public void HelloWorldSync()
{
// Environment variable with the Key Vault endpoint.
string keyVaultUrl = Environment.GetEnvironmentVariable("AZURE_KEYVAULT_URL");
// Instantiate a secret client that will be used to call the service. Notice that the client is using default Azure
// credentials. To make default credentials work, ensure that environment variables 'AZURE_CLIENT_ID',
// 'AZURE_CLIENT_KEY' and 'AZURE_TENANT_ID' are set with the service principal credentials.
var client = new SecretClient(new Uri(keyVaultUrl), new DefaultAzureCredential());
// Let's create a secret holding bank account credentials valid for 1 year. if the secret
// already exists in the key vault, then a new version of the secret is created.
string secretName = $"BankAccountPassword-{Guid.NewGuid()}";
var secret = new Secret(secretName, "f4G34fMh8v")
{
Properties =
{
Expires = DateTimeOffset.Now.AddYears(1)
}
};
client.Set(secret);
// Let's Get the bank secret from the key vault.
Secret bankSecret = client.Get(secretName);
Debug.WriteLine($"Secret is returned with name {bankSecret.Name} and value {bankSecret.Value}");
// After one year, the bank account is still active, we need to update the expiry time of the secret.
// The update method can be used to update the expiry attribute of the secret. It cannot be used to update
// the value of the secret.
bankSecret.Properties.Expires = bankSecret.Properties.Expires.Value.AddYears(1);
SecretProperties updatedSecret = client.UpdateProperties(bankSecret.Properties);
Debug.WriteLine($"Secret's updated expiry time is {updatedSecret.Expires}");
// Bank forced a password update for security purposes. Let's change the value of the secret in the key vault.
// To achieve this, we need to create a new version of the secret in the key vault. The update operation cannot
// change the value of the secret.
var secretNewValue = new Secret(secretName, "bhjd4DDgsa")
{
Properties =
{
Expires = DateTimeOffset.Now.AddYears(1)
}
};
client.Set(secretNewValue);
// The bank account was closed. You need to delete its credentials from the key vault.
client.Delete(secretName);
// To ensure secret is deleted on server side.
Assert.IsTrue(WaitForDeletedSecret(client, secretName));
// If the keyvault is soft-delete enabled, then for permanent deletion, deleted secret needs to be purged.
client.PurgeDeleted(secretName);
}
public void BackupAndRestoreSync()
{
// Environment variable with the Key Vault endpoint.
string keyVaultUrl = Environment.GetEnvironmentVariable("AZURE_KEYVAULT_URL");
string backupPath = Path.GetTempFileName();
// Instantiate a secret client that will be used to call the service. Notice that the client is using default Azure
// credentials. To make default credentials work, ensure that environment variables 'AZURE_CLIENT_ID',
// 'AZURE_CLIENT_KEY' and 'AZURE_TENANT_ID' are set with the service principal credentials.
var client = new SecretClient(new Uri(keyVaultUrl), new DefaultAzureCredential());
// Let's create a secret holding bank account credentials valid for 1 year. if the secret
// already exists in the key vault, then a new version of the secret is created.
string secretName = $"StorageAccountPasswor{Guid.NewGuid()}";
var secret = new Secret(secretName, "f4G34fMh8v")
{
Properties =
{
Expires = DateTimeOffset.Now.AddYears(1)
}
};
Secret storedSecret = client.Set(secret);
// Backups are good to have if in case secrets get accidentally deleted by you.
// For long term storage, it is ideal to write the backup to a file.
File.WriteAllBytes(backupPath, client.Backup(secretName));
// The storage account secret is no longer in use, so you delete it.
client.Delete(secretName);
// To ensure secret is deleted on server side.
Assert.IsTrue(WaitForDeletedSecret(client, secretName));
// If the keyvault is soft-delete enabled, then for permanent deletion, deleted secret needs to be purged.
client.PurgeDeleted(secretName);
// After sometime, the secret is required again. We can use the backup value to restore it in the key vault.
SecretProperties restoreSecret = client.Restore(File.ReadAllBytes(backupPath));
AssertSecretsEqual(storedSecret.Properties, restoreSecret);
}
public void GetSecretsSync()
{
// Environment variable with the Key Vault endpoint.
string keyVaultUrl = Environment.GetEnvironmentVariable("AZURE_KEYVAULT_URL");
// Instantiate a secret client that will be used to call the service. Notice that the client is using default Azure
// credentials. To make default credentials work, ensure that environment variables 'AZURE_CLIENT_ID',
// 'AZURE_CLIENT_KEY' and 'AZURE_TENANT_ID' are set with the service principal credentials.
var client = new SecretClient(new Uri(keyVaultUrl), new DefaultAzureCredential());
// Let's create secrets holding storage and bank accounts credentials valid for 1 year. if the secret
// already exists in the key vault, then a new version of the secret is created.
string bankSecretName = $"BankAccountPassword-{Guid.NewGuid()}";
string storageSecretName = $"StorageAccountPasswor{Guid.NewGuid()}";
var bankSecret = new Secret(bankSecretName, "f4G34fMh8v")
{
Properties =
{
Expires = DateTimeOffset.Now.AddYears(1)
}
};
var storageSecret = new Secret(storageSecretName, "f4G34fMh8v547")
{
Properties =
{
Expires = DateTimeOffset.Now.AddYears(1)
}
};
client.Set(bankSecret);
client.Set(storageSecret);
// You need to check if any of the secrets are sharing same values. Let's list the secrets and print their values.
// List operations don't return the secrets with value information.
// So, for each returned secret we call Get to get the secret with its value information.
IEnumerable <Response <SecretProperties> > secrets = client.GetSecrets();
foreach (SecretProperties secret in secrets)
{
Secret secretWithValue = client.Get(secret.Name);
Debug.WriteLine($"Secret is returned with name {secretWithValue.Name} and value {secretWithValue.Value}");
}
// The bank account password got updated, so you want to update the secret in key vault to ensure it reflects the new password.
// Calling Set on an existing secret creates a new version of the secret in the key vault with the new value.
client.Set(bankSecretName, "sskdjfsdasdjsd");
// You need to check all the different values your bank account password secret had previously.
// Lets print all the versions of this secret.
IEnumerable <Response <SecretProperties> > secretVersions = client.GetSecretVersions(bankSecretName);
foreach (SecretProperties secret in secretVersions)
{
Debug.WriteLine($"Secret's version {secret.Version} with name {secret.Name}");
}
// The bank account was closed. You need to delete its credentials from the key vault.
// You also want to delete the information of your storage account.
client.Delete(bankSecretName);
client.Delete(storageSecretName);
// To ensure secrets are deleted on server side.
Assert.IsTrue(WaitForDeletedSecret(client, bankSecretName));
Assert.IsTrue(WaitForDeletedSecret(client, storageSecretName));
// You can list all the deleted and non-purged secrets, assuming key vault is soft-delete enabled.
IEnumerable <Response <DeletedSecret> > secretsDeleted = client.GetDeletedSecrets();
foreach (DeletedSecret secret in secretsDeleted)
{
Debug.WriteLine($"Deleted secret's recovery Id {secret.RecoveryId}");
}
// If the keyvault is soft-delete enabled, then for permanent deletion, deleted secret needs to be purged.
client.PurgeDeleted(bankSecretName);
client.PurgeDeleted(storageSecretName);
}
