Example #1
0
        static void Main(string[] args)
        {
            ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None);
            // run the vault recovery samples
            // soft delete flow with new vault
            Console.WriteLine("\n\n** Running recovery/purge sample for a new vault..");
            Task.Run(() => KeyVaultRecoverySamples.DemonstrateRecoveryAndPurgeForNewVaultAsync()).ConfigureAwait(false).GetAwaiter().GetResult();

            // enabling soft delete on existing vault + soft delete flow
            Console.WriteLine("\n\n** Running recovery/purge sample for an existing vault..");
            Task.Run(() => KeyVaultRecoverySamples.DemonstrateRecoveryAndPurgeForExistingVaultAsync()).ConfigureAwait(false).GetAwaiter().GetResult();

            // soft delete flow for a vault entity
            Console.WriteLine("\n\n** Running recovery/purge sample for a vault entity..");
            Task.Run(() => KeyVaultEntityRecoverySamples.DemonstrateRecoveryAndPurgeAsync()).ConfigureAwait(false).GetAwaiter().GetResult();

            // backup/restore flow for a vault entity
            Console.WriteLine("\n\n** Running backup/restore sample for a vault entity..");
            Task.Run(() => KeyVaultEntityRecoverySamples.DemonstrateBackupAndRestoreAsync()).ConfigureAwait(false).GetAwaiter().GetResult();
        }
        /// <summary>
        /// Demonstrates how to enable soft delete on an existing vault, and then proceeds to delete, recover and purge the vault.
        /// Assumes the caller has the KeyVaultContributor role in the subscription.
        /// </summary>
        /// <returns>Task representing this functionality.</returns>
        public static async Task DemonstrateRecoveryAndPurgeAsync()
        {
            // instantiate the samples object
            var sample = new KeyVaultEntityRecoverySamples();

            var rgName = sample.context.ResourceGroupName;

            // derive a unique vault name for this sample
            var vaultName  = sample.context.VaultName + "invault";
            var secretName = "recoverysample";

            // retrieve the vault (or create, if it doesn't exist)
            var vault = await sample.CreateOrRetrieveVaultAsync(rgName, vaultName, enableSoftDelete : true, enablePurgeProtection : false);

            var vaultUri = vault.Properties.VaultUri;

            SecretClient secretClient = sample.GetDataClient(new Uri(vaultUri));

            Console.WriteLine("Operating with vault name '{0}' in resource group '{1}' and location '{2}'", vaultName, rgName, vault.Location);

            try
            {
                // set a secret
                Console.Write("Setting a new value for secret '{0}'...", secretName);
                await secretClient.SetSecretAsync(secretName, Guid.NewGuid().ToString());

                Console.WriteLine("done.");

                // confirm existence
                Console.Write("Verifying secret creation...");
                Response <KeyVaultSecret> retrievedSecretResponse = await secretClient.GetSecretAsync(secretName);

                Console.WriteLine("done.");

                // confirm recovery is possible
                Console.Write("Verifying the secret deletion is recoverable...");
                var recoveryLevel = retrievedSecretResponse.Value.Properties.RecoveryLevel;
                if (!recoveryLevel.ToLowerInvariant().Contains("Recoverable".ToLowerInvariant()))
                {
                    Console.WriteLine("failed; soft-delete is not enabled for this vault.");

                    return;
                }
                Console.WriteLine("done.");


                // delete secret
                Console.Write("Deleting secret...");
                DeleteSecretOperation deleteSecretOperation = await secretClient.StartDeleteSecretAsync(secretName);

                // When deleting a secret asynchronously before you purge it, you can await the WaitForCompletionAsync method on the operation
                await deleteSecretOperation.WaitForCompletionAsync();

                Console.WriteLine("done.");

                // recover secret
                Console.Write("Recovering deleted secret...");
                RecoverDeletedSecretOperation recoverDeletedSecretOperation = await secretClient.StartRecoverDeletedSecretAsync(secretName);

                await recoverDeletedSecretOperation.WaitForCompletionAsync();

                Console.WriteLine("done.");

                // confirm recovery
                Console.Write("Retrieving recovered secret...");
                await secretClient.GetSecretAsync(secretName);

                Console.WriteLine("done.");

                // delete secret
                Console.Write("Deleting recorvered secret...");
                DeleteSecretOperation deleteRecoveredSecretOperation = await secretClient.StartDeleteSecretAsync(secretName);

                await deleteRecoveredSecretOperation.WaitForCompletionAsync();

                Console.WriteLine("done.");

                // retrieve deleted secret
                Console.Write("Retrieving the deleted secret...");
                await secretClient.GetDeletedSecretAsync(secretName);

                Console.WriteLine("done.");
            }
            catch (RequestFailedException ex)

            {
                Console.WriteLine("Unexpected Key Vault exception encountered: {0}", ex.Message);

                throw;
            }
            catch (Exception e)
            {
                Console.WriteLine("Unexpected exception encountered: {0}", e.Message);

                throw;
            }
        }
        /// <summary>
        /// Demonstrates how to back up and restore a secret.
        /// </summary>
        /// <returns>Task representing this functionality.</returns>
        public static async Task DemonstrateBackupAndRestoreAsync()
        {
            // instantiate the samples object
            var sample = new KeyVaultEntityRecoverySamples();

            var rgName = sample.context.ResourceGroupName;

            // derive a unique vault name for this sample
            var vaultName  = sample.context.VaultName + "backuprestore";
            var secretName = "backupsample";

            // retrieve the vault (or create, if it doesn't exist)
            var vault = await sample.CreateOrRetrieveVaultAsync(rgName, vaultName, enableSoftDelete : false, enablePurgeProtection : false);

            var vaultUri = vault.Properties.VaultUri;

            SecretClient secretClient = sample.GetDataClient(new Uri(vaultUri));

            Console.WriteLine("Operating with vault name '{0}' in resource group '{1}' and location '{2}'", vaultName, rgName, vault.Location);

            try
            {
                // set a secret
                Console.Write("Setting a new value for secret '{0}'...", secretName);
                await secretClient.SetSecretAsync(secretName, Guid.NewGuid().ToString());

                Console.WriteLine("done.");

                // confirm existence
                Console.Write("Verifying secret creation...");
                await secretClient.GetSecretAsync(secretName);

                Console.WriteLine("done.");

                // backup secret
                Console.Write("Backing up secret...");
                Response <byte[]> backupResponse = await secretClient.BackupSecretAsync(secretName);

                Console.WriteLine("done.");

                // delete secret
                Console.Write("Deleting secret...");
                DeleteSecretOperation deleteSecretOperation = await secretClient.StartDeleteSecretAsync(secretName);

                // When deleting a secret asynchronously before you purge it, you can await the WaitForCompletionAsync method on the operation
                await deleteSecretOperation.WaitForCompletionAsync();

                Console.WriteLine("done.");

                // restore secret
                Console.Write("Restoring secret from backup...");
                await secretClient.RestoreSecretBackupAsync(backupResponse.Value);

                Console.WriteLine("done.");

                // confirm existence
                Console.Write("Verifying secret restoration...");
                await secretClient.GetSecretAsync(secretName);

                Console.WriteLine("done.");
            }
            catch (RequestFailedException ex)
            {
                Console.WriteLine("Unexpected Key Vault  exception encountered: {0}", ex.Message);

                throw;
            }
            catch (Exception e)
            {
                Console.WriteLine("Unexpected exception encountered: {0}", e.Message);

                throw;
            }
        }
Example #4
0
        /// <summary>
        /// Demonstrates how to enable soft delete on an existing vault, and then proceeds to delete, recover and purge the vault.
        /// Assumes the caller has the KeyVaultContributor role in the subscription.
        /// </summary>
        /// <returns>Task representing this functionality.</returns>
        public static async Task DemonstrateRecoveryAndPurgeAsync()
        {
            // instantiate the samples object
            var sample = new KeyVaultEntityRecoverySamples();

            var rgName = sample.context.ResourceGroupName;

            // derive a unique vault name for this sample
            var vaultName  = sample.context.VaultName + "invault";
            var secretName = "recoverysample";

            // retrieve the vault (or create, if it doesn't exist)
            var vault = await sample.CreateOrRetrieveVaultAsync(rgName, vaultName, enableSoftDelete : true, enablePurgeProtection : false);

            var vaultUri = vault.Properties.VaultUri;

            Console.WriteLine("Operating with vault name '{0}' in resource group '{1}' and location '{2}'", vaultName, rgName, vault.Location);

            try
            {
                // set a secret
                Console.Write("Setting a new value for secret '{0}'...", secretName);
                var secretResponse = await sample.DataClient.SetSecretWithHttpMessagesAsync(vaultUri, secretName, Guid.NewGuid().ToString()).ConfigureAwait(false);

                Console.WriteLine("done.");

                // confirm existence
                Console.Write("Verifying secret creation...");
                var retrievedSecretResponse = await sample.DataClient.GetSecretWithHttpMessagesAsync(vaultUri, secretName, secretVersion : String.Empty).ConfigureAwait(false);

                Console.WriteLine("done.");

                // confirm recovery is possible
                Console.Write("Verifying the secret deletion is recoverable...");
                var recoveryLevel = retrievedSecretResponse.Body.Attributes.RecoveryLevel;
                if (!recoveryLevel.ToLowerInvariant().Contains("Recoverable".ToLowerInvariant()))
                {
                    Console.WriteLine("failed; soft-delete is not enabled for this vault.");

                    return;
                }
                Console.WriteLine("done.");

                // delete secret
                Console.Write("Deleting secret...");
                await sample.DataClient.DeleteSecretWithHttpMessagesAsync(vaultUri, secretName).ConfigureAwait(false);

                Console.WriteLine("done.");

                // retrieve deleted secret; recoverable deletion is an asynchronous operation, during which the secret
                // is not accessible, either as an active entity or a deleted one. Polling for up to 45s should be sufficient.
                Console.Write("Retrieving the deleted secret...");
                AzureOperationResponse <DeletedSecretBundle> deletedSecretResponse = null;
                await RetryHttpRequestAsync(
                    async() => { return(deletedSecretResponse = await sample.DataClient.GetDeletedSecretWithHttpMessagesAsync(vaultUri, secretName).ConfigureAwait(false)); },
                    "get deleted secret",
                    SampleConstants.RetryPolicies.DefaultSoftDeleteRetryPolicy)
                .ConfigureAwait(false);

                Console.WriteLine("done.");

                // recover secret
                Console.Write("Recovering deleted secret...");
                var recoveredSecretResponse = await sample.DataClient.RecoverDeletedSecretWithHttpMessagesAsync(vaultUri, secretName).ConfigureAwait(false);

                Console.WriteLine("done.");

                // confirm recovery
                Console.Write("Retrieving recovered secret...");
                await RetryHttpRequestAsync(
                    async() => { return(retrievedSecretResponse = await sample.DataClient.GetSecretWithHttpMessagesAsync(vaultUri, secretName, secretVersion: String.Empty).ConfigureAwait(false)); },
                    "recover deleted secret",
                    SampleConstants.RetryPolicies.DefaultSoftDeleteRetryPolicy)
                .ConfigureAwait(false);

                Console.WriteLine("done.");

                // delete secret
                Console.Write("Deleting secret (pass #2)...");
                await sample.DataClient.DeleteSecretWithHttpMessagesAsync(vaultUri, secretName).ConfigureAwait(false);

                Console.WriteLine("done.");

                // retrieve deleted secret
                Console.Write("Retrieving the deleted secret (pass #2)...");
                await RetryHttpRequestAsync(
                    async() => { return(deletedSecretResponse = await sample.DataClient.GetDeletedSecretWithHttpMessagesAsync(vaultUri, secretName)); },
                    "get deleted secret",
                    SampleConstants.RetryPolicies.DefaultSoftDeleteRetryPolicy)
                .ConfigureAwait(false);

                Console.WriteLine("done.");

                // purge secret
                Console.Write("Purging deleted secret...");
                await sample.DataClient.PurgeDeletedSecretWithHttpMessagesAsync(vaultUri, secretName).ConfigureAwait(false);

                Console.WriteLine("done.");
            }
            catch (KeyVaultErrorException kvee)
            {
                Console.WriteLine("Unexpected KeyVault exception encountered: {0}", kvee.Message);

                throw;
            }
            catch (CloudException ce)
            {
                Console.WriteLine("Unexpected ARM exception encountered: {0}", ce.Message);

                throw;
            }
            catch (Exception e)
            {
                Console.WriteLine("Unexpected exception encountered: {0}", e.Message);

                throw;
            }
        }
Example #5
0
        /// <summary>
        /// Demonstrates how to back up and restore a secret.
        /// </summary>
        /// <returns>Task representing this functionality.</returns>
        public static async Task DemonstrateBackupAndRestoreAsync()
        {
            // instantiate the samples object
            var sample = new KeyVaultEntityRecoverySamples();

            var rgName = sample.context.ResourceGroupName;

            // derive a unique vault name for this sample
            var vaultName  = sample.context.VaultName + "backuprestore";
            var secretName = "backupsample";

            // retrieve the vault (or create, if it doesn't exist)
            var vault = await sample.CreateOrRetrieveVaultAsync(rgName, vaultName, enableSoftDelete : false, enablePurgeProtection : false);

            var vaultUri = vault.Properties.VaultUri;

            Console.WriteLine("Operating with vault name '{0}' in resource group '{1}' and location '{2}'", vaultName, rgName, vault.Location);

            try
            {
                // set a secret
                Console.Write("Setting a new value for secret '{0}'...", secretName);
                var secretResponse = await sample.DataClient.SetSecretWithHttpMessagesAsync(vaultUri, secretName, Guid.NewGuid().ToString()).ConfigureAwait(false);

                Console.WriteLine("done.");

                // confirm existence
                Console.Write("Verifying secret creation...");
                var retrievedSecretResponse = await sample.DataClient.GetSecretWithHttpMessagesAsync(vaultUri, secretName, secretVersion : String.Empty).ConfigureAwait(false);

                Console.WriteLine("done.");

                // backup secret
                Console.Write("Backing up secret...");
                var backupResponse = await sample.DataClient.BackupSecretWithHttpMessagesAsync(vaultUri, secretName).ConfigureAwait(false);

                Console.WriteLine("done.");

                // delete secret
                Console.Write("Deleting secret...");
                await sample.DataClient.DeleteSecretWithHttpMessagesAsync(vaultUri, secretName).ConfigureAwait(false);

                Console.WriteLine("done.");

                // restore secret
                Console.Write("Restoring secret from backup...");
                byte[] secretBackup    = backupResponse.Body.Value;
                var    restoreResponse = await sample.DataClient.RestoreSecretWithHttpMessagesAsync(vaultUri, secretBackup).ConfigureAwait(false);

                Console.WriteLine("done.");

                // confirm existence
                Console.Write("Verifying secret restoration...");
                retrievedSecretResponse = await sample.DataClient.GetSecretWithHttpMessagesAsync(vaultUri, secretName, secretVersion : String.Empty).ConfigureAwait(false);

                Console.WriteLine("done.");
            }
            catch (KeyVaultErrorException kvee)
            {
                Console.WriteLine("Unexpected KeyVault exception encountered: {0}", kvee.Message);

                throw;
            }
            catch (CloudException ce)
            {
                Console.WriteLine("Unexpected ARM exception encountered: {0}", ce.Message);

                throw;
            }
            catch (Exception e)
            {
                Console.WriteLine("Unexpected exception encountered: {0}", e.Message);

                throw;
            }
        }