static void Main(string[] args)
{
ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None);
// run the vault recovery samples
// soft delete flow with new vault
Console.WriteLine("\n\n** Running recovery/purge sample for a new vault..");
Task.Run(() => KeyVaultRecoverySamples.DemonstrateRecoveryAndPurgeForNewVaultAsync()).ConfigureAwait(false).GetAwaiter().GetResult();
// enabling soft delete on existing vault + soft delete flow
Console.WriteLine("\n\n** Running recovery/purge sample for an existing vault..");
Task.Run(() => KeyVaultRecoverySamples.DemonstrateRecoveryAndPurgeForExistingVaultAsync()).ConfigureAwait(false).GetAwaiter().GetResult();
// soft delete flow for a vault entity
Console.WriteLine("\n\n** Running recovery/purge sample for a vault entity..");
Task.Run(() => KeyVaultEntityRecoverySamples.DemonstrateRecoveryAndPurgeAsync()).ConfigureAwait(false).GetAwaiter().GetResult();
// backup/restore flow for a vault entity
Console.WriteLine("\n\n** Running backup/restore sample for a vault entity..");
Task.Run(() => KeyVaultEntityRecoverySamples.DemonstrateBackupAndRestoreAsync()).ConfigureAwait(false).GetAwaiter().GetResult();
}
/// <summary>
/// Demonstrates how to enable soft delete on an existing vault, and then proceeds to delete, recover and purge the vault.
/// Assumes the caller has the KeyVaultContributor role in the subscription.
/// </summary>
/// <returns>Task representing this functionality.</returns>
public static async Task DemonstrateRecoveryAndPurgeAsync()
{
// instantiate the samples object
var sample = new KeyVaultEntityRecoverySamples();
var rgName = sample.context.ResourceGroupName;
// derive a unique vault name for this sample
var vaultName = sample.context.VaultName + "invault";
var secretName = "recoverysample";
// retrieve the vault (or create, if it doesn't exist)
var vault = await sample.CreateOrRetrieveVaultAsync(rgName, vaultName, enableSoftDelete : true, enablePurgeProtection : false);
var vaultUri = vault.Properties.VaultUri;
SecretClient secretClient = sample.GetDataClient(new Uri(vaultUri));
Console.WriteLine("Operating with vault name '{0}' in resource group '{1}' and location '{2}'", vaultName, rgName, vault.Location);
try
{
// set a secret
Console.Write("Setting a new value for secret '{0}'...", secretName);
await secretClient.SetSecretAsync(secretName, Guid.NewGuid().ToString());
Console.WriteLine("done.");
// confirm existence
Console.Write("Verifying secret creation...");
Response <KeyVaultSecret> retrievedSecretResponse = await secretClient.GetSecretAsync(secretName);
Console.WriteLine("done.");
// confirm recovery is possible
Console.Write("Verifying the secret deletion is recoverable...");
var recoveryLevel = retrievedSecretResponse.Value.Properties.RecoveryLevel;
if (!recoveryLevel.ToLowerInvariant().Contains("Recoverable".ToLowerInvariant()))
{
Console.WriteLine("failed; soft-delete is not enabled for this vault.");
return;
}
Console.WriteLine("done.");
// delete secret
Console.Write("Deleting secret...");
DeleteSecretOperation deleteSecretOperation = await secretClient.StartDeleteSecretAsync(secretName);
// When deleting a secret asynchronously before you purge it, you can await the WaitForCompletionAsync method on the operation
await deleteSecretOperation.WaitForCompletionAsync();
Console.WriteLine("done.");
// recover secret
Console.Write("Recovering deleted secret...");
RecoverDeletedSecretOperation recoverDeletedSecretOperation = await secretClient.StartRecoverDeletedSecretAsync(secretName);
await recoverDeletedSecretOperation.WaitForCompletionAsync();
Console.WriteLine("done.");
// confirm recovery
Console.Write("Retrieving recovered secret...");
await secretClient.GetSecretAsync(secretName);
Console.WriteLine("done.");
// delete secret
Console.Write("Deleting recorvered secret...");
DeleteSecretOperation deleteRecoveredSecretOperation = await secretClient.StartDeleteSecretAsync(secretName);
await deleteRecoveredSecretOperation.WaitForCompletionAsync();
Console.WriteLine("done.");
// retrieve deleted secret
Console.Write("Retrieving the deleted secret...");
await secretClient.GetDeletedSecretAsync(secretName);
Console.WriteLine("done.");
}
catch (RequestFailedException ex)
{
Console.WriteLine("Unexpected Key Vault exception encountered: {0}", ex.Message);
throw;
}
catch (Exception e)
{
Console.WriteLine("Unexpected exception encountered: {0}", e.Message);
throw;
}
}
/// <summary>
/// Demonstrates how to back up and restore a secret.
/// </summary>
/// <returns>Task representing this functionality.</returns>
public static async Task DemonstrateBackupAndRestoreAsync()
{
// instantiate the samples object
var sample = new KeyVaultEntityRecoverySamples();
var rgName = sample.context.ResourceGroupName;
// derive a unique vault name for this sample
var vaultName = sample.context.VaultName + "backuprestore";
var secretName = "backupsample";
// retrieve the vault (or create, if it doesn't exist)
var vault = await sample.CreateOrRetrieveVaultAsync(rgName, vaultName, enableSoftDelete : false, enablePurgeProtection : false);
var vaultUri = vault.Properties.VaultUri;
SecretClient secretClient = sample.GetDataClient(new Uri(vaultUri));
Console.WriteLine("Operating with vault name '{0}' in resource group '{1}' and location '{2}'", vaultName, rgName, vault.Location);
try
{
// set a secret
Console.Write("Setting a new value for secret '{0}'...", secretName);
await secretClient.SetSecretAsync(secretName, Guid.NewGuid().ToString());
Console.WriteLine("done.");
// confirm existence
Console.Write("Verifying secret creation...");
await secretClient.GetSecretAsync(secretName);
Console.WriteLine("done.");
// backup secret
Console.Write("Backing up secret...");
Response <byte[]> backupResponse = await secretClient.BackupSecretAsync(secretName);
Console.WriteLine("done.");
// delete secret
Console.Write("Deleting secret...");
DeleteSecretOperation deleteSecretOperation = await secretClient.StartDeleteSecretAsync(secretName);
// When deleting a secret asynchronously before you purge it, you can await the WaitForCompletionAsync method on the operation
await deleteSecretOperation.WaitForCompletionAsync();
Console.WriteLine("done.");
// restore secret
Console.Write("Restoring secret from backup...");
await secretClient.RestoreSecretBackupAsync(backupResponse.Value);
Console.WriteLine("done.");
// confirm existence
Console.Write("Verifying secret restoration...");
await secretClient.GetSecretAsync(secretName);
Console.WriteLine("done.");
}
catch (RequestFailedException ex)
{
Console.WriteLine("Unexpected Key Vault exception encountered: {0}", ex.Message);
throw;
}
catch (Exception e)
{
Console.WriteLine("Unexpected exception encountered: {0}", e.Message);
throw;
}
}
/// <summary>
/// Demonstrates how to enable soft delete on an existing vault, and then proceeds to delete, recover and purge the vault.
/// Assumes the caller has the KeyVaultContributor role in the subscription.
/// </summary>
/// <returns>Task representing this functionality.</returns>
public static async Task DemonstrateRecoveryAndPurgeAsync()
{
// instantiate the samples object
var sample = new KeyVaultEntityRecoverySamples();
var rgName = sample.context.ResourceGroupName;
// derive a unique vault name for this sample
var vaultName = sample.context.VaultName + "invault";
var secretName = "recoverysample";
// retrieve the vault (or create, if it doesn't exist)
var vault = await sample.CreateOrRetrieveVaultAsync(rgName, vaultName, enableSoftDelete : true, enablePurgeProtection : false);
var vaultUri = vault.Properties.VaultUri;
Console.WriteLine("Operating with vault name '{0}' in resource group '{1}' and location '{2}'", vaultName, rgName, vault.Location);
try
{
// set a secret
Console.Write("Setting a new value for secret '{0}'...", secretName);
var secretResponse = await sample.DataClient.SetSecretWithHttpMessagesAsync(vaultUri, secretName, Guid.NewGuid().ToString()).ConfigureAwait(false);
Console.WriteLine("done.");
// confirm existence
Console.Write("Verifying secret creation...");
var retrievedSecretResponse = await sample.DataClient.GetSecretWithHttpMessagesAsync(vaultUri, secretName, secretVersion : String.Empty).ConfigureAwait(false);
Console.WriteLine("done.");
// confirm recovery is possible
Console.Write("Verifying the secret deletion is recoverable...");
var recoveryLevel = retrievedSecretResponse.Body.Attributes.RecoveryLevel;
if (!recoveryLevel.ToLowerInvariant().Contains("Recoverable".ToLowerInvariant()))
{
Console.WriteLine("failed; soft-delete is not enabled for this vault.");
return;
}
Console.WriteLine("done.");
// delete secret
Console.Write("Deleting secret...");
await sample.DataClient.DeleteSecretWithHttpMessagesAsync(vaultUri, secretName).ConfigureAwait(false);
Console.WriteLine("done.");
// retrieve deleted secret; recoverable deletion is an asynchronous operation, during which the secret
// is not accessible, either as an active entity or a deleted one. Polling for up to 45s should be sufficient.
Console.Write("Retrieving the deleted secret...");
AzureOperationResponse <DeletedSecretBundle> deletedSecretResponse = null;
await RetryHttpRequestAsync(
async() => { return(deletedSecretResponse = await sample.DataClient.GetDeletedSecretWithHttpMessagesAsync(vaultUri, secretName).ConfigureAwait(false)); },
"get deleted secret",
SampleConstants.RetryPolicies.DefaultSoftDeleteRetryPolicy)
.ConfigureAwait(false);
Console.WriteLine("done.");
// recover secret
Console.Write("Recovering deleted secret...");
var recoveredSecretResponse = await sample.DataClient.RecoverDeletedSecretWithHttpMessagesAsync(vaultUri, secretName).ConfigureAwait(false);
Console.WriteLine("done.");
// confirm recovery
Console.Write("Retrieving recovered secret...");
await RetryHttpRequestAsync(
async() => { return(retrievedSecretResponse = await sample.DataClient.GetSecretWithHttpMessagesAsync(vaultUri, secretName, secretVersion: String.Empty).ConfigureAwait(false)); },
"recover deleted secret",
SampleConstants.RetryPolicies.DefaultSoftDeleteRetryPolicy)
.ConfigureAwait(false);
Console.WriteLine("done.");
// delete secret
Console.Write("Deleting secret (pass #2)...");
await sample.DataClient.DeleteSecretWithHttpMessagesAsync(vaultUri, secretName).ConfigureAwait(false);
Console.WriteLine("done.");
// retrieve deleted secret
Console.Write("Retrieving the deleted secret (pass #2)...");
await RetryHttpRequestAsync(
async() => { return(deletedSecretResponse = await sample.DataClient.GetDeletedSecretWithHttpMessagesAsync(vaultUri, secretName)); },
"get deleted secret",
SampleConstants.RetryPolicies.DefaultSoftDeleteRetryPolicy)
.ConfigureAwait(false);
Console.WriteLine("done.");
// purge secret
Console.Write("Purging deleted secret...");
await sample.DataClient.PurgeDeletedSecretWithHttpMessagesAsync(vaultUri, secretName).ConfigureAwait(false);
Console.WriteLine("done.");
}
catch (KeyVaultErrorException kvee)
{
Console.WriteLine("Unexpected KeyVault exception encountered: {0}", kvee.Message);
throw;
}
catch (CloudException ce)
{
Console.WriteLine("Unexpected ARM exception encountered: {0}", ce.Message);
throw;
}
catch (Exception e)
{
Console.WriteLine("Unexpected exception encountered: {0}", e.Message);
throw;
}
}
/// <summary>
/// Demonstrates how to back up and restore a secret.
/// </summary>
/// <returns>Task representing this functionality.</returns>
public static async Task DemonstrateBackupAndRestoreAsync()
{
// instantiate the samples object
var sample = new KeyVaultEntityRecoverySamples();
var rgName = sample.context.ResourceGroupName;
// derive a unique vault name for this sample
var vaultName = sample.context.VaultName + "backuprestore";
var secretName = "backupsample";
// retrieve the vault (or create, if it doesn't exist)
var vault = await sample.CreateOrRetrieveVaultAsync(rgName, vaultName, enableSoftDelete : false, enablePurgeProtection : false);
var vaultUri = vault.Properties.VaultUri;
Console.WriteLine("Operating with vault name '{0}' in resource group '{1}' and location '{2}'", vaultName, rgName, vault.Location);
try
{
// set a secret
Console.Write("Setting a new value for secret '{0}'...", secretName);
var secretResponse = await sample.DataClient.SetSecretWithHttpMessagesAsync(vaultUri, secretName, Guid.NewGuid().ToString()).ConfigureAwait(false);
Console.WriteLine("done.");
// confirm existence
Console.Write("Verifying secret creation...");
var retrievedSecretResponse = await sample.DataClient.GetSecretWithHttpMessagesAsync(vaultUri, secretName, secretVersion : String.Empty).ConfigureAwait(false);
Console.WriteLine("done.");
// backup secret
Console.Write("Backing up secret...");
var backupResponse = await sample.DataClient.BackupSecretWithHttpMessagesAsync(vaultUri, secretName).ConfigureAwait(false);
Console.WriteLine("done.");
// delete secret
Console.Write("Deleting secret...");
await sample.DataClient.DeleteSecretWithHttpMessagesAsync(vaultUri, secretName).ConfigureAwait(false);
Console.WriteLine("done.");
// restore secret
Console.Write("Restoring secret from backup...");
byte[] secretBackup = backupResponse.Body.Value;
var restoreResponse = await sample.DataClient.RestoreSecretWithHttpMessagesAsync(vaultUri, secretBackup).ConfigureAwait(false);
Console.WriteLine("done.");
// confirm existence
Console.Write("Verifying secret restoration...");
retrievedSecretResponse = await sample.DataClient.GetSecretWithHttpMessagesAsync(vaultUri, secretName, secretVersion : String.Empty).ConfigureAwait(false);
Console.WriteLine("done.");
}
catch (KeyVaultErrorException kvee)
{
Console.WriteLine("Unexpected KeyVault exception encountered: {0}", kvee.Message);
throw;
}
catch (CloudException ce)
{
Console.WriteLine("Unexpected ARM exception encountered: {0}", ce.Message);
throw;
}
catch (Exception e)
{
Console.WriteLine("Unexpected exception encountered: {0}", e.Message);
throw;
}
}
