# It will return a certificate if creation is successful, and will return the CertificateOperation if not. certificate = create_certificate_poller.result() print("Certificate with name '{0}' created.".format(cert_name)) # Backups are good to have, if in case certificates gets deleted accidentally. # For long term storage, it is ideal to write the backup to a file. print("\n.. Create a backup for an existing certificate") certificate_backup = client.backup_certificate(cert_name) print("Backup created for certificate with name '{0}'.".format(cert_name)) # The storage account certificate is no longer in use, so you can delete it. print("\n.. Delete the certificate") delete_operation = client.begin_delete_certificate(cert_name) deleted_certificate = delete_operation.result() print("Deleted certificate with name '{0}'".format(deleted_certificate.name)) # Wait for the deletion to complete before purging the certificate. # The purge will take some time, so wait before restoring the backup to avoid a conflict. delete_operation.wait() print("\n.. Purge the certificate") client.purge_deleted_certificate(deleted_certificate.name) time.sleep(60) print("Purged certificate with name '{0}'".format(deleted_certificate.name)) # In the future, if the certificate is required again, we can use the backup value to restore it in the Key Vault. print("\n.. Restore the certificate from the backup") certificate = client.restore_certificate_backup(certificate_backup) print("Restored certificate with name '{0}'".format(certificate.name)) print("\nrun_sample done")
deleted_bank_certificate = deleted_bank_poller.result() # To ensure certificate is deleted on the server side. deleted_bank_poller.wait() print( "Certificate with name '{0}' was deleted on date {1}.".format( deleted_bank_certificate.name, deleted_bank_certificate.deleted_on ) ) # We accidentally deleted the bank account certificate. Let's recover it. # A deleted certificate can only be recovered if the Key Vault is soft-delete enabled. print("\n.. Recover Deleted Certificate") recovered_bank_poller = client.begin_recover_deleted_certificate(deleted_bank_certificate.name) recovered_bank_certificate = recovered_bank_poller.result() # To ensure certificate is recovered on the server side. recovered_bank_poller.wait() print("Recovered Certificate with name '{0}'.".format(recovered_bank_certificate.name)) # Let's delete the storage certificate now. # If the keyvault is soft-delete enabled, then for permanent deletion deleted certificate needs to be purged. client.begin_delete_certificate(storage_cert_name).wait() # Certificates will still purge eventually on their scheduled purge date, but calling `purge_deleted_certificate` immediately # purges. print("\n.. Purge Deleted Certificate") client.purge_deleted_certificate(storage_cert_name) print("Certificate has been permanently deleted.") print("\nrun_sample done")
def deleted_certificate_recovery(self): """ a sample of enumerating, retrieving, recovering and purging deleted certificates from a key vault """ # create a vault enabling the soft delete feature vault = self.create_vault() # create a certificate client credential = DefaultAzureCredential() certificate_client = CertificateClient( vault_url=vault.properties.vault_uri, credential=credential) # create certificates in the vault cert_to_recover = get_name('cert') cert_to_purge = get_name('cert') create_certificate_poller = certificate_client.begin_create_certificate( cert_to_recover, policy=CertificatePolicy.get_default()) created_certificate = create_certificate_poller.result() print('created certificate {}'.format(created_certificate.name)) create_certificate_poller = certificate_client.begin_create_certificate( cert_to_purge, policy=CertificatePolicy.get_default()) created_certificate = create_certificate_poller.result() print('created certificate {}'.format(created_certificate.name)) # list the vault certificates certificates = certificate_client.list_properties_of_certificates() print('list the vault certificates') for certificate in certificates: print(certificate.name) # delete the certificates deleted_certificate_poller = certificate_client.begin_delete_certificate( cert_to_recover) deleted_certificate = deleted_certificate_poller.result() deleted_certificate_poller.wait() print('deleted certificate {}'.format(deleted_certificate.name)) deleted_certificate_poller = certificate_client.begin_delete_certificate( cert_to_purge) deleted_certificate = deleted_certificate_poller.result() deleted_certificate_poller.wait() print('deleted certificate {}'.format(deleted_certificate.name)) # list the deleted certificates deleted_certs = certificate_client.list_deleted_certificates() print('deleted certificates:') for deleted_cert in deleted_certs: print(deleted_cert.name) # recover a deleted certificate recovered_certificate_poller = certificate_client.begin_recover_deleted_certificate( cert_to_recover) recovered_certificate_certificate = recovered_certificate_poller.result( ) print('recovered certificate {}'.format( recovered_certificate_certificate.name)) # purge a deleted certificate certificate_client.purge_deleted_certificate(cert_to_purge) time.sleep(50) print('purged certificate {}'.format(cert_to_purge)) # list the vault certificates certificates = certificate_client.list_properties_of_certificates() print("all of the certificates in the client's vault:") for certificate in certificates: print(certificate.name)
# Now we can extract the private key and public certificate from the secret using the cryptography # package. `additional_certificates` will be empty since the secret only contains one certificate. # This example shows how to parse a certificate in PKCS12 format since it's the default in Key Vault, # but PEM certificates are supported as well. With a PEM certificate, you could use load_pem_private_key # in place of load_key_and_certificates. cert_bytes = base64.b64decode(certificate_secret.value) private_key, public_certificate, additional_certificates = pkcs12.load_key_and_certificates( data=cert_bytes, password=None ) print("Certificate with name '{}' was parsed.".format(certificate_secret.name)) # Now we can clean up the vault by deleting, then purging, the certificate. print("\n.. Delete certificate") delete_operation_poller = certificate_client.begin_delete_certificate( certificate_name=cert_name ) deleted_certificate = delete_operation_poller.result() delete_operation_poller.wait() print("Certificate with name '{}' was deleted.".format(deleted_certificate.name)) certificate_client.purge_deleted_certificate(certificate_name=deleted_certificate.name) print("Certificate with name '{}' is being purged.".format(deleted_certificate.name)) except HttpResponseError as e: print("\nrun_sample has caught an error. {}".format(e.message)) finally: print("\nrun_sample done")
# For long term storage, it is ideal to write the backup to a file. print("\n.. Create a backup for an existing certificate") certificate_backup = client.backup_certificate(name=cert_name) print("Backup created for certificate with name '{0}'.".format(cert_name)) # The storage account certificate is no longer in use, so you can delete it. client.delete_certificate(name=cert_name) # To ensure certificate is deleted on the server side. time.sleep(30) print("Deleted Certificate with name '{0}'".format(cert_name)) # Even though the certificate is deleted, it can still be recovered so its name cannot be reused. # In order to be able to reuse the name during restoration, we must purge the certificate # after the initial deletion. print("\nPurging certificate...") client.purge_deleted_certificate(name=cert_name) # To ensure certificate is purged on the server side. time.sleep(30) print("Purged Certificate with name '{0}'".format(cert_name)) # In future, if the certificate is required again, we can use the backup value to restore it in the Key Vault. print("\n.. Restore the certificate using the backed up certificate bytes") certificate = client.restore_certificate(certificate_backup) print("Restored Certificate with name '{0}'".format(certificate.name)) except HttpResponseError as e: print("\nrun_sample has caught an error. {0}".format(e.message)) finally: print("\nrun_sample done")