key_cache[secret_bundle.id] = key return key # Setting the key_resolver_function will tell the service to automatically # try to decrypt retrieved blobs. The key_resolver is a function that # takes in a key_id and returns a corresponding key_encryption_key. self.block_blob_service.key_resolver_function = resolve_wrapped_aes_key_secret # Downloading works as usual with support for decrypting both entire blobs # and decrypting range gets. blob_full = self.block_blob_service.get_blob_to_bytes(container_name, block_blob_name) blob_range = self.block_blob_service.get_blob_to_bytes(container_name, block_blob_name, start_range=len(data) // 2 + 5, end_range=(3 * len(data) // 4) + 1) self.block_blob_service.delete_container(container_name) def _get_resource_reference(self, prefix): return '{}{}'.format(prefix, str(uuid.uuid4()).replace('-', '')) def _get_blob_reference(self, prefix='blob'): return self._get_resource_reference(prefix) def _create_container(self, prefix='container'): container_name = self._get_resource_reference(prefix) self.block_blob_service.create_container(container_name) return container_name if __name__ == "__main__": run_all_samples([BlobEncryptionSample()])
# create a key vault first_vault = self.create_vault() # create a key in the vault key_name = get_name('key') key = self.keyvault_data_client.create_key(first_vault.properties.vault_uri, key_name, 'RSA') print('created key {}\n{}'.format(key_name, self._serialize(key))) # list the keys in the vault keys = self.keyvault_data_client.get_keys(first_vault.properties.vault_uri) print('vault {} secrets:\n{}'.format(first_vault.name, self._serialize(keys))) # backup the key backup = self.keyvault_data_client.backup_key(first_vault.properties.vault_uri, key_name) print('backed up key {} value: {}'.format(key_name, backup)) # create a second vault second_vault = self.create_vault() # restore the key to the new vault restored = self.keyvault_data_client.restore_key(second_vault.properties.vault_uri, backup.value) print('restored secret {}\n{}'.format(key_name, self._serialize(restored))) # list the keys in the new vault keys = self.keyvault_data_client.get_keys(second_vault.properties.vault_uri) print('vault {} secrets:\n{}'.format(second_vault.name, self._serialize(keys))) if __name__ == "__main__": run_all_samples([BackupRestoreSample()])
print('deleted certificate {}'.format(deleted_certificate.name)) # list the deleted certificates deleted_certs = certificate_client.list_deleted_certificates() print('deleted certificates:') for deleted_cert in deleted_certs: print(deleted_cert.name) # recover a deleted certificate recovered_certificate_poller = certificate_client.begin_recover_deleted_certificate( cert_to_recover) recovered_certificate_certificate = recovered_certificate_poller.result( ) print('recovered certificate {}'.format( recovered_certificate_certificate.name)) # purge a deleted certificate certificate_client.purge_deleted_certificate(cert_to_purge) time.sleep(50) print('purged certificate {}'.format(cert_to_purge)) # list the vault certificates certificates = certificate_client.list_properties_of_certificates() print("all of the certificates in the client's vault:") for certificate in certificates: print(certificate.name) if __name__ == "__main__": run_all_samples([SoftDeleteSample()])
default=None, help='the object id of the service principal to run the sample') parser.add_argument( '--client-secret', dest='client_secret', type=str, default=None, help= 'the authentication secret of the service principal to run the sample') parser.add_argument('--samples', nargs='*', type=str, help='names of specific samples to run') args = parser.parse_args() config = KeyVaultSampleConfig() if args.tenant_id: config.tenant_id = args.tenant_id if args.subscription_id: config.subscription_id = args.subscription_id if args.client_id: config.client_id = args.client_id if args.client_oid: config.client_oid = args.client_oid if args.client_secret: config.client_secret = args.client_secret run_all_samples([AuthenticationSample(config=config)], requested=args.samples or [])
vault = self.create_vault() import adal # create an adal authentication context auth_context = adal.AuthenticationContext('https://login.microsoftonline.com/%s' % self.config.tenant_id) # create a callback to supply the token type and access token on request def adal_callback(server, resource, scope): token = auth_context.acquire_token_with_client_credentials(resource=resource, client_id=self.config.client_id, client_secret=self.config.client_secret) return token['tokenType'], token['accessToken'] # create a KeyVaultAuthentication instance which will callback to the supplied adal_callback auth = KeyVaultAuthentication(adal_callback) # create the KeyVaultClient using the created KeyVaultAuthentication instance client = KeyVaultClient(auth) # set and get a secret from the vault to validate the client is authenticated print('creating secret...') print(client.set_secret(vault.properties.vault_uri, 'auth-sample-secret', 'client is authenticated to the vault')) print('getting secret...') print(client.get_secret(vault.properties.vault_uri, 'auth-sample-secret', secret_version=KeyVaultId.version_none)) if __name__ == "__main__": run_all_samples([AuthenticationSample()])
from backup_restore_sample import BackupRestoreSample from soft_delete_sample import SoftDeleteSample from key_vault_sample_base import run_all_samples if __name__ == "__main__": run_all_samples([BackupRestoreSample(), SoftDeleteSample()])
print(user_code_info['message']) token = auth_context.acquire_token_with_device_code( resource=resource, client_id=xplat_client_id, user_code_info=user_code_info) return token['tokenType'], token['accessToken'] # create a KeyVaultAuthentication instance which will callback to the supplied adal_callback auth = KeyVaultAuthentication(adal_callback) # create the KeyVaultClient using the created KeyVaultAuthentication instance client = KeyVaultClient(auth) # set and get a secret from the vault to validate the client is authenticated print('creating secret...') secret_bundle = client.set_secret( vault.properties.vault_uri, 'auth-sample-secret', 'client is authenticated to the vault') print(secret_bundle) print('getting secret...') secret_bundle = client.get_secret( vault.properties.vault_uri, 'auth-sample-secret', secret_version=KeyVaultId.version_none) print(secret_bundle) if __name__ == "__main__": sys.exit(run_all_samples([AuthenticationSample()]))