/// <summary>
/// Demonstrates how to enable soft delete on an existing vault, and then proceeds to delete, recover and purge the vault.
/// Assumes the caller has the KeyVaultContributor role in the subscription.
/// </summary>
/// <returns>Task representing this functionality.</returns>
public static async Task DemonstrateRecoveryAndPurgeAsync()
{
// instantiate the samples object
var sample = new KeyVaultEntityRecoverySamples();
var rgName = sample.context.ResourceGroupName;
// derive a unique vault name for this sample
var vaultName = sample.context.VaultName + "invault";
var secretName = "recoverysample";
// retrieve the vault (or create, if it doesn't exist)
var vault = await sample.CreateOrRetrieveVaultAsync(rgName, vaultName, enableSoftDelete : true, enablePurgeProtection : false);
var vaultUri = vault.Properties.VaultUri;
SecretClient secretClient = sample.GetDataClient(new Uri(vaultUri));
Console.WriteLine("Operating with vault name '{0}' in resource group '{1}' and location '{2}'", vaultName, rgName, vault.Location);
try
{
// set a secret
Console.Write("Setting a new value for secret '{0}'...", secretName);
await secretClient.SetSecretAsync(secretName, Guid.NewGuid().ToString());
Console.WriteLine("done.");
// confirm existence
Console.Write("Verifying secret creation...");
Response <KeyVaultSecret> retrievedSecretResponse = await secretClient.GetSecretAsync(secretName);
Console.WriteLine("done.");
// confirm recovery is possible
Console.Write("Verifying the secret deletion is recoverable...");
var recoveryLevel = retrievedSecretResponse.Value.Properties.RecoveryLevel;
if (!recoveryLevel.ToLowerInvariant().Contains("Recoverable".ToLowerInvariant()))
{
Console.WriteLine("failed; soft-delete is not enabled for this vault.");
return;
}
Console.WriteLine("done.");
// delete secret
Console.Write("Deleting secret...");
DeleteSecretOperation deleteSecretOperation = await secretClient.StartDeleteSecretAsync(secretName);
// When deleting a secret asynchronously before you purge it, you can await the WaitForCompletionAsync method on the operation
await deleteSecretOperation.WaitForCompletionAsync();
Console.WriteLine("done.");
// recover secret
Console.Write("Recovering deleted secret...");
RecoverDeletedSecretOperation recoverDeletedSecretOperation = await secretClient.StartRecoverDeletedSecretAsync(secretName);
await recoverDeletedSecretOperation.WaitForCompletionAsync();
Console.WriteLine("done.");
// confirm recovery
Console.Write("Retrieving recovered secret...");
await secretClient.GetSecretAsync(secretName);
Console.WriteLine("done.");
// delete secret
Console.Write("Deleting recorvered secret...");
DeleteSecretOperation deleteRecoveredSecretOperation = await secretClient.StartDeleteSecretAsync(secretName);
await deleteRecoveredSecretOperation.WaitForCompletionAsync();
Console.WriteLine("done.");
// retrieve deleted secret
Console.Write("Retrieving the deleted secret...");
await secretClient.GetDeletedSecretAsync(secretName);
Console.WriteLine("done.");
}
catch (RequestFailedException ex)
{
Console.WriteLine("Unexpected Key Vault exception encountered: {0}", ex.Message);
throw;
}
catch (Exception e)
{
Console.WriteLine("Unexpected exception encountered: {0}", e.Message);
throw;
}
}
/// <summary>
/// Demonstrates how to back up and restore a secret.
/// </summary>
/// <returns>Task representing this functionality.</returns>
public static async Task DemonstrateBackupAndRestoreAsync()
{
// instantiate the samples object
var sample = new KeyVaultEntityRecoverySamples();
var rgName = sample.context.ResourceGroupName;
// derive a unique vault name for this sample
var vaultName = sample.context.VaultName + "backuprestore";
var secretName = "backupsample";
// retrieve the vault (or create, if it doesn't exist)
var vault = await sample.CreateOrRetrieveVaultAsync(rgName, vaultName, enableSoftDelete : false, enablePurgeProtection : false);
var vaultUri = vault.Properties.VaultUri;
SecretClient secretClient = sample.GetDataClient(new Uri(vaultUri));
Console.WriteLine("Operating with vault name '{0}' in resource group '{1}' and location '{2}'", vaultName, rgName, vault.Location);
try
{
// set a secret
Console.Write("Setting a new value for secret '{0}'...", secretName);
await secretClient.SetSecretAsync(secretName, Guid.NewGuid().ToString());
Console.WriteLine("done.");
// confirm existence
Console.Write("Verifying secret creation...");
await secretClient.GetSecretAsync(secretName);
Console.WriteLine("done.");
// backup secret
Console.Write("Backing up secret...");
Response <byte[]> backupResponse = await secretClient.BackupSecretAsync(secretName);
Console.WriteLine("done.");
// delete secret
Console.Write("Deleting secret...");
DeleteSecretOperation deleteSecretOperation = await secretClient.StartDeleteSecretAsync(secretName);
// When deleting a secret asynchronously before you purge it, you can await the WaitForCompletionAsync method on the operation
await deleteSecretOperation.WaitForCompletionAsync();
Console.WriteLine("done.");
// restore secret
Console.Write("Restoring secret from backup...");
await secretClient.RestoreSecretBackupAsync(backupResponse.Value);
Console.WriteLine("done.");
// confirm existence
Console.Write("Verifying secret restoration...");
await secretClient.GetSecretAsync(secretName);
Console.WriteLine("done.");
}
catch (RequestFailedException ex)
{
Console.WriteLine("Unexpected Key Vault exception encountered: {0}", ex.Message);
throw;
}
catch (Exception e)
{
Console.WriteLine("Unexpected exception encountered: {0}", e.Message);
throw;
}
}