Пример #1
0
        public void HelloWorldSync()
        {
            // Environment variable with the Key Vault endpoint.
            string keyVaultUrl = Environment.GetEnvironmentVariable("AZURE_KEYVAULT_URL");

            #region Snippet:SecretsSample1SecretClient
            var client = new SecretClient(new Uri(keyVaultUrl), new DefaultAzureCredential());
            #endregion

            #region Snippet:SecretsSample1CreateSecret
            string secretName = $"BankAccountPassword-{Guid.NewGuid()}";

            var secret = new KeyVaultSecret(secretName, "f4G34fMh8v");
            secret.Properties.ExpiresOn = DateTimeOffset.Now.AddYears(1);

            client.SetSecret(secret);
            #endregion

            #region Snippet:SecretsSample1GetSecret
            KeyVaultSecret bankSecret = client.GetSecret(secretName);
            Debug.WriteLine($"Secret is returned with name {bankSecret.Name} and value {bankSecret.Value}");
            #endregion

            #region Snippet:SecretsSample1UpdateSecretProperties
            bankSecret.Properties.ExpiresOn = bankSecret.Properties.ExpiresOn.Value.AddYears(1);
            SecretProperties updatedSecret = client.UpdateSecretProperties(bankSecret.Properties);
            Debug.WriteLine($"Secret's updated expiry time is {updatedSecret.ExpiresOn}");
            #endregion

            #region Snippet:SecretsSample1UpdateSecret
            var secretNewValue = new KeyVaultSecret(secretName, "bhjd4DDgsa");
            secretNewValue.Properties.ExpiresOn = DateTimeOffset.Now.AddYears(1);

            client.SetSecret(secretNewValue);
            #endregion

            #region Snippet:SecretsSample1DeleteSecret
            DeleteSecretOperation operation = client.StartDeleteSecret(secretName);
            #endregion

            #region Snippet:SecretsSample1PurgeSecret
            // You only need to wait for completion if you want to purge or recover the secret.
            while (!operation.HasCompleted)
            {
                Thread.Sleep(2000);

                operation.UpdateStatus();
            }

            client.PurgeDeletedSecret(secretName);
            #endregion
        }
Пример #2
0
        public void BackupAndRestoreSync()
        {
            // Environment variable with the Key Vault endpoint.
            string keyVaultUrl = Environment.GetEnvironmentVariable("AZURE_KEYVAULT_URL");
            string backupPath  = Path.GetTempFileName();

            // Instantiate a secret client that will be used to call the service. Notice that the client is using default Azure
            // credentials. To make default credentials work, ensure that environment variables 'AZURE_CLIENT_ID',
            // 'AZURE_CLIENT_KEY' and 'AZURE_TENANT_ID' are set with the service principal credentials.
            var client = new SecretClient(new Uri(keyVaultUrl), new DefaultAzureCredential());

            // Let's create a secret holding bank account credentials valid for 1 year. if the secret
            // already exists in the key vault, then a new version of the secret is created.
            string secretName = $"StorageAccountPasswor{Guid.NewGuid()}";

            var secret = new KeyVaultSecret(secretName, "f4G34fMh8v")
            {
                Properties =
                {
                    ExpiresOn = DateTimeOffset.Now.AddYears(1)
                }
            };

            KeyVaultSecret storedSecret = client.SetSecret(secret);

            // Backups are good to have if in case secrets get accidentally deleted by you.
            // For long term storage, it is ideal to write the backup to a file.
            File.WriteAllBytes(backupPath, client.BackupSecret(secretName));

            // The storage account secret is no longer in use, so you delete it.
            DeleteSecretOperation operation = client.StartDeleteSecret(secretName);

            // To ensure the secret is deleted on server before we try to purge it.
            while (!operation.HasCompleted)
            {
                Thread.Sleep(2000);

                operation.UpdateStatus();
            }

            // If the keyvault is soft-delete enabled, then for permanent deletion, deleted secret needs to be purged.
            client.PurgeDeletedSecret(secretName);

            // After sometime, the secret is required again. We can use the backup value to restore it in the key vault.
            SecretProperties restoreSecret = client.RestoreSecretBackup(File.ReadAllBytes(backupPath));

            AssertSecretsEqual(storedSecret.Properties, restoreSecret);
        }
Пример #3
0
        private void HelloWorldSync(string keyVaultUrl)
        {
            #region Snippet:SecretsSample1SecretClient
            var client = new SecretClient(new Uri(keyVaultUrl), new DefaultAzureCredential());
            #endregion

            #region Snippet:SecretsSample1CreateSecret
            string secretName = $"BankAccountPassword-{Guid.NewGuid()}";

            var secret = new KeyVaultSecret(secretName, "f4G34fMh8v");
            secret.Properties.ExpiresOn = DateTimeOffset.Now.AddYears(1);

            client.SetSecret(secret);
            #endregion

            #region Snippet:SecretsSample1GetSecret
            KeyVaultSecret bankSecret = client.GetSecret(secretName);
            Debug.WriteLine($"Secret is returned with name {bankSecret.Name} and value {bankSecret.Value}");
            #endregion

            #region Snippet:SecretsSample1UpdateSecretProperties
            bankSecret.Properties.ExpiresOn = bankSecret.Properties.ExpiresOn.Value.AddYears(1);
            SecretProperties updatedSecret = client.UpdateSecretProperties(bankSecret.Properties);
            Debug.WriteLine($"Secret's updated expiry time is {updatedSecret.ExpiresOn}");
            #endregion

            #region Snippet:SecretsSample1UpdateSecret
            var secretNewValue = new KeyVaultSecret(secretName, "bhjd4DDgsa");
            secretNewValue.Properties.ExpiresOn = DateTimeOffset.Now.AddYears(1);

            client.SetSecret(secretNewValue);
            #endregion

            #region Snippet:SecretsSample1DeleteSecret
            DeleteSecretOperation operation = client.StartDeleteSecret(secretName);
            #endregion

            #region Snippet:SecretsSample1PurgeSecret
            while (!operation.HasCompleted)
            {
                Thread.Sleep(2000);

                operation.UpdateStatus();
            }

            client.PurgeDeletedSecret(secretName);
            #endregion
        }
Пример #4
0
        public void DeleteSecretSync()
        {
            #region DeleteSecretSync
            DeleteSecretOperation operation = client.StartDeleteSecret("secret-name");

            // You only need to wait for completion if you want to purge or recover the secret.
            while (!operation.HasCompleted)
            {
                Thread.Sleep(2000);

                operation.UpdateStatus();
            }

            DeletedSecret secret = operation.Value;
            client.PurgeDeletedSecret(secret.Name);
            #endregion
        }
Пример #5
0
        private void BackupAndRestoreSync(string keyVaultUrl)
        {
            #region Snippet:SecretsSample2SecretClient
            var client = new SecretClient(new Uri(keyVaultUrl), new DefaultAzureCredential());
            #endregion

            #region Snippet:SecretsSample2CreateSecret
            string secretName = $"StorageAccountPassword{Guid.NewGuid()}";

            var secret = new KeyVaultSecret(secretName, "f4G34fMh8v");
            secret.Properties.ExpiresOn = DateTimeOffset.Now.AddYears(1);

            KeyVaultSecret storedSecret = client.SetSecret(secret);
            #endregion

            #region Snippet:SecretsSample2BackupSecret
            string backupPath   = Path.GetTempFileName();
            byte[] secretBackup = client.BackupSecret(secretName);

            File.WriteAllBytes(backupPath, secretBackup);
            #endregion

            // The storage account secret is no longer in use so you delete it.
            DeleteSecretOperation operation = client.StartDeleteSecret(secretName);

            // Before it can be purged, you need to wait until the secret is fully deleted.
            while (!operation.HasCompleted)
            {
                Thread.Sleep(2000);

                operation.UpdateStatus();
            }

            // If the Key Vault is soft delete-enabled and you want to permanently delete the secret before its `ScheduledPurgeDate`,
            // the deleted secret needs to be purged.
            client.PurgeDeletedSecret(secretName);

            #region Snippet:SecretsSample2RestoreSecret
            byte[] secretBackupToRestore = File.ReadAllBytes(backupPath);

            SecretProperties restoreSecret = client.RestoreSecretBackup(secretBackupToRestore);
            #endregion

            AssertSecretsEqual(storedSecret.Properties, restoreSecret);
        }
Пример #6
0
        public void DeleteAndPurgeSecret()
        {
            #region Snippet:DeleteAndPurgeSecret
            DeleteSecretOperation operation = client.StartDeleteSecret("secret-name");

            // You only need to wait for completion if you want to purge or recover the secret.
            // You should call `UpdateStatus` in another thread or after doing additional work like pumping messages.
            while (!operation.HasCompleted)
            {
                Thread.Sleep(2000);

                operation.UpdateStatus();
            }

            DeletedSecret secret = operation.Value;
            client.PurgeDeletedSecret(secret.Name);
            #endregion
        }
Пример #7
0
        private void GetSecretsSync(string keyVaultUrl)
        {
            #region Snippet:SecretsSample3SecretClient
            var client = new SecretClient(new Uri(keyVaultUrl), new DefaultAzureCredential());
            #endregion

            #region Snippet:SecretsSample3CreateSecret
            string bankSecretName    = $"BankAccountPassword-{Guid.NewGuid()}";
            string storageSecretName = $"StorageAccountPassword{Guid.NewGuid()}";

            var bankSecret = new KeyVaultSecret(bankSecretName, "f4G34fMh8v");
            bankSecret.Properties.ExpiresOn = DateTimeOffset.Now.AddYears(1);

            var storageSecret = new KeyVaultSecret(storageSecretName, "f4G34fMh8v547");
            storageSecret.Properties.ExpiresOn = DateTimeOffset.Now.AddYears(1);

            client.SetSecret(bankSecret);
            client.SetSecret(storageSecret);
            #endregion

            #region Snippet:SecretsSample3ListSecrets
            Dictionary <string, string> secretValues = new Dictionary <string, string>();

            IEnumerable <SecretProperties> secrets = client.GetPropertiesOfSecrets();
            foreach (SecretProperties secret in secrets)
            {
                KeyVaultSecret secretWithValue = client.GetSecret(secret.Name);

                if (secretValues.ContainsKey(secretWithValue.Value))
                {
                    throw new InvalidOperationException($"Secret {secretWithValue.Name} shares a value with secret {secretValues[secretWithValue.Value]}");
                }

                secretValues.Add(secretWithValue.Value, secretWithValue.Name);
            }
            #endregion

            #region Snippet:SecretsSample3ListSecretVersions
            string newBankSecretPassword = "******";

            IEnumerable <SecretProperties> secretVersions = client.GetPropertiesOfSecretVersions(bankSecretName);
            foreach (SecretProperties secret in secretVersions)
            {
                KeyVaultSecret oldBankSecret = client.GetSecret(secret.Name, secret.Version);
                if (newBankSecretPassword == oldBankSecret.Value)
                {
                    throw new InvalidOperationException($"Secret {secret.Name} reuses a password");
                }
            }

            client.SetSecret(bankSecretName, newBankSecretPassword);
            #endregion

            #region Snippet:SecretsSample3DeleteSecrets
            DeleteSecretOperation bankSecretOperation    = client.StartDeleteSecret(bankSecretName);
            DeleteSecretOperation storageSecretOperation = client.StartDeleteSecret(storageSecretName);

            while (!bankSecretOperation.HasCompleted || !storageSecretOperation.HasCompleted)
            {
                Thread.Sleep(2000);

                bankSecretOperation.UpdateStatus();
                storageSecretOperation.UpdateStatus();
            }
            #endregion

            #region Snippet:SecretsSample3ListDeletedSecrets
            IEnumerable <DeletedSecret> secretsDeleted = client.GetDeletedSecrets();
            foreach (DeletedSecret secret in secretsDeleted)
            {
                Debug.WriteLine($"Deleted secret's recovery Id {secret.RecoveryId}");
            }
            #endregion

            // If the Key Vault is soft delete-enabled, then for permanent deletion, deleted secret needs to be purged.
            client.PurgeDeletedSecret(bankSecretName);
            client.PurgeDeletedSecret(storageSecretName);
        }
Пример #8
0
        public void GetSecretsSync()
        {
            // Environment variable with the Key Vault endpoint.
            string keyVaultUrl = TestEnvironment.KeyVaultUrl;

            #region Snippet:SecretsSample3SecretClient
            var client = new SecretClient(new Uri(keyVaultUrl), new DefaultAzureCredential());
            #endregion

            #region Snippet:SecretsSample3CreateSecret
            string bankSecretName    = $"BankAccountPassword-{Guid.NewGuid()}";
            string storageSecretName = $"StorageAccountPassword{Guid.NewGuid()}";

            var bankSecret = new KeyVaultSecret(bankSecretName, "f4G34fMh8v");
            bankSecret.Properties.ExpiresOn = DateTimeOffset.Now.AddYears(1);

            var storageSecret = new KeyVaultSecret(storageSecretName, "f4G34fMh8v547");
            storageSecret.Properties.ExpiresOn = DateTimeOffset.Now.AddYears(1);

            client.SetSecret(bankSecret);
            client.SetSecret(storageSecret);
            #endregion

            #region Snippet:SecretsSample3ListSecrets
            Dictionary <string, string> secretValues = new Dictionary <string, string>();

            IEnumerable <SecretProperties> secrets = client.GetPropertiesOfSecrets();
            foreach (SecretProperties secret in secrets)
            {
                /*@@*/ if (secret.Managed)
                {
                    continue;
                }
                // Getting a disabled secret will fail, so skip disabled secrets.
                if (!secret.Enabled.GetValueOrDefault())
                {
                    continue;
                }

                KeyVaultSecret secretWithValue = client.GetSecret(secret.Name);
                if (secretValues.ContainsKey(secretWithValue.Value))
                {
                    Debug.WriteLine($"Secret {secretWithValue.Name} shares a value with secret {secretValues[secretWithValue.Value]}");
                }
                else
                {
                    secretValues.Add(secretWithValue.Value, secretWithValue.Name);
                }
            }
            #endregion

            #region Snippet:SecretsSample3ListSecretVersions
            string newBankSecretPassword = "******";

            IEnumerable <SecretProperties> secretVersions = client.GetPropertiesOfSecretVersions(bankSecretName);
            foreach (SecretProperties secret in secretVersions)
            {
                // Secret versions may also be disabled if compromised and new versions generated, so skip disabled versions, too.
                if (!secret.Enabled.GetValueOrDefault())
                {
                    continue;
                }

                KeyVaultSecret oldBankSecret = client.GetSecret(secret.Name, secret.Version);
                if (newBankSecretPassword == oldBankSecret.Value)
                {
                    Debug.WriteLine($"Secret {secret.Name} reuses a password");
                }
            }

            client.SetSecret(bankSecretName, newBankSecretPassword);
            #endregion

            #region Snippet:SecretsSample3DeleteSecrets
            DeleteSecretOperation bankSecretOperation    = client.StartDeleteSecret(bankSecretName);
            DeleteSecretOperation storageSecretOperation = client.StartDeleteSecret(storageSecretName);

            // You only need to wait for completion if you want to purge or recover the secret.
            while (!bankSecretOperation.HasCompleted || !storageSecretOperation.HasCompleted)
            {
                Thread.Sleep(2000);

                bankSecretOperation.UpdateStatus();
                storageSecretOperation.UpdateStatus();
            }
            #endregion

            #region Snippet:SecretsSample3ListDeletedSecrets
            IEnumerable <DeletedSecret> secretsDeleted = client.GetDeletedSecrets();
            foreach (DeletedSecret secret in secretsDeleted)
            {
                Debug.WriteLine($"Deleted secret's recovery Id {secret.RecoveryId}");
            }
            #endregion

            // If the Key Vault is soft delete-enabled, then for permanent deletion, deleted secret needs to be purged.
            client.PurgeDeletedSecret(bankSecretName);
            client.PurgeDeletedSecret(storageSecretName);
        }
Пример #9
0
        public void HelloWorldSync()
        {
            // Environment variable with the Key Vault endpoint.
            string keyVaultUrl = Environment.GetEnvironmentVariable("AZURE_KEYVAULT_URL");

            // Instantiate a secret client that will be used to call the service. Notice that the client is using default Azure
            // credentials. To make default credentials work, ensure that environment variables 'AZURE_CLIENT_ID',
            // 'AZURE_CLIENT_KEY' and 'AZURE_TENANT_ID' are set with the service principal credentials.
            var client = new SecretClient(new Uri(keyVaultUrl), new DefaultAzureCredential());

            // Let's create a secret holding bank account credentials valid for 1 year. if the secret
            // already exists in the key vault, then a new version of the secret is created.
            string secretName = $"BankAccountPassword-{Guid.NewGuid()}";

            var secret = new KeyVaultSecret(secretName, "f4G34fMh8v")
            {
                Properties =
                {
                    ExpiresOn = DateTimeOffset.Now.AddYears(1)
                }
            };

            client.SetSecret(secret);

            // Let's Get the bank secret from the key vault.
            KeyVaultSecret bankSecret = client.GetSecret(secretName);

            Debug.WriteLine($"Secret is returned with name {bankSecret.Name} and value {bankSecret.Value}");

            // After one year, the bank account is still active, we need to update the expiry time of the secret.
            // The update method can be used to update the expiry attribute of the secret. It cannot be used to update
            // the value of the secret.
            bankSecret.Properties.ExpiresOn = bankSecret.Properties.ExpiresOn.Value.AddYears(1);
            SecretProperties updatedSecret = client.UpdateSecretProperties(bankSecret.Properties);

            Debug.WriteLine($"Secret's updated expiry time is {updatedSecret.ExpiresOn}");

            // Bank forced a password update for security purposes. Let's change the value of the secret in the key vault.
            // To achieve this, we need to create a new version of the secret in the key vault. The update operation cannot
            // change the value of the secret.
            var secretNewValue = new KeyVaultSecret(secretName, "bhjd4DDgsa")
            {
                Properties =
                {
                    ExpiresOn = DateTimeOffset.Now.AddYears(1)
                }
            };

            client.SetSecret(secretNewValue);

            // The bank account was closed. You need to delete its credentials from the key vault.
            DeleteSecretOperation operation = client.StartDeleteSecret(secretName);

            // To ensure the secret is deleted on server before we try to purge it.
            while (!operation.HasCompleted)
            {
                Thread.Sleep(2000);

                operation.UpdateStatus();
            }

            // If the keyvault is soft-delete enabled, then for permanent deletion, deleted secret needs to be purged.
            client.PurgeDeletedSecret(secretName);
        }
Пример #10
0
        public void GetSecretsSync()
        {
            // Environment variable with the Key Vault endpoint.
            string keyVaultUrl = Environment.GetEnvironmentVariable("AZURE_KEYVAULT_URL");

            // Instantiate a secret client that will be used to call the service. Notice that the client is using default Azure
            // credentials. To make default credentials work, ensure that environment variables 'AZURE_CLIENT_ID',
            // 'AZURE_CLIENT_KEY' and 'AZURE_TENANT_ID' are set with the service principal credentials.
            var client = new SecretClient(new Uri(keyVaultUrl), new DefaultAzureCredential());

            // Let's create secrets holding storage and bank accounts credentials valid for 1 year. if the secret
            // already exists in the key vault, then a new version of the secret is created.
            string bankSecretName    = $"BankAccountPassword-{Guid.NewGuid()}";
            string storageSecretName = $"StorageAccountPasswor{Guid.NewGuid()}";

            var bankSecret = new KeyVaultSecret(bankSecretName, "f4G34fMh8v")
            {
                Properties =
                {
                    ExpiresOn = DateTimeOffset.Now.AddYears(1)
                }
            };

            var storageSecret = new KeyVaultSecret(storageSecretName, "f4G34fMh8v547")
            {
                Properties =
                {
                    ExpiresOn = DateTimeOffset.Now.AddYears(1)
                }
            };

            client.SetSecret(bankSecret);
            client.SetSecret(storageSecret);

            // You need to check if any of the secrets are sharing same values. Let's list the secrets and print their values.
            // List operations don't return the secrets with value information.
            // So, for each returned secret we call Get to get the secret with its value information.

            IEnumerable <SecretProperties> secrets = client.GetPropertiesOfSecrets();

            foreach (SecretProperties secret in secrets)
            {
                KeyVaultSecret secretWithValue = client.GetSecret(secret.Name);
                Debug.WriteLine($"Secret is returned with name {secretWithValue.Name} and value {secretWithValue.Value}");
            }

            // The bank account password got updated, so you want to update the secret in key vault to ensure it reflects the new password.
            // Calling Set on an existing secret creates a new version of the secret in the key vault with the new value.
            client.SetSecret(bankSecretName, "sskdjfsdasdjsd");

            // You need to check all the different values your bank account password secret had previously.
            // Lets print all the versions of this secret.
            IEnumerable <SecretProperties> secretVersions = client.GetPropertiesOfSecretVersions(bankSecretName);

            foreach (SecretProperties secret in secretVersions)
            {
                Debug.WriteLine($"Secret's version {secret.Version} with name {secret.Name}");
            }

            // The bank account was closed. You need to delete its credentials from the key vault.
            // You also want to delete the information of your storage account.
            DeleteSecretOperation bankSecretOperation    = client.StartDeleteSecret(bankSecretName);
            DeleteSecretOperation storageSecretOperation = client.StartDeleteSecret(storageSecretName);

            // To ensure the secrets are deleted on server before we try to purge them.
            while (!bankSecretOperation.HasCompleted || !storageSecretOperation.HasCompleted)
            {
                Thread.Sleep(2000);

                bankSecretOperation.UpdateStatus();
                storageSecretOperation.UpdateStatus();
            }

            // You can list all the deleted and non-purged secrets, assuming key vault is soft-delete enabled.
            IEnumerable <DeletedSecret> secretsDeleted = client.GetDeletedSecrets();

            foreach (DeletedSecret secret in secretsDeleted)
            {
                Debug.WriteLine($"Deleted secret's recovery Id {secret.RecoveryId}");
            }

            // If the keyvault is soft-delete enabled, then for permanent deletion, deleted secret needs to be purged.
            client.PurgeDeletedSecret(bankSecretName);
            client.PurgeDeletedSecret(storageSecretName);
        }