public async Task UpdateKeyRotationPolicy()
        {
            string name = Recording.GenerateId();

            await Client.CreateRsaKeyAsync(new CreateRsaKeyOptions(name));

            RegisterForCleanup(name);

            KeyRotationPolicy policy = new()
            {
                ExpiresIn       = "P90D",
                LifetimeActions =
                {
                    new KeyRotationLifetimeAction(KeyRotationPolicyAction.Rotate)
                    {
                        TimeBeforeExpiry = "P10D",
                    }
                }
            };

            KeyRotationPolicy updatedPolicy = await Client.UpdateKeyRotationPolicyAsync(name, policy);

            Assert.AreEqual(policy.ExpiresIn, updatedPolicy.ExpiresIn);

            // Notify policy is always present and can only be updated.
            Assert.That(updatedPolicy.LifetimeActions, Has.One.Matches <KeyRotationLifetimeAction>(action => action.Action == KeyRotationPolicyAction.Notify));

            KeyRotationLifetimeAction rotateAction = updatedPolicy.LifetimeActions.Single(p => p.Action == KeyRotationPolicyAction.Rotate);

            Assert.AreEqual(policy.LifetimeActions[0].Action, rotateAction.Action);
            Assert.AreEqual(policy.LifetimeActions[0].TimeAfterCreate, rotateAction.TimeAfterCreate);
            Assert.AreEqual(policy.LifetimeActions[0].TimeBeforeExpiry, rotateAction.TimeBeforeExpiry);
        }
Beispiel #2
0
        public void KeyRotationSync()
        {
            // Environment variable with the Key Vault endpoint.
            string keyVaultUrl = TestEnvironment.KeyVaultUrl;

            #region Snippet:KeysSample8KeyClient
            var keyClient = new KeyClient(new Uri(keyVaultUrl), new DefaultAzureCredential());
            #endregion

            #region Snippet:KeysSample8CreateKey
            string rsaKeyName = $"CloudRsaKey-{Guid.NewGuid()}";
            var    rsaKey     = new CreateRsaKeyOptions(rsaKeyName, hardwareProtected: false)
            {
                KeySize = 2048,
            };

            KeyVaultKey cloudRsaKey = keyClient.CreateRsaKey(rsaKey);
            Debug.WriteLine($"{cloudRsaKey.KeyType} key is returned with name {cloudRsaKey.Name} and version {cloudRsaKey.Properties.Version}");
            #endregion

            #region Snippet:KeysSample8UpdateRotationPolicy
            KeyRotationPolicy policy = new KeyRotationPolicy()
            {
                ExpiresIn       = TimeSpan.FromDays(90),
                LifetimeActions =
                {
                    new KeyRotationLifetimeAction()
                    {
                        Action           = KeyRotationPolicyAction.Rotate,
                        TimeBeforeExpiry = TimeSpan.FromDays(30)
                    }
                }
            };

            keyClient.UpdateKeyRotationPolicy(rsaKeyName, policy);
            #endregion

            #region Snippet:KeysSample8RotateKey
            KeyVaultKey newRsaKey = keyClient.RotateKey(rsaKeyName);
            Debug.WriteLine($"Rotated key {newRsaKey.Name} with version {newRsaKey.Properties.Version}");
            #endregion

            DeleteKeyOperation operation = keyClient.StartDeleteKey(rsaKeyName);

            // You only need to wait for completion if you want to purge or recover the key.
            while (!operation.HasCompleted)
            {
                Thread.Sleep(2000);

                operation.UpdateStatus();
            }

            // If the keyvault is soft-delete enabled, then for permanent deletion, deleted key needs to be purged.
            keyClient.PurgeDeletedKey(rsaKeyName);
        }
        public async Task GetKeyRotationPolicyReturnsDefault()
        {
            string name = Recording.GenerateId();

            await Client.CreateRsaKeyAsync(new CreateRsaKeyOptions(name));

            RegisterForCleanup(name);

            KeyRotationPolicy policy = await Client.GetKeyRotationPolicyAsync(name);

            Assert.That(policy.LifetimeActions, Has.One.Matches <KeyRotationLifetimeAction>(action => action.Action == KeyRotationPolicyAction.Notify));
        }
 public PSKeyRotationPolicy(KeyRotationPolicy keyRotationPolicy, string vaultName, string keyName)
 {
     Id              = keyRotationPolicy.Id?.ToString();
     VaultName       = vaultName;
     KeyName         = keyName;
     LifetimeActions = new List <PSKeyRotationLifetimeAction>();
     foreach (var action in keyRotationPolicy.LifetimeActions)
     {
         LifetimeActions.Add(new PSKeyRotationLifetimeAction(action));
     }
     ExpiresIn = keyRotationPolicy.ExpiresIn;
     CreatedOn = keyRotationPolicy.CreatedOn;
     UpdatedOn = keyRotationPolicy.UpdatedOn;
 }
Beispiel #5
0
        public async Task KeyRotationAsync()
        {
            // Environment variable with the Key Vault endpoint.
            string keyVaultUrl = TestEnvironment.KeyVaultUrl;

            var keyClient = new KeyClient(new Uri(keyVaultUrl), new DefaultAzureCredential());

            string rsaKeyName = $"CloudRsaKey-{Guid.NewGuid()}";
            var    rsaKey     = new CreateRsaKeyOptions(rsaKeyName, hardwareProtected: false)
            {
                KeySize = 2048,
            };

            KeyVaultKey cloudRsaKey = await keyClient.CreateRsaKeyAsync(rsaKey);

            Debug.WriteLine($"{cloudRsaKey.KeyType} key is returned with name {cloudRsaKey.Name} and version {cloudRsaKey.Properties.Version}");

            KeyRotationPolicy policy = new KeyRotationPolicy()
            {
                ExpiresIn       = "P90D",
                LifetimeActions =
                {
                    new KeyRotationLifetimeAction()
                    {
                        Action           = KeyRotationPolicyAction.Rotate,
                        TimeBeforeExpiry = "P30D"
                    }
                }
            };

            await keyClient.UpdateKeyRotationPolicyAsync(rsaKeyName, policy);

            KeyVaultKey newRsaKey = await keyClient.RotateKeyAsync(rsaKeyName);

            Debug.WriteLine($"Rotated key {newRsaKey.Name} with version {newRsaKey.Properties.Version}");

            DeleteKeyOperation operation = await keyClient.StartDeleteKeyAsync(rsaKeyName);

            // You only need to wait for completion if you want to purge or recover the key.
            await operation.WaitForCompletionAsync();

            // If the keyvault is soft-delete enabled, then for permanent deletion, deleted key needs to be purged.
            keyClient.PurgeDeletedKey(rsaKeyName);
        }
        internal PSKeyRotationPolicy SetKeyRotationPolicy(PSKeyRotationPolicy psKeyRotationPolicy)
        {
            var client = CreateKeyClient(psKeyRotationPolicy.VaultName);
            var policy = new KeyRotationPolicy()
            {
                ExpiresIn       = psKeyRotationPolicy.ExpiresIn,
                LifetimeActions = { }
            };

            psKeyRotationPolicy.LifetimeActions?.ForEach(
                psKeyRotationLifetimeAction => policy.LifetimeActions.Add(
                    new KeyRotationLifetimeAction(new KeyRotationPolicyAction(psKeyRotationLifetimeAction.Action))
            {
                TimeAfterCreate  = psKeyRotationLifetimeAction.TimeAfterCreate,
                TimeBeforeExpiry = psKeyRotationLifetimeAction.TimeBeforeExpiry
            }
                    ));

            return(SetKeyRotationPolicy(client, psKeyRotationPolicy.VaultName, psKeyRotationPolicy.KeyName, policy));
        }
 private PSKeyRotationPolicy SetKeyRotationPolicy(KeyClient client, string managedHsmName, string keyName, KeyRotationPolicy keyRotationPolicy)
 {
     return(new PSKeyRotationPolicy(client.UpdateKeyRotationPolicy(keyName, keyRotationPolicy), managedHsmName, keyName));
 }
Beispiel #8
0
 private PSKeyRotationPolicy SetKeyRotationPolicy(KeyClient client, string vaultName, string keyName, KeyRotationPolicy policy)
 {
     return(new PSKeyRotationPolicy(client.UpdateKeyRotationPolicy(keyName, policy), vaultName, keyName));
 }