public async Task UpdateKeyRotationPolicy() { string name = Recording.GenerateId(); await Client.CreateRsaKeyAsync(new CreateRsaKeyOptions(name)); RegisterForCleanup(name); KeyRotationPolicy policy = new() { ExpiresIn = "P90D", LifetimeActions = { new KeyRotationLifetimeAction(KeyRotationPolicyAction.Rotate) { TimeBeforeExpiry = "P10D", } } }; KeyRotationPolicy updatedPolicy = await Client.UpdateKeyRotationPolicyAsync(name, policy); Assert.AreEqual(policy.ExpiresIn, updatedPolicy.ExpiresIn); // Notify policy is always present and can only be updated. Assert.That(updatedPolicy.LifetimeActions, Has.One.Matches <KeyRotationLifetimeAction>(action => action.Action == KeyRotationPolicyAction.Notify)); KeyRotationLifetimeAction rotateAction = updatedPolicy.LifetimeActions.Single(p => p.Action == KeyRotationPolicyAction.Rotate); Assert.AreEqual(policy.LifetimeActions[0].Action, rotateAction.Action); Assert.AreEqual(policy.LifetimeActions[0].TimeAfterCreate, rotateAction.TimeAfterCreate); Assert.AreEqual(policy.LifetimeActions[0].TimeBeforeExpiry, rotateAction.TimeBeforeExpiry); }
public void KeyRotationSync() { // Environment variable with the Key Vault endpoint. string keyVaultUrl = TestEnvironment.KeyVaultUrl; #region Snippet:KeysSample8KeyClient var keyClient = new KeyClient(new Uri(keyVaultUrl), new DefaultAzureCredential()); #endregion #region Snippet:KeysSample8CreateKey string rsaKeyName = $"CloudRsaKey-{Guid.NewGuid()}"; var rsaKey = new CreateRsaKeyOptions(rsaKeyName, hardwareProtected: false) { KeySize = 2048, }; KeyVaultKey cloudRsaKey = keyClient.CreateRsaKey(rsaKey); Debug.WriteLine($"{cloudRsaKey.KeyType} key is returned with name {cloudRsaKey.Name} and version {cloudRsaKey.Properties.Version}"); #endregion #region Snippet:KeysSample8UpdateRotationPolicy KeyRotationPolicy policy = new KeyRotationPolicy() { ExpiresIn = TimeSpan.FromDays(90), LifetimeActions = { new KeyRotationLifetimeAction() { Action = KeyRotationPolicyAction.Rotate, TimeBeforeExpiry = TimeSpan.FromDays(30) } } }; keyClient.UpdateKeyRotationPolicy(rsaKeyName, policy); #endregion #region Snippet:KeysSample8RotateKey KeyVaultKey newRsaKey = keyClient.RotateKey(rsaKeyName); Debug.WriteLine($"Rotated key {newRsaKey.Name} with version {newRsaKey.Properties.Version}"); #endregion DeleteKeyOperation operation = keyClient.StartDeleteKey(rsaKeyName); // You only need to wait for completion if you want to purge or recover the key. while (!operation.HasCompleted) { Thread.Sleep(2000); operation.UpdateStatus(); } // If the keyvault is soft-delete enabled, then for permanent deletion, deleted key needs to be purged. keyClient.PurgeDeletedKey(rsaKeyName); }
public async Task GetKeyRotationPolicyReturnsDefault() { string name = Recording.GenerateId(); await Client.CreateRsaKeyAsync(new CreateRsaKeyOptions(name)); RegisterForCleanup(name); KeyRotationPolicy policy = await Client.GetKeyRotationPolicyAsync(name); Assert.That(policy.LifetimeActions, Has.One.Matches <KeyRotationLifetimeAction>(action => action.Action == KeyRotationPolicyAction.Notify)); }
public PSKeyRotationPolicy(KeyRotationPolicy keyRotationPolicy, string vaultName, string keyName) { Id = keyRotationPolicy.Id?.ToString(); VaultName = vaultName; KeyName = keyName; LifetimeActions = new List <PSKeyRotationLifetimeAction>(); foreach (var action in keyRotationPolicy.LifetimeActions) { LifetimeActions.Add(new PSKeyRotationLifetimeAction(action)); } ExpiresIn = keyRotationPolicy.ExpiresIn; CreatedOn = keyRotationPolicy.CreatedOn; UpdatedOn = keyRotationPolicy.UpdatedOn; }
public async Task KeyRotationAsync() { // Environment variable with the Key Vault endpoint. string keyVaultUrl = TestEnvironment.KeyVaultUrl; var keyClient = new KeyClient(new Uri(keyVaultUrl), new DefaultAzureCredential()); string rsaKeyName = $"CloudRsaKey-{Guid.NewGuid()}"; var rsaKey = new CreateRsaKeyOptions(rsaKeyName, hardwareProtected: false) { KeySize = 2048, }; KeyVaultKey cloudRsaKey = await keyClient.CreateRsaKeyAsync(rsaKey); Debug.WriteLine($"{cloudRsaKey.KeyType} key is returned with name {cloudRsaKey.Name} and version {cloudRsaKey.Properties.Version}"); KeyRotationPolicy policy = new KeyRotationPolicy() { ExpiresIn = "P90D", LifetimeActions = { new KeyRotationLifetimeAction() { Action = KeyRotationPolicyAction.Rotate, TimeBeforeExpiry = "P30D" } } }; await keyClient.UpdateKeyRotationPolicyAsync(rsaKeyName, policy); KeyVaultKey newRsaKey = await keyClient.RotateKeyAsync(rsaKeyName); Debug.WriteLine($"Rotated key {newRsaKey.Name} with version {newRsaKey.Properties.Version}"); DeleteKeyOperation operation = await keyClient.StartDeleteKeyAsync(rsaKeyName); // You only need to wait for completion if you want to purge or recover the key. await operation.WaitForCompletionAsync(); // If the keyvault is soft-delete enabled, then for permanent deletion, deleted key needs to be purged. keyClient.PurgeDeletedKey(rsaKeyName); }
internal PSKeyRotationPolicy SetKeyRotationPolicy(PSKeyRotationPolicy psKeyRotationPolicy) { var client = CreateKeyClient(psKeyRotationPolicy.VaultName); var policy = new KeyRotationPolicy() { ExpiresIn = psKeyRotationPolicy.ExpiresIn, LifetimeActions = { } }; psKeyRotationPolicy.LifetimeActions?.ForEach( psKeyRotationLifetimeAction => policy.LifetimeActions.Add( new KeyRotationLifetimeAction(new KeyRotationPolicyAction(psKeyRotationLifetimeAction.Action)) { TimeAfterCreate = psKeyRotationLifetimeAction.TimeAfterCreate, TimeBeforeExpiry = psKeyRotationLifetimeAction.TimeBeforeExpiry } )); return(SetKeyRotationPolicy(client, psKeyRotationPolicy.VaultName, psKeyRotationPolicy.KeyName, policy)); }
private PSKeyRotationPolicy SetKeyRotationPolicy(KeyClient client, string managedHsmName, string keyName, KeyRotationPolicy keyRotationPolicy) { return(new PSKeyRotationPolicy(client.UpdateKeyRotationPolicy(keyName, keyRotationPolicy), managedHsmName, keyName)); }
private PSKeyRotationPolicy SetKeyRotationPolicy(KeyClient client, string vaultName, string keyName, KeyRotationPolicy policy) { return(new PSKeyRotationPolicy(client.UpdateKeyRotationPolicy(keyName, policy), vaultName, keyName)); }