public async Task StartRecoverDeletedSecret()
{
string secretName = Recording.GenerateId();
KeyVaultSecret secret = await Client.SetSecretAsync(secretName, "value");
RegisterForCleanup(secret.Name);
DeleteSecretOperation deleteOperation = await Client.StartDeleteSecretAsync(secretName);
DeletedSecret deletedSecret = deleteOperation.Value;
await WaitForDeletedSecret(secretName);
RecoverDeletedSecretOperation operation = await Client.StartRecoverDeletedSecretAsync(secretName);
SecretProperties recoverSecretResult = operation.Value;
await WaitForSecret(secretName);
KeyVaultSecret recoveredSecret = await Client.GetSecretAsync(secretName);
AssertSecretPropertiesEqual(secret.Properties, deletedSecret.Properties);
AssertSecretPropertiesEqual(secret.Properties, recoverSecretResult);
AssertSecretsEqual(secret, recoveredSecret);
}
public void CanRemoveSecretWithPassThruTest()
{
SecureString secureSecretValue = SecretValue.ConvertToSecureString();
DeletedSecret expected = new DeletedSecret()
{
Name = SecretName, VaultName = VaultName, SecretValue = secureSecretValue
};
keyVaultClientMock.Setup(kv => kv.DeleteSecret(VaultName, SecretName)).Returns(expected).Verifiable();
// Mock the should process to return true
commandRuntimeMock.Setup(cr => cr.ShouldProcess(SecretName, It.IsAny <string>())).Returns(true);
cmdlet.Name = SecretName;
cmdlet.Force = true;
cmdlet.PassThru = true;
cmdlet.ExecuteCmdlet();
keyVaultClientMock.VerifyAll();
commandRuntimeMock.Verify(f => f.WriteObject(expected), Times.Once());
//No force but should continue
commandRuntimeMock.Setup(cr => cr.ShouldProcess(SecretName, It.IsAny <string>())).Returns(true);
commandRuntimeMock.Setup(cr => cr.ShouldContinue(It.IsAny <string>(), It.IsAny <string>())).Returns(true);
cmdlet.Force = false;
cmdlet.PassThru = true;
cmdlet.ExecuteCmdlet();
keyVaultClientMock.VerifyAll();
commandRuntimeMock.Verify(f => f.WriteObject(expected), Times.Exactly(2));
}
public async Task CrudWithExtendedProps()
{
var exp = new DateTime(637027248124480000, DateTimeKind.Utc);
var nbf = exp.AddDays(-30);
var client = GetClient();
var secret = new Secret("CrudWithExtendedProps", "CrudWithExtendedPropsValue1")
{
ContentType = "password",
NotBefore = nbf,
Expires = exp
};
Secret setResult = await client.SetAsync(secret);
Assert.AreEqual("password", setResult.ContentType);
Assert.AreEqual(nbf, setResult.NotBefore);
Assert.AreEqual(exp, setResult.Expires);
Secret getResult = await client.GetAsync("CrudWithExtendedProps");
AssertSecretsEqual(setResult, getResult);
DeletedSecret deleteResult = await client.DeleteAsync("CrudWithExtendedProps");
AssertSecretsEqual(setResult, deleteResult);
}
public async Task SetSecretWithExtendedProps()
{
string secretName = Recording.GenerateId();
IResolveConstraint createdUpdatedConstraint = Is.EqualTo(DateTimeOffset.FromUnixTimeSeconds(1565114301));
Secret setResult = null;
try
{
var exp = new DateTimeOffset(new DateTime(637027248120000000, DateTimeKind.Utc));
var nbf = exp.AddDays(-30);
var secret = new Secret(secretName, "CrudWithExtendedPropsValue1")
{
ContentType = "password",
NotBefore = nbf,
Expires = exp,
Tags =
{
{ "tag1", "value1" },
{ "tag2", "value2" }
},
};
setResult = await Client.SetAsync(secret);
if (Mode != RecordedTestMode.Playback)
{
DateTimeOffset now = DateTimeOffset.UtcNow;
createdUpdatedConstraint = Is.InRange(now.AddMinutes(-5), now.AddMinutes(5));
}
RegisterForCleanup(secret, delete: false);
Assert.IsNotEmpty(setResult.Version);
Assert.AreEqual("password", setResult.ContentType);
Assert.AreEqual(nbf, setResult.NotBefore);
Assert.AreEqual(exp, setResult.Expires);
Assert.AreEqual(2, setResult.Tags.Count);
Assert.AreEqual("value1", setResult.Tags["tag1"]);
Assert.AreEqual("value2", setResult.Tags["tag2"]);
Assert.AreEqual(secretName, setResult.Name);
Assert.AreEqual("CrudWithExtendedPropsValue1", setResult.Value);
Assert.AreEqual(VaultUri, setResult.Vault);
Assert.AreEqual("Recoverable+Purgeable", setResult.RecoveryLevel);
Assert.That(setResult.Created, createdUpdatedConstraint);
Assert.That(setResult.Updated, createdUpdatedConstraint);
Secret getResult = await Client.GetAsync(secretName);
AssertSecretsEqual(setResult, getResult);
}
finally
{
DeletedSecret deleteResult = await Client.DeleteAsync(secretName);
AssertSecretsEqual(setResult, deleteResult);
}
}
public void DeleteSecret()
{
#region Snippet:DeleteSecret
DeleteSecretOperation operation = client.StartDeleteSecret("secret-name");
DeletedSecret secret = operation.Value;
Console.WriteLine(secret.Name);
Console.WriteLine(secret.Value);
#endregion
}
public async Task DeleteSecret()
{
#region DeleteSecret
DeleteSecretOperation operation = await client.StartDeleteSecretAsync("secret-name");
DeletedSecret secret = operation.Value;
Console.WriteLine(secret.Name);
Console.WriteLine(secret.Value);
#endregion
}
public async Task SetSecretWithExtendedProps()
{
string secretName = Recording.GenerateId();
Secret setResult = null;
try
{
var exp = new DateTimeOffset(new DateTime(637027248124480000, DateTimeKind.Utc));
var nbf = exp.AddDays(-30);
var secret = new Secret(secretName, "CrudWithExtendedPropsValue1")
{
ContentType = "password",
NotBefore = nbf,
Expires = exp,
Tags =
{
{ "tag1", "value1" },
{ "tag2", "value2" }
},
};
setResult = await Client.SetAsync(secret);
RegisterForCleanup(secret, delete: false);
Assert.IsNotEmpty(setResult.Version);
Assert.AreEqual("password", setResult.ContentType);
Assert.AreEqual(nbf, setResult.NotBefore);
Assert.AreEqual(exp, setResult.Expires);
Assert.AreEqual(2, setResult.Tags.Count);
Assert.AreEqual("value1", setResult.Tags["tag1"]);
Assert.AreEqual("value2", setResult.Tags["tag2"]);
Assert.AreEqual(secretName, setResult.Name);
Assert.AreEqual("CrudWithExtendedPropsValue1", setResult.Value);
Assert.AreEqual(VaultUri, setResult.Vault);
Assert.AreEqual("Recoverable+Purgeable", setResult.RecoveryLevel);
Assert.NotNull(setResult.Created);
Assert.NotNull(setResult.Updated);
Secret getResult = await Client.GetAsync(secretName);
AssertSecretsEqual(setResult, getResult);
}
finally
{
DeletedSecret deleteResult = await Client.DeleteAsync(secretName);
AssertSecretsEqual(setResult, deleteResult);
}
}
public async Task DeleteAndPurgeSecretAsync()
{
#region Snippet:DeleteAndPurgeSecretAsync
DeleteSecretOperation operation = await client.StartDeleteSecretAsync("secret-name");
// You only need to wait for completion if you want to purge or recover the secret.
await operation.WaitForCompletionAsync();
DeletedSecret secret = operation.Value;
await client.PurgeDeletedSecretAsync(secret.Name);
#endregion
}
public async Task DeleteSecret()
{
string secretName = Recording.GenerateId();
Secret secret = await Client.SetAsync(secretName, "value");
RegisterForCleanup(secret, delete: false);
DeletedSecret deletedSecret = await Client.DeleteAsync(secretName);
AssertSecretsEqual(secret, deletedSecret);
Assert.ThrowsAsync <RequestFailedException>(() => Client.GetAsync(secretName));
}
public async Task CredentialProvider()
{
var client = GetClient();
Secret setResult = await client.SetAsync("CrudBasic", "CrudBasicValue1");
Secret getResult = await client.GetAsync("CrudBasic");
AssertSecretsEqual(setResult, getResult);
DeletedSecret deleteResult = await client.DeleteAsync("CrudBasic");
AssertSecretsEqual(setResult, deleteResult);
}
public async Task DeleteSecret()
{
string secretName = Recording.GenerateId();
Secret secret = await Client.SetAsync(secretName, "value");
RegisterForCleanup(secret.Name, delete: false);
DeletedSecret deletedSecret = await Client.DeleteAsync(secretName);
AssertSecretPropertiesEqual(secret.Properties, deletedSecret.Properties);
Assert.NotNull(deletedSecret.DeletedDate);
Assert.NotNull(deletedSecret.ScheduledPurgeDate);
Assert.ThrowsAsync <RequestFailedException>(() => Client.GetAsync(secretName));
}
public void DeleteSecretSync()
{
#region DeleteSecretSync
DeleteSecretOperation operation = client.StartDeleteSecret("secret-name");
// You only need to wait for completion if you want to purge or recover the secret.
while (!operation.HasCompleted)
{
Thread.Sleep(2000);
operation.UpdateStatus();
}
DeletedSecret secret = operation.Value;
client.PurgeDeletedSecret(secret.Name);
#endregion
}
public async Task OperationCompletion()
{
#region Snippet:OperationCompletion
// create a client
SecretClient client = new SecretClient(new Uri("http://example.com"), new DefaultAzureCredential());
// Start the operation
DeleteSecretOperation operation = await client.StartDeleteSecretAsync("SecretName");
Response <DeletedSecret> response = await operation.WaitForCompletionAsync();
DeletedSecret value = response.Value;
Console.WriteLine(value.Name);
Console.WriteLine(value.ScheduledPurgeDate);
#endregion
}
public void DeleteAndPurgeSecret()
{
#region Snippet:DeleteAndPurgeSecret
DeleteSecretOperation operation = client.StartDeleteSecret("secret-name");
// You only need to wait for completion if you want to purge or recover the secret.
// You should call `UpdateStatus` in another thread or after doing additional work like pumping messages.
while (!operation.HasCompleted)
{
Thread.Sleep(2000);
operation.UpdateStatus();
}
DeletedSecret secret = operation.Value;
client.PurgeDeletedSecret(secret.Name);
#endregion
}
public void DeleteSecret()
{
#region DeleteSecret
DeletedSecret secret = client.DeleteSecret("secret-name");
Console.WriteLine(secret.Name);
Console.WriteLine(secret.Value);
#endregion
try
{
// Deleting a secret when soft delete is enabled may not happen immediately.
WaitForDeletedSecret(secret.Name);
client.PurgeDeletedSecret(secret.Name);
}
catch
{
// Merely attempt to purge a deleted secret since the Key Vault may not have soft delete enabled.
}
}
public async Task GetDeletedSecret()
{
string secretName = Recording.GenerateId();
Secret secret = await Client.SetAsync(secretName, "value");
RegisterForCleanup(secret, delete: false);
DeletedSecret deletedSecret = await Client.DeleteAsync(secretName);
await WaitForDeletedSecret(secretName);
DeletedSecret polledSecret = await Client.GetDeletedAsync(secretName);
Assert.NotNull(deletedSecret.DeletedDate);
Assert.NotNull(deletedSecret.RecoveryId);
Assert.NotNull(deletedSecret.ScheduledPurgeDate);
AssertSecretsEqual(deletedSecret, polledSecret);
AssertSecretsEqual(secret, polledSecret);
}
public async Task RecoverSecret()
{
string secretName = Recording.GenerateId();
Secret secret = await Client.SetAsync(secretName, "value");
RegisterForCleanup(secret);
DeletedSecret deletedSecret = await Client.DeleteAsync(secretName);
await WaitForDeletedSecret(secretName);
SecretBase recoverSecretResult = await Client.RecoverDeletedAsync(secretName);
await PollForSecret(secretName);
Secret recoveredSecret = await Client.GetAsync(secretName);
AssertSecretsEqual(secret, deletedSecret);
AssertSecretsEqual(secret, recoverSecretResult);
AssertSecretsEqual(secret, recoveredSecret);
}
public override void ExecuteCmdlet()
{
if (InRemovedState.IsPresent)
{
ConfirmAction(
Force.IsPresent,
string.Format(
CultureInfo.InvariantCulture,
KeyVaultProperties.Resources.RemoveDeletedSecretWarning,
Name),
string.Format(
CultureInfo.InvariantCulture,
KeyVaultProperties.Resources.RemoveDeletedSecretWhatIfMessage,
Name),
Name,
() => { DataServiceClient.PurgeSecret(VaultName, Name); });
return;
}
DeletedSecret deletedSecret = null;
ConfirmAction(
Force.IsPresent,
string.Format(
CultureInfo.InvariantCulture,
KeyVaultProperties.Resources.RemoveSecretWarning,
Name),
string.Format(
CultureInfo.InvariantCulture,
KeyVaultProperties.Resources.RemoveSecretWhatIfMessage,
Name),
Name,
() => { deletedSecret = DataServiceClient.DeleteSecret(VaultName, Name); });
if (PassThru)
{
WriteObject(deletedSecret);
}
}
public override void ExecuteCmdlet()
{
Secret secret;
switch (ParameterSetName)
{
case BySecretNameParameterSet:
secret = DataServiceClient.GetSecret(VaultName, Name, Version ?? string.Empty);
WriteObject(secret);
break;
case BySecretVersionsParameterSet:
secret = DataServiceClient.GetSecret(VaultName, Name, string.Empty);
if (secret != null)
{
WriteObject(new SecretIdentityItem(secret));
GetAndWriteSecretVersions(VaultName, Name, secret.Version);
}
break;
case ByVaultNameParameterSet:
GetAndWriteSecrets(VaultName);
break;
case ByDeletedSecretParameterSet:
if (Name == null)
{
GetAndWriteDeletedSecrets(VaultName);
break;
}
DeletedSecret deletedSecret = DataServiceClient.GetDeletedSecret(VaultName, Name);
WriteObject(deletedSecret);
break;
default:
throw new ArgumentException(KeyVaultProperties.Resources.BadParameterSetName);
}
}
public async Task GetDeletedSecret()
{
string secretName = Recording.GenerateId();
KeyVaultSecret secret = await Client.SetSecretAsync(secretName, "value");
RegisterForCleanup(secret.Name);
DeleteSecretOperation deleteOperation = await Client.StartDeleteSecretAsync(secretName);
DeletedSecret deletedSecret = deleteOperation.Value;
await WaitForDeletedSecret(secretName);
DeletedSecret polledSecret = await Client.GetDeletedSecretAsync(secretName);
Assert.NotNull(deletedSecret.DeletedOn);
Assert.NotNull(deletedSecret.RecoveryId);
Assert.NotNull(deletedSecret.ScheduledPurgeDate);
AssertSecretPropertiesEqual(deletedSecret.Properties, polledSecret.Properties);
AssertSecretPropertiesEqual(secret.Properties, polledSecret.Properties);
}
public async Task CrudBasic()
{
var client = GetClient();
Secret setResult = await client.SetAsync("CrudBasic", "CrudBasicValue1");
Secret getResult = await client.GetAsync("CrudBasic");
Assert.AreEqual("CrudBasic", setResult.Name);
Assert.AreEqual("CrudBasicValue1", setResult.Value);
//Assert.AreEqual(VaultUri, setResult.Vault);
AssertSecretsEqual(setResult, getResult);
getResult.Enabled = false;
SecretBase updateResult = await client.UpdateAsync(getResult);
AssertSecretsEqual(getResult, updateResult);
DeletedSecret deleteResult = await client.DeleteAsync("CrudBasic");
AssertSecretsEqual(updateResult, deleteResult);
}
public async Task SetSecretWithExtendedProps()
{
string secretName = Recording.GenerateId();
// TODO: Update this value whenever you re-record tests. Both the sync and async JSON recordings need to use the same value.
IResolveConstraint createdUpdatedConstraint = Is.EqualTo(DateTimeOffset.FromUnixTimeSeconds(1648054293));
KeyVaultSecret setResult = null;
try
{
var exp = new DateTimeOffset(new DateTime(637027248120000000, DateTimeKind.Utc));
DateTimeOffset nbf = exp.AddDays(-30);
var secret = new KeyVaultSecret(secretName, "CrudWithExtendedPropsValue1")
{
Properties =
{
ContentType = "password",
NotBefore = nbf,
ExpiresOn = exp,
Tags =
{
{ "tag1", "value1" },
{ "tag2", "value2" }
},
},
};
setResult = await Client.SetSecretAsync(secret);
if (Mode != RecordedTestMode.Playback)
{
DateTimeOffset now = DateTimeOffset.UtcNow;
createdUpdatedConstraint = Is.InRange(now.AddMinutes(-5), now.AddMinutes(5));
}
RegisterForCleanup(secret.Name);
Assert.IsNotEmpty(setResult.Properties.Version);
Assert.AreEqual("password", setResult.Properties.ContentType);
Assert.AreEqual(nbf, setResult.Properties.NotBefore);
Assert.AreEqual(exp, setResult.Properties.ExpiresOn);
Assert.AreEqual(2, setResult.Properties.Tags.Count);
Assert.AreEqual("value1", setResult.Properties.Tags["tag1"]);
Assert.AreEqual("value2", setResult.Properties.Tags["tag2"]);
Assert.AreEqual(secretName, setResult.Name);
Assert.AreEqual("CrudWithExtendedPropsValue1", setResult.Value);
Assert.AreEqual(VaultUri, setResult.Properties.VaultUri);
Assert.IsNotNull(setResult.Properties.RecoveryLevel); // Value changes based on how the Key Vault is configured.
Assert.That(setResult.Properties.CreatedOn, createdUpdatedConstraint);
Assert.That(setResult.Properties.UpdatedOn, createdUpdatedConstraint);
KeyVaultSecret getResult = await Client.GetSecretAsync(secretName);
AssertSecretsEqual(setResult, getResult);
}
finally
{
DeleteSecretOperation deleteOperation = await Client.StartDeleteSecretAsync(secretName);
DeletedSecret deleteResult = deleteOperation.Value;
AssertSecretPropertiesEqual(setResult.Properties, deleteResult.Properties);
}
}
private async Task MigrationGuide()
{
#region Snippet:Azure_Security_KeyVault_Secrets_Snippets_MigrationGuide_Create
SecretClient client = new SecretClient(
new Uri("https://myvault.vault.azure.net"),
new DefaultAzureCredential());
#endregion Snippet:Azure_Security_KeyVault_Secrets_Snippets_MigrationGuide_Create
#region Snippet:Azure_Security_KeyVault_Secrets_Snippets_MigrationGuide_CreateWithOptions
using (HttpClient httpClient = new HttpClient())
{
SecretClientOptions options = new SecretClientOptions
{
Transport = new HttpClientTransport(httpClient)
};
#if SNIPPET
SecretClient client = new SecretClient(
#else
SecretClient _ = new SecretClient(
#endif
new Uri("https://myvault.vault.azure.net"),
new DefaultAzureCredential(),
options);
}
#endregion Snippet:Azure_Security_KeyVault_Secrets_Snippets_MigrationGuide_CreateWithOptions
{
#region Snippet:Azure_Security_KeyVault_Secrets_Snippets_MigrationGuide_SetSecret
KeyVaultSecret secret = await client.SetSecretAsync("secret-name", "secret-value");
#endregion Snippet:Azure_Security_KeyVault_Secrets_Snippets_MigrationGuide_SetSecret
}
{
#region Snippet:Azure_Security_KeyVault_Secrets_Snippets_MigrationGuide_GetSecret
// Get the latest secret value.
KeyVaultSecret secret = await client.GetSecretAsync("secret-name");
// Get a specific secret value.
KeyVaultSecret secretVersion = await client.GetSecretAsync("secret-name", "e43af03a7cbc47d4a4e9f11540186048");
#endregion Snippet:Azure_Security_KeyVault_Secrets_Snippets_MigrationGuide_GetSecret
}
{
#region Snippet:Azure_Security_KeyVault_Secrets_Snippets_MigrationGuide_ListSecrets
// List all secrets asynchronously.
await foreach (SecretProperties item in client.GetPropertiesOfSecretsAsync())
{
KeyVaultSecret secret = await client.GetSecretAsync(item.Name);
}
// List all secrets synchronously.
foreach (SecretProperties item in client.GetPropertiesOfSecrets())
{
KeyVaultSecret secret = client.GetSecret(item.Name);
}
#endregion Snippet:Azure_Security_KeyVault_Secrets_Snippets_MigrationGuide_ListSecrets
}
{
#region Snippet:Azure_Security_KeyVault_Secrets_Snippets_MigrationGuide_DeleteSecret
// Delete the secret.
DeleteSecretOperation deleteOperation = await client.StartDeleteSecretAsync("secret-name");
// Purge or recover the deleted secret if soft delete is enabled.
if (deleteOperation.Value.RecoveryId != null)
{
// Deleting a secret does not happen immediately. Wait for the secret to be deleted.
DeletedSecret deletedSecret = await deleteOperation.WaitForCompletionAsync();
// Purge the deleted secret.
await client.PurgeDeletedSecretAsync(deletedSecret.Name);
// You can also recover the deleted secret using StartRecoverDeletedSecretAsync,
// which returns RecoverDeletedSecretOperation you can await like DeleteSecretOperation above.
}
#endregion Snippet:Azure_Security_KeyVault_Secrets_Snippets_MigrationGuide_DeleteSecret
}
}
