public void BackupAndRestoreSync() { // Environment variable with the Key Vault endpoint. string keyVaultUrl = Environment.GetEnvironmentVariable("AZURE_KEYVAULT_URL"); // Instantiate a key client that will be used to call the service. Notice that the client is using default Azure // credentials. To make default credentials work, ensure that environment variables 'AZURE_CLIENT_ID', // 'AZURE_CLIENT_KEY' and 'AZURE_TENANT_ID' are set with the service principal credentials. var client = new KeyClient(new Uri(keyVaultUrl), new DefaultAzureCredential()); // Let's create a RSA key valid for 1 year. If the key // already exists in the Key Vault, then a new version of the key is created. string rsaKeyName = $"CloudRsaKey-{Guid.NewGuid()}"; var rsaKey = new CreateRsaKeyOptions(rsaKeyName, hardwareProtected: false) { KeySize = 2048, ExpiresOn = DateTimeOffset.Now.AddYears(1) }; KeyVaultKey storedKey = client.CreateRsaKey(rsaKey); // Backups are good to have if in case keys get accidentally deleted by you. // For long term storage, it is ideal to write the backup to a file, disk, database, etc. // For the purposes of this sample, we are storing the bakup in a temporary memory area. byte[] backupKey = client.BackupKey(rsaKeyName); using (var memoryStream = new MemoryStream()) { memoryStream.Write(backupKey, 0, backupKey.Length); // The storage account key is no longer in use, so you delete it. DeleteKeyOperation operation = client.StartDeleteKey(rsaKeyName); // To ensure the key is deleted on server before we try to purge it. while (!operation.HasCompleted) { Thread.Sleep(2000); operation.UpdateStatus(); } // If the keyvault is soft-delete enabled, then for permanent deletion, deleted key needs to be purged. client.PurgeDeletedKey(rsaKeyName); // After sometime, the key is required again. We can use the backup value to restore it in the Key Vault. KeyVaultKey restoredKey = client.RestoreKeyBackup(memoryStream.ToArray()); AssertKeysEqual(storedKey.Properties, restoredKey.Properties); } }
private void BackupAndRestoreSync(string keyVaultUrl) { #region Snippet:KeysSample2KeyClient var client = new KeyClient(new Uri(keyVaultUrl), new DefaultAzureCredential()); #endregion #region Snippet:KeysSample2CreateKey string rsaKeyName = $"CloudRsaKey-{Guid.NewGuid()}"; var rsaKey = new CreateRsaKeyOptions(rsaKeyName, hardwareProtected: false) { KeySize = 2048, ExpiresOn = DateTimeOffset.Now.AddYears(1) }; KeyVaultKey storedKey = client.CreateRsaKey(rsaKey); #endregion #region Snippet:KeysSample2BackupKey byte[] backupKey = client.BackupKey(rsaKeyName); #endregion using (var memoryStream = new MemoryStream()) { memoryStream.Write(backupKey, 0, backupKey.Length); // The storage account key is no longer in use, so you delete it. DeleteKeyOperation operation = client.StartDeleteKey(rsaKeyName); // To ensure the key is deleted on server before we try to purge it. while (!operation.HasCompleted) { Thread.Sleep(2000); operation.UpdateStatus(); } // If the keyvault is soft-delete enabled, then for permanent deletion, deleted key needs to be purged. client.PurgeDeletedKey(rsaKeyName); #region Snippet:KeysSample2RestoreKey KeyVaultKey restoredKey = client.RestoreKeyBackup(memoryStream.ToArray()); #endregion AssertKeysEqual(storedKey.Properties, restoredKey.Properties); } }