public void GetKeysSync() { // Environment variable with the Key Vault endpoint. string keyVaultUrl = Environment.GetEnvironmentVariable("AZURE_KEYVAULT_URL"); // Instantiate a key client that will be used to call the service. Notice that the client is using default Azure // credentials. To make default credentials work, ensure that environment variables 'AZURE_CLIENT_ID', // 'AZURE_CLIENT_KEY' and 'AZURE_TENANT_ID' are set with the service principal credentials. var client = new KeyClient(new Uri(keyVaultUrl), new DefaultAzureCredential()); // Let's create EC and RSA keys valid for 1 year. If the key // already exists in the Key Vault, then a new version of the key is created. string rsaKeyName = $"CloudRsaKey-{Guid.NewGuid()}"; var rsaKey = new RsaKeyCreateOptions(rsaKeyName, hsm: false, keySize: 2048) { Expires = DateTimeOffset.Now.AddYears(1) }; client.CreateRsaKey(rsaKey); string ecKeyName = $"CloudECKey-{Guid.NewGuid()}"; var ecKey = new EcKeyCreateOptions(ecKeyName, hsm: false) { Expires = DateTimeOffset.Now.AddYears(1) }; client.CreateEcKey(ecKey); // You need to check the type of keys that already exist in your Key Vault. // Let's list the keys and print their types. // List operations don't return the keys with key material information. // So, for each returned key we call GetKey to get the key with its key material information. IEnumerable <Response <KeyProperties> > keys = client.GetKeys(); foreach (KeyProperties key in keys) { Key keyWithType = client.GetKey(key.Name); Debug.WriteLine($"Key is returned with name {keyWithType.Name} and type {keyWithType.KeyMaterial.KeyType}"); } // We need the Cloud RSA key with bigger key size, so you want to update the key in Key Vault to ensure // it has the required size. // Calling CreateRsaKey on an existing key creates a new version of the key in the Key Vault // with the new specified size. var newRsaKey = new RsaKeyCreateOptions(rsaKeyName, hsm: false, keySize: 4096) { Expires = DateTimeOffset.Now.AddYears(1) }; client.CreateRsaKey(newRsaKey); // You need to check all the different versions Cloud RSA key had previously. // Lets print all the versions of this key. IEnumerable <Response <KeyProperties> > keysVersions = client.GetKeyVersions(rsaKeyName); foreach (KeyProperties key in keysVersions) { Debug.WriteLine($"Key's version {key.Version} with name {key.Name}"); } // The Cloud RSA Key and the Cloud EC Key are no longer needed. // You need to delete them from the Key Vault. client.DeleteKey(rsaKeyName); client.DeleteKey(ecKeyName); // To ensure secrets are deleted on server side. Assert.IsTrue(WaitForDeletedKey(client, rsaKeyName)); Assert.IsTrue(WaitForDeletedKey(client, ecKeyName)); // You can list all the deleted and non-purged keys, assuming Key Vault is soft-delete enabled. IEnumerable <Response <DeletedKey> > keysDeleted = client.GetDeletedKeys(); foreach (DeletedKey key in keysDeleted) { Debug.WriteLine($"Deleted key's recovery Id {key.RecoveryId}"); } // If the keyvault is soft-delete enabled, then for permanent deletion, deleted keys needs to be purged. client.PurgeDeletedKey(rsaKeyName); client.PurgeDeletedKey(ecKeyName); }
public void GetKeysSync() { // Environment variable with the Key Vault endpoint. string keyVaultUrl = TestEnvironment.KeyVaultUrl; #region Snippet:KeysSample3KeyClient var client = new KeyClient(new Uri(keyVaultUrl), new DefaultAzureCredential()); #endregion #region Snippet:KeysSample3CreateKey string rsaKeyName = $"CloudRsaKey-{Guid.NewGuid()}"; var rsaKey = new CreateRsaKeyOptions(rsaKeyName, hardwareProtected: false) { KeySize = 2048, ExpiresOn = DateTimeOffset.Now.AddYears(1) }; client.CreateRsaKey(rsaKey); string ecKeyName = $"CloudECKey-{Guid.NewGuid()}"; var ecKey = new CreateEcKeyOptions(ecKeyName, hardwareProtected: false) { ExpiresOn = DateTimeOffset.Now.AddYears(1) }; client.CreateEcKey(ecKey); #endregion #region Snippet:KeysSample3ListKeys IEnumerable <KeyProperties> keys = client.GetPropertiesOfKeys(); foreach (KeyProperties key in keys) { #if !SNIPPET if (key.Managed) { continue; } #endif KeyVaultKey keyWithType = client.GetKey(key.Name); Debug.WriteLine($"Key is returned with name {keyWithType.Name} and type {keyWithType.KeyType}"); } #endregion #region Snippet:KeysSample3UpdateKey var newRsaKey = new CreateRsaKeyOptions(rsaKeyName, hardwareProtected: false) { KeySize = 4096, ExpiresOn = DateTimeOffset.Now.AddYears(1) }; client.CreateRsaKey(newRsaKey); #endregion #region Snippet:KeysSample3ListKeyVersions IEnumerable <KeyProperties> keysVersions = client.GetPropertiesOfKeyVersions(rsaKeyName); foreach (KeyProperties key in keysVersions) { Debug.WriteLine($"Key's version {key.Version} with name {key.Name}"); } #endregion #region Snippet:KeysSample3DeletedKeys DeleteKeyOperation rsaKeyOperation = client.StartDeleteKey(rsaKeyName); DeleteKeyOperation ecKeyOperation = client.StartDeleteKey(ecKeyName); // You only need to wait for completion if you want to purge or recover the key. while (!rsaKeyOperation.HasCompleted || !ecKeyOperation.HasCompleted) { Thread.Sleep(2000); rsaKeyOperation.UpdateStatus(); ecKeyOperation.UpdateStatus(); } #endregion #region Snippet:KeysSample3ListDeletedKeys IEnumerable <DeletedKey> keysDeleted = client.GetDeletedKeys(); foreach (DeletedKey key in keysDeleted) { Debug.WriteLine($"Deleted key's recovery Id {key.RecoveryId}"); } #endregion // You only need to wait for completion if you want to purge or recover the key. // If the keyvault is soft-delete enabled, then for permanent deletion, deleted keys needs to be purged. client.PurgeDeletedKey(rsaKeyName); client.PurgeDeletedKey(ecKeyName); }