/// <summary>
/// Delete a secret from Key Vault
/// </summary>
/// <param name="keyvaultName">ID of the secret</param>
/// <returns>keyName that was deleted</returns>
public async Task <string> DeleteSecretAsync(string keyvaultName, string keyName)
{
var secretUrl = GetKeyVaultSecretUrl(keyvaultName);
var secret = await _keyVaultClient.DeleteSecretAsync(secretUrl, keyName);
return(keyName);
}
public async Task <DeletedSecretBundle> DeleteSecret(string secretName)
{
var client = new KeyVaultClient(AuthCallback);
var r = await client.DeleteSecretAsync(VaultBaseUrl, secretName);
return(r);
}
private async Task ClearAllKeyVaultSecrets()
{
foreach (SecretItem item in await KeyVaultClient.GetSecretsAsync(GetKeyVaultBaseUrl()))
{
await KeyVaultClient.DeleteSecretAsync(GetKeyVaultBaseUrl(), item.Identifier.Name);
}
}
/// <summary>
/// Creates a secret in Azure Key Vault and returns its ID.
/// </summary>
/// <param name="secretName">The name of the secret to create.</param>
/// <returns>The ID of the secret created.</returns>
public static string SetUpKeyVaultSecret(string secretName)
{
KeyVaultClient cloudVault = new KeyVaultClient(GetAccessToken);
string vaultUri = CloudConfigurationManager.GetSetting("VaultUri");
try
{
// Delete the secret if it exists.
cloudVault.DeleteSecretAsync(vaultUri, secretName).GetAwaiter().GetResult();
}
catch (KeyVaultClientException ex)
{
if (ex.Status != System.Net.HttpStatusCode.NotFound)
{
Console.WriteLine("Unable to access the specified vault. Please confirm the KVClientId, KVClientKey, and VaultUri are valid in the app.config file.");
Console.WriteLine("Also ensure that the client ID has previously been granted full permissions for Key Vault secrets using the Set-AzureKeyVaultAccessPolicy command with the -PermissionsToSecrets parameter.");
Console.WriteLine("Press any key to exit");
Console.ReadLine();
throw;
}
}
// Create a 256bit symmetric key and convert it to Base64.
SymmetricKey symmetricKey = new SymmetricKey(secretName, SymmetricKey.KeySize256);
string symmetricBytes = Convert.ToBase64String(symmetricKey.Key);
// Store the Base64 of the key in the key vault. Note that the content-type of the secret must
// be application/octet-stream or the KeyVaultKeyResolver will not load it as a key.
Secret cloudSecret = cloudVault.SetSecretAsync(vaultUri, secretName, symmetricBytes, null, "application/octet-stream").GetAwaiter().GetResult();
// Return the base identifier of the secret. This will be resolved to the current version of the secret.
return(cloudSecret.SecretIdentifier.BaseIdentifier);
}
/// <summary>
/// Creates a secret in Azure Key Vault and returns its ID.
/// </summary>
/// <param name="secretName">The name of the secret to create.</param>
/// <returns>The ID of the secret created.</returns>
public static string SetUpKeyVaultSecret(string secretName)
{
KeyVaultClient cloudVault = new KeyVaultClient(GetAccessToken);
string vaultUri = CloudConfigurationManager.GetSetting("VaultUri");
try
{
// Delete the secret if it exists.
cloudVault.DeleteSecretAsync(vaultUri, secretName).GetAwaiter().GetResult();
}
catch (KeyVaultClientException ex)
{
if (ex.Status != System.Net.HttpStatusCode.NotFound)
{
Console.WriteLine("Unable to access the specified vault. Please confirm the KVClientId, KVClientKey, and VaultUri are valid in the app.config file.");
Console.WriteLine("Also ensure that the client ID has previously been granted full permissions for Key Vault secrets using the Set-AzureKeyVaultAccessPolicy command with the -PermissionsToSecrets parameter.");
Console.WriteLine("Press any key to exit");
Console.ReadLine();
throw;
}
}
// Create a 256bit symmetric key and convert it to Base64.
SymmetricKey symmetricKey = new SymmetricKey(secretName, SymmetricKey.KeySize256);
string symmetricBytes = Convert.ToBase64String(symmetricKey.Key);
// Store the Base64 of the key in the key vault. Note that the content-type of the secret must
// be application/octet-stream or the KeyVaultKeyResolver will not load it as a key.
Secret cloudSecret = cloudVault.SetSecretAsync(vaultUri, secretName, symmetricBytes, null, "application/octet-stream").GetAwaiter().GetResult();
// Return the base identifier of the secret. This will be resolved to the current version of the secret.
return cloudSecret.SecretIdentifier.BaseIdentifier;
}
public async Task DeleteSecretAsync(Guid subscriptionId, KeyVault keyVault, string secretName)
{
// Authenticate using MSI
AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider();
var accessToken = await azureServiceTokenProvider.GetAccessTokenAsync("https://vault.azure.net");
var token = new TokenCredentials(accessToken);
var keyVaultClient = new KeyVaultClient(token);
try
{
await keyVaultClient.DeleteSecretAsync(keyVault.Uri, secretName);
}
catch (KeyVaultErrorException ex)
{
if (ex.Body.Error.Code != "SecretNotFound")
{
throw new Exception($"Failed to set secret with principal: {azureServiceTokenProvider.PrincipalUsed}", ex);
}
}
catch (Exception e)
{
throw new Exception($"Failed to set secret with principal: {azureServiceTokenProvider.PrincipalUsed}", e);
}
}
public async Task DeleteSecretAsync(string key)
{
var azureServiceTokenProvider = new AzureServiceTokenProvider();
using var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
if (_configuration[key] == null)
{
return;
}
// Delete the secret in the key vault
//
try
{
await keyVaultClient.DeleteSecretAsync(KeyVaultEndpoint, key);
}
catch (KeyVaultErrorException ex)
{
Console.WriteLine("\n\nError:" + ex.Message);
}
// Delete it locally (needed in case the secret cannot be deleted). If the above statement fails, this will save it.
// Without this, the user may have an invalid refresh token stored in the key vault and can't use the bot anymore.
//
_configuration[key] = null;
// Reload the configuration because we added a new secret
((IConfigurationRoot)_configuration).Reload();
}
public void Write(string key, string value)
{
if (value == null)
{
_vaultClient.DeleteSecretAsync(_vaultUri, key);
}
else
{
_vaultClient.SetSecretAsync(_vaultUri, key, value).Wait();
}
}
private async Task ClearAllKeyVaultSecrets()
{
var secretsPages = await KeyVaultSecretsRepository.GetKeyVaultSecretsPagesAsync(KeyVaultClient, GetKeyVaultBaseUrl());
foreach (IPage <SecretItem> secretsPage in secretsPages)
{
foreach (SecretItem item in secretsPage)
{
await KeyVaultClient.DeleteSecretAsync(GetKeyVaultBaseUrl(), item.Identifier.Name);
}
}
}
/// <summary>
/// Deletes the specified identifier from the vault.
/// </summary>
/// <param name="identifier">Identifier of the entity to be deleted.</param>
/// <returns>An instance of <see cref="Task"/> that represents the asynchronous operation.</returns>
/// <exception cref="ArgumentException">
/// <paramref name="identifier"/> is empty or null.
/// </exception>
public async Task DeleteAsync(string identifier)
{
DateTime startTime;
Dictionary <string, double> eventMetrics;
Dictionary <string, string> eventProperties;
identifier.AssertNotEmpty(nameof(identifier));
try
{
startTime = DateTime.Now;
if (!IsEnabled)
{
return;
}
using (IKeyVaultClient client = new KeyVaultClient(service.TokenManagement.GetAppOnlyTokenAsync))
{
try
{
await client.DeleteSecretAsync(service.Configuration.KeyVaultBaseAddress, identifier);
}
catch (KeyVaultErrorException ex)
{
if (!ex.Body.Error.Code.Equals(NotFoundErrorCode, StringComparison.CurrentCultureIgnoreCase))
{
throw;
}
}
}
// Track the event measurements for analysis.
eventMetrics = new Dictionary <string, double>
{
{ "ElapsedMilliseconds", DateTime.Now.Subtract(startTime).TotalMilliseconds }
};
// Capture the request for the customer summary for analysis.
eventProperties = new Dictionary <string, string>
{
{ "Identifier", identifier }
};
service.Telemetry.TrackEvent("Vault/DeleteAsync", eventProperties, eventMetrics);
}
finally
{
eventMetrics = null;
eventProperties = null;
}
}
public async Task <string> DeleteSecretAsync(string secretName)
{
if (string.IsNullOrEmpty(secretName))
{
throw new ArgumentNullException("secretName");
}
// KeyVault doesn't allow dots in key name, allows only alphanumeric and dashes. Replace dots with dash
string fixedSecretName = FixSecretName(secretName);
var deletedSecretResult = await _keyVaultClient.DeleteSecretAsync(_keyVaultUrl, fixedSecretName);
return(deletedSecretResult.Value);
}
public async Task <string> DeleteSecretAsyn(string name)
{
try
{
var response = await _keyVaultClient.DeleteSecretAsync(_kvUri, name);
return(response.Id);
}
catch (KeyVaultErrorException e)
{
Log.Error("Failed to delete the secret.", e);
throw;
}
}
private Task DeleteSecretAsync(string secret)
{
return(Task.Run(async() =>
{
try
{
await Client.DeleteSecretAsync(KeyVaultUrl, secret);
}
catch (Exception ex)
{
EventManager.KeyVaultFailed("DeleteSecretAsync", ex);
}
}));
}
/// <summary>
/// Deletes secret
/// </summary>
/// <param name="secretName"> The secret name</param>
/// <returns> The deleted secret </returns>
private static SecretBundle DeleteSecret(string secretName)
{
// If the secret is not initialized get the secret Id from args
var vaultAddress = inputValidator.GetVaultAddress();
secretName = (secretName == string.Empty) ? inputValidator.GetSecretName() : secretName;
var secret = keyVaultClient.DeleteSecretAsync(vaultAddress, secretName).GetAwaiter().GetResult();
Console.Out.WriteLine("Deleted secret:---------------");
PrintoutSecret(secret);
return(secret);
}
/// <summary>
/// Delete a secret from Key Vault
/// </summary>
/// <param name="keyvaultName">ID of the secret</param>
/// <returns>secret value</returns>
public async Task <ApiResult> DeleteSecretAsync(string keyvaultName, string keyName)
{
try
{
var secretUrl = GetKeyVaultSecretUrl(keyvaultName);
var secret = await _keyVaultClient.DeleteSecretAsync(secretUrl, keyName);
return(ApiResult.CreateSuccess("Deleted"));
}
catch (Exception)
{
throw;
}
}
public async Task <bool> DeleteSecret(string secretName)
{
try
{
var keyVaultClient = new KeyVaultClient(AuthenticateVault);
await keyVaultClient.DeleteSecretAsync(_vaultBaseUrl, secretName);
return(true);
}
catch (Exception e)
{
Console.WriteLine("Error deleting secret: " + e);
return(false);
}
}
public async Task DeleteAsync(int id)
{
// Get list of all items
var items = await ReadAllAsync();
// Get item to delete
var deletedItem = items.Single(c => c.Id == id);
// Remove item from list
items.Remove(deletedItem);
// Update liad cache, no reorder necessary
_cache.Set("ItemList", items);
// Remove item from KeyVault
await keyVaultClient.DeleteSecretAsync(
KeyVaultBaseUrl, deletedItem.Name);
}
private async Task RemoveConfigAsync(string configName)
{
await _client.DeleteSecretAsync(_keyVaultUrl, configName);
}
public async Task DeleteSecretAsync(string secretName, CancellationToken cancellationToken = default)
{
var keyVaultClient = new KeyVaultClient(GetAccessTokenAsync);
await keyVaultClient.DeleteSecretAsync(_context.KeyVaultUri.AbsoluteUri, secretName, cancellationToken);
}
public SecretBundle DeleteSecret(Uri vaultUri, string secretName)
{
return(_keyVaultClient.DeleteSecretAsync(vaultUri.ToString(), secretName).GetAwaiter().GetResult());
}
public ActionResult Index()
{
string keyVaultName = "<YOUR_VAULT's_NAME>";
string vaultBaseURL = $"https://{keyVaultName}.vault.azure.net";
//Get a token for accessing the Key Vault.
var azureServiceTokenProvider = new AzureServiceTokenProvider();
//Create a Key Vault client for accessing the items in the vault;
var keyVault = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
// Manage secrets in the Key Vault.
// Create a new secret
string secretName = "secret-az204";
Task.Run(async() => await keyVault.SetSecretAsync(vaultBaseURL,
secretName,
"This is a secret testing value")).Wait();
var secret = Task.Run(async() => await keyVault.GetSecretAsync
($"{vaultBaseURL}/secrets/{secretName}")).GetAwaiter().GetResult();
// Update an existing secret
Task.Run(async() => await keyVault.SetSecretAsync(vaultBaseURL,
secretName,
"Updated the secret testing value")).Wait();
secret = Task.Run(async() => await keyVault.GetSecretAsync
($"{vaultBaseURL}/secrets/{secretName}")).GetAwaiter().GetResult();
// Delete the secret
Task.Run(async() => await keyVault.DeleteSecretAsync(vaultBaseURL,
secretName)).Wait();
// Manage certificates in the Key Vault
string certName = "cert-az204";
// Create a new self-signed certificate
var policy = new CertificatePolicy
{
IssuerParameters = new IssuerParameters
{
Name = "Self",
},
KeyProperties = new KeyProperties
{
Exportable = true,
KeySize = 2048,
KeyType = "RSA"
},
SecretProperties = new SecretProperties
{
ContentType = "application/x-pkcs12"
},
X509CertificateProperties = new X509CertificateProperties
{
Subject = "CN=AZ204KEYVAULTDEMO"
}
};
Task.Run(async() => await keyVault.CreateCertificateAsync(vaultBaseURL,
certName, policy, new CertificateAttributes {
Enabled = true
})).Wait();
// When you create a new certificate in the Key Vault it takes some time
// before it's ready.
// We added some wait time here for the sake of simplicity.
Thread.Sleep(10000);
var certificate = Task.Run(async() => await keyVault.GetCertificateAsync
(vaultBaseURL, certName)).GetAwaiter().GetResult();
// Update properties associated with the certificate.
CertificatePolicy updatePolicy = new CertificatePolicy
{
X509CertificateProperties = new X509CertificateProperties
{
SubjectAlternativeNames = new SubjectAlternativeNames
{
DnsNames = new[] { "az204.examref.testing" }
}
}
};
Task.Run(async() => await keyVault.UpdateCertificatePolicyAsync(
vaultBaseURL, certName, updatePolicy)).Wait();
Task.Run(async() => await keyVault.CreateCertificateAsync(vaultBaseURL,
certName)).Wait();
Thread.Sleep(10000);
certificate = Task.Run(async() => await keyVault.GetCertificateAsync(
vaultBaseURL, certName)).
GetAwaiter().GetResult();
Task.Run(async() => await keyVault.UpdateCertificateAsync(certificate.
CertificateIdentifier.Identifier, null,
new CertificateAttributes
{
Enabled =
false
})).Wait();
Thread.Sleep(10000);
// Delete the self-signed certificate.
Task.Run(async() => await keyVault.DeleteCertificateAsync(vaultBaseURL,
certName)).Wait();
// Manage keys in the Key Vault
string keyName = "key-az204";
NewKeyParameters keyParameters = new NewKeyParameters
{
Kty = "EC",
CurveName = "SECP256K1",
KeyOps = new[] { "sign", "verify" }
};
Task.Run(async() => await keyVault.CreateKeyAsync(vaultBaseURL, keyName,
keyParameters)).Wait();
var key = Task.Run(async() => await keyVault.GetKeyAsync(vaultBaseURL,
keyName)).GetAwaiter().GetResult();
// Update keys in the Key Vault
Task.Run(async() => await keyVault.UpdateKeyAsync(vaultBaseURL, keyName,
null, new KeyAttributes
{
Expires = DateTime.UtcNow.
AddYears(1)
})).Wait();
key = Task.Run(async() => await keyVault.GetKeyAsync(vaultBaseURL,
keyName)).GetAwaiter().GetResult();
// Delete keys from the Key Vault
Task.Run(async() => await keyVault.DeleteKeyAsync(vaultBaseURL, keyName)).
Wait();
return(View());
}
public async Task DeleteAsync(IEnumerable <string> fullPaths, CancellationToken cancellationToken = default)
{
GenericValidation.CheckBlobFullPaths(fullPaths);
await Task.WhenAll(fullPaths.Select(fullPath => _vaultClient.DeleteSecretAsync(_vaultUri, fullPath))).ConfigureAwait(false);
}
private async Task MigrationGuide()
{
#region Snippet:Microsoft_Azure_KeyVault_Snippets_MigrationGuide_Create
AzureServiceTokenProvider provider = new AzureServiceTokenProvider();
KeyVaultClient client = new KeyVaultClient(
new KeyVaultClient.AuthenticationCallback(provider.KeyVaultTokenCallback));
#endregion Snippet:Microsoft_Azure_KeyVault_Snippets_MigrationGuide_Create
#region Snippet:Microsoft_Azure_KeyVault_Snippets_MigrationGuide_CreateWithOptions
using (HttpClient httpClient = new HttpClient())
{
//@@AzureServiceTokenProvider provider = new AzureServiceTokenProvider();
/*@@*/ provider = new AzureServiceTokenProvider();
//@@KeyVaultClient client = new KeyVaultClient(
/*@@*/ client = new KeyVaultClient(
new KeyVaultClient.AuthenticationCallback(provider.KeyVaultTokenCallback),
httpClient);
}
#endregion Snippet:Microsoft_Azure_KeyVault_Snippets_MigrationGuide_CreateWithOptions
{
#region Snippet:Microsoft_Azure_KeyVault_Snippets_MigrationGuide_SetSecret
SecretBundle secret = await client.SetSecretAsync("https://myvault.vault.azure.net", "secret-name", "secret-value");
#endregion Snippet:Microsoft_Azure_KeyVault_Snippets_MigrationGuide_SetSecret
}
{
#region Snippet:Microsoft_Azure_KeyVault_Snippets_MigrationGuide_GetSecret
// Get the latest secret value.
SecretBundle secret = await client.GetSecretAsync("https://myvault.vault.azure.net", "secret-name", null);
// Get a specific secret value.
SecretBundle secretVersion = await client.GetSecretAsync("https://myvault.vault.azure.net", "secret-name", "e43af03a7cbc47d4a4e9f11540186048");
#endregion Snippet:Microsoft_Azure_KeyVault_Snippets_MigrationGuide_GetSecret
}
{
#region Snippet:Microsoft_Azure_KeyVault_Snippets_MigrationGuide_ListSecrets
IPage <SecretItem> page = await client.GetSecretsAsync("https://myvault.vault.azure.net");
foreach (SecretItem item in page)
{
SecretIdentifier secretId = item.Identifier;
SecretBundle secret = await client.GetSecretAsync(secretId.Vault, secretId.Name);
}
while (page.NextPageLink != null)
{
page = await client.GetSecretsNextAsync(page.NextPageLink);
foreach (SecretItem item in page)
{
SecretIdentifier secretId = item.Identifier;
SecretBundle secret = await client.GetSecretAsync(secretId.Vault, secretId.Name);
}
}
#endregion Snippet:Microsoft_Azure_KeyVault_Snippets_MigrationGuide_ListSecrets
}
{
#region Snippet:Microsoft_Azure_KeyVault_Snippets_MigrationGuide_DeleteSecret
// Delete the secret.
DeletedSecretBundle deletedSecret = await client.DeleteSecretAsync("https://myvault.vault.azure.net", "secret-name");
// Purge or recover the deleted secret if soft delete is enabled.
if (deletedSecret.RecoveryId != null)
{
DeletedSecretIdentifier deletedSecretId = deletedSecret.RecoveryIdentifier;
// Deleting a secret does not happen immediately. Wait a while and check if the deleted secret exists.
while (true)
{
try
{
await client.GetDeletedSecretAsync(deletedSecretId.Vault, deletedSecretId.Name);
// Finally deleted.
break;
}
catch (KeyVaultErrorException ex) when(ex.Response.StatusCode == HttpStatusCode.NotFound)
{
// Not yet deleted...
}
}
// Purge the deleted secret.
await client.PurgeDeletedSecretAsync(deletedSecretId.Vault, deletedSecretId.Name);
// You can also recover the deleted secret using RecoverDeletedSecretAsync.
}
#endregion Snippet:Microsoft_Azure_KeyVault_Snippets_MigrationGuide_DeleteSecret
}
}
public async Task DeleteAsync(IEnumerable <string> ids, CancellationToken cancellationToken)
{
GenericValidation.CheckBlobId(ids);
await Task.WhenAll(ids.Select(id => _vaultClient.DeleteSecretAsync(_vaultUri, id)));
}
public SecretBundle Delete(string key)
{
Task <DeletedSecretBundle> tdsb = keyVault.DeleteSecretAsync(this.baseSecretUri, key);
return(tdsb.Result);
}
