Created
June 20, 2020 21:50
-
-
Save manoj-choudhari-git/de04d18b0b4600f367f33cb817ddff12 to your computer and use it in GitHub Desktop.
Basic operations on Keys in key vault using C# and .NET Core
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Text; | |
using System.Threading.Tasks; | |
using Azure.Identity; | |
using Azure.Security.KeyVault.Keys; | |
using Azure.Security.KeyVault.Keys.Cryptography; | |
namespace KeyVaultManager | |
{ | |
class Program | |
{ | |
//// replace your key vault name | |
static string keyVaultUrl = "https://<<your-key-vault>>.vault.azure.net"; | |
//// Client ID from the output of service pricipal creation output | |
static string clientId = "{GUID_ClientID}"; | |
//// Tenant ID from the output of service pricipal creation output | |
static string tenantId = "{GUID_TenantID}"; | |
//// Password from the output of service pricipal creation output | |
static string clientSecret = "{Client_Secret}"; | |
static async Task Main(string[] args) | |
{ | |
var client = new KeyClient(vaultUri: new Uri(keyVaultUrl), credential: new ClientSecretCredential(tenantId, clientId, clientSecret)); | |
// Create a software RSA key | |
var rsaCreateKey = new CreateRsaKeyOptions("rsa-key-name", hardwareProtected: false); | |
KeyVaultKey rsaKey = await client.CreateRsaKeyAsync(rsaCreateKey); | |
Console.WriteLine("Created the key...."); | |
Console.WriteLine($"rsaKey.Name: {rsaKey.Name}"); | |
Console.WriteLine($"rsaKey.KeyType: {rsaKey.KeyType}"); | |
Console.WriteLine("=================================================="); | |
Console.WriteLine(); | |
// Retrieve | |
KeyVaultKey key = await client.GetKeyAsync("rsa-key-name"); | |
Console.WriteLine("Retrieve the key"); | |
Console.WriteLine($"key.Name: {key.Name}"); | |
Console.WriteLine($"key.KeyType: {key.KeyType}"); | |
Console.WriteLine("=================================================="); | |
Console.WriteLine(); | |
// Update | |
KeyVaultKey updateKey = await client.CreateKeyAsync("rsa-key-name", KeyType.Rsa); | |
// You can specify additional application-specific metadata in the form of tags. | |
updateKey.Properties.Tags["foo"] = "updated tag"; | |
KeyVaultKey updatedKey = await client.UpdateKeyPropertiesAsync(updateKey.Properties); | |
Console.WriteLine("Update Initiated."); | |
Console.WriteLine($"updatedKey.Name: {updatedKey.Name}"); | |
Console.WriteLine($"updatedKey.Properties.Version: {updatedKey.Properties.Version}"); | |
Console.WriteLine($"updatedKey.Properties.UpdatedOn: {updatedKey.Properties.UpdatedOn}"); | |
Console.WriteLine("=================================================="); | |
Console.WriteLine(); | |
/// Delete | |
DeleteKeyOperation operation = await client.StartDeleteKeyAsync("rsa-key-name"); | |
DeletedKey deletedKey = operation.Value; | |
Console.WriteLine("Delete operation initialted."); | |
Console.WriteLine($"deletedKey.Name: {deletedKey.Name}"); | |
Console.WriteLine($"deletedKey.DeletedOn: {deletedKey.DeletedOn}"); | |
Console.WriteLine("=================================================="); | |
Console.WriteLine(); | |
// Wait for deletion to complete | |
await operation.WaitForCompletionAsync(); | |
// Recover deleted key | |
var recoverOperation = await client.StartRecoverDeletedKeyAsync("rsa-key-name"); | |
await recoverOperation.WaitForCompletionAsync(); | |
Console.WriteLine("Recovery completed"); | |
Console.WriteLine("=================================================="); | |
Console.WriteLine(); | |
// Create crypto client and demo of encryption / decryption | |
var cryptoClient = new CryptographyClient(keyId: key.Id, credential: new ClientSecretCredential(tenantId, clientId, clientSecret)); | |
byte[] plaintext = Encoding.UTF8.GetBytes("If you can dream it, you can do it."); | |
// encrypt the data using the algorithm RSAOAEP | |
EncryptResult encryptResult = await cryptoClient.EncryptAsync(EncryptionAlgorithm.RsaOaep, plaintext); | |
Console.WriteLine("Encryption demo."); | |
Console.WriteLine("Encrypted Base64: " + Convert.ToBase64String(encryptResult.Ciphertext)); | |
Console.WriteLine("=================================================="); | |
Console.WriteLine(); | |
// decrypt the encrypted data. | |
DecryptResult decryptResult = await cryptoClient.DecryptAsync(EncryptionAlgorithm.RsaOaep, encryptResult.Ciphertext); | |
Console.WriteLine("Decryption demo."); | |
Console.WriteLine("Decrypted: " + Encoding.UTF8.GetString(decryptResult.Plaintext)); | |
Console.WriteLine("=================================================="); | |
Console.WriteLine(); | |
// Purge | |
DeleteKeyOperation deleteOperation = await client.StartDeleteKeyAsync("rsa-key-name"); | |
await deleteOperation.WaitForCompletionAsync(); | |
DeletedKey purgekey = deleteOperation.Value; | |
await client.PurgeDeletedKeyAsync(purgekey.Name); | |
Console.WriteLine("Purge Initiated."); | |
Console.WriteLine($"purgekey.Name: {purgekey.Name}"); | |
Console.WriteLine("=================================================="); | |
Console.WriteLine(); | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment