public Secret UpdateSecret(string vaultName, string secretName, string secretVersion, SecretAttributes secretAttributes) { if (string.IsNullOrEmpty(vaultName)) throw new ArgumentNullException("vaultName"); if (string.IsNullOrEmpty(secretName)) throw new ArgumentNullException("secretName"); if (secretAttributes == null) throw new ArgumentNullException("secretAttributes"); var secretIdentifier = new SecretIdentifier(this.vaultUriHelper.CreateVaultAddress(vaultName), secretName, secretVersion); Azure.KeyVault.Models.SecretAttributes attributes = (Azure.KeyVault.Models.SecretAttributes)secretAttributes; SecretBundle secret; try { secret = this.keyVaultClient.UpdateSecretAsync(secretIdentifier.Identifier, secretAttributes.ContentType, attributes, secretAttributes.TagsDictionary).GetAwaiter().GetResult(); } catch (Exception ex) { throw GetInnerException(ex); } return new Secret(secret, this.vaultUriHelper); }
/// <summary> /// Imports a new CRL for group id. /// </summary> public async Task ImportIssuerCACrl(string id, X509Certificate2 certificate, Opc.Ua.X509CRL crl, CancellationToken ct = default) { try { string secretIdentifier = CrlSecretName(id, certificate.Thumbprint); SecretAttributes secretAttributes = new SecretAttributes() { Enabled = true, NotBefore = crl.UpdateTime }; // do not set tag for a CRL, the CA cert is already tagged. var result = await _keyVaultClient.SetSecretAsync( _vaultBaseUrl, secretIdentifier, Convert.ToBase64String(crl.RawData), null, ContentTypeCrl, secretAttributes, ct) .ConfigureAwait(false); } catch (Exception) { // TODO: add logging (is this a fatal error?) } }
/// <summary> /// Accept Private Key for certificate in group. /// </summary> public async Task AcceptCertKey(string id, string requestId, CancellationToken ct = default) { string secretIdentifier = KeySecretName(id, requestId); var secretItem = await _keyVaultClient.GetSecretVersionsAsync(_vaultBaseUrl, secretIdentifier, null, ct); while (secretItem != null) { foreach (var secret in secretItem) { var secretAttributes = new SecretAttributes { Enabled = false, Expires = DateTime.UtcNow }; await _keyVaultClient.UpdateSecretAsync(secret.Id, null, secretAttributes, null, ct).ConfigureAwait(false); } if (secretItem.NextPageLink != null) { secretItem = await _keyVaultClient.GetSecretVersionsNextAsync(secretItem.NextPageLink, ct); } else { secretItem = null; } } }
public SetKeyVaultSecretAttributeTests() { base.SetupTest(); secretAttributes = new SecretAttributes(true, DateTime.UtcNow.AddYears(2), DateTime.UtcNow, "contenttype", null); secret = new Secret() { VaultName = VaultName, Name = SecretName, Version = SecretVersion, SecretValue = null, Attributes = secretAttributes }; cmdlet = new SetAzureKeyVaultSecretAttribute() { CommandRuntime = commandRuntimeMock.Object, DataServiceClient = keyVaultClientMock.Object, VaultName = secret.VaultName, Name = secret.Name, Version = secret.Version, Enable = secretAttributes.Enabled, Expires = secretAttributes.Expires, NotBefore = secretAttributes.NotBefore, ContentType = secretAttributes.ContentType, Tags = secretAttributes.Tags, PassThru = true }; }
private static async Task <SecretBundle> WriteKeyVault(CreateSecret Obj)// string szPFX, string szCER, string szPassword) { SecretBundle bundle = null; SecretAttributes attribs = new SecretAttributes { Enabled = true //, //Expires = DateTime.UtcNow.AddYears(2), // if you want to expire the info //NotBefore = DateTime.UtcNow.AddDays(1) // if you want the info to // start being available later }; /* IDictionary<string, string> alltags = new Dictionary<string, string>(); * alltags.Add("Test1", "This is a test1 value"); * alltags.Add("Test2", "This is a test2 value"); * alltags.Add("CanBeAnything", "Including a long encrypted string if you choose"); * string TestName = "TestSecret"; * string TestValue = "searchValue"; // this is what you will use to search for the item later * string contentType = "SecretInfo"; // whatever you want to categorize it by; you name it */ IDictionary <string, string> alltags = Obj.KeyValue; string TestName = Obj.SecretName; string TestValue = Obj.SecretValue; // this is what you will use to search for the item later string contentType = Obj.ContenType; bundle = await kvc.SetSecretAsync (BASESECRETURI, TestName, TestValue, alltags, contentType, attribs); return(bundle); //kvc.GetKeyAsync(BASESECRETURI, ""); // Console.WriteLine("Bundle:" + bundle.Tags["Test1"].ToString()); }
public SetKeyVaultSecretTests() { base.SetupTest(); secretAttributes = new SecretAttributes(true, null, null, null, null); secureSecretValue = SecretValue.ConvertToSecureString(); secret = new Secret() { VaultName = VaultName, Name = SecretName, Version = SecretVersion, SecretValue = secureSecretValue, Attributes = secretAttributes }; cmdlet = new SetAzureKeyVaultSecret() { CommandRuntime = commandRuntimeMock.Object, DataServiceClient = keyVaultClientMock.Object, VaultName = secret.VaultName, Name = secret.Name, SecretValue = secret.SecretValue, Disable = new SwitchParameter(!(secretAttributes.Enabled.Value)), Expires = secretAttributes.Expires, NotBefore = secretAttributes.NotBefore, ContentType = secretAttributes.ContentType, Tags = secretAttributes.Tags }; }
public void CreateSecret(string secretName, string secretValue, string vaultURI = "", bool secretIsEnabled = true, DateTime?expirationDate = null, DateTime?notEnabledBeforeThisDate = null, Dictionary <string, string> tags = null) { SecretAttributes attr = new SecretAttributes(); attr.Expires = expirationDate; attr.NotBefore = notEnabledBeforeThisDate; attr.Enabled = secretIsEnabled; string uri = string.Empty; if (!string.IsNullOrEmpty(vaultURI)) { uri = vaultURI; } else { uri = vaulturi; } if (string.IsNullOrEmpty(uri)) { vault.SetSecretAsync(uri, secretName, secretValue, tags, "string", attr); } else { throw new KeyVaultErrorException("Vault URI not set. Please use SetVault()."); } }
internal SecretProperties(string value, string contentType, SecretAttributes attributes, string secretUri, string secretUriWithVersion) { Value = value; ContentType = contentType; Attributes = attributes; SecretUri = secretUri; SecretUriWithVersion = secretUriWithVersion; }
private ListViewItemSecret(ISession session, SecretIdentifier identifier, SecretAttributes attributes, string contentTypeStr, IDictionary <string, string> tags) : base(session, ContentTypeEnumConverter.GetValue(contentTypeStr).IsCertificate() ? CertificatesGroup : SecretsGroup, identifier, tags, attributes.Enabled, attributes.Created, attributes.Updated, attributes.NotBefore, attributes.Expires) { Attributes = attributes; ContentTypeStr = contentTypeStr; ContentType = ContentTypeEnumConverter.GetValue(contentTypeStr); }
public override async Task <ListViewItemBase> ResetExpirationAsync(CancellationToken cancellationToken) { var sa = new SecretAttributes() { NotBefore = (this.NotBefore == null) ? (DateTime?)null : DateTime.UtcNow.AddHours(-1), Expires = (this.Expires == null) ? (DateTime?)null : DateTime.UtcNow.AddYears(1) }; SecretBundle s = await Session.CurrentVault.UpdateSecretAsync(Name, null, new Dictionary <string, string>(Tags), null, sa, cancellationToken); // Reset only NotBefore and Expires attributes return(new ListViewItemSecret(Session, s)); }
public static async Task <string> UpdateSecretAttributes(string secretKeyIdentifier) { var client = new KeyVaultClient( new KeyVaultClient.AuthenticationCallback(GetAccessTokenAsync), new System.Net.Http.HttpClient()); SecretAttributes attributes = new SecretAttributes(); attributes.Expires = DateTime.UtcNow.AddDays(15); var secret = await client.UpdateSecretAsync(secretKeyIdentifier, null, attributes, null).ConfigureAwait(false); return(secret.Value); }
async void WriteKeyAsync(string name, string value) { var attributes = new SecretAttributes { Enabled = true }; await _client.SetSecretAsync( vaultBaseUrl : _baseUrl, secretName : name, value : value, tags : new Dictionary <string, string>(), contentType : string.Empty, secretAttributes : attributes);; }
public async Task CreateSecret(VehiclePolicies policydata) { // Create the content for the Policy data to be stored as Secret Insdata akvdata = new Insdata { Id = policydata.Id, Inscompany = policydata.Inscompany, Policyno = policydata.Policyno, Userid = policydata.Userid, Vehicleno = policydata.Vehicleno }; //Create a JSON String of the Policy data to be stored as Secret string insurancepolicysecret = JsonConvert.SerializeObject(akvdata); byte[] datatoencrypt = System.Text.Encoding.UTF8.GetBytes(insurancepolicysecret); string keyUri = string.Format("https://{0}.vault.azure.net/keys/{1}", _keyVaultName, _keyName); string keyVaultUri = string.Format("https://{0}.vault.azure.net", _keyVaultName); //Encrypt the data before it is stored as a Secret KeyOperationResult result = await _keyVaultClient.EncryptAsync(keyUri, JsonWebKeyEncryptionAlgorithm.RSAOAEP256, datatoencrypt); byte[] encdata = result.Result; string encrypteddata = Convert.ToBase64String(encdata); //Set the Policy Start and Expiry Data to be added as attributes to the secret SecretAttributes attribs = new SecretAttributes { Enabled = true, Expires = DateTime.UtcNow.AddYears(1), NotBefore = DateTime.UtcNow }; IDictionary <string, string> alltags = new Dictionary <string, string> { { "InsuranceCompany", policydata.Inscompany } }; string contentType = "DigitalInsurance"; // Create a Secret with the encrypted Policy data SecretBundle bundle = await _keyVaultClient.SetSecretAsync(keyVaultUri, policydata.Uidname, encrypteddata, alltags, contentType, attribs); string bundlestr = bundle.Value; policydata.Version = bundle.SecretIdentifier.Version; policydata.Lastmod = bundle.Attributes.Updated; policydata.Startdate = bundle.Attributes.NotBefore; policydata.Enddate = bundle.Attributes.Expires; }
private static async void writeKeyVault(Dictionary <string, string> keysToBeUploaded) // string szPFX, string szCER, string szPassword) { SecretAttributes attribs = new SecretAttributes { Enabled = true, Expires = DateTime.UtcNow.AddYears(1), // if you want to expire the info NotBefore = DateTime.UtcNow.AddDays(1) // if you want the info to //start being available later }; foreach (var key in keysToBeUploaded.Keys) { SecretBundle bundle = await kvc.SetSecretAsync (BASESECRETURI, key, keysToBeUploaded[key], null, null, attribs); } }
private SecretAttributes CreateSecretAttributes() { try { var attributes = new SecretAttributes() { Enabled = true, Expires = DateTime.Now.AddYears(30), NotBefore = DateTime.Now.AddDays(-1), }; return(attributes); } catch (Exception ex) { throw ex; } }
/// <summary> /// /// </summary> /// <param name="secret"></param> /// <param name="value"></param> /// <param name="token"></param> /// <returns>Key Vault Secret Version Identifier</returns> protected override async Task <string> OnPersistSecretToVaultAsync(Secret secret, string value, CancellationToken token) { //todo: store new secret value //todo: vary credential providers based on need (MI/Keys/etc) var azureServiceTokenProvider = new AzureServiceTokenProvider(); KeyVaultClient kvClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback)); SecretPolicy effectivePolicy = secret?.Configuration?.Policy; switch (secret.ObjectType) { case "secret": var attributes = new SecretAttributes() { Enabled = true }; if (null != effectivePolicy) { attributes.Expires = DateTime.UtcNow.Add(TimeSpan.FromSeconds(effectivePolicy.RotationIntervalInSec)); } value = await ProcessSecretExpressionAsync(secret, value, kvClient, token); var result = await kvClient.SetSecretAsync($"https://{secret.VaultName}.vault.azure.net", secret.ObjectName, value , secretAttributes : attributes, cancellationToken : token); if (string.Compare(result.SecretIdentifier.Version, secret.Version, true) != 0) //disable previous version... { await kvClient.UpdateSecretAsync(secret.Uri, secretAttributes : new SecretAttributes() { Enabled = false }); } return(result.SecretIdentifier.Version); case "key": break; case "certificate": break; } return(null); }
/// <summary> /// Internal constructor used by KeyVaultDataServiceClient /// </summary> /// <param name="clientSecret">secret returned from service</param> /// <param name="vaultUriHelper">helper class</param> internal Secret(Microsoft.Azure.KeyVault.Secret secret, VaultUriHelper vaultUriHelper) { if (secret == null) throw new ArgumentNullException("secret"); SetObjectIdentifier(vaultUriHelper, secret.SecretIdentifier); if (secret.Value != null) SecretValue = secret.Value.ConvertToSecureString(); Attributes = new SecretAttributes( secret.Attributes.Enabled, secret.Attributes.Expires, secret.Attributes.NotBefore, secret.Attributes.Created, secret.Attributes.Updated, secret.ContentType, secret.Tags); }
public async Task <bool> SetEbayTokenByCompanyId(long companyId, EbayOAuthToken token) { try { var secretIdentifier = string.Empty; switch (token.Type) { case EbayOAuthTokenType.USERTOKEN: secretIdentifier = $"ebay-user-token-company{companyId}"; break; case EbayOAuthTokenType.REFRESHTOKEN: secretIdentifier = $"ebay-refresh-token-company{companyId}"; break; default: throw new InvalidTokenTypeException("The token has an invalid type."); } var secretAttributes = new SecretAttributes { Expires = token.Expiration.Value.ToUniversalTime() }; //check to see if identifier exists var versionList = await keyVaultClient.GetSecretVersionsAsync(appSettings.Value.KeyVaultUrl, secretIdentifier); if (!versionList.Any()) { await keyVaultClient.SetSecretAsync(appSettings.Value.KeyVaultUrl, secretIdentifier, token.Token, null, null, secretAttributes); } else //exists, update it { await keyVaultClient.SetSecretAsync(keyVaultUrl, secretIdentifier, token.Token, null, null, secretAttributes); } return(true); } catch (Exception ex) { telemetryClient.TrackException(ex); return(false); } }
private static async void WriteKeyVault() // string szPFX, string szCER, string szPassword) { SecretAttributes attribs = new SecretAttributes { Enabled = true }; IDictionary <string, string> alltags = new Dictionary <string, string>(); alltags.Add("Test1", "This is a test1 value"); alltags.Add("Test2", "This is a test2 value"); alltags.Add("CanBeAnything", "Including a long encrypted string if you choose"); string testValue = "searchValue"; // this is what you will use to search for the item later string contentType = "SecretInfo"; // whatever you want to categorize it by; you name it SecretBundle bundle = await kvc.SetSecretAsync (BASESECRETURI, SECRETNAME, testValue, alltags, contentType, attribs); Console.WriteLine("Bundle:" + bundle.Tags["Test1"].ToString()); }
/// <summary> /// Imports a Private Key for group id and certificate. /// </summary> public async Task ImportCertKey(string id, string requestId, byte[] privateKey, string privateKeyFormat, CancellationToken ct = default) { var contentType = PrivateKeyFormatToContentType(privateKeyFormat); string secretIdentifier = KeySecretName(id, requestId); DateTime now = DateTime.UtcNow; SecretAttributes secretAttributes = new SecretAttributes() { Enabled = true, NotBefore = now }; var result = await _keyVaultClient.SetSecretAsync( _vaultBaseUrl, secretIdentifier, (contentType == ContentTypePfx)?Convert.ToBase64String(privateKey) : Encoding.ASCII.GetString(privateKey), null, contentType, secretAttributes, ct) .ConfigureAwait(false); }
private static async void writeKeyVault() { SecretAttributes attribs = new SecretAttributes { Enabled = true }; IDictionary <string, string> alltags = new Dictionary <string, string>(); alltags.Add("Test1", "This is a test1 value"); alltags.Add("CanBeAnything", "Including a long encrypted string if you choose"); string TestName = "TestSecret"; string TestValue = "searchValue"; string contentType = "SecretInfo"; SecretBundle bundle = await kvc.SetSecretAsync (BASESECRETURI, TestName, TestValue, alltags, contentType, attribs); Console.WriteLine("Bundle:" + bundle.Tags["Test1"].ToString()); }
public async Task <bool> StoreCertSecret(string secretName, string secretValue) { string keyVaultUri = sentinelApiConfig.KeyVaultUri; try { var kv = new KeyVaultClient(authenticationCallbacks.GetToken); // Craft the certificate URI var secretUri = new UriBuilder { Host = keyVaultUri, Scheme = "https" }.Uri; SecretAttributes attribs = new SecretAttributes { Enabled = true, Expires = DateTime.UtcNow.AddDays(90), // if you want to expire the info //NotBefore = DateTime.UtcNow.AddDays(1) // if you want the info to }; IDictionary <string, string> alltags = new Dictionary <string, string>(); alltags.Add("CreationDate", DateTime.UtcNow.ToString("yyyy-MM-ddTHH:mm:ss.ffffffZ")); alltags.Add("MachineName", Environment.MachineName); string contentType = "SentinelWSAuth"; // whatever you want to categorize it by; you name it SecretBundle bundle = await kv.SetSecretAsync (secretUri.AbsoluteUri, secretName, secretValue, alltags, contentType, attribs); return(true); } catch (Exception ex) { Console.WriteLine(); throw new ApplicationException($"Error storing secret <{secretName}> to the KeyVault {sentinelApiConfig.KeyVaultUri}", ex); } }
public async Task <bool> ValidateAsync(VehiclePolicies vehPoliciesMaster) { bool isValid = false; string keyUri = string.Format("https://{0}.vault.azure.net/keys/{1}", _keyVaultName, _keyName); string keyVaultUri = string.Format("https://{0}.vault.azure.net", _keyVaultName); var bundle = await _keyVaultClient.GetSecretAsync(keyVaultUri, vehPoliciesMaster.Uidname); string decryptedstring = bundle.Value; byte[] encdata = Convert.FromBase64String(decryptedstring); KeyOperationResult result = await _keyVaultClient.DecryptAsync(keyUri, JsonWebKeyEncryptionAlgorithm.RSAOAEP256, encdata); byte[] decrypteddata = result.Result; string secretdata = System.Text.Encoding.UTF8.GetString(decrypteddata); SecretAttributes attributes = bundle.Attributes; if (attributes.Expires < System.DateTime.UtcNow || attributes.NotBefore > System.DateTime.UtcNow) { isValid = false; } VehiclePolicies _vehPoliciesMaster = JsonConvert.DeserializeObject <VehiclePolicies>(secretdata); if (vehPoliciesMaster.Id.Equals(_vehPoliciesMaster.Id) && vehPoliciesMaster.Policyno.Equals(_vehPoliciesMaster.Policyno) && vehPoliciesMaster.Userid.Equals(_vehPoliciesMaster.Userid) && vehPoliciesMaster.Vehicleno.Equals(_vehPoliciesMaster.Vehicleno) && vehPoliciesMaster.Inscompany.Equals(_vehPoliciesMaster.Inscompany) ) { isValid = true; } else { return(isValid); } return(isValid); }
private static SecretAttributes NewSecretAttributes(bool enabled, bool active, bool expired) { if (!active && expired) { throw new ArgumentException("Secret cannot be both inactive and expired; math not possible"); } var attributes = new SecretAttributes(); attributes.Enabled = enabled; if (active == false) { // Set the secret to not be active for 12 hours attributes.NotBefore = (DateTime.UtcNow + new TimeSpan(0, 12, 0, 0)); } if (expired) { // Set the secret to be expired 12 hours ago attributes.Expires = (DateTime.UtcNow - new TimeSpan(0, 12, 0, 0)); } return(attributes); }
/// <inheritdoc/> public async Task SetKeyValueAsync(string key, string value, DateTime?notBefore, DateTime?notAfter, string contentType, CancellationToken ct) { if (string.IsNullOrEmpty(key)) { throw new ArgumentNullException(nameof(key)); } if (string.IsNullOrEmpty(value)) { throw new ArgumentNullException(nameof(value)); } try { var secretAttributes = new SecretAttributes { Enabled = true, NotBefore = notBefore, Expires = notAfter }; var secret = await _keyVaultClient.SetSecretAsync(_vaultBaseUrl, key, value, null, contentType, secretAttributes, ct); } catch (KeyVaultErrorException ex) { throw new ExternalDependencyException("Failed to set secret", ex); } }
/// <summary> /// Updates the attributes associated with the specified secret in both vaults /// </summary> /// <param name="secretName">The name of the secret in the given vault</param> /// <param name="secretVersion">The secret version (optional)</param> /// <param name="tags">Application-specific metadata in the form of key-value pairs</param> /// <param name="contentType">Type of the secret value such as a password</param> /// <param name="secretAttributes">Attributes for the secret. For more information on possible attributes, <see cref="SecretAttributes"/></param> /// <param name="cancellationToken">Optional cancellation token</param> /// <returns>A response message containing the updated secret from first vault</returns> public async Task <SecretBundle> UpdateSecretAsync(string secretName, string secretVersion = null, Dictionary <string, string> tags = null, string contentType = null, SecretAttributes secretAttributes = null, CancellationToken cancellationToken = default(CancellationToken)) { tags = Utils.AddMd5ChangedBy(tags, null, AuthenticatedUserName); secretVersion = secretVersion ?? string.Empty; var t0 = _keyVaultClients[0].UpdateSecretAsync(_keyVaultClients[0].VaultUri, secretName, secretVersion, contentType, secretAttributes, tags, cancellationToken); var t1 = Secondary ? _keyVaultClients[1].UpdateSecretAsync(_keyVaultClients[1].VaultUri, secretName, secretVersion, contentType, secretAttributes, tags, cancellationToken) : CompletedTask; await Task.WhenAll(t0, t1).ContinueWith((t) => { if (t0.IsFaulted && t1.IsFaulted) { throw new SecretException($"Failed to update secret {secretName} in both vaults {_keyVaultClients[0]} and {_keyVaultClients[1]}", t0.Exception, t1.Exception); } if (t0.IsFaulted) { throw new SecretException($"Failed to update secret {secretName} in vault {_keyVaultClients[0]}", t0.Exception); } if (t1.IsFaulted) { throw new SecretException($"Failed to update secret {secretName} in vault {_keyVaultClients[1]}", t1.Exception); } }); return(t0.Result); }
public Task <Secret> UpdateSecretAsync(string secretName, string contentType = null, SecretAttributes secretAttributes = null, Dictionary <string, string> tags = null, CancellationToken cancellationToken = default(CancellationToken)) { return(this.keyVaultClient.UpdateSecretAsync( this.vaultUri, secretName, contentType, secretAttributes, tags, cancellationToken)); }
public async Task <KeyVaultSecret> CreateSecret(string secretName, string value, SecretAttributes attributes = null) { await Client.SetSecretAsync(Vault.Properties.VaultUri, secretName, value, secretAttributes : attributes); return(await GetSecret(secretName)); }
public Secret SetSecret(string vaultName, string secretName, SecureString secretValue, SecretAttributes secretAttributes) { if (string.IsNullOrEmpty(vaultName)) throw new ArgumentNullException("vaultName"); if (string.IsNullOrEmpty(secretName)) throw new ArgumentNullException("secretName"); if (secretValue == null) throw new ArgumentNullException("secretValue"); if (secretAttributes == null) throw new ArgumentNullException("secretAttributes"); string value = secretValue.ConvertToString(); string vaultAddress = this.vaultUriHelper.CreateVaultAddress(vaultName); var attributes = (Azure.KeyVault.Models.SecretAttributes)secretAttributes; Azure.KeyVault.Models.SecretBundle secret; try { secret = this.keyVaultClient.SetSecretAsync(vaultAddress, secretName, value, secretAttributes.TagsDictionary, secretAttributes.ContentType, attributes).GetAwaiter().GetResult(); } catch (Exception ex) { throw GetInnerException(ex); } return new Secret(secret, this.vaultUriHelper); }
public async Task UpdateSecret(VehiclePolicies policydata) { //Create the updated Policy data to be stored as a new version of the Secret Insdata akvdata = new Insdata { Id = policydata.Id, Inscompany = policydata.Inscompany, Policyno = policydata.Policyno, Userid = policydata.Userid, Vehicleno = policydata.Vehicleno }; //Create the JSON String of the updated Policy Object string insurancepolicysecret = JsonConvert.SerializeObject(akvdata); byte[] datatoencrypt = System.Text.Encoding.UTF8.GetBytes(insurancepolicysecret); string keyUri = string.Format("https://{0}.vault.azure.net/keys/{1}", _keyVaultName, _keyName); string keyVaultUri = string.Format("https://{0}.vault.azure.net", _keyVaultName); KeyOperationResult result = null; //Get the metadata from the existing Secret in Key Vault SecretBundle bundle = await _keyVaultClient.GetSecretAsync(keyVaultUri, policydata.Uidname); if (bundle == null) { throw new ApplicationException("Error locating Secret data to update"); //No need to execute the rest of the steps if the Secret cannot be retrieved } SecretAttributes _attribs = bundle.Attributes; string _contentType = bundle.ContentType; IDictionary <string, string> dic = bundle.Tags; //Create the attributes for the updated Secret SecretAttributes attribsNew = new SecretAttributes { Enabled = true, Expires = _attribs.Expires, NotBefore = DateTime.UtcNow }; IDictionary <string, string> alltags = dic; string contentType = _contentType; // Encrypt the updated Secret data result = await _keyVaultClient.EncryptAsync(keyUri, JsonWebKeyEncryptionAlgorithm.RSAOAEP256, datatoencrypt); byte[] encdata = result.Result; string encrypteddata = Convert.ToBase64String(encdata); //Create a new version of the Secret by calling the SetSecret Method, and using the attributes from the previous version of the Secret bundle = await _keyVaultClient.SetSecretAsync(keyVaultUri, policydata.Uidname, encrypteddata, alltags, contentType, attribsNew); string bundlestr = bundle.Value; policydata.Version = bundle.SecretIdentifier.Version; policydata.Lastmod = bundle.Attributes.Updated; policydata.Startdate = bundle.Attributes.NotBefore; policydata.Enddate = bundle.Attributes.Expires; }