key_name, 'RSA') print('created key {}'.format(key.name)) # list the keys in the vault keys = first_key_client.list_properties_of_keys() print("keys in the first vault:") for key in keys: print(key.name) # backup the key backup = first_key_client.backup_key(key_name) print('backed up key {}'.format(key_name)) # create a second vault second_vault = self.create_vault() # create a key client second_key_client = KeyClient( vault_url=second_vault.properties.vault_uri, credential=credential) # restore the key to the new vault restored = second_key_client.restore_key_backup(backup) print('restored secret {}'.format(restored.name)) # list the keys in the new vault keys = second_key_client.list_properties_of_keys() print("keys in the second vault:") for key in keys: print(key.name)
client = KeyClient(vault_url=VAULT_URL, credential=credential) # Let's create keys with RSA and EC type. If the key # already exists in the Key Vault, then a new version of the key is created. print("\n.. Create Key") rsa_key = client.create_rsa_key("rsaKeyName") ec_key = client.create_ec_key("ecKeyName") print("Key with name '{0}' was created of type '{1}'.".format(rsa_key.name, rsa_key.key_type)) print("Key with name '{0}' was created of type '{1}'.".format(ec_key.name, ec_key.key_type)) # You need to check the type of all the keys in the vault. # Let's list the keys and print their key types. # List operations don 't return the keys with their type information. # So, for each returned key we call get_key to get the key with its type information. print("\n.. List keys from the Key Vault") keys = client.list_properties_of_keys() for key in keys: retrieved_key = client.get_key(key.name) print( "Key with name '{0}' with type '{1}' was found.".format(retrieved_key.name, retrieved_key.key_type) ) # The rsa key size now should now be 3072, default - 2048. So you want to update the key in Key Vault to ensure # it reflects the new key size. Calling create_rsa_key on an existing key creates a new version of the key in # the Key Vault with the new key size. new_key = client.create_rsa_key(rsa_key.name, size=3072) print("New version was created for Key with name '{0}' with the updated size.".format(new_key.name)) # You should have more than one version of the rsa key at this time. Lets print all the versions of this key. print("\n.. List versions of a key using its name") key_versions = client.list_properties_of_key_versions(rsa_key.name)
test_certificates = [ c for c in cert_client.list_properties_of_certificates() if c.name.startswith("livekvtest") ] for certificate in test_certificates: cert_client.begin_delete_certificate(certificate.name).wait() deleted_test_certificates = [ c for c in cert_client.list_deleted_certificates() if c.name.startswith("livekvtest") ] for certificate in deleted_test_certificates: cert_client.purge_deleted_certificate(certificate.name) test_keys = [ k for k in key_client.list_properties_of_keys() if k.name.startswith("livekvtest") ] for key in test_keys: key_client.begin_delete_key(key.name).wait() deleted_test_keys = [ k for k in key_client.list_deleted_keys() if k.name.startswith("livekvtest") ] for key in deleted_test_keys: key_client.purge_deleted_key(key.name) test_secrets = [ s for s in secret_client.list_properties_of_secrets() if s.name.startswith("livekvtest") ]