forked from Azure/azure-sdk-for-net
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathSample2_BackupAndRestoreAsync.cs
94 lines (81 loc) · 3.87 KB
/
Sample2_BackupAndRestoreAsync.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License. See License.txt in the project root for
// license information.
using Azure.Identity;
using NUnit.Framework;
using System;
using System.Diagnostics;
using System.IO;
using System.Threading;
using System.Threading.Tasks;
namespace Azure.Security.KeyVault.Secrets.Samples
{
/// <summary>
/// Sample demonstrates how to backup and restore secrets in the key vault using the
/// asynchronous methods of the SecretClient.
/// </summary>
[Category("Live")]
public partial class BackupAndRestore
{
[Test]
[Ignore("https://github.com/Azure/azure-sdk-for-net/issues/6514")]
public async Task BackupAndRestoreAsync()
{
// Environment variable with the Key Vault endpoint.
string keyVaultUrl = Environment.GetEnvironmentVariable("AZURE_KEYVAULT_URL");
string backupPath = Path.GetTempFileName();
// Instantiate a secret client that will be used to call the service. Notice that the client is using default Azure
// credentials. To make default credentials work, ensure that environment variables 'AZURE_CLIENT_ID',
// 'AZURE_CLIENT_KEY' and 'AZURE_TENANT_ID' are set with the service principal credentials.
var client = new SecretClient(new Uri(keyVaultUrl), new DefaultAzureCredential());
// Let's create a secret holding bank account credentials valid for 1 year. if the secret
// already exists in the key vault, then a new version of the secret is created.
string secretName = $"StorageAccountPasswor{Guid.NewGuid()}";
var secret = new Secret(secretName, "f4G34fMh8v")
{
Expires = DateTimeOffset.Now.AddYears(1)
};
Secret storedSecret = await client.SetAsync(secret);
// Backups are good to have if in case secrets get accidentally deleted by you.
// For long term storage, it is ideal to write the backup to a file.
using (FileStream sourceStream = File.Open(backupPath, FileMode.OpenOrCreate))
{
byte[] byteSecret = await client.BackupAsync(secretName);
sourceStream.Seek(0, SeekOrigin.End);
await sourceStream.WriteAsync(byteSecret, 0, byteSecret.Length);
}
// The storage account secret is no longer in use, so you delete it.
await client.DeleteAsync(secretName);
// To ensure secret is deleted on server side.
Assert.IsTrue(await WaitForDeletedSecretAsync(client, secretName));
// If the keyvault is soft-delete enabled, then for permanent deletion, deleted secret needs to be purged.
await client.PurgeDeletedAsync(secretName);
// After sometime, the secret is required again. We can use the backup value to restore it in the key vault.
SecretBase restoreSecret = null;
using (FileStream sourceStream = File.Open(backupPath, FileMode.Open))
{
byte[] result = new byte[sourceStream.Length];
await sourceStream.ReadAsync(result, 0, (int)sourceStream.Length);
restoreSecret = await client.RestoreAsync(result);
}
AssertSecretsEqual((SecretBase)storedSecret, restoreSecret);
}
private async Task<bool> WaitForDeletedSecretAsync(SecretClient client, string secretName)
{
int maxIterations = 20;
for (int i = 0; i < maxIterations; i++)
{
try
{
await client.GetDeletedAsync(secretName);
return true;
}
catch
{
Thread.Sleep(5000);
}
}
return false;
}
}
}