public async Task DeleteCertificateAsync( Guid subscriptionId, KeyVault keyVault, string certificateName) { AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider(); var accessToken = await azureServiceTokenProvider.GetAccessTokenAsync("https://vault.azure.net"); var token = new TokenCredentials(accessToken); using (var keyVaultClient = new KeyVaultClient(token)) { try { await keyVaultClient.DeleteCertificateAsync(keyVault.Uri, certificateName); } catch (KeyVaultErrorException ex) { if (ex.Body?.Error?.Code != "CertificateNotFound") { throw new Exception($"Failed to delete certificate with principal: {azureServiceTokenProvider.PrincipalUsed}", ex); } } catch (Exception e) { throw new Exception($"Failed to delete certificate with principal: {azureServiceTokenProvider.PrincipalUsed}", e); } } }
/// <summary> /// Deletes secret /// </summary> /// <param name="certificateName"> The certificate name</param> /// <returns> The deleted certificate </returns> private static CertificateBundle DeleteCertificate(string certificateName) { // If the secret is not initialized get the secret Id from args var vaultAddress = inputValidator.GetVaultAddress(); certificateName = (certificateName == string.Empty) ? inputValidator.GetCertificateName() : certificateName; var certificate = keyVaultClient.DeleteCertificateAsync(vaultAddress, certificateName).GetAwaiter().GetResult(); Console.Out.WriteLine("Deleted certificate:---------------"); PrintoutCertificate(certificate); return(certificate); }
private async Task CertificatesMigrationGuide() { #region Snippet:Microsoft_Azure_KeyVault_Certificates_Snippets_MigrationGuide_Create AzureServiceTokenProvider provider = new AzureServiceTokenProvider(); KeyVaultClient client = new KeyVaultClient( new KeyVaultClient.AuthenticationCallback(provider.KeyVaultTokenCallback)); #endregion Snippet:Microsoft_Azure_KeyVault_Certificates_Snippets_MigrationGuide_Create #region Snippet:Microsoft_Azure_KeyVault_Certificates_Snippets_MigrationGuide_CreateWithOptions using (HttpClient httpClient = new HttpClient()) { //@@AzureServiceTokenProvider provider = new AzureServiceTokenProvider(); /*@@*/ provider = new AzureServiceTokenProvider(); //@@KeyVaultClient client = new KeyVaultClient( /*@@*/ client = new KeyVaultClient( new KeyVaultClient.AuthenticationCallback(provider.KeyVaultTokenCallback), httpClient); } #endregion Snippet:Microsoft_Azure_KeyVault_Certificates_Snippets_MigrationGuide_CreateWithOptions #region Snippet:Microsoft_Azure_KeyVault_Certificates_Snippets_MigrationGuide_CreateCustomPolicy CertificatePolicy policy = new CertificatePolicy { IssuerParameters = new IssuerParameters("issuer-name"), SecretProperties = new SecretProperties("application/x-pkcs12"), KeyProperties = new KeyProperties { KeyType = "RSA", KeySize = 2048, ReuseKey = true }, X509CertificateProperties = new X509CertificateProperties("CN=customdomain.com") { KeyUsage = new[] { KeyUsageType.CRLSign, KeyUsageType.DataEncipherment, KeyUsageType.DigitalSignature, KeyUsageType.KeyEncipherment, KeyUsageType.KeyAgreement, KeyUsageType.KeyCertSign }, ValidityInMonths = 12 }, LifetimeActions = new[] { new LifetimeAction( new Trigger { DaysBeforeExpiry = 90 }, new Models.Action(ActionType.AutoRenew)) } }; #endregion Snippet:Microsoft_Azure_KeyVault_Certificates_Snippets_MigrationGuide_CreateCustomPolicy { #region Snippet:Microsoft_Azure_KeyVault_Certificates_Snippets_MigrationGuide_CreateCertificate CertificateBundle certificate = null; // Start certificate creation. // Depending on the policy and your business process, this could even take days for manual signing. CertificateOperation createOperation = await client.CreateCertificateAsync("https://myvault.vault.azure.net", "certificate-name", policy); while (true) { if ("InProgress".Equals(createOperation.Status, StringComparison.OrdinalIgnoreCase)) { await Task.Delay(TimeSpan.FromSeconds(20)); createOperation = await client.GetCertificateOperationAsync("https://myvault.vault.azure.net", "certificate-name"); continue; } if ("Completed".Equals(createOperation.Status, StringComparison.OrdinalIgnoreCase)) { certificate = await client.GetCertificateAsync(createOperation.Id); break; } throw new Exception(string.Format( CultureInfo.InvariantCulture, "Polling on pending certificate returned an unexpected result. Error code = {0}, Error message = {1}", createOperation.Error.Code, createOperation.Error.Message)); } // If you need to restart the application you can recreate the operation and continue awaiting. do { createOperation = await client.GetCertificateOperationAsync("https://myvault.vault.azure.net", "certificate-name"); if ("InProgress".Equals(createOperation.Status, StringComparison.OrdinalIgnoreCase)) { await Task.Delay(TimeSpan.FromSeconds(20)); continue; } if ("Completed".Equals(createOperation.Status, StringComparison.OrdinalIgnoreCase)) { certificate = await client.GetCertificateAsync(createOperation.Id); break; } throw new Exception(string.Format( CultureInfo.InvariantCulture, "Polling on pending certificate returned an unexpected result. Error code = {0}, Error message = {1}", createOperation.Error.Code, createOperation.Error.Message)); } while (true); #endregion Snippet:Azure_Security_KeyVault_Certificates_Snippets_MigrationGuide_CreateCertificate } { #region Snippet:Microsoft_Azure_KeyVault_Certificates_Snippets_MigrationGuide_ImportCertificate byte[] cer = File.ReadAllBytes("certificate.pfx"); string cerBase64 = Convert.ToBase64String(cer); CertificateBundle certificate = await client.ImportCertificateAsync( "https://myvault.vault.azure.net", "certificate-name", cerBase64, certificatePolicy : policy); #endregion Snippet:Microsoft_Azure_KeyVault_Certificates_Snippets_MigrationGuide_ImportCertificate } #region Snippet:Microsoft_Azure_KeyVault_Certificates_Snippets_MigrationGuide_CreateSelfSignedPolicy //@@CertificatePolicy policy = new CertificatePolicy /*@@*/ policy = new CertificatePolicy { IssuerParameters = new IssuerParameters("Self"), X509CertificateProperties = new X509CertificateProperties("CN=DefaultPolicy") }; #endregion Snippet:Microsoft_Azure_KeyVault_Certificates_Snippets_MigrationGuide_CreateSelfSignedPolicy // TODO { #region Snippet:Microsoft_Azure_KeyVault_Certificates_Snippets_MigrationGuide_ListCertificates IPage <CertificateItem> page = await client.GetCertificatesAsync("https://myvault.vault.azure.net"); foreach (CertificateItem item in page) { CertificateIdentifier certificateId = item.Identifier; CertificateBundle certificate = await client.GetCertificateAsync(certificateId.Vault, certificateId.Name); } while (page.NextPageLink != null) { page = await client.GetCertificatesNextAsync(page.NextPageLink); foreach (CertificateItem item in page) { CertificateIdentifier certificateId = item.Identifier; CertificateBundle certificate = await client.GetCertificateAsync(certificateId.Vault, certificateId.Name); } } #endregion Snippet:Microsoft_Azure_KeyVault_Certificates_Snippets_MigrationGuide_ListCertificates } { #region Snippet:Microsoft_Azure_KeyVault_Certificates_Snippets_MigrationGuide_DeleteCertificate // Delete the certificate. DeletedCertificateBundle deletedCertificate = await client.DeleteCertificateAsync("https://myvault.vault.azure.net", "certificate-name"); // Purge or recover the deleted certificate if soft delete is enabled. if (deletedCertificate.RecoveryId != null) { DeletedCertificateIdentifier deletedCertificateId = deletedCertificate.RecoveryIdentifier; // Deleting a certificate does not happen immediately. Wait a while and check if the deleted certificate exists. while (true) { try { await client.GetDeletedCertificateAsync(deletedCertificateId.Vault, deletedCertificateId.Name); // Finally deleted. break; } catch (KeyVaultErrorException ex) when(ex.Response.StatusCode == HttpStatusCode.NotFound) { // Not yet deleted... } } // Purge the deleted certificate. await client.PurgeDeletedCertificateAsync(deletedCertificateId.Vault, deletedCertificateId.Name); // You can also recover the deleted certificate using RecoverDeletedCertificateAsync. } #endregion Snippet:Microsoft_Azure_KeyVault_Certificates_Snippets_MigrationGuide_DeleteCertificate } }
public ActionResult Index() { string keyVaultName = "<YOUR_VAULT's_NAME>"; string vaultBaseURL = $"https://{keyVaultName}.vault.azure.net"; //Get a token for accessing the Key Vault. var azureServiceTokenProvider = new AzureServiceTokenProvider(); //Create a Key Vault client for accessing the items in the vault; var keyVault = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback)); // Manage secrets in the Key Vault. // Create a new secret string secretName = "secret-az204"; Task.Run(async() => await keyVault.SetSecretAsync(vaultBaseURL, secretName, "This is a secret testing value")).Wait(); var secret = Task.Run(async() => await keyVault.GetSecretAsync ($"{vaultBaseURL}/secrets/{secretName}")).GetAwaiter().GetResult(); // Update an existing secret Task.Run(async() => await keyVault.SetSecretAsync(vaultBaseURL, secretName, "Updated the secret testing value")).Wait(); secret = Task.Run(async() => await keyVault.GetSecretAsync ($"{vaultBaseURL}/secrets/{secretName}")).GetAwaiter().GetResult(); // Delete the secret Task.Run(async() => await keyVault.DeleteSecretAsync(vaultBaseURL, secretName)).Wait(); // Manage certificates in the Key Vault string certName = "cert-az204"; // Create a new self-signed certificate var policy = new CertificatePolicy { IssuerParameters = new IssuerParameters { Name = "Self", }, KeyProperties = new KeyProperties { Exportable = true, KeySize = 2048, KeyType = "RSA" }, SecretProperties = new SecretProperties { ContentType = "application/x-pkcs12" }, X509CertificateProperties = new X509CertificateProperties { Subject = "CN=AZ204KEYVAULTDEMO" } }; Task.Run(async() => await keyVault.CreateCertificateAsync(vaultBaseURL, certName, policy, new CertificateAttributes { Enabled = true })).Wait(); // When you create a new certificate in the Key Vault it takes some time // before it's ready. // We added some wait time here for the sake of simplicity. Thread.Sleep(10000); var certificate = Task.Run(async() => await keyVault.GetCertificateAsync (vaultBaseURL, certName)).GetAwaiter().GetResult(); // Update properties associated with the certificate. CertificatePolicy updatePolicy = new CertificatePolicy { X509CertificateProperties = new X509CertificateProperties { SubjectAlternativeNames = new SubjectAlternativeNames { DnsNames = new[] { "az204.examref.testing" } } } }; Task.Run(async() => await keyVault.UpdateCertificatePolicyAsync( vaultBaseURL, certName, updatePolicy)).Wait(); Task.Run(async() => await keyVault.CreateCertificateAsync(vaultBaseURL, certName)).Wait(); Thread.Sleep(10000); certificate = Task.Run(async() => await keyVault.GetCertificateAsync( vaultBaseURL, certName)). GetAwaiter().GetResult(); Task.Run(async() => await keyVault.UpdateCertificateAsync(certificate. CertificateIdentifier.Identifier, null, new CertificateAttributes { Enabled = false })).Wait(); Thread.Sleep(10000); // Delete the self-signed certificate. Task.Run(async() => await keyVault.DeleteCertificateAsync(vaultBaseURL, certName)).Wait(); // Manage keys in the Key Vault string keyName = "key-az204"; NewKeyParameters keyParameters = new NewKeyParameters { Kty = "EC", CurveName = "SECP256K1", KeyOps = new[] { "sign", "verify" } }; Task.Run(async() => await keyVault.CreateKeyAsync(vaultBaseURL, keyName, keyParameters)).Wait(); var key = Task.Run(async() => await keyVault.GetKeyAsync(vaultBaseURL, keyName)).GetAwaiter().GetResult(); // Update keys in the Key Vault Task.Run(async() => await keyVault.UpdateKeyAsync(vaultBaseURL, keyName, null, new KeyAttributes { Expires = DateTime.UtcNow. AddYears(1) })).Wait(); key = Task.Run(async() => await keyVault.GetKeyAsync(vaultBaseURL, keyName)).GetAwaiter().GetResult(); // Delete keys from the Key Vault Task.Run(async() => await keyVault.DeleteKeyAsync(vaultBaseURL, keyName)). Wait(); return(View()); }