private static async Task CleanUp()
{
Console.Write("Cleaning up the resource...");
await client.DeleteAsync(SecretName);
Console.WriteLine("\tdone");
}
public async Task HelloWorldAsync()
{
// Environment variable with the Key Vault endpoint.
string keyVaultUrl = Environment.GetEnvironmentVariable("AZURE_KEYVAULT_URL");
// Instantiate a secret client that will be used to call the service. Notice that the client is using default Azure
// credentials. To make default credentials work, ensure that environment variables 'AZURE_CLIENT_ID',
// 'AZURE_CLIENT_KEY' and 'AZURE_TENANT_ID' are set with the service principal credentials.
var client = new SecretClient(new Uri(keyVaultUrl), new DefaultAzureCredential());
// Let's create a secret holding bank account credentials valid for 1 year. if the secret
// already exists in the key vault, then a new version of the secret is created.
string secretName = $"BankAccountPassword-{Guid.NewGuid()}";
var secret = new Secret(secretName, "f4G34fMh8v")
{
Properties =
{
Expires = DateTimeOffset.Now.AddYears(1)
}
};
await client.SetAsync(secret);
// Let's Get the bank secret from the key vault.
Secret bankSecret = await client.GetAsync(secretName);
Debug.WriteLine($"Secret is returned with name {bankSecret.Name} and value {bankSecret.Value}");
// After one year, the bank account is still active, we need to update the expiry time of the secret.
// The update method can be used to update the expiry attribute of the secret. It cannot be used to update
// the value of the secret.
bankSecret.Properties.Expires = bankSecret.Properties.Expires.Value.AddYears(1);
SecretProperties updatedSecret = await client.UpdatePropertiesAsync(bankSecret.Properties);
Debug.WriteLine($"Secret's updated expiry time is {updatedSecret.Expires}");
// Bank forced a password update for security purposes. Let's change the value of the secret in the key vault.
// To achieve this, we need to create a new version of the secret in the key vault. The update operation cannot
// change the value of the secret.
var secretNewValue = new Secret(secretName, "bhjd4DDgsa")
{
Properties =
{
Expires = DateTimeOffset.Now.AddYears(1)
}
};
await client.SetAsync(secretNewValue);
// The bank account was closed. You need to delete its credentials from the key vault.
await client.DeleteAsync(secretName);
// To ensure secret is deleted on server side.
Assert.IsTrue(await WaitForDeletedSecretAsync(client, secretName));
// If the keyvault is soft-delete enabled, then for permanent deletion, deleted secret needs to be purged.
await client.PurgeDeletedAsync(secretName);
}
public async Task BackupAndRestoreAsync()
{
// Environment variable with the Key Vault endpoint.
string keyVaultUrl = Environment.GetEnvironmentVariable("AZURE_KEYVAULT_URL");
string backupPath = Path.GetTempFileName();
// Instantiate a secret client that will be used to call the service. Notice that the client is using default Azure
// credentials. To make default credentials work, ensure that environment variables 'AZURE_CLIENT_ID',
// 'AZURE_CLIENT_KEY' and 'AZURE_TENANT_ID' are set with the service principal credentials.
var client = new SecretClient(new Uri(keyVaultUrl), new DefaultAzureCredential());
// Let's create a secret holding bank account credentials valid for 1 year. if the secret
// already exists in the key vault, then a new version of the secret is created.
string secretName = $"StorageAccountPasswor{Guid.NewGuid()}";
var secret = new Secret(secretName, "f4G34fMh8v")
{
Properties =
{
Expires = DateTimeOffset.Now.AddYears(1)
}
};
Secret storedSecret = await client.SetAsync(secret);
// Backups are good to have if in case secrets get accidentally deleted by you.
// For long term storage, it is ideal to write the backup to a file.
using (FileStream sourceStream = File.Open(backupPath, FileMode.OpenOrCreate))
{
byte[] byteSecret = await client.BackupAsync(secretName);
sourceStream.Seek(0, SeekOrigin.End);
await sourceStream.WriteAsync(byteSecret, 0, byteSecret.Length);
}
// The storage account secret is no longer in use, so you delete it.
await client.DeleteAsync(secretName);
// To ensure secret is deleted on server side.
Assert.IsTrue(await WaitForDeletedSecretAsync(client, secretName));
// If the keyvault is soft-delete enabled, then for permanent deletion, deleted secret needs to be purged.
await client.PurgeDeletedAsync(secretName);
// After sometime, the secret is required again. We can use the backup value to restore it in the key vault.
SecretProperties restoreSecret = null;
using (FileStream sourceStream = File.Open(backupPath, FileMode.Open))
{
byte[] result = new byte[sourceStream.Length];
await sourceStream.ReadAsync(result, 0, (int)sourceStream.Length);
restoreSecret = await client.RestoreAsync(result);
}
AssertSecretsEqual(storedSecret.Properties, restoreSecret);
}
public async Task GetSecretsAsync()
{
// Environment variable with the Key Vault endpoint.
string keyVaultUrl = Environment.GetEnvironmentVariable("AZURE_KEYVAULT_URL");
// Instantiate a secret client that will be used to call the service. Notice that the client is using default Azure
// credentials. To make default credentials work, ensure that environment variables 'AZURE_CLIENT_ID',
// 'AZURE_CLIENT_KEY' and 'AZURE_TENANT_ID' are set with the service principal credentials.
var client = new SecretClient(new Uri(keyVaultUrl), new DefaultAzureCredential());
// Let's create secrets holding storage and bank accounts credentials valid for 1 year. if the secret
// already exists in the key vault, then a new version of the secret is created.
string bankSecretName = $"BankAccountPassword-{Guid.NewGuid()}";
string storageSecretName = $"StorageAccountPasswor{Guid.NewGuid()}";
var bankSecret = new Secret(bankSecretName, "f4G34fMh8v")
{
Expires = DateTimeOffset.Now.AddYears(1)
};
var storageSecret = new Secret(storageSecretName, "f4G34fMh8v547")
{
Expires = DateTimeOffset.Now.AddYears(1)
};
await client.SetAsync(bankSecret);
await client.SetAsync(storageSecret);
// You need to check if any of the secrets are sharing same values. Let's list the secrets and print their values.
// List operations don't return the secrets with value information.
// So, for each returned secret we call Get to get the secret with its value information.
await foreach (SecretBase secret in client.GetSecretsAsync())
{
Secret secretWithValue = await client.GetAsync(secret.Name);
Debug.WriteLine($"Secret is returned with name {secretWithValue.Name} and value {secretWithValue.Value}");
}
// The bank account password got updated, so you want to update the secret in key vault to ensure it reflects the new password.
// Calling Set on an existing secret creates a new version of the secret in the key vault with the new value.
await client.SetAsync(bankSecretName, "sskdjfsdasdjsd");
// You need to check all the different values your bank account password secret had previously.
// Lets print all the versions of this secret.
await foreach (SecretBase secret in client.GetSecretVersionsAsync(bankSecretName))
{
Debug.WriteLine($"Secret's version {secret.Version} with name {secret.Name}");
}
// The bank account was closed. You need to delete its credentials from the key vault.
// You also want to delete the information of your storage account.
await client.DeleteAsync(bankSecretName);
await client.DeleteAsync(storageSecretName);
// To ensure secrets are deleted on server side.
Assert.IsTrue(await WaitForDeletedSecretAsync(client, bankSecretName));
Assert.IsTrue(await WaitForDeletedSecretAsync(client, storageSecretName));
// You can list all the deleted and non-purged secrets, assuming key vault is soft-delete enabled.
await foreach (DeletedSecret secret in client.GetDeletedSecretsAsync())
{
Debug.WriteLine($"Deleted secret's recovery Id {secret.RecoveryId}");
}
// If the keyvault is soft-delete enabled, then for permanent deletion, deleted secret needs to be purged.
await client.PurgeDeletedAsync(bankSecretName);
await client.PurgeDeletedAsync(storageSecretName);
}