public final class KeyClient extends Object
keys
in the Azure Key Vault. The client supports
creating, retrieving, updating, deleting, purging, backing up, restoring and listing the keys
. The client
also supports listing deleted keys
for a soft-delete enabled Azure Key Vault.
Samples to construct the sync client
KeyClient keyClient = new KeyClientBuilder() .vaultUrl("https://myvault.azure.net/") .credential(new DefaultAzureCredentialBuilder().build()) .buildClient();
KeyClientBuilder
,
PagedIterable
Modifier and Type | Method and Description |
---|---|
byte[] |
backupKey(String name)
Requests a backup of the specified key be downloaded to the client.
|
com.azure.core.http.rest.Response<byte[]> |
backupKeyWithResponse(String name,
com.azure.core.util.Context context)
Requests a backup of the specified key be downloaded to the client.
|
com.azure.core.util.polling.SyncPoller<DeletedKey,Void> |
beginDeleteKey(String name)
Deletes a key of any type from the key vault.
|
com.azure.core.util.polling.SyncPoller<KeyVaultKey,Void> |
beginRecoverDeletedKey(String name)
Recovers the deleted key in the key vault to its latest version and can only be performed on a soft-delete
enabled vault.
|
KeyVaultKey |
createEcKey(CreateEcKeyOptions createEcKeyOptions)
Creates a new Ec key and stores it in the key vault.
|
com.azure.core.http.rest.Response<KeyVaultKey> |
createEcKeyWithResponse(CreateEcKeyOptions createEcKeyOptions,
com.azure.core.util.Context context)
Creates a new Ec key and stores it in the key vault.
|
KeyVaultKey |
createKey(CreateKeyOptions createKeyOptions)
Creates a new key and stores it in the key vault.
|
KeyVaultKey |
createKey(String name,
KeyType keyType)
Creates a new key and stores it in the key vault.
|
com.azure.core.http.rest.Response<KeyVaultKey> |
createKeyWithResponse(CreateKeyOptions createKeyOptions,
com.azure.core.util.Context context)
Creates a new key and stores it in the key vault.
|
KeyVaultKey |
createRsaKey(CreateRsaKeyOptions createRsaKeyOptions)
Creates a new Rsa key and stores it in the key vault.
|
com.azure.core.http.rest.Response<KeyVaultKey> |
createRsaKeyWithResponse(CreateRsaKeyOptions createRsaKeyOptions,
com.azure.core.util.Context context)
Creates a new Rsa key and stores it in the key vault.
|
DeletedKey |
getDeletedKey(String name)
Gets the public part of a deleted key.
|
com.azure.core.http.rest.Response<DeletedKey> |
getDeletedKeyWithResponse(String name,
com.azure.core.util.Context context)
Gets the public part of a deleted key.
|
KeyVaultKey |
getKey(String name)
Get the public part of the latest version of the specified key from the key vault.
|
KeyVaultKey |
getKey(String name,
String version)
Gets the public part of the specified key and key version.
|
com.azure.core.http.rest.Response<KeyVaultKey> |
getKeyWithResponse(String name,
String version,
com.azure.core.util.Context context)
Gets the public part of the specified key and key version.
|
String |
getVaultUrl()
Get the vault endpoint url
|
KeyVaultKey |
importKey(ImportKeyOptions importKeyOptions)
Imports an externally created key and stores it in key vault.
|
KeyVaultKey |
importKey(String name,
JsonWebKey keyMaterial)
Imports an externally created key and stores it in key vault.
|
com.azure.core.http.rest.Response<KeyVaultKey> |
importKeyWithResponse(ImportKeyOptions importKeyOptions,
com.azure.core.util.Context context)
Imports an externally created key and stores it in key vault.
|
com.azure.core.http.rest.PagedIterable<DeletedKey> |
listDeletedKeys()
Lists
deleted keys of the key vault. |
com.azure.core.http.rest.PagedIterable<DeletedKey> |
listDeletedKeys(com.azure.core.util.Context context)
Lists
deleted keys of the key vault. |
com.azure.core.http.rest.PagedIterable<KeyProperties> |
listPropertiesOfKeys()
List keys in the key vault.
|
com.azure.core.http.rest.PagedIterable<KeyProperties> |
listPropertiesOfKeys(com.azure.core.util.Context context)
List keys in the key vault.
|
com.azure.core.http.rest.PagedIterable<KeyProperties> |
listPropertiesOfKeyVersions(String name)
List all versions of the specified key.
|
com.azure.core.http.rest.PagedIterable<KeyProperties> |
listPropertiesOfKeyVersions(String name,
com.azure.core.util.Context context)
List all versions of the specified key.
|
void |
purgeDeletedKey(String name)
Permanently deletes the specified key without the possibility of recovery.
|
com.azure.core.http.rest.Response<Void> |
purgeDeletedKeyWithResponse(String name,
com.azure.core.util.Context context)
Permanently deletes the specified key without the possibility of recovery.
|
KeyVaultKey |
restoreKeyBackup(byte[] backup)
Restores a backed up key to a vault.
|
com.azure.core.http.rest.Response<KeyVaultKey> |
restoreKeyBackupWithResponse(byte[] backup,
com.azure.core.util.Context context)
Restores a backed up key to a vault.
|
KeyVaultKey |
updateKeyProperties(KeyProperties keyProperties,
KeyOperation... keyOperations)
Updates the attributes and key operations associated with the specified key, but not the cryptographic key
material of the specified key in the key vault.
|
com.azure.core.http.rest.Response<KeyVaultKey> |
updateKeyPropertiesWithResponse(KeyProperties keyProperties,
com.azure.core.util.Context context,
KeyOperation... keyOperations)
Updates the attributes and key operations associated with the specified key, but not the cryptographic key
material of the specified key in the key vault.
|
public String getVaultUrl()
public KeyVaultKey createKey(String name, KeyType keyType)
keys/create
permission.
The keyType
indicates the type of key to create. Possible values include: EC
, EC-HSM
, RSA
, RSA-HSM
and OCT
.
Code Samples
Creates a new EC key. Prints out the details of the created key.
KeyVaultKey key = keyClient.createKey("keyName", KeyType.EC); System.out.printf("Key is created with name %s and id %s %n", key.getName(), key.getId());
name
- The name of the key being created.keyType
- The type of key to create. For valid values, see KeyType
.created key
.com.azure.core.exception.ResourceModifiedException
- if name
or keyType
is null.com.azure.core.exception.HttpResponseException
- if name
is empty string.public KeyVaultKey createKey(CreateKeyOptions createKeyOptions)
keys/create
permission.
The CreateKeyOptions
is required. The expires
and notBefore
values are optional. The CreateKeyOptions.isEnabled()
enabled} field
is set to true by Azure Key Vault, if not specified.
The keyType
indicates the type of key to create. Possible values include:
EC
, EC-HSM
, RSA
, RSA-HSM
and OCT
.
Code Samples
Creates a new RSA key which activates in one day and expires in one year. Prints out the details of the
CreateKeyOptions createKeyOptions = new CreateKeyOptions("keyName", KeyType.RSA) .setNotBefore(OffsetDateTime.now().plusDays(1)) .setExpiresOn(OffsetDateTime.now().plusYears(1)); KeyVaultKey optionsKey = keyClient.createKey(createKeyOptions); System.out.printf("Key is created with name %s and id %s %n", optionsKey.getName(), optionsKey.getId());
createKeyOptions
- The key options object containing information about the key being created.created key
.NullPointerException
- if keyCreateOptions
is null
.com.azure.core.exception.ResourceModifiedException
- if keyCreateOptions
is malformed.public com.azure.core.http.rest.Response<KeyVaultKey> createKeyWithResponse(CreateKeyOptions createKeyOptions, com.azure.core.util.Context context)
keys/create
permission.
The CreateKeyOptions
is required. The expires
and notBefore
values are optional. The enabled
field
is set to true by Azure Key Vault, if not specified.
The keyType
indicates the type of key to create. Possible values include:
EC
, EC-HSM
, RSA
, RSA-HSM
and OCT
.
Code Samples
Creates a new RSA key which activates in one day and expires in one year. Prints out the details of the
CreateKeyOptions createKeyOptions = new CreateKeyOptions("keyName", KeyType.RSA) .setNotBefore(OffsetDateTime.now().plusDays(1)) .setExpiresOn(OffsetDateTime.now().plusYears(1)); KeyVaultKey optionsKey = keyClient.createKeyWithResponse(createKeyOptions, new Context(key1, value1)).getValue(); System.out.printf("Key is created with name %s and id %s %n", optionsKey.getName(), optionsKey.getId());
createKeyOptions
- The key options object containing information about the key being created.context
- Additional context that is passed through the Http pipeline during the service call.Response
whose value
contains the created key
.NullPointerException
- if keyCreateOptions
is null
.com.azure.core.exception.ResourceModifiedException
- if keyCreateOptions
is malformed.public KeyVaultKey createRsaKey(CreateRsaKeyOptions createRsaKeyOptions)
keys/create
permission.
The CreateRsaKeyOptions
is required. The keySize
can be
optionally specified. The expires
and notBefore
values are optional. The enabled
field is set to true by Azure Key Vault, if not specified.
The keyType
indicates the type of key to create. Possible values
include: RSA
and RSA-HSM
.
Code Samples
Creates a new RSA key with size 2048 which activates in one day and expires in one year. Prints out the details of the created key.
CreateRsaKeyOptions createRsaKeyOptions = new CreateRsaKeyOptions("keyName") .setKeySize(2048) .setNotBefore(OffsetDateTime.now().plusDays(1)) .setExpiresOn(OffsetDateTime.now().plusYears(1)); KeyVaultKey rsaKey = keyClient.createRsaKey(createRsaKeyOptions); System.out.printf("Key is created with name %s and id %s %n", rsaKey.getName(), rsaKey.getId());
createRsaKeyOptions
- The key options object containing information about the rsa key being created.created key
.NullPointerException
- if rsaKeyCreateOptions
is null
.com.azure.core.exception.ResourceModifiedException
- if rsaKeyCreateOptions
is malformed.com.azure.core.exception.HttpResponseException
- if name
is empty string.public com.azure.core.http.rest.Response<KeyVaultKey> createRsaKeyWithResponse(CreateRsaKeyOptions createRsaKeyOptions, com.azure.core.util.Context context)
keys/create
permission.
The CreateRsaKeyOptions
is required. The keySize
can be
optionally specified. The expires
and notBefore
values are optional. The enabled
field is set to true by Azure Key Vault, if not specified.
The keyType
indicates the type of key to create. Possible values
include: RSA
and RSA-HSM
.
Code Samples
Creates a new RSA key with size 2048 which activates in one day and expires in one year. Prints out the details of the created key.
CreateRsaKeyOptions createRsaKeyOptions = new CreateRsaKeyOptions("keyName") .setKeySize(2048) .setNotBefore(OffsetDateTime.now().plusDays(1)) .setExpiresOn(OffsetDateTime.now().plusYears(1)); KeyVaultKey rsaKey = keyClient.createRsaKeyWithResponse(createRsaKeyOptions, new Context(key1, value1)).getValue(); System.out.printf("Key is created with name %s and id %s %n", rsaKey.getName(), rsaKey.getId());
createRsaKeyOptions
- The key options object containing information about the rsa key being created.context
- Additional context that is passed through the Http pipeline during the service call.Response
whose value
contains the created key
.NullPointerException
- if rsaKeyCreateOptions
is null
.com.azure.core.exception.ResourceModifiedException
- if rsaKeyCreateOptions
is malformed.public KeyVaultKey createEcKey(CreateEcKeyOptions createEcKeyOptions)
keys/create
permission.
The CreateEcKeyOptions
parameter is required. The key curve
can be
optionally specified. If not specified, default value of P-256
is used by Azure Key
Vault. The expires
and notBefore
values are optional. The enabled
field is set to true by Azure Key Vault, if
not specified.
The keyType
indicates the type of key to create. Possible values
include: EC
and EC-HSM
.
Code Samples
Creates a new EC key with P-384 web key curve. The key activates in one day and expires in one year. Prints out the details of the created key.
CreateEcKeyOptions createEcKeyOptions = new CreateEcKeyOptions("keyName") .setCurveName(KeyCurveName.P_384) .setNotBefore(OffsetDateTime.now().plusDays(1)) .setExpiresOn(OffsetDateTime.now().plusYears(1)); KeyVaultKey ecKey = keyClient.createEcKey(createEcKeyOptions); System.out.printf("Key is created with name %s and id %s %n", ecKey.getName(), ecKey.getId());
createEcKeyOptions
- The key options object containing information about the ec key being created.created key
.NullPointerException
- if ecKeyCreateOptions
is null
.com.azure.core.exception.ResourceModifiedException
- if ecKeyCreateOptions
is malformed.public com.azure.core.http.rest.Response<KeyVaultKey> createEcKeyWithResponse(CreateEcKeyOptions createEcKeyOptions, com.azure.core.util.Context context)
keys/create
permission.
The CreateEcKeyOptions
parameter is required. The key curve
can be
optionally specified. If not specified, default value of P-256
is used by Azure Key
Vault. The expires
and notBefore
values are optional. The CreateKeyOptions.isEnabled()
enabled} field is set to true by Azure Key Vault, if
not specified.
The keyType
indicates the type of key to create. Possible values
include:
EC
and EC-HSM
.
Code Samples
Creates a new EC key with P-384 web key curve. The key activates in one day and expires in one year. Prints out the details of the created key.
CreateEcKeyOptions createEcKeyOptions = new CreateEcKeyOptions("keyName") .setCurveName(KeyCurveName.P_384) .setNotBefore(OffsetDateTime.now().plusDays(1)) .setExpiresOn(OffsetDateTime.now().plusYears(1)); KeyVaultKey ecKey = keyClient.createEcKeyWithResponse(createEcKeyOptions, new Context(key1, value1)).getValue(); System.out.printf("Key is created with name %s and id %s %n", ecKey.getName(), ecKey.getId());
createEcKeyOptions
- The key options object containing information about the ec key being created.context
- Additional context that is passed through the Http pipeline during the service call.Response
whose value
contains the created key
.NullPointerException
- if ecKeyCreateOptions
is null
.com.azure.core.exception.ResourceModifiedException
- if ecKeyCreateOptions
is malformed.public KeyVaultKey importKey(String name, JsonWebKey keyMaterial)
keys/import
permission.
Code Samples
Imports a new key into key vault. Prints out the details of the imported key.
KeyVaultKey importedKey = keyClient.importKey("keyName", jsonWebKeyToImport); System.out.printf("Key is imported with name %s and id %s \n", importedKey.getName(), importedKey.getId());
name
- The name for the imported key.keyMaterial
- The Json web key being imported.imported key
.com.azure.core.exception.HttpResponseException
- if name
is empty string.public KeyVaultKey importKey(ImportKeyOptions importKeyOptions)
keys/import
permission.
The keyImportOptions
is required and its fields name
and key material
cannot be null. The expires
and
notBefore
values in keyImportOptions
are optional. If not specified,
no values are set for the fields. The enabled
field is set to true and the
hsm
field is set to false by Azure Key Vault, if they are not specified.
Code Samples
Imports a new key into key vault. Prints out the details of the imported key.
ImportKeyOptions options = new ImportKeyOptions("keyName", jsonWebKeyToImport) .setHardwareProtected(false); KeyVaultKey importedKeyResponse = keyClient.importKey(options); System.out.printf("Key is imported with name %s and id %s \n", importedKeyResponse.getName(), importedKeyResponse.getId());
importKeyOptions
- The key import configuration object containing information about the json web key
being imported.imported key
.NullPointerException
- if keyImportOptions
is null
.com.azure.core.exception.HttpResponseException
- if name
is empty string.public com.azure.core.http.rest.Response<KeyVaultKey> importKeyWithResponse(ImportKeyOptions importKeyOptions, com.azure.core.util.Context context)
keys/import
permission.
The keyImportOptions
is required and its fields name
and key material
cannot be null. The expires
and
notBefore
values in keyImportOptions
are optional. If not specified,
no values are set for the fields. The enabled
field is set to true and the
hsm
field is set to false by Azure Key Vault, if they are not specified.
Code Samples
Imports a new key into key vault. Prints out the details of the imported key.
ImportKeyOptions importKeyOptions = new ImportKeyOptions("keyName", jsonWebKeyToImport) .setHardwareProtected(false); KeyVaultKey importedKeyResp = keyClient.importKeyWithResponse(importKeyOptions, new Context(key1, value1)) .getValue(); System.out.printf("Key is imported with name %s and id %s \n", importedKeyResp.getName(), importedKeyResp.getId());
importKeyOptions
- The key import configuration object containing information about the json web key
being imported.context
- Additional context that is passed through the Http pipeline during the service call.Response
whose value
contains the imported key
.NullPointerException
- if keyImportOptions
is null
.com.azure.core.exception.HttpResponseException
- if name
is empty string.public KeyVaultKey getKey(String name, String version)
keys/get
permission.
Code Samples
Gets a specific version of the key in the key vault. Prints out the details of the returned key.
String keyVersion = "6A385B124DEF4096AF1361A85B16C204"; KeyVaultKey keyWithVersion = keyClient.getKey("keyName", keyVersion); System.out.printf("Key is returned with name %s and id %s %n", keyWithVersion.getName(), keyWithVersion.getId());
name
- The name of the key, cannot be nullversion
- The version of the key to retrieve. If this is an empty String or null, this call is
equivalent to calling KeyClient.getKey(String)
, with the latest version being retrieved.key
. The content of the key is null if
both name
and version
are null or empty.com.azure.core.exception.ResourceNotFoundException
- when a key with name
doesn't exist in the key vault or
an empty/null name
and a non null/empty version
is provided.com.azure.core.exception.HttpResponseException
- if a valid name
and a non null/empty version
is specified.public com.azure.core.http.rest.Response<KeyVaultKey> getKeyWithResponse(String name, String version, com.azure.core.util.Context context)
keys/get
permission.
Code Samples
Gets a specific version of the key in the key vault. Prints out the details of the returned key.
String keyVersion = "6A385B124DEF4096AF1361A85B16C204"; KeyVaultKey keyWithVersion = keyClient.getKeyWithResponse("keyName", keyVersion, new Context(key1, value1)).getValue(); System.out.printf("Key is returned with name %s and id %s %n", keyWithVersion.getName(), keyWithVersion.getId());
name
- The name of the key, cannot be nullcontext
- Additional context that is passed through the Http pipeline during the service call.version
- The version of the key to retrieve. If this is an empty String or null, this call is
equivalent to calling KeyClient.getKey(String)
, with the latest version being retrieved.Response
whose value
contains the requested key
.
The content of the key is null if both name
and version
are null or empty.com.azure.core.exception.ResourceNotFoundException
- when a key with name
doesn't exist in the key vault or
an empty/null name
and a non null/empty version
is provided.com.azure.core.exception.HttpResponseException
- if a valid name
and a non null/empty version
is specified.public KeyVaultKey getKey(String name)
keys/get
permission.
Code Samples
Gets the latest version of the key in the key vault. Prints out the details of the returned key.
KeyVaultKey keyWithVersionValue = keyClient.getKey("keyName"); System.out.printf("Key is returned with name %s and id %s %n", keyWithVersionValue.getName(), keyWithVersionValue.getId());
name
- The name of the key.key
. The content of the key is null if name
is null or empty.com.azure.core.exception.ResourceNotFoundException
- when a key with non null/empty name
doesn't exist in the key vault.com.azure.core.exception.HttpResponseException
- if a non null/empty and an invalid name
is specified.public KeyVaultKey updateKeyProperties(KeyProperties keyProperties, KeyOperation... keyOperations)
keys/set
permission.
Code Samples
Gets the latest version of the key, changes its expiry time and key operations and the updates the key in the key vault.
KeyVaultKey key = keyClient.getKey("keyName"); key.getProperties().setExpiresOn(OffsetDateTime.now().plusDays(60)); KeyVaultKey updatedKey = keyClient.updateKeyProperties(key.getProperties(), KeyOperation.ENCRYPT, KeyOperation.DECRYPT); System.out.printf("Key is updated with name %s and id %s %n", updatedKey.getName(), updatedKey.getId());
keyProperties
- The key properties
object with updated properties.keyOperations
- The updated key operations to associate with the key.Response
whose value
contains the updated key
.NullPointerException
- if key
is null
.com.azure.core.exception.ResourceNotFoundException
- when a key with name
and version
doesn't exist in the key vault.com.azure.core.exception.HttpResponseException
- if name
or version
is empty
string.public com.azure.core.http.rest.Response<KeyVaultKey> updateKeyPropertiesWithResponse(KeyProperties keyProperties, com.azure.core.util.Context context, KeyOperation... keyOperations)
keys/set
permission.
Code Samples
Gets the latest version of the key, changes its expiry time and key operations and the updates the key in the key vault.
KeyVaultKey key = keyClient.getKey("keyName"); key.getProperties().setExpiresOn(OffsetDateTime.now().plusDays(60)); KeyVaultKey updatedKey = keyClient.updateKeyPropertiesWithResponse(key.getProperties(), new Context(key1, value1), KeyOperation.ENCRYPT, KeyOperation.DECRYPT).getValue(); System.out.printf("Key is updated with name %s and id %s %n", updatedKey.getName(), updatedKey.getId());
keyProperties
- The key properties
object with updated properties.context
- Additional context that is passed through the Http pipeline during the service call.keyOperations
- The updated key operations to associate with the key.Response
whose value
contains the updated key
.NullPointerException
- if key
is null
.com.azure.core.exception.ResourceNotFoundException
- when a key with name
and version
doesn't exist in the key vault.com.azure.core.exception.HttpResponseException
- if name
or version
is empty
string.public com.azure.core.util.polling.SyncPoller<DeletedKey,Void> beginDeleteKey(String name)
keys/delete
permission.
Code Samples
Deletes the key from the keyvault. Prints out the recovery id of the deleted key returned in the response.
SyncPoller<DeletedKey, Void> deletedKeyPoller = keyClient.beginDeleteKey("keyName"); PollResponse<DeletedKey> deletedKeyPollResponse = deletedKeyPoller.poll(); // Deleted date only works for SoftDelete Enabled Key Vault. DeletedKey deletedKey = deletedKeyPollResponse.getValue(); System.out.println("Deleted Date %s" + deletedKey.getDeletedOn().toString()); System.out.printf("Deleted Key's Recovery Id %s", deletedKey.getRecoveryId()); // Key is being deleted on server. deletedKeyPoller.waitForCompletion(); // Key is deleted
name
- The name of the key to be deleted.SyncPoller
to poll on and retrieve deleted key
com.azure.core.exception.ResourceNotFoundException
- when a key with name
doesn't exist in the key vault.com.azure.core.exception.HttpResponseException
- when a key with name
is empty string.public DeletedKey getDeletedKey(String name)
keys/get
permission.
Code Samples
Gets the deleted key from the key vault enabled for soft-delete. Prints out the details of the deleted key returned in the response.
//Assuming key is deleted on a soft-delete enabled key vault.DeletedKey deletedKey = keyClient.getDeletedKey("keyName"); System.out.printf("Deleted Key's Recovery Id %s", deletedKey.getRecoveryId());
name
- The name of the deleted key.deleted key
.com.azure.core.exception.ResourceNotFoundException
- when a key with name
doesn't exist in the key vault.com.azure.core.exception.HttpResponseException
- when a key with name
is empty string.public com.azure.core.http.rest.Response<DeletedKey> getDeletedKeyWithResponse(String name, com.azure.core.util.Context context)
keys/get
permission.
Code Samples
Gets the deleted key from the key vault enabled for soft-delete. Prints out the details of the deleted key returned in the response.
//Assuming key is deleted on a soft-delete enabled key vault.DeletedKey deletedKey = keyClient.getDeletedKeyWithResponse("keyName", new Context(key1, value1)) .getValue(); System.out.printf("Deleted Key with recovery Id %s %n", deletedKey.getRecoveryId());
name
- The name of the deleted key.context
- Additional context that is passed through the Http pipeline during the service call.Response
whose value
contains the deleted key
.com.azure.core.exception.ResourceNotFoundException
- when a key with name
doesn't exist in the key vault.com.azure.core.exception.HttpResponseException
- when a key with name
is empty string.public void purgeDeletedKey(String name)
keys/purge
permission.
Code Samples
Purges the deleted key from the key vault enabled for soft-delete. Prints out the status code from the server response.
//Assuming key is deleted on a soft-delete enabled key vault.keyClient.purgeDeletedKey("deletedKeyName");
name
- The name of the deleted key.com.azure.core.exception.ResourceNotFoundException
- when a key with name
doesn't exist in the key vault.com.azure.core.exception.HttpResponseException
- when a key with name
is empty string.public com.azure.core.http.rest.Response<Void> purgeDeletedKeyWithResponse(String name, com.azure.core.util.Context context)
keys/purge
permission.
Code Samples
Purges the deleted key from the key vault enabled for soft-delete. Prints out the status code from the server response.
//Assuming key is deleted on a soft-delete enabled key vault.Response<Void> purgedResponse = keyClient.purgeDeletedKeyWithResponse("deletedKeyName", new Context(key2, value2)); System.out.printf("Purge Status Code: %d %n", purgedResponse.getStatusCode());
name
- The name of the deleted key.context
- Additional context that is passed through the Http pipeline during the service call.com.azure.core.exception.ResourceNotFoundException
- when a key with name
doesn't exist in the key vault.com.azure.core.exception.HttpResponseException
- when a key with name
is empty string.public com.azure.core.util.polling.SyncPoller<KeyVaultKey,Void> beginRecoverDeletedKey(String name)
keys/recover
permission.
Code Samples
Recovers the deleted key from the key vault enabled for soft-delete.
//Assuming key is deleted on a soft-delete enabled key vault.SyncPoller<KeyVaultKey, Void> recoverKeyPoller = keyClient.beginRecoverDeletedKey("deletedKeyName"); PollResponse<KeyVaultKey> recoverKeyPollResponse = recoverKeyPoller.poll(); KeyVaultKey recoveredKey = recoverKeyPollResponse.getValue(); System.out.println("Recovered Key Name %s" + recoveredKey.getName()); System.out.printf("Recovered Key's Id %s", recoveredKey.getId()); // Key is being recovered on server. recoverKeyPoller.waitForCompletion(); // Key is recovered
name
- The name of the deleted key to be recovered.SyncPoller
to poll on and retrieve recovered key
.com.azure.core.exception.ResourceNotFoundException
- when a key with name
doesn't exist in the key vault.com.azure.core.exception.HttpResponseException
- when a key with name
is empty string.public byte[] backupKey(String name)
key/backup
permission.
Code Samples
Backs up the key from the key vault and prints out the length of the key's backup byte array returned in the response
byte[] keyBackup = keyClient.backupKey("keyName"); System.out.printf("Key's Backup Byte array's length %s", keyBackup.length);
name
- The name of the key.com.azure.core.exception.ResourceNotFoundException
- when a key with name
doesn't exist in the key vault.com.azure.core.exception.HttpResponseException
- when a key with name
is empty string.public com.azure.core.http.rest.Response<byte[]> backupKeyWithResponse(String name, com.azure.core.util.Context context)
key/backup
permission.
Code Samples
Backs up the key from the key vault and prints out the length of the key's backup byte array returned in the response
byte[] keyBackup = keyClient.backupKeyWithResponse("keyName", new Context(key2, value2)).getValue(); System.out.printf("Key's Backup Byte array's length %s", keyBackup.length);
name
- The name of the key.context
- Additional context that is passed through the Http pipeline during the service call.Response
whose value
contains the backed up key blob.com.azure.core.exception.ResourceNotFoundException
- when a key with name
doesn't exist in the key vault.com.azure.core.exception.HttpResponseException
- when a key with name
is empty string.public KeyVaultKey restoreKeyBackup(byte[] backup)
keys/restore
permission.
Code Samples
Restores the key in the key vault from its backup. Prints out the details of the restored key returned in the response.
//Pass the Key Backup Byte array to the restore operation.byte[] keyBackupByteArray = {}; KeyVaultKey keyResponse = keyClient.restoreKeyBackup(keyBackupByteArray); System.out.printf("Restored Key with name %s and id %s %n", keyResponse.getName(), keyResponse.getId());
backup
- The backup blob associated with the key.restored key
.com.azure.core.exception.ResourceModifiedException
- when backup
blob is malformed.public com.azure.core.http.rest.Response<KeyVaultKey> restoreKeyBackupWithResponse(byte[] backup, com.azure.core.util.Context context)
keys/restore
permission.
Code Samples
Restores the key in the key vault from its backup. Prints out the details of the restored key returned in the response.
//Pass the Key Backup Byte array to the restore operation.byte[] keyBackupByteArray = {}; Response<KeyVaultKey> keyResponse = keyClient.restoreKeyBackupWithResponse(keyBackupByteArray, new Context(key1, value1)); System.out.printf("Restored Key with name %s and id %s %n", keyResponse.getValue().getName(), keyResponse.getValue().getId());
backup
- The backup blob associated with the key.context
- Additional context that is passed through the Http pipeline during the service call.Response
whose value
contains the restored key
.com.azure.core.exception.ResourceModifiedException
- when backup
blob is malformed.public com.azure.core.http.rest.PagedIterable<KeyProperties> listPropertiesOfKeys()
KeyProperties
as only the key identifier, attributes and tags are
provided in the response. The key material and individual key versions are not listed in the response. This
operation requires the keys/list
permission.
It is possible to get full keys with key material from this information. Loop over the key
and call KeyClient.getKey(String, String)
. This will return the key
with key material
included of its latest version.
for (KeyProperties key : keyClient.listPropertiesOfKeys()) { KeyVaultKey keyWithMaterial = keyClient.getKey(key.getName(), key.getVersion()); System.out.printf("Received key with name %s and type %s", keyWithMaterial.getName(), keyWithMaterial.getKeyType()); }
Code Samples to iterate keys by page
It is possible to get full keys with key material from this information. Iterate over all the key
by page and call KeyClient.getKey(String, String)
. This will return the key
with key
material included of its latest version.
keyClient.listPropertiesOfKeys().iterableByPage().forEach(resp -> { System.out.printf("Got response headers . Url: %s, Status code: %d %n", resp.getRequest().getUrl(), resp.getStatusCode()); resp.getItems().forEach(value -> { KeyVaultKey keyWithMaterial = keyClient.getKey(value.getName(), value.getVersion()); System.out.printf("Received key with name %s and type %s %n", keyWithMaterial.getName(), keyWithMaterial.getKeyType()); }); });
PagedIterable
of key
of all the keys in the vault.public com.azure.core.http.rest.PagedIterable<KeyProperties> listPropertiesOfKeys(com.azure.core.util.Context context)
KeyProperties
as only the key identifier, attributes and tags are
provided in the response. The key material and individual key versions are not listed in the response. This
operation requires the keys/list
permission.
It is possible to get full keys with key material from this information. Loop over the key
and call KeyClient.getKey(String, String)
. This will return the key
with key material
included of its latest version.
for (KeyProperties key : keyClient.listPropertiesOfKeys(new Context(key2, value2))) { KeyVaultKey keyWithMaterial = keyClient.getKey(key.getName(), key.getVersion()); System.out.printf("Received key with name %s and type %s", keyWithMaterial.getName(), keyWithMaterial.getKeyType()); }
Code Samples to iterate keys by page
It is possible to get full keys with key material from this information. Iterate over all the key
by page and call KeyClient.getKey(String, String)
. This will return the key
with key
material included of its latest version.
keyClient.listPropertiesOfKeys().iterableByPage().forEach(resp -> { System.out.printf("Got response headers . Url: %s, Status code: %d %n", resp.getRequest().getUrl(), resp.getStatusCode()); resp.getItems().forEach(value -> { KeyVaultKey keyWithMaterial = keyClient.getKey(value.getName(), value.getVersion()); System.out.printf("Received key with name %s and type %s %n", keyWithMaterial.getName(), keyWithMaterial.getKeyType()); }); });
context
- Additional context that is passed through the Http pipeline during the service call.PagedIterable
of key
of all the keys in the vault.public com.azure.core.http.rest.PagedIterable<DeletedKey> listDeletedKeys()
deleted keys
of the key vault. The deleted keys are retrieved as JSON Web Key structures
that contain the public part of a deleted key. The Get Deleted Keys operation is applicable for vaults enabled
for soft-delete. This operation requires the keys/list
permission.
Code Samples
Lists the deleted keys in the key vault and for each deleted key prints out its recovery id.
for (DeletedKey deletedKey : keyClient.listDeletedKeys()) { System.out.printf("Deleted key's recovery Id %s", deletedKey.getRecoveryId()); }
Code Samples to iterate over deleted keys by page
Iterate over the lists the deleted keys by each page in the key vault and for each deleted key prints out its recovery id.
keyClient.listDeletedKeys().iterableByPage().forEach(resp -> { System.out.printf("Got response headers . Url: %s, Status code: %d %n", resp.getRequest().getUrl(), resp.getStatusCode()); resp.getItems().forEach(value -> { System.out.printf("Deleted key's recovery Id %s %n", value.getRecoveryId()); }); });
PagedIterable
of all of the deleted keys
in the vault.public com.azure.core.http.rest.PagedIterable<DeletedKey> listDeletedKeys(com.azure.core.util.Context context)
deleted keys
of the key vault. The deleted keys are retrieved as JSON Web Key structures
that contain the public part of a deleted key. The Get Deleted Keys operation is applicable for vaults enabled
for soft-delete. This operation requires the keys/list
permission.
Code Samples
Lists the deleted keys in the key vault and for each deleted key prints out its recovery id.
for (DeletedKey deletedKey : keyClient.listDeletedKeys(new Context(key2, value2))) { System.out.printf("Deleted key's recovery Id %s", deletedKey.getRecoveryId()); }
Code Samples to iterate over deleted keys by page
Iterate over the lists the deleted keys by each page in the key vault and for each deleted key prints out its recovery id.
keyClient.listDeletedKeys().iterableByPage().forEach(resp -> { System.out.printf("Got response headers . Url: %s, Status code: %d %n", resp.getRequest().getUrl(), resp.getStatusCode()); resp.getItems().forEach(value -> { System.out.printf("Deleted key's recovery Id %s %n", value.getRecoveryId()); }); });
context
- Additional context that is passed through the Http pipeline during the service call.PagedIterable
of all of the deleted keys
in the vault.public com.azure.core.http.rest.PagedIterable<KeyProperties> listPropertiesOfKeyVersions(String name)
KeyProperties
as only the key identifier, attributes and tags are provided in the response. The key material values are
not provided in the response. This operation requires the keys/list
permission.
It is possible to get full keys with key material for each version from this information. Loop over the
key
and call KeyClient.getKey(String, String)
. This will return the keys
with key material included of the specified versions.
for (KeyProperties key : keyClient.listPropertiesOfKeyVersions("keyName")) { KeyVaultKey keyWithMaterial = keyClient.getKey(key.getName(), key.getVersion()); System.out.printf("Received key's version with name %s, type %s and version %s", keyWithMaterial.getName(), keyWithMaterial.getKeyType(), keyWithMaterial.getProperties().getVersion()); }
Code Samples to iterate over key versions by page
It is possible to get full keys with key material for each version from this information. Iterate over all
the key
by page and call KeyClient.getKey(String, String)
. This will return the keys
with key material included of the specified versions.
keyClient.listPropertiesOfKeyVersions("keyName").iterableByPage().forEach(resp -> { System.out.printf("Got response headers . Url: %s, Status code: %d %n", resp.getRequest().getUrl(), resp.getStatusCode()); resp.getItems().forEach(value -> { System.out.printf("Key name: %s, Key version: %s %n", value.getName(), value.getVersion()); }); });
name
- The name of the key.PagedIterable
of key
of all the versions of the specified key in the vault. List
is empty if key with name
does not exist in key vault.com.azure.core.exception.ResourceNotFoundException
- when a given key name
is null or an empty string.public com.azure.core.http.rest.PagedIterable<KeyProperties> listPropertiesOfKeyVersions(String name, com.azure.core.util.Context context)
KeyProperties
as only the key identifier, attributes and tags are provided in the response. The key material values are
not provided in the response. This operation requires the keys/list
permission.
It is possible to get full keys with key material for each version from this information. Loop over the
key
and call KeyClient.getKey(String, String)
. This will return the keys
with key material included of the specified versions.
for (KeyProperties key : keyClient.listPropertiesOfKeyVersions("keyName")) { KeyVaultKey keyWithMaterial = keyClient.getKey(key.getName(), key.getVersion()); System.out.printf("Received key's version with name %s, type %s and version %s", keyWithMaterial.getName(), keyWithMaterial.getKeyType(), keyWithMaterial.getProperties().getVersion()); }
Code Samples to iterate over key versions by page
It is possible to get full keys with key material for each version from this information. Iterate over all
the key
by page and call KeyClient.getKey(String, String)
. This will return the
keys
with key material included of the specified versions.
keyClient.listPropertiesOfKeyVersions("keyName").iterableByPage().forEach(resp -> { System.out.printf("Got response headers . Url: %s, Status code: %d %n", resp.getRequest().getUrl(), resp.getStatusCode()); resp.getItems().forEach(value -> { System.out.printf("Key name: %s, Key version: %s %n", value.getName(), value.getVersion()); }); });
name
- The name of the key.context
- Additional context that is passed through the Http pipeline during the service call.PagedIterable
of key
of all the versions of the specified key in the vault. List
is empty if key with name
does not exist in key vault.com.azure.core.exception.ResourceNotFoundException
- when a given key name
is null or an empty string.Copyright © 2020 Microsoft Corporation. All rights reserved.