# Here we use the DefaultAzureCredential, but any azure-identity credential can be used. VAULT_URL = os.environ["VAULT_URL"] credential = DefaultAzureCredential() client = KeyClient(vault_url=VAULT_URL, credential=credential) # First, create a key key_name = "rotation-sample-key" key = client.create_rsa_key(key_name) print("\nCreated a key; new version is {}".format(key.properties.version)) # Set the key's automated rotation policy to rotate the key two months after the key was created actions = [ KeyRotationLifetimeAction(KeyRotationPolicyAction.ROTATE, time_after_create="P2M") ] updated_policy = client.update_key_rotation_policy(key_name, lifetime_actions=actions) # The created policy should only have one action assert len(updated_policy.lifetime_actions ) == 1, "There should be exactly one rotation policy action" policy_action = updated_policy.lifetime_actions[0] print("\nCreated a new key rotation policy: {} after {}".format( policy_action.action, policy_action.time_after_create)) # Get the key's current rotation policy current_policy = client.get_key_rotation_policy(key_name) policy_action = current_policy.lifetime_actions[0] print("\nCurrent rotation policy: {} after {}".format( policy_action.action, policy_action.time_after_create)) # Update the key's automated rotation policy to notify 30 days before the key expires
client = KeyClient(vault_url=VAULT_URL, credential=credential) # First, create a key key_name = "rotation-sample-key" key = client.create_rsa_key(key_name) print("\nCreated a key; new version is {}".format(key.properties.version)) # Set the key's automated rotation policy to rotate the key two months after the key was created. # If you pass an empty KeyRotationPolicy() as the `policy` parameter, the rotation policy will be set to the # default policy. Any keyword arguments will update specified properties of the policy. actions = [ KeyRotationLifetimeAction(KeyRotationPolicyAction.rotate, time_after_create="P2M") ] updated_policy = client.update_key_rotation_policy(key_name, KeyRotationPolicy(), expires_in="P90D", lifetime_actions=actions) assert updated_policy.expires_in == "P90D" # The updated policy should have the specified lifetime action policy_action = None for i in range(len(updated_policy.lifetime_actions)): if updated_policy.lifetime_actions[ i].action == KeyRotationPolicyAction.rotate: policy_action = updated_policy.lifetime_actions[i] assert policy_action, "The specified action should exist in the key rotation policy" assert policy_action.time_after_create == "P2M", "The action should have the specified time_after_create" assert policy_action.time_before_expiry is None, "The action shouldn't have a time_before_expiry" print("\nCreated a new key rotation policy: {} after {}".format( policy_action.action, policy_action.time_after_create))