Skip to content

Commit

Permalink
Update Key Vault README samples (#7943)
Browse files Browse the repository at this point in the history 
Fixes #7189 and fixes #7889
  • Loading branch information
@heaths
heaths authored Oct 7, 2019
1 parent a4fa4ee commit bf9351e
Show file tree
Hide file tree
Showing 8 changed files with 716 additions and 221 deletions.
73 changes: 42 additions & 31 deletions sdk/keyvault/Azure.Security.KeyVault.Certificates/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,13 +63,12 @@ Use the [Azure CLI][azure_cli] snippet below to create/get client secret credent
#### Create CertificateClient
Once you've populated the **AZURE_CLIENT_ID**, **AZURE_CLIENT_SECRET** and **AZURE_TENANT_ID** environment variables and replaced **your-vault-url** with the above returned URI, you can create the [CertificateClient][certificate_client_class]:
```c#
using Azure.Identity;
using Azure.Security.KeyVault.Certificates;
// Create a new key client using the default credential from Azure.Identity
var client = new CertificateClient(vaultUri: <your-vault-url>, credential: new DefaultAzureCredential());
```C# CreateClient
// Create a new certificate client using the default credential from Azure.Identity using environment variables previously set,
// including AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, and AZURE_TENANT_ID.
var client = new CertificateClient(vaultUri: new Uri(keyVaultUrl), credential: new DefaultAzureCredential());
```

## Key concepts
With a `CertificateClient` you can get certificates from the vault, create new certificates and
new versions of existing certificates, update certificate metadata, and delete certificates. You
Expand All @@ -88,44 +87,55 @@ This section contains code snippets covering common tasks:
`StartCreateCertificate` creates a Certificate to be stored in the Azure Key Vault. If a certificate with
the same name already exists, then a new version of the certificate is created.
When creating the certificate the user can specify the policy which controls the certificate lifetime. If no policy is specified the default policy will be used. The `StartCreateCertificate` operation returns a `CertificateOperation`. The following example creates a self signed certificate with the default policy.
```c#
// create a certificate, this starts a long running operation to create and sign the certificate
CertificateOperation operation = await Client.StartCreateCertificateAsync("MyCertificate");

// optionally you can await the completion of the certificate opteration
// NOTE:
CertificateWithPolicy certificate = await WaitForCompletion(operation);
```C# CreateCertificate
// Create a certificate. This starts a long running operation to create and sign the certificate.
CertificateOperation operation = await client.StartCreateCertificateAsync("MyCertificate");

// You can await the completion of the create certificate operation.
CertificateWithPolicy certificate = await operation.WaitCompletionAsync();
```

> NOTE: Depending on the certificate issuer and validation methods, certificate creation and signing can take an indeterministic amount of time. Users should only wait on certificate operations when the operation can be reasonably completed in the scope of the application, such as with self signed certificates or issuers with well known response times.
### Retrieve a Certificate
`GetCertificateWithPolicy` retrieves the latest version of a certificate stored in the Key Vault along with its `CertificatePolicy`.
```c#
CertificateWithPolicy certificateWithPolicy = await Client.GetCertificateWithPolicyAsync("MyCertificate");

```C# RetrieveCertificate
CertificateWithPolicy certificateWithPolicy = await client.GetCertificateWithPolicyAsync("MyCertificate");
```

`GetCertificate` retrieves a specific version of a certificate in the vault.
```c#
Certificate certificate = await Client.GetCertificateAsync(certificateWithPolicy.Name, certificateWithPolicy.Version);

```C# GetCertificate
Certificate certificate = await client.GetCertificateAsync(certificateWithPolicy.Name, certificateWithPolicy.Properties.Version);
```

### Update an existing Certificate
`UpdateCertificate` updates a certificate stored in the Key Vault.
```c#
IDictionary<string, string> tags = new Dictionary<string, string>() { { "key1", "value1" } };

Certificate updated = await Client.UpdateCertificateAsync(certName, certVersion, tags: expTags);
```C# UpdateCertificate
CertificateProperties certificateProperties = new CertificateProperties(certificate.Id)
{
Tags =
{
["key1"] = "value1"
}
};

Certificate updated = await client.UpdateCertificatePropertiesAsync(certificateProperties);
```

### Delete a Certificate
`DeleteCertificate` deletes all versions of a certificate stored in the Key Vault. When [soft-delete][soft_delete]
is not enabled for the Key Vault, this operation permanently deletes the certificate. If soft delete is enabled the certificate is marked for deletion and can be optionally purged or recovered up until its scheduled purge date.
```c#
DeletedCertificate deletedCert = await Client.DeleteCertificateAsync(certName);

```C# DeleteCertificate
DeletedCertificate deletedCert = await client.DeleteCertificateAsync("MyCertificate");

Console.WriteLine(deletedCert.ScheduledPurgeDate);

await Client.PurgeDeletedCertificate(certName);
await client.PurgeDeletedCertificateAsync("MyCertificate");
```

## Troubleshooting
Expand All @@ -135,26 +145,26 @@ When you interact with the Azure Key Vault Certificate client library using the

For example, if you try to retrieve a Key that doesn't exist in your Key Vault, a `404` error is returned, indicating `Not Found`.

```c#
```C# NotFound
try
{
Key key = await Client.GetCertficateAsync("MyCertificate");
CertificateWithPolicy certificateWithPolicy = await client.GetCertificateWithPolicyAsync("SomeCertificate");
}
catch (RequestFailedException ex)
{
System.Console.WriteLine(ex.ToString());
Console.WriteLine(ex.ToString());
}
```

You will notice that additional information is logged, like the Client Request ID of the operation.

```
Message:
Message:
Azure.RequestFailedException : Service request failed.
Status: 404 (Not Found)
Status: 404 (Not Found)
Content:
{"error":{"code":"CertificateNotFound","message":"Certificate not found: MyCertificate"}}
Headers:
Cache-Control: no-cache
Pragma: no-cache
Expand All @@ -172,6 +182,7 @@ Headers:
Content-Type: application/json; charset=utf-8
Expires: -1
```

## Next steps
Key Vault Certificates client library samples are available to you in this GitHub repository. These samples provide example code for additional scenarios commonly encountered while working with Key Vault:
* [HelloWorld.cs][hello_world_sync] and [HelloWorldAsync.cs][hello_world_async] - for working with Azure Key Vault certificates, including:
Expand All @@ -188,9 +199,9 @@ Key Vault Certificates client library samples are available to you in this GitHu
* List deleted certificates in the Key Vault

### Additional Documentation
- For more extensive documentation on Azure Key Vault, see the [API reference documentation][keyvault_rest].
- For Secrets client library see [Secrets client library][secrets_client_library].
- For Keys client library see [Keys client library][keys_client_library].
* For more extensive documentation on Azure Key Vault, see the [API reference documentation][keyvault_rest].
* For Secrets client library see [Secrets client library][secrets_client_library].
* For Keys client library see [Keys client library][keys_client_library].

## Contributing
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.
Expand Down
102 changes: 102 additions & 0 deletions sdk/keyvault/Azure.Security.KeyVault.Certificates/samples/SampleSnippets.cs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,102 @@
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.

using Azure.Core.Testing;
using Azure.Identity;
using NUnit.Framework;
using System;
using System.Threading.Tasks;

namespace Azure.Security.KeyVault.Certificates.Samples
{
/// <summary>
/// Samples that are used in the associated README.md file.
/// </summary>
[LiveOnly]
public partial class Snippets
{
#pragma warning disable IDE1006 // Naming Styles
private CertificateClient client;
#pragma warning restore IDE1006 // Naming Styles

[OneTimeSetUp]
public async Task CreateClientAsync()
{
// Environment variable with the Key Vault endpoint.
string keyVaultUrl = Environment.GetEnvironmentVariable("AZURE_KEYVAULT_URL");

#region CreateClient
// Create a new certificate client using the default credential from Azure.Identity using environment variables previously set,
// including AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, and AZURE_TENANT_ID.
var client = new CertificateClient(vaultUri: new Uri(keyVaultUrl), credential: new DefaultAzureCredential());
#endregion

#region CreateCertificate
// Create a certificate. This starts a long running operation to create and sign the certificate.
CertificateOperation operation = await client.StartCreateCertificateAsync("MyCertificate");

// You can await the completion of the create certificate operation.
CertificateWithPolicy certificate = await operation.WaitCompletionAsync();
#endregion

this.client = client;
}

[Test]
public async Task RetrieveCertificateAsync()
{
#region RetrieveCertificate
CertificateWithPolicy certificateWithPolicy = await client.GetCertificateWithPolicyAsync("MyCertificate");
#endregion

#region GetCertificate
Certificate certificate = await client.GetCertificateAsync(certificateWithPolicy.Name, certificateWithPolicy.Properties.Version);
#endregion
}

[Test]
public async Task UpdateCertificateAsync()
{
CertificateWithPolicy certificate = await client.GetCertificateWithPolicyAsync("MyCertificate");

#region UpdateCertificate
CertificateProperties certificateProperties = new CertificateProperties(certificate.Id)
{
Tags =
{
["key1"] = "value1"
}
};

Certificate updated = await client.UpdateCertificatePropertiesAsync(certificateProperties);
#endregion
}

[Test]
public async Task NotFoundAsync()
{
#region NotFound
try
{
CertificateWithPolicy certificateWithPolicy = await client.GetCertificateWithPolicyAsync("SomeCertificate");
}
catch (RequestFailedException ex)
{
Console.WriteLine(ex.ToString());
}
#endregion
}

[OneTimeTearDown]
public async Task DeleteCertificateAsync()
{
#region DeleteCertificate
DeletedCertificate deletedCert = await client.DeleteCertificateAsync("MyCertificate");

Console.WriteLine(deletedCert.ScheduledPurgeDate);

await client.PurgeDeletedCertificateAsync("MyCertificate");
#endregion
}
}
}
1 change: 1 addition & 0 deletions sdk/keyvault/Azure.Security.KeyVault.Keys/ChangeLog.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
### Major changes

- `KeyClient.UpdateKey` and `KeyClient.UpdateKeyAsync` now allow the `keyOperations` parameter to be null, resulting in no changes to the allowed key operations.
- `RSA` and `ECDsa` support have been implemented for `CryptographyClient` to use locally if key operations and key material allow; otherwise, operations will be performed in Azure Key Vault.

## 4.0.0-preview.1 (2019-06-28)

Expand Down
Loading

0 comments on commit bf9351e

Please sign in to comment.