public async Task RecoverDeletedRsaHsmKey() { string keyName = Recording.GenerateId(); CreateRsaKeyOptions options = new CreateRsaKeyOptions(keyName, hardwareProtected: true); KeyVaultKey rsaHsmKey = await Client.CreateRsaKeyAsync(options); DeleteKeyOperation deleteOperation = await Client.StartDeleteKeyAsync(keyName); DeletedKey deletedKey = await deleteOperation.WaitForCompletionAsync(); await WaitForDeletedKey(keyName); Assert.ThrowsAsync <RequestFailedException>(() => Client.GetKeyAsync(keyName)); RecoverDeletedKeyOperation recoverOperation = await Client.StartRecoverDeletedKeyAsync(keyName); KeyVaultKey recoverKeyResult = await recoverOperation.WaitForCompletionAsync(); await WaitForKey(keyName); KeyVaultKey recoveredKey = await Client.GetKeyAsync(keyName); RegisterForCleanup(recoveredKey.Name); AssertKeyVaultKeysEqual(rsaHsmKey, deletedKey); AssertKeyVaultKeysEqual(rsaHsmKey, recoverKeyResult); AssertKeyVaultKeysEqual(rsaHsmKey, recoveredKey); }
public void DeleteKey() { #region DeleteKey DeletedKey key = client.DeleteKey("key-name"); Console.WriteLine(key.Name); Console.WriteLine(key.DeletedDate); #endregion DeletedKey rsaKey = client.DeleteKey("rsa-key-name"); DeletedKey ecKey = client.DeleteKey("ec-key-name"); try { // Deleting a key when soft delete is enabled may not happen immediately. WaitForDeletedKey(key.Name); WaitForDeletedKey(rsaKey.Name); WaitForDeletedKey(ecKey.Name); client.PurgeDeletedKey(key.Name); client.PurgeDeletedKey(rsaKey.Name); client.PurgeDeletedKey(ecKey.Name); } catch { // Merely attempt to purge a deleted key since the Key Vault may not have soft delete enabled. } }
public async Task DeleteAndPurgeKey() { #region Snippet:DeleteAndPurgeKeyAsync DeleteKeyOperation operation = await client.StartDeleteKeyAsync("key-name"); // You only need to wait for completion if you want to purge or recover the key. await operation.WaitForCompletionAsync(); DeletedKey key = operation.Value; await client.PurgeDeletedKeyAsync(key.Name); #endregion DeleteKeyOperation rsaKeyOperation = client.StartDeleteKey("rsa-key-name"); DeleteKeyOperation ecKeyOperation = client.StartDeleteKey("ec-key-name"); try { // You only need to wait for completion if you want to purge or recover the key. await Task.WhenAll( rsaKeyOperation.WaitForCompletionAsync().AsTask(), ecKeyOperation.WaitForCompletionAsync().AsTask()); await Task.WhenAll( client.PurgeDeletedKeyAsync(rsaKeyOperation.Value.Name), client.PurgeDeletedKeyAsync(ecKeyOperation.Value.Name)); } catch { // Merely attempt to purge a deleted key since the Key Vault may not have soft delete enabled. } }
public async Task RecoverDeletedKey() { string keyName = Recording.GenerateId(); KeyVaultKey key = await Client.CreateKeyAsync(keyName, KeyType.Ec); DeleteKeyOperation deleteOperation = await Client.StartDeleteKeyAsync(keyName); DeletedKey deletedKey = deleteOperation.Value; await WaitForDeletedKey(keyName); Assert.ThrowsAsync <RequestFailedException>(() => Client.GetKeyAsync(keyName)); RecoverDeletedKeyOperation recoverOperation = await Client.StartRecoverDeletedKeyAsync(keyName); KeyVaultKey recoverKeyResult = recoverOperation.Value; await WaitForKey(keyName); KeyVaultKey recoveredKey = await Client.GetKeyAsync(keyName); RegisterForCleanup(recoveredKey.Name); AssertKeyVaultKeysEqual(key, deletedKey); AssertKeyVaultKeysEqual(key, recoverKeyResult); AssertKeyVaultKeysEqual(key, recoveredKey); }
public async Task DeleteKey() { #region Snippet:DeleteKey DeleteKeyOperation operation = await client.StartDeleteKeyAsync("key-name"); DeletedKey key = operation.Value; Console.WriteLine(key.Name); Console.WriteLine(key.DeletedOn); #endregion }
public void DeleteKey() { #region Snippet:DeleteKey DeleteKeyOperation operation = client.StartDeleteKey("key-name"); DeletedKey key = operation.Value; Console.WriteLine(key.Name); Console.WriteLine(key.DeletedOn); #endregion }
public void DeleteAndPurge() { #region Snippet:DeleteAndPurgeKey DeleteKeyOperation operation = client.StartDeleteKey("key-name"); while (!operation.HasCompleted) { Thread.Sleep(2000); operation.UpdateStatus(); } DeletedKey key = operation.Value; client.PurgeDeletedKey(key.Name); #endregion }
public async Task DeleteKey() { string keyName = Recording.GenerateId(); Key key = await Client.CreateKeyAsync(keyName, KeyType.Ec); RegisterForCleanup(key.Name, delete: false); DeletedKey deletedKey = await Client.DeleteKeyAsync(keyName); Assert.NotNull(deletedKey.DeletedDate); Assert.NotNull(deletedKey.RecoveryId); Assert.NotNull(deletedKey.ScheduledPurgeDate); AssertKeysEqual(key, deletedKey); Assert.ThrowsAsync <RequestFailedException>(() => Client.GetKeyAsync(keyName)); }
public void DeleteAndPurge() { #region Snippet:DeleteAndPurgeKey DeleteKeyOperation operation = client.StartDeleteKey("key-name"); // You only need to wait for completion if you want to purge or recover the key. while (!operation.HasCompleted) { Thread.Sleep(2000); operation.UpdateStatus(); } DeletedKey key = operation.Value; client.PurgeDeletedKey(key.Name); #endregion }
public async Task DeleteRsaHsmKey() { string keyName = Recording.GenerateId(); CreateRsaKeyOptions options = new CreateRsaKeyOptions(keyName, hardwareProtected: true); KeyVaultKey rsaHsmKey = await Client.CreateRsaKeyAsync(options); RegisterForCleanup(keyName); DeleteKeyOperation operation = await Client.StartDeleteKeyAsync(keyName); DeletedKey deletedKey = await operation.WaitForCompletionAsync(); Assert.NotNull(deletedKey.DeletedOn); Assert.NotNull(deletedKey.RecoveryId); Assert.NotNull(deletedKey.ScheduledPurgeDate); AssertKeyVaultKeysEqual(rsaHsmKey, deletedKey); Assert.ThrowsAsync <RequestFailedException>(() => Client.GetKeyAsync(keyName)); }
public async Task GetDeletedKey() { string keyName = Recording.GenerateId(); Key key = await Client.CreateKeyAsync(keyName, KeyType.Ec); RegisterForCleanup(key.Name, delete: false); DeletedKey deletedKey = await Client.DeleteKeyAsync(keyName); await WaitForDeletedKey(keyName); DeletedKey polledSecret = await Client.GetDeletedKeyAsync(keyName); Assert.NotNull(deletedKey.DeletedDate); Assert.NotNull(deletedKey.RecoveryId); Assert.NotNull(deletedKey.ScheduledPurgeDate); AssertKeysEqual(deletedKey, polledSecret); AssertKeysEqual(key, polledSecret); }
internal PSDeletedKeyVaultKey(DeletedKey deletedKey, VaultUriHelper vaultUriHelper, bool isHsm = false) { if (deletedKey == null) { throw new ArgumentNullException("deletedKey"); } if (deletedKey.Key == null || deletedKey.Properties == null) { throw new ArgumentException(Resources.InvalidKeyBundle); } SetObjectIdentifier(vaultUriHelper, new Microsoft.Azure.KeyVault.KeyIdentifier(deletedKey.Id.ToString())); Key = deletedKey.Key.ToTrack1JsonWebKey(); KeySize = JwkHelper.ConvertToRSAKey(Key)?.KeySize; Attributes = new PSKeyVaultKeyAttributes( deletedKey.Properties.Enabled, // see https://docs.microsoft.com/en-us/dotnet/standard/datetime/converting-between-datetime-and-offset#conversions-from-datetimeoffset-to-datetime deletedKey.Properties.ExpiresOn?.UtcDateTime, // time returned by key vault are UTC deletedKey.Properties.NotBefore?.UtcDateTime, deletedKey.KeyType.ToString(), deletedKey.KeyOperations.Select(op => op.ToString()).ToArray(), deletedKey.Properties.CreatedOn?.UtcDateTime, deletedKey.Properties.UpdatedOn?.UtcDateTime, deletedKey.Properties.RecoveryLevel, deletedKey.Properties.Tags ); Enabled = deletedKey.Properties.Enabled; Expires = deletedKey.Properties.ExpiresOn?.UtcDateTime; NotBefore = deletedKey.Properties.NotBefore?.UtcDateTime; Created = deletedKey.Properties.CreatedOn?.UtcDateTime; Updated = deletedKey.Properties.UpdatedOn?.UtcDateTime; RecoveryLevel = deletedKey.Properties.RecoveryLevel; Tags = deletedKey.Properties.Tags.ConvertToHashtable(); ScheduledPurgeDate = deletedKey.ScheduledPurgeDate?.UtcDateTime; DeletedDate = deletedKey.DeletedOn?.UtcDateTime; IsHsm = isHsm; }
public async Task GetDeletedKey() { string keyName = Recording.GenerateId(); KeyVaultKey key = await Client.CreateKeyAsync(keyName, KeyType.Ec); RegisterForCleanup(key.Name); DeleteKeyOperation operation = await Client.StartDeleteKeyAsync(keyName); DeletedKey deletedKey = operation.Value; // Wait a little longer since live tests are failing with only a 2s delay. await WaitForDeletedKey(keyName, KeyVaultTestEnvironment.DefaultPollingInterval); DeletedKey polledSecret = await Client.GetDeletedKeyAsync(keyName); Assert.NotNull(deletedKey.DeletedOn); Assert.NotNull(deletedKey.RecoveryId); Assert.NotNull(deletedKey.ScheduledPurgeDate); AssertKeyVaultKeysEqual(deletedKey, polledSecret); AssertKeyVaultKeysEqual(key, polledSecret); }
public async Task RecoverDeletedKey() { string keyName = Recording.GenerateId(); Key key = await Client.CreateKeyAsync(keyName, KeyType.EllipticCurve); DeletedKey deletedKey = await Client.DeleteKeyAsync(keyName); await WaitForDeletedKey(keyName); Assert.ThrowsAsync <RequestFailedException>(() => Client.GetKeyAsync(keyName)); KeyBase recoverKeyResult = await Client.RecoverDeletedKeyAsync(keyName); await PollForKey(keyName); Key recoveredKey = await Client.GetKeyAsync(keyName); RegisterForCleanup(recoveredKey); AssertKeysEqual(key, deletedKey); AssertKeysEqual(key, recoverKeyResult); AssertKeysEqual(key, recoveredKey); }
public async Task GetDeletedRsaHsmKey() { string keyName = Recording.GenerateId(); CreateRsaKeyOptions options = new CreateRsaKeyOptions(keyName, hardwareProtected: true); KeyVaultKey rsaHsmKey = await Client.CreateRsaKeyAsync(options); RegisterForCleanup(keyName); DeleteKeyOperation operation = await Client.StartDeleteKeyAsync(keyName); DeletedKey deletedKey = await operation.WaitForCompletionAsync(); await WaitForDeletedKey(keyName); DeletedKey polledSecret = await Client.GetDeletedKeyAsync(keyName); Assert.NotNull(deletedKey.DeletedOn); Assert.NotNull(deletedKey.RecoveryId); Assert.NotNull(deletedKey.ScheduledPurgeDate); AssertKeyVaultKeysEqual(deletedKey, polledSecret); AssertKeyVaultKeysEqual(rsaHsmKey, polledSecret); }
static async Task Main(string[] args) { // Create a new key client using the default credential from Azure.Identity using environment variables previously set, // including AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, and AZURE_TENANT_ID. var client = new KeyClient(vaultUri: new Uri(keyVaultUrl), credential: new ClientSecretCredential(tenantId, clientId, clientSecret)); // next two lines are just to recover key in case we stop program after deleting and before recovering / purging //var recoverOperation1 = await client.StartRecoverDeletedKeyAsync("rsa-key-name"); //await recoverOperation1.WaitForCompletionAsync(); // Create a software RSA key var rsaCreateKey = new CreateRsaKeyOptions("rsa-key-name", hardwareProtected: false); KeyVaultKey rsaKey = await client.CreateRsaKeyAsync(rsaCreateKey); Console.WriteLine("Created the key...."); Console.WriteLine($"rsaKey.Name: {rsaKey.Name}"); Console.WriteLine($"rsaKey.KeyType: {rsaKey.KeyType}"); Console.WriteLine("=================================================="); Console.WriteLine(); // Retrieve KeyVaultKey key = await client.GetKeyAsync("rsa-key-name"); Console.WriteLine("Retrieve the key"); Console.WriteLine($"key.Name: {key.Name}"); Console.WriteLine($"key.KeyType: {key.KeyType}"); Console.WriteLine("=================================================="); Console.WriteLine(); // Update KeyVaultKey updateKey = await client.CreateKeyAsync("rsa-key-name", KeyType.Rsa); // You can specify additional application-specific metadata in the form of tags. updateKey.Properties.Tags["foo"] = "updated tag"; KeyVaultKey updatedKey = await client.UpdateKeyPropertiesAsync(updateKey.Properties); Console.WriteLine("Update Initiated."); Console.WriteLine($"updatedKey.Name: {updatedKey.Name}"); Console.WriteLine($"updatedKey.Properties.Version: {updatedKey.Properties.Version}"); Console.WriteLine($"updatedKey.Properties.UpdatedOn: {updatedKey.Properties.UpdatedOn}"); Console.WriteLine("=================================================="); Console.WriteLine(); /// Delete DeleteKeyOperation operation = await client.StartDeleteKeyAsync("rsa-key-name"); DeletedKey deletedKey = operation.Value; Console.WriteLine("Delete operation initialted."); Console.WriteLine($"deletedKey.Name: {deletedKey.Name}"); Console.WriteLine($"deletedKey.DeletedOn: {deletedKey.DeletedOn}"); Console.WriteLine("=================================================="); Console.WriteLine(); // Wait for deletion to complete await operation.WaitForCompletionAsync(); // Recover deleted key var recoverOperation = await client.StartRecoverDeletedKeyAsync("rsa-key-name"); await recoverOperation.WaitForCompletionAsync(); Console.WriteLine("Recovery completed"); Console.WriteLine("=================================================="); Console.WriteLine(); // Create crypto client and demo of encryption / decryption var cryptoClient = new CryptographyClient(keyId: key.Id, credential: new ClientSecretCredential(tenantId, clientId, clientSecret)); byte[] plaintext = Encoding.UTF8.GetBytes("If you can dream it, you can do it."); // encrypt the data using the algorithm RSAOAEP EncryptResult encryptResult = await cryptoClient.EncryptAsync(EncryptionAlgorithm.RsaOaep, plaintext); Console.WriteLine("Encryption demo."); Console.WriteLine("Encrypted Base64: " + Convert.ToBase64String(encryptResult.Ciphertext)); Console.WriteLine("=================================================="); Console.WriteLine(); // decrypt the encrypted data. DecryptResult decryptResult = await cryptoClient.DecryptAsync(EncryptionAlgorithm.RsaOaep, encryptResult.Ciphertext); Console.WriteLine("Decryption demo."); Console.WriteLine("Decrypted: " + Encoding.UTF8.GetString(decryptResult.Plaintext)); Console.WriteLine("=================================================="); Console.WriteLine(); // Purge DeleteKeyOperation deleteOperation = await client.StartDeleteKeyAsync("rsa-key-name"); await deleteOperation.WaitForCompletionAsync(); DeletedKey purgekey = deleteOperation.Value; await client.PurgeDeletedKeyAsync(purgekey.Name); Console.WriteLine("Purge Initiated."); Console.WriteLine($"purgekey.Name: {purgekey.Name}"); Console.WriteLine("=================================================="); Console.WriteLine(); }
private async Task MigrationGuide() { #region Snippet:Azure_Security_KeyVault_Keys_Snippets_MigrationGuide_Create KeyClient client = new KeyClient( new Uri("https://myvault.vault.azure.net"), new DefaultAzureCredential()); CryptographyClient cryptoClient = new CryptographyClient( new Uri("https://myvault.vault.azure.net"), new DefaultAzureCredential()); #endregion Snippet:Azure_Security_KeyVault_Keys_Snippets_MigrationGuide_Create #region Snippet:Azure_Security_KeyVault_Keys_Snippets_MigrationGuide_CreateWithOptions using (HttpClient httpClient = new HttpClient()) { KeyClientOptions options = new KeyClientOptions { Transport = new HttpClientTransport(httpClient) }; #if SNIPPET KeyClient client = new KeyClient( #else client = new KeyClient( #endif new Uri("https://myvault.vault.azure.net"), new DefaultAzureCredential(), options); CryptographyClientOptions cryptoOptions = new CryptographyClientOptions { Transport = new HttpClientTransport(httpClient) }; #if SNIPPET CryptographyClient cryptoClient = new CryptographyClient( #else cryptoClient = new CryptographyClient( #endif new Uri("https://myvault.vault.azure.net"), new DefaultAzureCredential(), cryptoOptions); } #endregion Snippet:Azure_Security_KeyVault_Keys_Snippets_MigrationGuide_CreateWithOptions { #region Snippet:Azure_Security_KeyVault_Keys_Snippets_MigrationGuide_CreateKeys // Create RSA key. CreateRsaKeyOptions createRsaOptions = new CreateRsaKeyOptions("rsa-key-name") { KeySize = 4096 }; KeyVaultKey rsaKey = await client.CreateRsaKeyAsync(createRsaOptions); // Create Elliptic-Curve key. CreateEcKeyOptions createEcOptions = new CreateEcKeyOptions("ec-key-name") { CurveName = KeyCurveName.P256 }; KeyVaultKey ecKey = await client.CreateEcKeyAsync(createEcOptions); #endregion Snippet:Azure_Security_KeyVault_Keys_Snippets_MigrationGuide_CreateKeys } { #region Snippet:Azure_Security_KeyVault_Keys_Snippets_MigrationGuide_ListKeys // List all keys asynchronously. await foreach (KeyProperties item in client.GetPropertiesOfKeysAsync()) { KeyVaultKey key = await client.GetKeyAsync(item.Name); } // List all keys synchronously. foreach (KeyProperties item in client.GetPropertiesOfKeys()) { KeyVaultKey key = client.GetKey(item.Name); } #endregion Snippet:Azure_Security_KeyVault_Keys_Snippets_MigrationGuide_ListKeys } { #region Snippet:Azure_Security_KeyVault_Keys_Snippets_MigrationGuide_DeleteKey // Delete the key. DeleteKeyOperation deleteOperation = await client.StartDeleteKeyAsync("key-name"); // Purge or recover the deleted key if soft delete is enabled. if (deleteOperation.Value.RecoveryId != null) { // Deleting a key does not happen immediately. Wait for the key to be deleted. DeletedKey deletedKey = await deleteOperation.WaitForCompletionAsync(); // Purge the deleted key. await client.PurgeDeletedKeyAsync(deletedKey.Name); // You can also recover the deleted key using StartRecoverDeletedKeyAsync, // which returns RecoverDeletedKeyOperation you can await like DeleteKeyOperation above. } #endregion Snippet:Azure_Security_KeyVault_Keys_Snippets_MigrationGuide_DeleteKey } { #region Snippet:Azure_Security_KeyVault_Keys_Snippets_MigrationGuide_Encrypt // Encrypt a message. The plaintext must be small enough for the chosen algorithm. byte[] plaintext = Encoding.UTF8.GetBytes("Small message to encrypt"); EncryptResult encrypted = await cryptoClient.EncryptAsync(EncryptionAlgorithm.RsaOaep256, plaintext); // Decrypt the message. DecryptResult decrypted = await cryptoClient.DecryptAsync(encrypted.Algorithm, encrypted.Ciphertext); string message = Encoding.UTF8.GetString(decrypted.Plaintext); #endregion Snippet:Azure_Security_KeyVault_Keys_Snippets_MigrationGuide_Encrypt } { #region Snippet:Azure_Security_KeyVault_Keys_Snippets_MigrationGuide_Wrap using (Aes aes = Aes.Create()) { // Use a symmetric key to encrypt large amounts of data, possibly streamed... // Now wrap the key and store the encrypted key and plaintext IV to later decrypt the key to decrypt the data. WrapResult wrapped = await cryptoClient.WrapKeyAsync(KeyWrapAlgorithm.RsaOaep256, aes.Key); // Read the IV and the encrypted key from the payload, then unwrap the key. UnwrapResult unwrapped = await cryptoClient.UnwrapKeyAsync(wrapped.Algorithm, wrapped.EncryptedKey); aes.Key = unwrapped.Key; // Decrypt the payload with the symmetric key. } #endregion Snippet:Azure_Security_KeyVault_Keys_Snippets_MigrationGuide_Wrap } }