public async Task UpdateSecret()
{
string secretName = Recording.GenerateId();
KeyVaultSecret secret = await Client.SetSecretAsync(secretName, "CrudBasicValue1");
RegisterForCleanup(secret.Name);
secret.Properties.ExpiresOn = secret.Properties.CreatedOn;
SecretProperties updateResult = await Client.UpdateSecretPropertiesAsync(secret.Properties);
AssertSecretPropertiesEqual(secret.Properties, updateResult);
}
private void CreateNewSecretVersion(KeyVaultSecret secret, string newPassword)
{
var credentialId = secret.Properties.Tags.ContainsKey(CredentialIdTag) ? secret.Properties.Tags[CredentialIdTag] : "";
var dataSource = secret.Properties.Tags.ContainsKey(DataSourceTag) ? secret.Properties.Tags[DataSourceTag] : "";
var validityPeriodDays = secret.Properties.Tags.ContainsKey(ValidityPeriodDaysTag) ? secret.Properties.Tags[ValidityPeriodDaysTag] : "60";
var newSecret = new KeyVaultSecret(secret.Name, newPassword);
newSecret.Properties.Tags.Add(CredentialIdTag, credentialId);
newSecret.Properties.Tags.Add(DataSourceTag, dataSource);
newSecret.Properties.Tags.Add(ValidityPeriodDaysTag, validityPeriodDays);
newSecret.Properties.ExpiresOn = DateTime.UtcNow.AddDays(int.Parse(validityPeriodDays));
_client.SetSecret(newSecret);
}
public async Task <Guid> Persist <T>(DateTimeOffset expiry, T persistedObject)
{
var newId = Guid.NewGuid();
var newSecret = new KeyVaultSecret($"{Configuration.Prefix}{newId}",
await _cryptographicImplementation.Encrypt(newId.ToString(), JsonSerializer.Serialize(persistedObject)));
newSecret.Properties.ExpiresOn = expiry;
var client = await GetClient();
await client.SetSecretAsync(newSecret);
return(newId);
}
public async Task <Guid> Persist <T>(DateTimeOffset expiry, T persistedObject)
{
var newId = Guid.NewGuid();
var newSecret = new KeyVaultSecret($"{PERSISTENCE_PREFIX}{newId}",
await _encryption.Encrypt(
newId.ToString(),
JsonConvert.SerializeObject(persistedObject)));
newSecret.Properties.ExpiresOn = expiry;
await GetClient().SetSecretAsync(newSecret);
return(newId);
}
public static X509Certificate2 GetAppOnlyCertificate(string keyVaultName, string certificateName)
{
var keyVaultUrl = $"https://{keyVaultName}.vault.azure.net";
var client = new SecretClient(new Uri(keyVaultUrl), new DefaultAzureCredential());
KeyVaultSecret keyVaultSecret = client.GetSecret(certificateName);
X509Certificate2 certificate = new X509Certificate2(Convert.FromBase64String(keyVaultSecret.Value), string.Empty,
X509KeyStorageFlags.MachineKeySet |
X509KeyStorageFlags.PersistKeySet |
X509KeyStorageFlags.Exportable);
return(certificate);
}
public static async Task <bool> CreateOrUpdateAppSettingAsync(string key, string value, AppSettings config = null)
{
try
{
if (config == null)
{
config = SecretsProvider.GetSecrets();
}
var token = AzureAccessTokenProvider.GetToken(config);
using (var client = new HttpClient())
{
var name = key
.Replace(":", "--")
.Replace(".", "---");
name = $"{config.SecretName}--AppSettings--{name}";
var secret = string.Format(API.Secret, config.KeyVaultUrl, name);
client.DefaultRequestHeaders.Add("Authorization", token.ToString());
var keyVaultSecret = new KeyVaultSecret
{
Id = secret,
Value = value
};
var json = JsonConvert.SerializeObject(keyVaultSecret);
var response = await client.PutAsync(secret, new StringContent(json, Encoding.UTF8, "application/json"));
if (response.IsSuccessStatusCode)
{
AppSettings[key] = value;
return(true);
}
else if (response.ReasonPhrase == "FORBIDDEN")
{
throw new ForbiddenKeyMasterException();
}
}
}
catch (Exception ex)
{
var logger = LoggerSource.Instance.GetLogger("KeyMaster");
logger.Error(ex.Message, ex);
throw new KeyMasterException("Unable to delete secret", ex);
}
return(false);
}
public async Task SingleRequest()
{
MockTransport transport = new MockTransportBuilder().Build();
SecretClientOptions options = new SecretClientOptions
{
Transport = transport,
};
SecretClient client = new SecretClient(VaultUri, new MockCredential(transport), options);
KeyVaultSecret secret = await client.GetSecretAsync("test-secret").ConfigureAwait(false);
Assert.AreEqual("secret-value", secret.Value);
}
static void test()
{
const string keyVaultName = "key-vault-test02";
const string AZURE_TENANT_ID = "d99eee11-8587-4c34-9201-xxxxxxxxxxxx";
const string AZURE_CLIENT_ID = "80f16cbd-e549-4c93-9e7b-xxxxxxxxxxxx";
const string AZURE_CLIENT_SECRET = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
ClientSecretCredential credential = new ClientSecretCredential(AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET);
var kvUri = String.Format("https://{0}.vault.azure.net", keyVaultName);
SecretClientOptions options = new SecretClientOptions()
{
Retry =
{
Delay = TimeSpan.FromSeconds(5),
MaxDelay = TimeSpan.FromSeconds(15),
MaxRetries = 5,
Mode = RetryMode.Exponential
}
};
var client = new SecretClient(new Uri(kvUri), credential, options); //new DefaultAzureCredential() for authenticating VM
string secretName = "secret003";
string secretValue = "123456"; //Console.ReadLine();
Console.Write("Creating a secret in " + keyVaultName + " called '" + secretName + "' with the value '" + secretValue + "` ...");
client.SetSecret(secretName, secretValue);
Console.WriteLine(" done.");
Console.WriteLine("Forgetting your secret.");
secretValue = "";
Console.WriteLine("Your secret is '" + secretValue + "'.");
Console.WriteLine("Retrieving your secret from " + keyVaultName + ".");
KeyVaultSecret secret = client.GetSecret(secretName);
Console.WriteLine("Your secret is '" + secret.Value + "'.");
Console.Write("Deleting your secret from " + keyVaultName + " ...");
client.StartDeleteSecret(secretName);
System.Threading.Thread.Sleep(5000);
Console.WriteLine(" done.");
}
public static string Get(string secretName, string keyURI)
{
if (keyURI == "ignore")
{
return(keyURI);
}
else
{
var client = new SecretClient(new Uri(keyURI), new DefaultAzureCredential());
KeyVaultSecret secret = client.GetSecret(secretName);
return(secret.Value);
}
}
public static async Task <IDictionary <string, string> > ReadSecrets(IEnumerable <string> keyNames)
{
var credential = GetCredential(AuthType.Certificate);
var secretClient = new SecretClient(new Uri(keyVaultEndpoint), credential);
var secrets = new Dictionary <string, string>();
foreach (var keyName in keyNames)
{
KeyVaultSecret keyVaultSecret = await secretClient.GetSecretAsync(keyName);
secrets.Add(keyName, keyVaultSecret.Value);
}
return(secrets);
}
public async Task SetSecret()
{
string secretName = Recording.GenerateId();
KeyVaultSecret version1 = await Client.SetSecretAsync(secretName, "value1");
RegisterForCleanup(version1.Name);
KeyVaultSecret version2 = await Client.SetSecretAsync(secretName, "value2");
await Client.SetSecretAsync(secretName, "value3");
KeyVaultSecret secret = await Client.GetSecretAsync(secretName, version2.Properties.Version);
Assert.AreEqual("value2", secret.Value);
}
public async Task CreateSecret(string key, string value, DateTimeOffset expiry, CancellationToken cancellationToken)
{
var existingSecret = await FetchRawSecret(key, cancellationToken);
if (existingSecret?.Properties.ExpiresOn >= expiry)
{
return;
}
var secret = new KeyVaultSecret(key, value);
secret.Properties.ExpiresOn = expiry;
await client.SetSecretAsync(secret, cancellationToken);
}
static void Main(string[] args)
{
Environment.SetEnvironmentVariable("KEY_VAULT_NAME", "kv-practice");
Environment.SetEnvironmentVariable("AZURE_CLIENT_ID", "23e73037-0a51-403a-960d-27df744a3a00");
Environment.SetEnvironmentVariable("AZURE_CLIENT_SECRET", "78d2dc18-7d33-4e8d-96d9-c5dc222fda13");
Environment.SetEnvironmentVariable("AZURE_TENANT_ID", "d61de018-082f-46bb-80e0-bbde4455d074");
string keyVaultName = Environment.GetEnvironmentVariable("KEY_VAULT_NAME");
var kvUri = "https://" + keyVaultName + ".vault.azure.net";
var client = new SecretClient(new Uri(kvUri), new DefaultAzureCredential());
KeyVaultSecret secret = client.GetSecret("stuff");
Console.WriteLine(secret);
Console.WriteLine(secret.Value);
}
private static string GetAzureKeyVaultValue(string secretName)
{
string secretValue = null;
try {
SecretClient client = new SecretClient(vaultUri: new Uri(keyVaultUri), credential: new DefaultAzureCredential());
KeyVaultSecret secretClient = client.GetSecret(secretName).Value;
secretValue = secretClient.Value;
} catch (Exception ex) {
Console.WriteLine(ex.Message);
}
return(secretValue);
}
private static void CreateNewSecretVersion(SecretClient client, KeyVaultSecret secret, string newSecretValue)
{
var credentialId = secret.Properties.Tags.ContainsKey(CredentialIdTag) ? secret.Properties.Tags[CredentialIdTag] : "";
var providerAddress = secret.Properties.Tags.ContainsKey(ProviderAddressTag) ? secret.Properties.Tags[ProviderAddressTag] : "";
var validityPeriodDays = secret.Properties.Tags.ContainsKey(ValidityPeriodDaysTag) ? secret.Properties.Tags[ValidityPeriodDaysTag] : "60";
//add new secret version to key vault
var newSecret = new KeyVaultSecret(secret.Name, newSecretValue);
newSecret.Properties.Tags.Add(CredentialIdTag, credentialId);
newSecret.Properties.Tags.Add(ProviderAddressTag, providerAddress);
newSecret.Properties.Tags.Add(ValidityPeriodDaysTag, validityPeriodDays);
newSecret.Properties.ExpiresOn = DateTime.UtcNow.AddDays(Int32.Parse(validityPeriodDays));
client.SetSecret(newSecret);
}
public void BackupAndRestoreSync()
{
// Environment variable with the Key Vault endpoint.
string keyVaultUrl = Environment.GetEnvironmentVariable("AZURE_KEYVAULT_URL");
string backupPath = Path.GetTempFileName();
// Instantiate a secret client that will be used to call the service. Notice that the client is using default Azure
// credentials. To make default credentials work, ensure that environment variables 'AZURE_CLIENT_ID',
// 'AZURE_CLIENT_KEY' and 'AZURE_TENANT_ID' are set with the service principal credentials.
var client = new SecretClient(new Uri(keyVaultUrl), new DefaultAzureCredential());
// Let's create a secret holding bank account credentials valid for 1 year. if the secret
// already exists in the key vault, then a new version of the secret is created.
string secretName = $"StorageAccountPasswor{Guid.NewGuid()}";
var secret = new KeyVaultSecret(secretName, "f4G34fMh8v")
{
Properties =
{
ExpiresOn = DateTimeOffset.Now.AddYears(1)
}
};
KeyVaultSecret storedSecret = client.SetSecret(secret);
// Backups are good to have if in case secrets get accidentally deleted by you.
// For long term storage, it is ideal to write the backup to a file.
File.WriteAllBytes(backupPath, client.BackupSecret(secretName));
// The storage account secret is no longer in use, so you delete it.
DeleteSecretOperation operation = client.StartDeleteSecret(secretName);
// To ensure the secret is deleted on server before we try to purge it.
while (!operation.HasCompleted)
{
Thread.Sleep(2000);
operation.UpdateStatus();
}
// If the keyvault is soft-delete enabled, then for permanent deletion, deleted secret needs to be purged.
client.PurgeDeletedSecret(secretName);
// After sometime, the secret is required again. We can use the backup value to restore it in the key vault.
SecretProperties restoreSecret = client.RestoreSecretBackup(File.ReadAllBytes(backupPath));
AssertSecretsEqual(storedSecret.Properties, restoreSecret);
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseRouting();
SecretClientOptions options = new SecretClientOptions()
{
Retry =
{
Delay = TimeSpan.FromSeconds(2),
MaxDelay = TimeSpan.FromSeconds(16),
// Mode = RetryMode.Exponential,
MaxRetries = 5
}
};
string secretValue = null;
try
{
var client = new SecretClient(new Uri("https://kv-abs.vault.azure.net/"), new DefaultAzureCredential(), options);
KeyVaultSecret secret = client.GetSecret("db-credentials");
secretValue = secret.Value;
}
catch (System.Exception ex)
{
secretValue = "Cannot access key vault. " + Environment.NewLine + ex.Message;
}
app.UseEndpoints(endpoints =>
{
// Set up the response for base path
endpoints.MapGet("/", async context =>
{
await context.Response.WriteAsync("Hello World from a .Net core web app!!!");
});
// Set up the response to demonstrate Azure Key Vault
endpoints.MapGet("/keyvault", async context =>
{
await context.Response.WriteAsync(secretValue);
});
});
}
public static async Task Main(string[] args)
{
EnsureArg.IsNotNull(args, nameof(args));
var options = new SecretClientOptions()
{
Retry =
{
Delay = TimeSpan.FromSeconds(2),
MaxDelay = TimeSpan.FromSeconds(16),
MaxRetries = 5,
Mode = RetryMode.Exponential,
},
};
var client = new SecretClient(new Uri(KnownApplicationUrls.KeyVaultUrl), new DefaultAzureCredential(), options);
KeyVaultSecret secret = await client.GetSecretAsync(KnownSecretNames.BlobStoreConnectionString);
s_containerConnectionString = secret.Value;
string filepath = args[0];
var container = new BlobContainerClient(s_containerConnectionString, ContainerName);
int i = 0;
var studies = new HashSet <string>();
var series = new HashSet <string>();
using (var sw = new StreamWriter(filepath))
{
await foreach (BlobItem blob in container.GetBlobsAsync())
{
string[] parsedInstanceName = blob.Name.Split(KnownSeparators.MessageSeparators, StringSplitOptions.RemoveEmptyEntries);
studies.Add(parsedInstanceName[0]);
series.Add(parsedInstanceName[0] + " " + parsedInstanceName[1]);
await sw.WriteLineAsync(blob.Name);
i++;
Console.WriteLine(blob.Name + " Count:" + i);
}
}
string seriesPath = args[1];
File.WriteAllLines(seriesPath, series);
string studiesPath = args[2];
File.WriteAllLines(studiesPath, studies);
}
/// <summary>
/// Load a certificate from Key Vault, including the private key.
/// </summary>
/// <param name="keyVaultUrl">URL of Key Vault.</param>
/// <param name="certificateName">Name of the certificate.</param>
/// <returns>An <see cref="X509Certificate2"/> certificate.</returns>
/// <remarks>This code is inspired by Heath Stewart's code in:
/// https://github.com/heaths/azsdk-sample-getcert/blob/master/Program.cs#L46-L82.
/// </remarks>
private static X509Certificate2 LoadFromKeyVault(string keyVaultUrl, string certificateName)
{
Uri keyVaultUri = new Uri(keyVaultUrl);
DefaultAzureCredential credential = new DefaultAzureCredential();
CertificateClient certificateClient = new CertificateClient(keyVaultUri, credential);
SecretClient secretClient = new SecretClient(keyVaultUri, credential);
KeyVaultCertificateWithPolicy certificate = certificateClient.GetCertificate(certificateName);
// Return a certificate with only the public key if the private key is not exportable.
if (certificate.Policy?.Exportable != true)
{
return(new X509Certificate2(
certificate.Cer,
(string?)null,
X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.EphemeralKeySet));
}
// Parse the secret ID and version to retrieve the private key.
string[] segments = certificate.SecretId.AbsolutePath.Split('/', StringSplitOptions.RemoveEmptyEntries);
if (segments.Length != 3)
{
throw new InvalidOperationException(string.Format(
CultureInfo.InvariantCulture,
IDWebErrorMessage.IncorrectNumberOfUriSegments,
segments.Length,
certificate.SecretId));
}
string secretName = segments[1];
string secretVersion = segments[2];
KeyVaultSecret secret = secretClient.GetSecret(secretName, secretVersion);
// For PEM, you'll need to extract the base64-encoded message body.
// .NET 5.0 preview introduces the System.Security.Cryptography.PemEncoding class to make this easier.
if (Constants.MediaTypePksc12.Equals(secret.Properties.ContentType, StringComparison.InvariantCultureIgnoreCase))
{
byte[] pfx = Convert.FromBase64String(secret.Value);
return(new X509Certificate2(pfx));
}
throw new NotSupportedException(
string.Format(
CultureInfo.InvariantCulture,
IDWebErrorMessage.OnlyPkcs12IsSupported,
secret.Properties.ContentType));
}
private void HelloWorldSync(string keyVaultUrl)
{
#region Snippet:SecretsSample1SecretClient
var client = new SecretClient(new Uri(keyVaultUrl), new DefaultAzureCredential());
#endregion
#region Snippet:SecretsSample1CreateSecret
string secretName = $"BankAccountPassword-{Guid.NewGuid()}";
var secret = new KeyVaultSecret(secretName, "f4G34fMh8v");
secret.Properties.ExpiresOn = DateTimeOffset.Now.AddYears(1);
client.SetSecret(secret);
#endregion
#region Snippet:SecretsSample1GetSecret
KeyVaultSecret bankSecret = client.GetSecret(secretName);
Debug.WriteLine($"Secret is returned with name {bankSecret.Name} and value {bankSecret.Value}");
#endregion
#region Snippet:SecretsSample1UpdateSecretProperties
bankSecret.Properties.ExpiresOn = bankSecret.Properties.ExpiresOn.Value.AddYears(1);
SecretProperties updatedSecret = client.UpdateSecretProperties(bankSecret.Properties);
Debug.WriteLine($"Secret's updated expiry time is {updatedSecret.ExpiresOn}");
#endregion
#region Snippet:SecretsSample1UpdateSecret
var secretNewValue = new KeyVaultSecret(secretName, "bhjd4DDgsa");
secretNewValue.Properties.ExpiresOn = DateTimeOffset.Now.AddYears(1);
client.SetSecret(secretNewValue);
#endregion
#region Snippet:SecretsSample1DeleteSecret
DeleteSecretOperation operation = client.StartDeleteSecret(secretName);
#endregion
#region Snippet:SecretsSample1PurgeSecret
while (!operation.HasCompleted)
{
Thread.Sleep(2000);
operation.UpdateStatus();
}
client.PurgeDeletedSecret(secretName);
#endregion
}
private string GetGitHubAppWebhookSecret()
{
if (gitHubAppWebhookSecret == null)
{
lock (gitHubAppWebhookSecretLock)
{
if (gitHubAppWebhookSecret == null)
{
KeyVaultSecret secret = secretClient.GetSecret(GitHubWebhookSecretName);
gitHubAppWebhookSecret = secret.Value;
}
}
}
return(gitHubAppWebhookSecret);
}
private static void CheckServiceConnection(KeyVaultSecret secret)
{
var userId = secret.Properties.Tags.ContainsKey(UserIdTagName) ? secret.Properties.Tags[UserIdTagName] : "";
var datasource = secret.Properties.Tags.ContainsKey(DataSourceTagName) ? secret.Properties.Tags[DataSourceTagName] : "";
var password = secret.Value;
SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder();
builder.DataSource = datasource;
builder.UserID = userId;
builder.Password = password;
using (SqlConnection connection = new SqlConnection(builder.ConnectionString))
{
connection.Open();
}
}
public async Task DeleteSecret()
{
string secretName = Recording.GenerateId();
KeyVaultSecret secret = await Client.SetSecretAsync(secretName, "value");
RegisterForCleanup(secret.Name, delete: false);
DeletedSecret deletedSecret = await Client.DeleteSecretAsync(secretName);
AssertSecretPropertiesEqual(secret.Properties, deletedSecret.Properties);
Assert.NotNull(deletedSecret.DeletedOn);
Assert.NotNull(deletedSecret.ScheduledPurgeDate);
Assert.ThrowsAsync <RequestFailedException>(() => Client.GetSecretAsync(secretName));
}
private string PrintKeyVaultSecretMetadata(KeyVaultSecret secret)
{
StringBuilder strBuilder = new StringBuilder();
strBuilder.AppendFormat($"id: {secret.Id}\n");
strBuilder.AppendFormat($"\tcontent type: {secret.Properties.ContentType}\n");
strBuilder.AppendFormat($"\tmanaged: {secret.Properties.Managed}\n");
strBuilder.AppendFormat($"\tenabled: {secret.Properties.Enabled}\n");
strBuilder.AppendFormat($"\tnbf: {secret.Properties.NotBefore}\n");
strBuilder.AppendFormat($"\texp: {secret.Properties.ExpiresOn}\n");
strBuilder.AppendFormat($"\tcreated: {secret.Properties.CreatedOn}\n");
strBuilder.AppendFormat($"\tupdated: {secret.Properties.UpdatedOn}\n");
strBuilder.AppendFormat($"\trecoveryLevel: {secret.Properties.RecoveryLevel}\n");
return(strBuilder.ToString());
}
public async Task Set(string key, string value)
{
var client = CreateSecretClient();
var secret = new KeyVaultSecret(key, value);
secret.Properties.ExpiresOn = DateTimeOffset.Now.AddYears(1);
try
{
await client.SetSecretAsync(secret);
}
catch (Exception ex)
{
throw new KeyVaultSetException(key, ex);
}
}
public void CreateClient()
{
// Environment variable with the Key Vault endpoint.
string keyVaultUrl = Environment.GetEnvironmentVariable("AZURE_KEYVAULT_URL");
#region CreateClient
// Create a new secret client using the default credential from Azure.Identity using environment variables previously set,
// including AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, and AZURE_TENANT_ID.
var client = new SecretClient(vaultEndpoint: new Uri(keyVaultUrl), credential: new DefaultAzureCredential());
// Create a new secret using the secret client
KeyVaultSecret secret = client.SetSecret("secret-name", "secret-value");
#endregion
this.client = client;
}
private async Task <X509Certificate2> GetCertificateAsync(
SecretClient secretClient,
string certName,
string version)
{
// Create a new secret using the secret client.
var secretName = certName;
KeyVaultSecret secret = await secretClient.GetSecretAsync(secretName, version);
var privateKeyBytes = Convert.FromBase64String(secret.Value);
var certificateWithPrivateKey = new X509Certificate2(privateKeyBytes,
(string)null,
X509KeyStorageFlags.MachineKeySet);
return(certificateWithPrivateKey);
}
public string GetSecret(string secretName)
{
try
{
if (client == null)
{
client = new SecretClient(new Uri(keyVaultUrl), new DefaultAzureCredential());
}
KeyVaultSecret keySecret = client.GetSecret(secretName);
return(keySecret.Value);
}
catch (Exception e)
{
_logger?.LogError(e, e.Message);
throw;
}
}
private static void CheckServiceConnection(KeyVaultSecret secret)
{
var userId = secret.Properties.Tags.ContainsKey(CredentialIdTag) ? secret.Properties.Tags[CredentialIdTag] : "";
var dbResourceId = secret.Properties.Tags.ContainsKey(ProviderAddressTag) ? secret.Properties.Tags[ProviderAddressTag] : "";
var dbName = dbResourceId.Split('/')[8];
var password = secret.Value;
SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder();
builder.DataSource = $"{dbName}.database.windows.net";
builder.UserID = userId;
builder.Password = password;
using (SqlConnection connection = new SqlConnection(builder.ConnectionString))
{
connection.Open();
}
}
private void BackupAndRestoreSync(string keyVaultUrl)
{
#region Snippet:SecretsSample2SecretClient
var client = new SecretClient(new Uri(keyVaultUrl), new DefaultAzureCredential());
#endregion
#region Snippet:SecretsSample2CreateSecret
string secretName = $"StorageAccountPassword{Guid.NewGuid()}";
var secret = new KeyVaultSecret(secretName, "f4G34fMh8v");
secret.Properties.ExpiresOn = DateTimeOffset.Now.AddYears(1);
KeyVaultSecret storedSecret = client.SetSecret(secret);
#endregion
#region Snippet:SecretsSample2BackupSecret
string backupPath = Path.GetTempFileName();
byte[] secretBackup = client.BackupSecret(secretName);
File.WriteAllBytes(backupPath, secretBackup);
#endregion
// The storage account secret is no longer in use so you delete it.
DeleteSecretOperation operation = client.StartDeleteSecret(secretName);
// Before it can be purged, you need to wait until the secret is fully deleted.
while (!operation.HasCompleted)
{
Thread.Sleep(2000);
operation.UpdateStatus();
}
// If the Key Vault is soft delete-enabled and you want to permanently delete the secret before its `ScheduledPurgeDate`,
// the deleted secret needs to be purged.
client.PurgeDeletedSecret(secretName);
#region Snippet:SecretsSample2RestoreSecret
byte[] secretBackupToRestore = File.ReadAllBytes(backupPath);
SecretProperties restoreSecret = client.RestoreSecretBackup(secretBackupToRestore);
#endregion
AssertSecretsEqual(storedSecret.Properties, restoreSecret);
}
