public async Task UpdateSecret() { string secretName = Recording.GenerateId(); KeyVaultSecret secret = await Client.SetSecretAsync(secretName, "CrudBasicValue1"); RegisterForCleanup(secret.Name); secret.Properties.ExpiresOn = secret.Properties.CreatedOn; SecretProperties updateResult = await Client.UpdateSecretPropertiesAsync(secret.Properties); AssertSecretPropertiesEqual(secret.Properties, updateResult); }
private void CreateNewSecretVersion(KeyVaultSecret secret, string newPassword) { var credentialId = secret.Properties.Tags.ContainsKey(CredentialIdTag) ? secret.Properties.Tags[CredentialIdTag] : ""; var dataSource = secret.Properties.Tags.ContainsKey(DataSourceTag) ? secret.Properties.Tags[DataSourceTag] : ""; var validityPeriodDays = secret.Properties.Tags.ContainsKey(ValidityPeriodDaysTag) ? secret.Properties.Tags[ValidityPeriodDaysTag] : "60"; var newSecret = new KeyVaultSecret(secret.Name, newPassword); newSecret.Properties.Tags.Add(CredentialIdTag, credentialId); newSecret.Properties.Tags.Add(DataSourceTag, dataSource); newSecret.Properties.Tags.Add(ValidityPeriodDaysTag, validityPeriodDays); newSecret.Properties.ExpiresOn = DateTime.UtcNow.AddDays(int.Parse(validityPeriodDays)); _client.SetSecret(newSecret); }
public async Task <Guid> Persist <T>(DateTimeOffset expiry, T persistedObject) { var newId = Guid.NewGuid(); var newSecret = new KeyVaultSecret($"{Configuration.Prefix}{newId}", await _cryptographicImplementation.Encrypt(newId.ToString(), JsonSerializer.Serialize(persistedObject))); newSecret.Properties.ExpiresOn = expiry; var client = await GetClient(); await client.SetSecretAsync(newSecret); return(newId); }
public async Task <Guid> Persist <T>(DateTimeOffset expiry, T persistedObject) { var newId = Guid.NewGuid(); var newSecret = new KeyVaultSecret($"{PERSISTENCE_PREFIX}{newId}", await _encryption.Encrypt( newId.ToString(), JsonConvert.SerializeObject(persistedObject))); newSecret.Properties.ExpiresOn = expiry; await GetClient().SetSecretAsync(newSecret); return(newId); }
public static X509Certificate2 GetAppOnlyCertificate(string keyVaultName, string certificateName) { var keyVaultUrl = $"https://{keyVaultName}.vault.azure.net"; var client = new SecretClient(new Uri(keyVaultUrl), new DefaultAzureCredential()); KeyVaultSecret keyVaultSecret = client.GetSecret(certificateName); X509Certificate2 certificate = new X509Certificate2(Convert.FromBase64String(keyVaultSecret.Value), string.Empty, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable); return(certificate); }
public static async Task <bool> CreateOrUpdateAppSettingAsync(string key, string value, AppSettings config = null) { try { if (config == null) { config = SecretsProvider.GetSecrets(); } var token = AzureAccessTokenProvider.GetToken(config); using (var client = new HttpClient()) { var name = key .Replace(":", "--") .Replace(".", "---"); name = $"{config.SecretName}--AppSettings--{name}"; var secret = string.Format(API.Secret, config.KeyVaultUrl, name); client.DefaultRequestHeaders.Add("Authorization", token.ToString()); var keyVaultSecret = new KeyVaultSecret { Id = secret, Value = value }; var json = JsonConvert.SerializeObject(keyVaultSecret); var response = await client.PutAsync(secret, new StringContent(json, Encoding.UTF8, "application/json")); if (response.IsSuccessStatusCode) { AppSettings[key] = value; return(true); } else if (response.ReasonPhrase == "FORBIDDEN") { throw new ForbiddenKeyMasterException(); } } } catch (Exception ex) { var logger = LoggerSource.Instance.GetLogger("KeyMaster"); logger.Error(ex.Message, ex); throw new KeyMasterException("Unable to delete secret", ex); } return(false); }
public async Task SingleRequest() { MockTransport transport = new MockTransportBuilder().Build(); SecretClientOptions options = new SecretClientOptions { Transport = transport, }; SecretClient client = new SecretClient(VaultUri, new MockCredential(transport), options); KeyVaultSecret secret = await client.GetSecretAsync("test-secret").ConfigureAwait(false); Assert.AreEqual("secret-value", secret.Value); }
static void test() { const string keyVaultName = "key-vault-test02"; const string AZURE_TENANT_ID = "d99eee11-8587-4c34-9201-xxxxxxxxxxxx"; const string AZURE_CLIENT_ID = "80f16cbd-e549-4c93-9e7b-xxxxxxxxxxxx"; const string AZURE_CLIENT_SECRET = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; ClientSecretCredential credential = new ClientSecretCredential(AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET); var kvUri = String.Format("https://{0}.vault.azure.net", keyVaultName); SecretClientOptions options = new SecretClientOptions() { Retry = { Delay = TimeSpan.FromSeconds(5), MaxDelay = TimeSpan.FromSeconds(15), MaxRetries = 5, Mode = RetryMode.Exponential } }; var client = new SecretClient(new Uri(kvUri), credential, options); //new DefaultAzureCredential() for authenticating VM string secretName = "secret003"; string secretValue = "123456"; //Console.ReadLine(); Console.Write("Creating a secret in " + keyVaultName + " called '" + secretName + "' with the value '" + secretValue + "` ..."); client.SetSecret(secretName, secretValue); Console.WriteLine(" done."); Console.WriteLine("Forgetting your secret."); secretValue = ""; Console.WriteLine("Your secret is '" + secretValue + "'."); Console.WriteLine("Retrieving your secret from " + keyVaultName + "."); KeyVaultSecret secret = client.GetSecret(secretName); Console.WriteLine("Your secret is '" + secret.Value + "'."); Console.Write("Deleting your secret from " + keyVaultName + " ..."); client.StartDeleteSecret(secretName); System.Threading.Thread.Sleep(5000); Console.WriteLine(" done."); }
public static string Get(string secretName, string keyURI) { if (keyURI == "ignore") { return(keyURI); } else { var client = new SecretClient(new Uri(keyURI), new DefaultAzureCredential()); KeyVaultSecret secret = client.GetSecret(secretName); return(secret.Value); } }
public static async Task <IDictionary <string, string> > ReadSecrets(IEnumerable <string> keyNames) { var credential = GetCredential(AuthType.Certificate); var secretClient = new SecretClient(new Uri(keyVaultEndpoint), credential); var secrets = new Dictionary <string, string>(); foreach (var keyName in keyNames) { KeyVaultSecret keyVaultSecret = await secretClient.GetSecretAsync(keyName); secrets.Add(keyName, keyVaultSecret.Value); } return(secrets); }
public async Task SetSecret() { string secretName = Recording.GenerateId(); KeyVaultSecret version1 = await Client.SetSecretAsync(secretName, "value1"); RegisterForCleanup(version1.Name); KeyVaultSecret version2 = await Client.SetSecretAsync(secretName, "value2"); await Client.SetSecretAsync(secretName, "value3"); KeyVaultSecret secret = await Client.GetSecretAsync(secretName, version2.Properties.Version); Assert.AreEqual("value2", secret.Value); }
public async Task CreateSecret(string key, string value, DateTimeOffset expiry, CancellationToken cancellationToken) { var existingSecret = await FetchRawSecret(key, cancellationToken); if (existingSecret?.Properties.ExpiresOn >= expiry) { return; } var secret = new KeyVaultSecret(key, value); secret.Properties.ExpiresOn = expiry; await client.SetSecretAsync(secret, cancellationToken); }
static void Main(string[] args) { Environment.SetEnvironmentVariable("KEY_VAULT_NAME", "kv-practice"); Environment.SetEnvironmentVariable("AZURE_CLIENT_ID", "23e73037-0a51-403a-960d-27df744a3a00"); Environment.SetEnvironmentVariable("AZURE_CLIENT_SECRET", "78d2dc18-7d33-4e8d-96d9-c5dc222fda13"); Environment.SetEnvironmentVariable("AZURE_TENANT_ID", "d61de018-082f-46bb-80e0-bbde4455d074"); string keyVaultName = Environment.GetEnvironmentVariable("KEY_VAULT_NAME"); var kvUri = "https://" + keyVaultName + ".vault.azure.net"; var client = new SecretClient(new Uri(kvUri), new DefaultAzureCredential()); KeyVaultSecret secret = client.GetSecret("stuff"); Console.WriteLine(secret); Console.WriteLine(secret.Value); }
private static string GetAzureKeyVaultValue(string secretName) { string secretValue = null; try { SecretClient client = new SecretClient(vaultUri: new Uri(keyVaultUri), credential: new DefaultAzureCredential()); KeyVaultSecret secretClient = client.GetSecret(secretName).Value; secretValue = secretClient.Value; } catch (Exception ex) { Console.WriteLine(ex.Message); } return(secretValue); }
private static void CreateNewSecretVersion(SecretClient client, KeyVaultSecret secret, string newSecretValue) { var credentialId = secret.Properties.Tags.ContainsKey(CredentialIdTag) ? secret.Properties.Tags[CredentialIdTag] : ""; var providerAddress = secret.Properties.Tags.ContainsKey(ProviderAddressTag) ? secret.Properties.Tags[ProviderAddressTag] : ""; var validityPeriodDays = secret.Properties.Tags.ContainsKey(ValidityPeriodDaysTag) ? secret.Properties.Tags[ValidityPeriodDaysTag] : "60"; //add new secret version to key vault var newSecret = new KeyVaultSecret(secret.Name, newSecretValue); newSecret.Properties.Tags.Add(CredentialIdTag, credentialId); newSecret.Properties.Tags.Add(ProviderAddressTag, providerAddress); newSecret.Properties.Tags.Add(ValidityPeriodDaysTag, validityPeriodDays); newSecret.Properties.ExpiresOn = DateTime.UtcNow.AddDays(Int32.Parse(validityPeriodDays)); client.SetSecret(newSecret); }
public void BackupAndRestoreSync() { // Environment variable with the Key Vault endpoint. string keyVaultUrl = Environment.GetEnvironmentVariable("AZURE_KEYVAULT_URL"); string backupPath = Path.GetTempFileName(); // Instantiate a secret client that will be used to call the service. Notice that the client is using default Azure // credentials. To make default credentials work, ensure that environment variables 'AZURE_CLIENT_ID', // 'AZURE_CLIENT_KEY' and 'AZURE_TENANT_ID' are set with the service principal credentials. var client = new SecretClient(new Uri(keyVaultUrl), new DefaultAzureCredential()); // Let's create a secret holding bank account credentials valid for 1 year. if the secret // already exists in the key vault, then a new version of the secret is created. string secretName = $"StorageAccountPasswor{Guid.NewGuid()}"; var secret = new KeyVaultSecret(secretName, "f4G34fMh8v") { Properties = { ExpiresOn = DateTimeOffset.Now.AddYears(1) } }; KeyVaultSecret storedSecret = client.SetSecret(secret); // Backups are good to have if in case secrets get accidentally deleted by you. // For long term storage, it is ideal to write the backup to a file. File.WriteAllBytes(backupPath, client.BackupSecret(secretName)); // The storage account secret is no longer in use, so you delete it. DeleteSecretOperation operation = client.StartDeleteSecret(secretName); // To ensure the secret is deleted on server before we try to purge it. while (!operation.HasCompleted) { Thread.Sleep(2000); operation.UpdateStatus(); } // If the keyvault is soft-delete enabled, then for permanent deletion, deleted secret needs to be purged. client.PurgeDeletedSecret(secretName); // After sometime, the secret is required again. We can use the backup value to restore it in the key vault. SecretProperties restoreSecret = client.RestoreSecretBackup(File.ReadAllBytes(backupPath)); AssertSecretsEqual(storedSecret.Properties, restoreSecret); }
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } app.UseRouting(); SecretClientOptions options = new SecretClientOptions() { Retry = { Delay = TimeSpan.FromSeconds(2), MaxDelay = TimeSpan.FromSeconds(16), // Mode = RetryMode.Exponential, MaxRetries = 5 } }; string secretValue = null; try { var client = new SecretClient(new Uri("https://kv-abs.vault.azure.net/"), new DefaultAzureCredential(), options); KeyVaultSecret secret = client.GetSecret("db-credentials"); secretValue = secret.Value; } catch (System.Exception ex) { secretValue = "Cannot access key vault. " + Environment.NewLine + ex.Message; } app.UseEndpoints(endpoints => { // Set up the response for base path endpoints.MapGet("/", async context => { await context.Response.WriteAsync("Hello World from a .Net core web app!!!"); }); // Set up the response to demonstrate Azure Key Vault endpoints.MapGet("/keyvault", async context => { await context.Response.WriteAsync(secretValue); }); }); }
public static async Task Main(string[] args) { EnsureArg.IsNotNull(args, nameof(args)); var options = new SecretClientOptions() { Retry = { Delay = TimeSpan.FromSeconds(2), MaxDelay = TimeSpan.FromSeconds(16), MaxRetries = 5, Mode = RetryMode.Exponential, }, }; var client = new SecretClient(new Uri(KnownApplicationUrls.KeyVaultUrl), new DefaultAzureCredential(), options); KeyVaultSecret secret = await client.GetSecretAsync(KnownSecretNames.BlobStoreConnectionString); s_containerConnectionString = secret.Value; string filepath = args[0]; var container = new BlobContainerClient(s_containerConnectionString, ContainerName); int i = 0; var studies = new HashSet <string>(); var series = new HashSet <string>(); using (var sw = new StreamWriter(filepath)) { await foreach (BlobItem blob in container.GetBlobsAsync()) { string[] parsedInstanceName = blob.Name.Split(KnownSeparators.MessageSeparators, StringSplitOptions.RemoveEmptyEntries); studies.Add(parsedInstanceName[0]); series.Add(parsedInstanceName[0] + " " + parsedInstanceName[1]); await sw.WriteLineAsync(blob.Name); i++; Console.WriteLine(blob.Name + " Count:" + i); } } string seriesPath = args[1]; File.WriteAllLines(seriesPath, series); string studiesPath = args[2]; File.WriteAllLines(studiesPath, studies); }
/// <summary> /// Load a certificate from Key Vault, including the private key. /// </summary> /// <param name="keyVaultUrl">URL of Key Vault.</param> /// <param name="certificateName">Name of the certificate.</param> /// <returns>An <see cref="X509Certificate2"/> certificate.</returns> /// <remarks>This code is inspired by Heath Stewart's code in: /// https://github.com/heaths/azsdk-sample-getcert/blob/master/Program.cs#L46-L82. /// </remarks> private static X509Certificate2 LoadFromKeyVault(string keyVaultUrl, string certificateName) { Uri keyVaultUri = new Uri(keyVaultUrl); DefaultAzureCredential credential = new DefaultAzureCredential(); CertificateClient certificateClient = new CertificateClient(keyVaultUri, credential); SecretClient secretClient = new SecretClient(keyVaultUri, credential); KeyVaultCertificateWithPolicy certificate = certificateClient.GetCertificate(certificateName); // Return a certificate with only the public key if the private key is not exportable. if (certificate.Policy?.Exportable != true) { return(new X509Certificate2( certificate.Cer, (string?)null, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.EphemeralKeySet)); } // Parse the secret ID and version to retrieve the private key. string[] segments = certificate.SecretId.AbsolutePath.Split('/', StringSplitOptions.RemoveEmptyEntries); if (segments.Length != 3) { throw new InvalidOperationException(string.Format( CultureInfo.InvariantCulture, IDWebErrorMessage.IncorrectNumberOfUriSegments, segments.Length, certificate.SecretId)); } string secretName = segments[1]; string secretVersion = segments[2]; KeyVaultSecret secret = secretClient.GetSecret(secretName, secretVersion); // For PEM, you'll need to extract the base64-encoded message body. // .NET 5.0 preview introduces the System.Security.Cryptography.PemEncoding class to make this easier. if (Constants.MediaTypePksc12.Equals(secret.Properties.ContentType, StringComparison.InvariantCultureIgnoreCase)) { byte[] pfx = Convert.FromBase64String(secret.Value); return(new X509Certificate2(pfx)); } throw new NotSupportedException( string.Format( CultureInfo.InvariantCulture, IDWebErrorMessage.OnlyPkcs12IsSupported, secret.Properties.ContentType)); }
private void HelloWorldSync(string keyVaultUrl) { #region Snippet:SecretsSample1SecretClient var client = new SecretClient(new Uri(keyVaultUrl), new DefaultAzureCredential()); #endregion #region Snippet:SecretsSample1CreateSecret string secretName = $"BankAccountPassword-{Guid.NewGuid()}"; var secret = new KeyVaultSecret(secretName, "f4G34fMh8v"); secret.Properties.ExpiresOn = DateTimeOffset.Now.AddYears(1); client.SetSecret(secret); #endregion #region Snippet:SecretsSample1GetSecret KeyVaultSecret bankSecret = client.GetSecret(secretName); Debug.WriteLine($"Secret is returned with name {bankSecret.Name} and value {bankSecret.Value}"); #endregion #region Snippet:SecretsSample1UpdateSecretProperties bankSecret.Properties.ExpiresOn = bankSecret.Properties.ExpiresOn.Value.AddYears(1); SecretProperties updatedSecret = client.UpdateSecretProperties(bankSecret.Properties); Debug.WriteLine($"Secret's updated expiry time is {updatedSecret.ExpiresOn}"); #endregion #region Snippet:SecretsSample1UpdateSecret var secretNewValue = new KeyVaultSecret(secretName, "bhjd4DDgsa"); secretNewValue.Properties.ExpiresOn = DateTimeOffset.Now.AddYears(1); client.SetSecret(secretNewValue); #endregion #region Snippet:SecretsSample1DeleteSecret DeleteSecretOperation operation = client.StartDeleteSecret(secretName); #endregion #region Snippet:SecretsSample1PurgeSecret while (!operation.HasCompleted) { Thread.Sleep(2000); operation.UpdateStatus(); } client.PurgeDeletedSecret(secretName); #endregion }
private string GetGitHubAppWebhookSecret() { if (gitHubAppWebhookSecret == null) { lock (gitHubAppWebhookSecretLock) { if (gitHubAppWebhookSecret == null) { KeyVaultSecret secret = secretClient.GetSecret(GitHubWebhookSecretName); gitHubAppWebhookSecret = secret.Value; } } } return(gitHubAppWebhookSecret); }
private static void CheckServiceConnection(KeyVaultSecret secret) { var userId = secret.Properties.Tags.ContainsKey(UserIdTagName) ? secret.Properties.Tags[UserIdTagName] : ""; var datasource = secret.Properties.Tags.ContainsKey(DataSourceTagName) ? secret.Properties.Tags[DataSourceTagName] : ""; var password = secret.Value; SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder(); builder.DataSource = datasource; builder.UserID = userId; builder.Password = password; using (SqlConnection connection = new SqlConnection(builder.ConnectionString)) { connection.Open(); } }
public async Task DeleteSecret() { string secretName = Recording.GenerateId(); KeyVaultSecret secret = await Client.SetSecretAsync(secretName, "value"); RegisterForCleanup(secret.Name, delete: false); DeletedSecret deletedSecret = await Client.DeleteSecretAsync(secretName); AssertSecretPropertiesEqual(secret.Properties, deletedSecret.Properties); Assert.NotNull(deletedSecret.DeletedOn); Assert.NotNull(deletedSecret.ScheduledPurgeDate); Assert.ThrowsAsync <RequestFailedException>(() => Client.GetSecretAsync(secretName)); }
private string PrintKeyVaultSecretMetadata(KeyVaultSecret secret) { StringBuilder strBuilder = new StringBuilder(); strBuilder.AppendFormat($"id: {secret.Id}\n"); strBuilder.AppendFormat($"\tcontent type: {secret.Properties.ContentType}\n"); strBuilder.AppendFormat($"\tmanaged: {secret.Properties.Managed}\n"); strBuilder.AppendFormat($"\tenabled: {secret.Properties.Enabled}\n"); strBuilder.AppendFormat($"\tnbf: {secret.Properties.NotBefore}\n"); strBuilder.AppendFormat($"\texp: {secret.Properties.ExpiresOn}\n"); strBuilder.AppendFormat($"\tcreated: {secret.Properties.CreatedOn}\n"); strBuilder.AppendFormat($"\tupdated: {secret.Properties.UpdatedOn}\n"); strBuilder.AppendFormat($"\trecoveryLevel: {secret.Properties.RecoveryLevel}\n"); return(strBuilder.ToString()); }
public async Task Set(string key, string value) { var client = CreateSecretClient(); var secret = new KeyVaultSecret(key, value); secret.Properties.ExpiresOn = DateTimeOffset.Now.AddYears(1); try { await client.SetSecretAsync(secret); } catch (Exception ex) { throw new KeyVaultSetException(key, ex); } }
public void CreateClient() { // Environment variable with the Key Vault endpoint. string keyVaultUrl = Environment.GetEnvironmentVariable("AZURE_KEYVAULT_URL"); #region CreateClient // Create a new secret client using the default credential from Azure.Identity using environment variables previously set, // including AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, and AZURE_TENANT_ID. var client = new SecretClient(vaultEndpoint: new Uri(keyVaultUrl), credential: new DefaultAzureCredential()); // Create a new secret using the secret client KeyVaultSecret secret = client.SetSecret("secret-name", "secret-value"); #endregion this.client = client; }
private async Task <X509Certificate2> GetCertificateAsync( SecretClient secretClient, string certName, string version) { // Create a new secret using the secret client. var secretName = certName; KeyVaultSecret secret = await secretClient.GetSecretAsync(secretName, version); var privateKeyBytes = Convert.FromBase64String(secret.Value); var certificateWithPrivateKey = new X509Certificate2(privateKeyBytes, (string)null, X509KeyStorageFlags.MachineKeySet); return(certificateWithPrivateKey); }
public string GetSecret(string secretName) { try { if (client == null) { client = new SecretClient(new Uri(keyVaultUrl), new DefaultAzureCredential()); } KeyVaultSecret keySecret = client.GetSecret(secretName); return(keySecret.Value); } catch (Exception e) { _logger?.LogError(e, e.Message); throw; } }
private static void CheckServiceConnection(KeyVaultSecret secret) { var userId = secret.Properties.Tags.ContainsKey(CredentialIdTag) ? secret.Properties.Tags[CredentialIdTag] : ""; var dbResourceId = secret.Properties.Tags.ContainsKey(ProviderAddressTag) ? secret.Properties.Tags[ProviderAddressTag] : ""; var dbName = dbResourceId.Split('/')[8]; var password = secret.Value; SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder(); builder.DataSource = $"{dbName}.database.windows.net"; builder.UserID = userId; builder.Password = password; using (SqlConnection connection = new SqlConnection(builder.ConnectionString)) { connection.Open(); } }
private void BackupAndRestoreSync(string keyVaultUrl) { #region Snippet:SecretsSample2SecretClient var client = new SecretClient(new Uri(keyVaultUrl), new DefaultAzureCredential()); #endregion #region Snippet:SecretsSample2CreateSecret string secretName = $"StorageAccountPassword{Guid.NewGuid()}"; var secret = new KeyVaultSecret(secretName, "f4G34fMh8v"); secret.Properties.ExpiresOn = DateTimeOffset.Now.AddYears(1); KeyVaultSecret storedSecret = client.SetSecret(secret); #endregion #region Snippet:SecretsSample2BackupSecret string backupPath = Path.GetTempFileName(); byte[] secretBackup = client.BackupSecret(secretName); File.WriteAllBytes(backupPath, secretBackup); #endregion // The storage account secret is no longer in use so you delete it. DeleteSecretOperation operation = client.StartDeleteSecret(secretName); // Before it can be purged, you need to wait until the secret is fully deleted. while (!operation.HasCompleted) { Thread.Sleep(2000); operation.UpdateStatus(); } // If the Key Vault is soft delete-enabled and you want to permanently delete the secret before its `ScheduledPurgeDate`, // the deleted secret needs to be purged. client.PurgeDeletedSecret(secretName); #region Snippet:SecretsSample2RestoreSecret byte[] secretBackupToRestore = File.ReadAllBytes(backupPath); SecretProperties restoreSecret = client.RestoreSecretBackup(secretBackupToRestore); #endregion AssertSecretsEqual(storedSecret.Properties, restoreSecret); }