public final class SecretAsyncClient extends Object
secrets
in the Azure Key Vault. The
client supports creating, retrieving, updating, deleting, purging, backing up, restoring, and listing the secrets
. The client also supports listing deleted secrets
for a soft-delete enabled
Azure Key Vault.
Construct the async client
SecretAsyncClient secretAsyncClient = new SecretClientBuilder() .credential(new DefaultAzureCredentialBuilder().build()) .vaultUrl("https://myvault.vault.azure.net/") .httpLogOptions(new HttpLogOptions().setLogLevel(HttpLogDetailLevel.BODY_AND_HEADERS)) .buildAsyncClient();
SecretClientBuilder
,
PagedFlux
Modifier and Type | Method and Description |
---|---|
Mono<byte[]> |
backupSecret(String name)
Requests a backup of the secret be downloaded to the client.
|
Mono<com.azure.core.http.rest.Response<byte[]>> |
backupSecretWithResponse(String name)
Requests a backup of the secret be downloaded to the client.
|
com.azure.core.util.polling.PollerFlux<DeletedSecret,Void> |
beginDeleteSecret(String name)
Deletes a secret from the key vault.
|
com.azure.core.util.polling.PollerFlux<DeletedSecret,Void> |
beginDeleteSecret(String name,
Duration pollingInterval)
Deletes a secret from the key vault.
|
com.azure.core.util.polling.PollerFlux<KeyVaultSecret,Void> |
beginRecoverDeletedSecret(String name)
Recovers the deleted secret in the key vault to its latest version.
|
com.azure.core.util.polling.PollerFlux<KeyVaultSecret,Void> |
beginRecoverDeletedSecret(String name,
Duration pollingInterval)
Recovers the deleted secret in the key vault to its latest version.
|
Mono<DeletedSecret> |
getDeletedSecret(String name)
Gets a secret that has been deleted for a soft-delete enabled key vault.
|
Mono<com.azure.core.http.rest.Response<DeletedSecret>> |
getDeletedSecretWithResponse(String name)
Gets a secret that has been deleted for a soft-delete enabled key vault.
|
Mono<KeyVaultSecret> |
getSecret(String name)
Gets the latest version of the specified secret from the key vault.
|
Mono<KeyVaultSecret> |
getSecret(String name,
String version)
Gets the specified secret with specified version from the key vault.
|
Mono<com.azure.core.http.rest.Response<KeyVaultSecret>> |
getSecretWithResponse(String name,
String version)
Gets the specified secret with specified version from the key vault.
|
String |
getVaultUrl()
Gets the vault endpoint url to which service requests are sent to.
|
com.azure.core.http.rest.PagedFlux<DeletedSecret> |
listDeletedSecrets()
Lists
deleted secrets of the key vault if it has enabled soft-delete. |
com.azure.core.http.rest.PagedFlux<SecretProperties> |
listPropertiesOfSecrets()
Lists secrets in the key vault.
|
com.azure.core.http.rest.PagedFlux<SecretProperties> |
listPropertiesOfSecretVersions(String name)
Lists all versions of the specified secret.
|
Mono<Void> |
purgeDeletedSecret(String name)
Permanently removes a deleted secret, without the possibility of recovery.
|
Mono<com.azure.core.http.rest.Response<Void>> |
purgeDeletedSecretWithResponse(String name)
Permanently removes a deleted secret, without the possibility of recovery.
|
Mono<KeyVaultSecret> |
restoreSecretBackup(byte[] backup)
Restores a backed up secret, and all its versions, to a vault.
|
Mono<com.azure.core.http.rest.Response<KeyVaultSecret>> |
restoreSecretBackupWithResponse(byte[] backup)
Restores a backed up secret, and all its versions, to a vault.
|
Mono<KeyVaultSecret> |
setSecret(KeyVaultSecret secret)
Adds a secret to the key vault if it does not exist.
|
Mono<KeyVaultSecret> |
setSecret(String name,
String value)
Adds a secret to the key vault if it does not exist.
|
Mono<com.azure.core.http.rest.Response<KeyVaultSecret>> |
setSecretWithResponse(KeyVaultSecret secret)
Adds a secret to the key vault if it does not exist.
|
Mono<SecretProperties> |
updateSecretProperties(SecretProperties secretProperties)
Updates the attributes associated with the secret.
|
Mono<com.azure.core.http.rest.Response<SecretProperties>> |
updateSecretPropertiesWithResponse(SecretProperties secretProperties)
Updates the attributes associated with the secret.
|
public String getVaultUrl()
public Mono<KeyVaultSecret> setSecret(KeyVaultSecret secret)
secrets/set
permission.
The expires
, contentType
,
and notBefore
values in secret
are optional.
If not specified, enabled
is set to true by key vault.
Code sample
Creates a new secret which activates in one day and expires in one year. Subscribes to the call asynchronously and prints out the newly created secret details when a response is received.
SecretProperties properties = new SecretProperties() .setExpiresOn(OffsetDateTime.now().plusDays(60)); KeyVaultSecret newSecret = new KeyVaultSecret("secretName", "secretValue") .setProperties(properties); secretAsyncClient.setSecret(newSecret) .subscribe(secretResponse -> System.out.printf("Secret is created with name %s and value %s %n", secretResponse.getName(), secretResponse.getValue()));
secret
- The Secret object containing information about the secret and its properties. The properties
secret.name
and secret.value
cannot be
null.Mono
containing the created secret
.NullPointerException
- if secret
is null
.com.azure.core.exception.ResourceModifiedException
- if secret
is malformed.com.azure.core.exception.HttpResponseException
- if name
or value
is an empty string.public Mono<com.azure.core.http.rest.Response<KeyVaultSecret>> setSecretWithResponse(KeyVaultSecret secret)
secrets/set
permission.
The expires
, contentType
,
and notBefore
values in secret
are optional.
If not specified, enabled
is set to true by key vault.
Code sample
Creates a new secret which activates in one day and expires in one year. Subscribes to the call asynchronously and prints out the newly created secret details when a response is received.
KeyVaultSecret newSecret = new KeyVaultSecret("secretName", "secretValue"). setProperties(new SecretProperties().setExpiresOn(OffsetDateTime.now().plusDays(60))); secretAsyncClient.setSecretWithResponse(newSecret) .subscribe(secretResponse -> System.out.printf("Secret is created with name %s and value %s %n", secretResponse.getValue().getName(), secretResponse.getValue().getValue()));
secret
- The Secret object containing information about the secret and its properties. The properties
secret.name
and secret.value
cannot be
null.Mono
containing a Response
whose value
contains the created secret
.NullPointerException
- if secret
is null
.com.azure.core.exception.ResourceModifiedException
- if secret
is malformed.com.azure.core.exception.HttpResponseException
- if name
or value
is an empty string.public Mono<KeyVaultSecret> setSecret(String name, String value)
secrets/set
permission.
Code sample
Creates a new secret in the key vault. Subscribes to the call asynchronously and prints out the newly created secret details when a response is received.
secretAsyncClient.setSecret("secretName", "secretValue") .subscribe(secretResponse -> System.out.printf("Secret is created with name %s and value %s%n", secretResponse.getName(), secretResponse.getValue()));
name
- The name of the secret. It is required and cannot be null.value
- The value of the secret. It is required and cannot be null.Mono
containing the created secret
.com.azure.core.exception.ResourceModifiedException
- if invalid name
or value
are specified.com.azure.core.exception.HttpResponseException
- if name
or value
is empty string.public Mono<KeyVaultSecret> getSecret(String name, String version)
secrets/get
permission.
Code sample
Gets a specific version of the secret in the key vault. Subscribes to the call asynchronously and prints out the returned secret details when a response is received.
String secretVersion = "6A385B124DEF4096AF1361A85B16C204"; secretAsyncClient.getSecret("secretName", secretVersion) // Passing a Context is optional and useful if you want a set of data to flow through the request. // Otherwise, the line below can be removed. .subscriberContext(Context.of(key1, value1, key2, value2)) .subscribe(secretWithVersion -> System.out.printf("Secret is returned with name %s and value %s %n", secretWithVersion.getName(), secretWithVersion.getValue()));
name
- The name of the secret, cannot be null.version
- The version of the secret to retrieve. If this is an empty string or null, this
call is equivalent to calling SecretAsyncClient.getSecret(String)
, with the latest version being
retrieved.Mono
containing a Response
whose value
contains the requested secret
.com.azure.core.exception.ResourceNotFoundException
- when a secret with name
and version
doesn't
exist in the key vault.com.azure.core.exception.HttpResponseException
- if name
name} or version
is empty string.public Mono<com.azure.core.http.rest.Response<KeyVaultSecret>> getSecretWithResponse(String name, String version)
secrets/get
permission.
Code sample
Gets a specific version of the secret in the key vault. Subscribes to the call asynchronously and prints out the returned secret details when a response is received.
String secretVersion = "6A385B124DEF4096AF1361A85B16C204"; secretAsyncClient.getSecretWithResponse("secretName", secretVersion) // Passing a Context is optional and useful if you want a set of data to flow through the request. // Otherwise, the line below can be removed. .subscriberContext(Context.of(key1, value1, key2, value2)) .subscribe(secretWithVersion -> System.out.printf("Secret is returned with name %s and value %s %n", secretWithVersion.getValue().getName(), secretWithVersion.getValue().getValue()));
name
- The name of the secret, cannot be null.version
- The version of the secret to retrieve. If this is an empty string or null, this call is equivalent
to calling SecretAsyncClient.getSecret(String)
, with the latest version being retrieved.Mono
containing a Response
whose value
contains the
requested secret
.com.azure.core.exception.ResourceNotFoundException
- when a secret with name
and version
doesn't exist in the key
vault.com.azure.core.exception.HttpResponseException
- if name
name} or version
is empty string.public Mono<KeyVaultSecret> getSecret(String name)
secrets/get
permission.
Code sample
Gets latest version of the secret in the key vault. Subscribes to the call asynchronously and prints out the returned secret details when a response is received.
secretAsyncClient.getSecret("secretName") .subscribe(secretWithVersion -> System.out.printf("Secret is returned with name %s and value %s %n", secretWithVersion.getName(), secretWithVersion.getValue()));
public Mono<SecretProperties> updateSecretProperties(SecretProperties secretProperties)
secretProperties
are changed. Attributes not specified in the request are
not changed. This operation requires the secrets/set
permission.
The secret
is required and its fields name
and
version
cannot be null.
Code sample
Gets latest version of the secret, changes its notBefore
time, and then updates it in the Azure Key Vault. Subscribes to the call asynchronously and prints out the
returned secret details when a response is received.
secretAsyncClient.getSecret("secretName") .subscribe(secretResponseValue -> { SecretProperties secretProperties = secretResponseValue.getProperties(); //Update the not before time of the secret. secretProperties.setNotBefore(OffsetDateTime.now().plusDays(50)); secretAsyncClient.updateSecretProperties(secretProperties) .subscribe(secretResponse -> System.out.printf("Secret's updated not before time %s %n", secretResponse.getNotBefore().toString())); });
secretProperties
- The secret properties
object with updated properties.Mono
containing the updated secret
.NullPointerException
- if secret
is null
.com.azure.core.exception.ResourceNotFoundException
- when a secret with name
and version
doesn't exist in the key vault.com.azure.core.exception.HttpResponseException
- if name
or
version
is an empty string.public Mono<com.azure.core.http.rest.Response<SecretProperties>> updateSecretPropertiesWithResponse(SecretProperties secretProperties)
secretProperties
are changed. Attributes not specified in the request are
not changed. This operation requires the secrets/set
permission.
Code sample
Gets latest version of the secret, changes its notBefore
time, and then updates it in the Azure Key Vault. Subscribes to the call asynchronously and prints out the
returned secret details when a response is received.
secretAsyncClient.getSecret("secretName") .subscribe(secretResponseValue -> { SecretProperties secretProperties = secretResponseValue.getProperties(); //Update the not before time of the secret. secretProperties.setNotBefore(OffsetDateTime.now().plusDays(50)); secretAsyncClient.updateSecretPropertiesWithResponse(secretProperties) .subscribe(secretResponse -> System.out.printf("Secret's updated not before time %s %n", secretResponse.getValue().getNotBefore().toString())); });
The secret
is required and its fields name
and
version
cannot be null.
secretProperties
- The secret properties
object with updated properties.Mono
containing a Response
whose value
contains the updated secret
.NullPointerException
- if secret
is null
.com.azure.core.exception.ResourceNotFoundException
- when a secret with name
and version
doesn't exist in the key vault.com.azure.core.exception.HttpResponseException
- if name
or
version
is empty string.public com.azure.core.util.polling.PollerFlux<DeletedSecret,Void> beginDeleteSecret(String name)
secrets/delete
permission.
Code sample
Deletes the secret in the Azure Key Vault. Subscribes to the call asynchronously and prints out the deleted secret details when a response is received.
secretAsyncClient.beginDeleteSecret("secretName") .subscribe(pollResponse -> { System.out.println("Delete Status: " + pollResponse.getStatus().toString()); System.out.println("Deleted Secret Name: " + pollResponse.getValue().getName()); System.out.println("Deleted Secret Value: " + pollResponse.getValue().getValue()); });
name
- The name of the secret to be deleted.PollerFlux
to poll on and retrieve deleted secret
.com.azure.core.exception.ResourceNotFoundException
- when a secret with name
doesn't exist in the key vault.com.azure.core.exception.HttpResponseException
- when a secret with name
is empty string.public com.azure.core.util.polling.PollerFlux<DeletedSecret,Void> beginDeleteSecret(String name, Duration pollingInterval)
secrets/delete
permission.
Code sample
Deletes the secret in the Azure Key Vault. Subscribes to the call asynchronously and prints out the deleted secret details when a response is received.
secretAsyncClient.beginDeleteSecret("secretName", Duration.ofSeconds(1)) .subscribe(pollResponse -> { System.out.println("Delete Status: " + pollResponse.getStatus().toString()); System.out.println("Deleted Secret Name: " + pollResponse.getValue().getName()); System.out.println("Deleted Secret Value: " + pollResponse.getValue().getValue()); });
name
- The name of the secret to be deleted.pollingInterval
- The interval at which the operation status will be polled for.PollerFlux
to poll on and retrieve deleted secret
.com.azure.core.exception.ResourceNotFoundException
- when a secret with name
doesn't exist in the key vault.com.azure.core.exception.HttpResponseException
- when a secret with name
is empty string.public Mono<DeletedSecret> getDeletedSecret(String name)
secrets/list
permission.
Code sample
Gets the deleted secret from the key vault enabled for soft-delete. Subscribes to the call asynchronously and prints out the deleted secret details when a response is received.
secretAsyncClient.getDeletedSecret("secretName") .subscribe(deletedSecretResponse -> System.out.printf("Deleted Secret's Recovery Id %s %n", deletedSecretResponse.getRecoveryId()));
name
- The name of the deleted secret.Mono
containing the deleted secret
.com.azure.core.exception.ResourceNotFoundException
- when a secret with name
doesn't exist in the key vault.com.azure.core.exception.HttpResponseException
- when a secret with name
is empty string.public Mono<com.azure.core.http.rest.Response<DeletedSecret>> getDeletedSecretWithResponse(String name)
secrets/list
permission.
Code sample
Gets the deleted secret from the key vault enabled for soft-delete. Subscribes to the call asynchronously and prints out the deleted secret details when a response is received.
secretAsyncClient.getDeletedSecretWithResponse("secretName") .subscribe(deletedSecretResponse -> System.out.printf("Deleted Secret's Recovery Id %s %n", deletedSecretResponse.getValue().getRecoveryId()));
name
- The name of the deleted secret.Mono
containing a Response
whose value
contains the
deleted secret
.com.azure.core.exception.ResourceNotFoundException
- when a secret with name
doesn't exist in the key vault.com.azure.core.exception.HttpResponseException
- when a secret with name
is empty string.public Mono<Void> purgeDeletedSecret(String name)
secrets/purge
permission.
Code sample
Purges the deleted secret from the key vault enabled for soft-delete. Subscribes to the call asynchronously and prints out the status code from the server response when a response is received.
secretAsyncClient.purgeDeletedSecret("deletedSecretName") .doOnSuccess(purgeResponse -> System.out.println("Successfully Purged deleted Secret")) .subscribe();
name
- The name of the secret.Mono
.com.azure.core.exception.ResourceNotFoundException
- when a secret with name
doesn't exist in the key vault.com.azure.core.exception.HttpResponseException
- when a secret with name
is empty string.public Mono<com.azure.core.http.rest.Response<Void>> purgeDeletedSecretWithResponse(String name)
secrets/purge
permission.
Code sample
Purges the deleted secret from the key vault enabled for soft-delete. Subscribes to the call asynchronously and prints out the status code from the server response when a response is received.
secretAsyncClient.purgeDeletedSecretWithResponse("deletedSecretName") .subscribe(purgeResponse -> System.out.printf("Purge Status response %d %n", purgeResponse.getStatusCode()));
name
- The name of the secret.Mono
containing a Response containing status code and HTTP headers.com.azure.core.exception.ResourceNotFoundException
- when a secret with name
doesn't exist in the key vault.com.azure.core.exception.HttpResponseException
- when a secret with name
is empty string.public com.azure.core.util.polling.PollerFlux<KeyVaultSecret,Void> beginRecoverDeletedSecret(String name)
secrets/recover
permission.
Code sample
Recovers the deleted secret from the key vault enabled for soft-delete. Subscribes to the call asynchronously and prints out the recovered secret details when a response is received.
secretAsyncClient.beginRecoverDeletedSecret("deletedSecretName") .subscribe(pollResponse -> { System.out.println("Recovery Status: " + pollResponse.getStatus().toString()); System.out.println("Recovered Secret Name: " + pollResponse.getValue().getName()); System.out.println("Recovered Secret Value: " + pollResponse.getValue().getValue()); });
name
- The name of the deleted secret to be recovered.PollerFlux
to poll on and retrieve the recovered secret
.com.azure.core.exception.ResourceNotFoundException
- when a secret with name
doesn't exist in the key vault.com.azure.core.exception.HttpResponseException
- when a secret with name
is empty string.public com.azure.core.util.polling.PollerFlux<KeyVaultSecret,Void> beginRecoverDeletedSecret(String name, Duration pollingInterval)
secrets/recover
permission.
Code sample
Recovers the deleted secret from the key vault enabled for soft-delete. Subscribes to the call asynchronously and prints out the recovered secret details when a response is received.
secretAsyncClient.beginRecoverDeletedSecret("deletedSecretName") .subscribe(pollResponse -> { System.out.println("Recovery Status: " + pollResponse.getStatus().toString()); System.out.println("Recovered Secret Name: " + pollResponse.getValue().getName()); System.out.println("Recovered Secret Value: " + pollResponse.getValue().getValue()); });
name
- The name of the deleted secret to be recovered.pollingInterval
- The interval at which the operation status will be polled for.PollerFlux
to poll on and retrieve the recovered secret
.com.azure.core.exception.ResourceNotFoundException
- when a secret with name
doesn't exist in the key vault.com.azure.core.exception.HttpResponseException
- when a secret with name
is empty string.public Mono<byte[]> backupSecret(String name)
secrets/backup
permission.
Code sample
Backs up the secret from the key vault. Subscribes to the call asynchronously and prints out the length of the secret's backup byte array returned in the response.
secretAsyncClient.backupSecret("secretName") .subscribe(secretBackupResponse -> System.out.printf("Secret's Backup Byte array's length %s%n", secretBackupResponse.length));
name
- The name of the secret.Mono
containing the backed up secret blob.com.azure.core.exception.ResourceNotFoundException
- when a secret with name
doesn't exist in the key vault.com.azure.core.exception.HttpResponseException
- when a secret with name
is empty string.public Mono<com.azure.core.http.rest.Response<byte[]>> backupSecretWithResponse(String name)
secrets/backup
permission.
Code sample
Backs up the secret from the key vault. Subscribes to the call asynchronously and prints out the length of the secret's backup byte array returned in the response.
secretAsyncClient.backupSecretWithResponse("secretName") .subscribe(secretBackupResponse -> System.out.printf("Secret's Backup Byte array's length %s%n", secretBackupResponse.getValue().length));
name
- The name of the secret.Mono
containing a Response
whose value
contains the backed up secret blob.com.azure.core.exception.ResourceNotFoundException
- when a secret with name
doesn't exist in the key
vault.com.azure.core.exception.HttpResponseException
- when a secret with name
is empty string.public Mono<KeyVaultSecret> restoreSecretBackup(byte[] backup)
secrets/restore
permission.
Code sample
Restores the secret in the key vault from its backup. Subscribes to the call asynchronously and prints out the restored secret details when a response is received.
// Pass the secret backup byte array to the restore operation. byte[] secretBackupByteArray = {}; secretAsyncClient.restoreSecretBackup(secretBackupByteArray) .subscribe(secretResponse -> System.out.printf("Restored Secret with name %s and value %s %n", secretResponse.getName(), secretResponse.getValue()));
backup
- The backup blob associated with the secret.Mono
containing the restored secret
.com.azure.core.exception.ResourceModifiedException
- when backup
blob is malformed.public Mono<com.azure.core.http.rest.Response<KeyVaultSecret>> restoreSecretBackupWithResponse(byte[] backup)
secrets/restore
permission.
Code sample
Restores the secret in the key vault from its backup. Subscribes to the call asynchronously and prints out the restored secret details when a response is received.
// Pass the secret backup byte array to the restore operation. byte[] secretBackupByteArray = {}; secretAsyncClient.restoreSecretBackupWithResponse(secretBackupByteArray) .subscribe(secretResponse -> System.out.printf("Restored Secret with name %s and value %s %n", secretResponse.getValue().getName(), secretResponse.getValue().getValue()));
backup
- The backup blob associated with the secret.Mono
containing a Response
whose value
contains the restored secret
.com.azure.core.exception.ResourceModifiedException
- when backup
blob is malformed.public com.azure.core.http.rest.PagedFlux<SecretProperties> listPropertiesOfSecrets()
secret
returned only has its identifier and
attributes populated. The secret values and their versions are not listed in the response.
This operation requires the secrets/list
permission.
Code sample
The sample below fetches the all the secret properties in the vault. For each secret retrieved, makes a call
to getSecret(String, String)
to get its value, and then prints it out.
secretAsyncClient.listPropertiesOfSecrets() .flatMap(secretProperties -> { String name = secretProperties.getName(); String version = secretProperties.getVersion(); System.out.printf("Getting secret name: '%s', version: %s%n", name, version); return secretAsyncClient.getSecret(name, version); }) .subscribe(secretResponse -> System.out.printf("Received secret with name %s and type %s", secretResponse.getName(), secretResponse.getValue()));
PagedFlux
containing properties
of all the secrets in the vault.public com.azure.core.http.rest.PagedFlux<DeletedSecret> listDeletedSecrets()
deleted secrets
of the key vault if it has enabled soft-delete. This operation
requires the secrets/list
permission.
Code sample
Lists the deleted secrets in the key vault. Subscribes to the call asynchronously and prints out the recovery id of each deleted secret when a response is received.
secretAsyncClient.listDeletedSecrets() .subscribe(deletedSecretResponse -> System.out.printf("Deleted Secret's Recovery Id %s %n", deletedSecretResponse.getRecoveryId()));
Flux
containing all of the deleted secrets
in the vault.public com.azure.core.http.rest.PagedFlux<SecretProperties> listPropertiesOfSecretVersions(String name)
secret
returned only has its identifier
and attributes populated. The secret values and secret versions are not listed in the response.
This operation requires the secrets/list
permission.
Code sample
The sample below fetches the all the versions of the given secret. For each version retrieved, makes a call
to getSecret(String, String)
to get the version's value, and then prints it out.
secretAsyncClient.listPropertiesOfSecretVersions("secretName") .flatMap(secretProperties -> { System.out.println("Get secret value for version: " + secretProperties.getVersion()); return secretAsyncClient.getSecret(secretProperties.getName(), secretProperties.getVersion()); }) .subscribe(secret -> System.out.printf("Received secret with name %s and type %s%n", secret.getName(), secret.getValue()));
name
- The name of the secret.PagedFlux
containing properties
of all the versions of the specified
secret in the vault. Flux is empty if secret with name
does not exist in key vaultcom.azure.core.exception.HttpResponseException
- when a secret with name
is empty string.Copyright © 2021 Microsoft Corporation. All rights reserved.