KeyAsyncClient Class
- java.
lang. Object - com.
azure. security. keyvault. keys. KeyAsyncClient
- com.
public final class KeyAsyncClient
The KeyAsyncClient provides asynchronous methods to manage KeyVaultKey in the Azure Key Vault. The client supports creating, retrieving, updating, deleting, purging, backing up, restoring, listing, releasing and rotating the KeyVaultKey. The client also supports listing DeletedKey for a soft-delete enabled key vault.
Getting Started
In order to interact with the Azure Key Vault service, you will need to create an instance of the KeyAsyncClient class, a vault url and a credential object.
The examples shown in this document use a credential object named DefaultAzureCredential for authentication, which is appropriate for most scenarios, including local development and production environments. Additionally, we recommend using a managed identity for authentication in production environments. You can find more information on different ways of authenticating and their corresponding credential types in the Azure Identity documentation".
Sample: Construct Asynchronous Key Client
The following code sample demonstrates the creation of a KeyAsyncClient, using the KeyClientBuilder to configure it.
KeyAsyncClient keyAsyncClient = new KeyClientBuilder()
.vaultUrl("<your-key-vault-url>")
.credential(new DefaultAzureCredentialBuilder().build())
.buildAsyncClient();
Create a Cryptographic Key
The KeyAsyncClient can be used to create a key in the key vault.
Code Sample:
The following code sample demonstrates how to asynchronously create a cryptographic key in the key vault, using the createKey(String name, KeyType keyType) API.
keyAsyncClient.createKey("keyName", KeyType.EC)
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(key ->
System.out.printf("Created key with name: %s and id: %s %n", key.getName(),
key.getId()));
Note: For the synchronous sample, refer to KeyClient.
Get a Cryptographic Key
The KeyAsyncClient can be used to retrieve a key from the key vault.
Code Sample:
The following code sample demonstrates how to asynchronously retrieve a key from the key vault, using the getKey(String name) API.
keyAsyncClient.getKey("keyName")
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(key ->
System.out.printf("Created key with name: %s and: id %s%n", key.getName(),
key.getId()));
Note: For the synchronous sample, refer to KeyClient.
Delete a Cryptographic Key
The KeyAsyncClient can be used to delete a key from the key vault.
Code Sample:
The following code sample demonstrates how to asynchronously delete a key from the key vault, using the beginDeleteKey(String name) API.
keyAsyncClient.beginDeleteKey("keyName")
.subscribe(pollResponse -> {
System.out.printf("Deletion status: %s%n", pollResponse.getStatus());
System.out.printf("Key name: %s%n", pollResponse.getValue().getName());
System.out.printf("Key delete date: %s%n", pollResponse.getValue().getDeletedOn());
});
Note: For the synchronous sample, refer to KeyClient.
Method Summary
Methods inherited from java.lang.Object
Method Details
backupKey
public Mono
Requests a backup of the specified KeyVaultKey be downloaded to the client. The key backup operation exports a KeyVaultKey from Azure Key Vault in a protected form. Note that this operation does not return key material in a form that can be used outside the Azure Key Vault system, the returned key material is either protected to a Azure Key Vault HSM or to Azure Key Vault itself. The intent of this operation is to allow a client to generate a KeyVaultKey in one Azure Key Vault instance, backup the KeyVaultKey, and then restore it into another Azure Key Vault instance. The backup operation may be used to export, in protected form, any KeyType from Azure Key Vault. Individual versions of a KeyVaultKey cannot be backed up. Backup/Restore can be performed within geographical boundaries only; meaning that a backup from one geographical area cannot be restored to another geographical area. For example, a backup from the US geographical area cannot be restored in an EU geographical area. This operation requires the key/backup permission.
Code Samples
Backs up the KeyVaultKey from the key vault. Subscribes to the call asynchronously and prints out the length of the key's backup byte array returned in the response.
keyAsyncClient.backupKey("keyName")
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(bytes ->
System.out.printf("Key backup byte array length: %s%n", bytes.length));
Parameters:
Returns:
backupKeyWithResponse
public Mono
Requests a backup of the specified KeyVaultKey be downloaded to the client. The key backup operation exports a KeyVaultKey from Azure Key Vault in a protected form. Note that this operation does not return key material in a form that can be used outside the Azure Key Vault system, the returned key material is either protected to a Azure Key Vault HSM or to Azure Key Vault itself. The intent of this operation is to allow a client to generate a KeyVaultKey in one Azure Key Vault instance, backup the KeyVaultKey, and then restore it into another Azure Key Vault instance. The backup operation may be used to export, in protected form, any KeyType from Azure Key Vault. Individual versions of a KeyVaultKey cannot be backed up. Backup/Restore can be performed within geographical boundaries only; meaning that a backup from one geographical area cannot be restored to another geographical area. For example, a backup from the US geographical area cannot be restored in an EU geographical area. This operation requires the key/backup permission.
Code Samples
Backs up the KeyVaultKey from the key vault. Subscribes to the call asynchronously and prints out the length of the key's backup byte array returned in the response.
keyAsyncClient.backupKeyWithResponse("keyName")
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(backupKeyResponse ->
System.out.printf("Key backup byte array length: %s%n", backupKeyResponse.getValue().length));
Parameters:
Returns:
beginDeleteKey
public PollerFlux
Deletes a KeyVaultKey of any type from the key vault. If soft-delete is enabled on the key vault then the KeyVaultKey is placed in the deleted state and requires to be purged for permanent deletion else the KeyVaultKey is permanently deleted. The delete operation applies to any KeyVaultKey stored in Azure Key Vault but it cannot be applied to an individual version of a KeyVaultKey. This operation removes the cryptographic material associated with the KeyVaultKey, which means the KeyVaultKey is not usable for Sign/Verify, Wrap/Unwrap or Encrypt/Decrypt operations. This operation requires the keys/delete permission.
Code Samples
Deletes the KeyVaultKey in the Azure Key Vault. Subscribes to the call asynchronously and prints out the KeyVaultKey details when a response has been received.
keyAsyncClient.beginDeleteKey("keyName")
.subscribe(pollResponse -> {
System.out.printf("Deletion status: %s%n", pollResponse.getStatus());
System.out.printf("Key name: %s%n", pollResponse.getValue().getName());
System.out.printf("Key delete date: %s%n", pollResponse.getValue().getDeletedOn());
});
Parameters:
Returns:
beginRecoverDeletedKey
public PollerFlux
Recovers the KeyVaultKey in the key vault to its latest version and can only be performed on a soft-delete enabled vault. An attempt to recover an KeyVaultKey will return an error. Consider this the inverse of the delete operation on soft-delete enabled vaults. This operation requires the keys/recover permission.
Code Samples
Recovers the KeyVaultKey from the key vault enabled for soft-delete. Subscribes to the call asynchronously and prints out the recovered key details when a response has been received.
keyAsyncClient.beginRecoverDeletedKey("deletedKeyName")
.subscribe(pollResponse -> {
System.out.printf("Recovery status: %s%n", pollResponse.getStatus());
System.out.printf("Key name: %s%n", pollResponse.getValue().getName());
System.out.printf("Key type: %s%n", pollResponse.getValue().getKeyType());
});
Parameters:
Returns:
createEcKey
public Mono
Creates a new KeyVaultKey and stores it in the key vault. The create EC key operation can be used to create any EC KeyType in Azure Key Vault. If a KeyVaultKey with the provided name already exists, Azure Key Vault creates a new version of the KeyVaultKey. It requires the keys/create permission.
The CreateEcKeyOptions parameter is required. The getCurveName() can be optionally specified. If not specified, the default value P_256 is used by Azure Key Vault. The expires and notBefore values are optional. The enabled field is set to true by Azure Key Vault, if not specified.
The keyType indicates the type of KeyVaultKey key to create. Possible values include: EC and EC_HSM.
Code Samples
Creates a new KeyVaultKey with a P_384 web key curve. The key activates in one day and expires in one year. Subscribes to the call asynchronously and prints out the newly KeyVaultKey details when a response has been received.
CreateEcKeyOptions createEcKeyOptions = new CreateEcKeyOptions("keyName")
.setCurveName(KeyCurveName.P_384)
.setNotBefore(OffsetDateTime.now().plusDays(1))
.setExpiresOn(OffsetDateTime.now().plusYears(1));
keyAsyncClient.createEcKey(createEcKeyOptions)
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(ecKey ->
System.out.printf("Created key with name: %s and id: %s %n", ecKey.getName(),
ecKey.getId()));
Parameters:
Returns:
createEcKeyWithResponse
public Mono
Creates a new KeyVaultKey and stores it in the key vault. The create EC key operation can be used to create any EC KeyType in Azure Key Vault. If a KeyVaultKey with the provided name already exists, Azure Key Vault creates a new version of the KeyVaultKey. It requires the keys/create permission.
The CreateEcKeyOptions parameter is required. The getCurveName() can be optionally specified. If not specified, the default value P_256 is used by Azure Key Vault. The expires and notBefore values are optional. The enabled field is set to true by Azure Key Vault, if not specified.
The keyType indicates the type of KeyVaultKey key to create. Possible values include: EC and EC_HSM.
Code Samples
Creates a new KeyVaultKey with a P_384 web key curve. The key activates in one day and expires in one year. Subscribes to the call asynchronously and prints out the newly KeyVaultKey details when a response has been received.
CreateEcKeyOptions createEcKeyOptions = new CreateEcKeyOptions("keyName")
.setCurveName(KeyCurveName.P_384)
.setNotBefore(OffsetDateTime.now().plusDays(1))
.setExpiresOn(OffsetDateTime.now().plusYears(1));
keyAsyncClient.createEcKeyWithResponse(createEcKeyOptions)
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(createEcKeyResponse ->
System.out.printf("Created key with name: %s and: id %s%n", createEcKeyResponse.getValue().getName(),
createEcKeyResponse.getValue().getId()));
Parameters:
Returns:
createKey
public Mono
Creates a new KeyVaultKey and stores it in the key vault. The create key operation can be used to create any KeyType in Azure Key Vault. If a KeyVaultKey with the provided name already exists, Azure Key Vault creates a new version of the KeyVaultKey. It requires the keys/create permission.
The CreateKeyOptions parameter is required. The getExpiresOn() and getNotBefore() values are optional. The isEnabled() field is set to true by Azure Key Vault, if not specified.
The getKeyType() indicates the type of KeyVaultKey to create. Possible values include: EC, EC_HSM, RSA, RSA_HSM, OCT, and OCT_HSM.
Code Samples
Creates a new KeyVaultKey which activates in one day and expires in one year. Subscribes to the call asynchronously and prints out the newly KeyVaultKey details when a response has been received.
CreateKeyOptions createKeyOptions = new CreateKeyOptions("keyName", KeyType.RSA)
.setNotBefore(OffsetDateTime.now().plusDays(1))
.setExpiresOn(OffsetDateTime.now().plusYears(1));
keyAsyncClient.createKey(createKeyOptions)
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(key ->
System.out.printf("Created key with name: %s and id: %s %n", key.getName(),
key.getId()));
Parameters:
Returns:
createKey
public Mono
Creates a new KeyVaultKey and stores it in the key vault. The create key operation can be used to create any KeyType in Azure Key Vault. If a KeyVaultKey with the provided name already exists, Azure Key Vault creates a new version of the KeyVaultKey. It requires the keys/create permission.
The KeyType indicates the type of KeyVaultKey to create. Possible values include: EC, EC_HSM, RSA, RSA_HSM, OCT, and OCT_HSM.
Code Samples
Creates a new KeyVaultKey. Subscribes to the call asynchronously and prints out the newly KeyVaultKey details when a response has been received.
keyAsyncClient.createKey("keyName", KeyType.EC)
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(key ->
System.out.printf("Created key with name: %s and id: %s %n", key.getName(),
key.getId()));
Parameters:
Returns:
createKeyWithResponse
public Mono
Creates a new KeyVaultKey and stores it in the key vault. The create key operation can be used to create any KeyType in Azure Key Vault. If a KeyVaultKey with the provided name already exists, Azure Key Vault creates a new version of the KeyVaultKey. It requires the keys/create permission.
The KeyType indicates the type of KeyVaultKey to create. Possible values include: EC, EC_HSM, RSA, RSA_HSM, OCT, and OCT_HSM.
Code Samples
Creates a new KeyVaultKey. Subscribes to the call asynchronously and prints out the newly KeyVaultKey details when a response has been received.
CreateKeyOptions createKeyOptions = new CreateKeyOptions("keyName", KeyType.RSA)
.setNotBefore(OffsetDateTime.now().plusDays(1))
.setExpiresOn(OffsetDateTime.now().plusYears(1));
keyAsyncClient.createKeyWithResponse(createKeyOptions)
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(createKeyResponse ->
System.out.printf("Created key with name: %s and: id %s%n", createKeyResponse.getValue().getName(),
createKeyResponse.getValue().getId()));
Parameters:
Returns:
createOctKey
public Mono
Creates and stores a new KeyVaultKey in the key vault. If a KeyVaultKey with the provided name already exists, Azure Key Vault creates a new version of the key. This operation requires the keys/create permission.
The CreateOctKeyOptions parameter is required. The expires and notBefore values are optional. The enabled field is set to true by Azure Key Vault, if not specified.
The keyType indicates the type of KeyVaultKey key to create. Possible values include: OCT and OCT_HSM.
Code Samples
Creates a new KeyVaultKey. The KeyVaultKey activates in one day and expires in one year. Subscribes to the call asynchronously and prints out the details of the newly KeyVaultKey when a response has been received.
CreateOctKeyOptions createOctKeyOptions = new CreateOctKeyOptions("keyName")
.setNotBefore(OffsetDateTime.now().plusDays(1))
.setExpiresOn(OffsetDateTime.now().plusYears(1));
keyAsyncClient.createOctKey(createOctKeyOptions)
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(octKey ->
System.out.printf("Created key with name: %s and id: %s %n", octKey.getName(),
octKey.getId()));
Parameters:
Returns:
createOctKeyWithResponse
public Mono
Creates and stores a new KeyVaultKey in the key vault. If a KeyVaultKey with the provided name already exists, Azure Key Vault creates a new version of the key. This operation requires the keys/create permission.
The CreateOctKeyOptions parameter is required. The expires and notBefore values are optional. The enabled field is set to true by Azure Key Vault, if not specified.
The keyType indicates the type of KeyVaultKey key to create. Possible values include: OCT and OCT_HSM.
Code Samples
Creates a new KeyVaultKey. The KeyVaultKey activates in one day and expires in one year. Subscribes to the call asynchronously and prints out the details of the newly KeyVaultKey when a response has been received.
CreateOctKeyOptions createOctKeyOptions = new CreateOctKeyOptions("keyName")
.setNotBefore(OffsetDateTime.now().plusDays(1))
.setExpiresOn(OffsetDateTime.now().plusYears(1));
keyAsyncClient.createOctKeyWithResponse(createOctKeyOptions)
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(createOctKeyResponse ->
System.out.printf("Created key with name: %s and: id %s%n", createOctKeyResponse.getValue().getName(),
createOctKeyResponse.getValue().getId()));
Parameters:
Returns:
createRsaKey
public Mono
/** Creates a new KeyVaultKey and stores it in the key vault. The create RSA key operation can be used to create any RSA key type in Azure Key Vault. If a KeyVaultKey with the provided name already exists, Azure Key Vault creates a new version of the KeyVaultKey. It requires the keys/create permission.
The CreateRsaKeyOptions parameter is required. The getKeySize() can be optionally specified. The expires and notBefore values are optional. The enabled field is set to true by Azure Key Vault, if not specified.
The keyType indicates the type of KeyVaultKey to create. Possible values include: RSA and RSA_HSM.
Code Samples
Creates a new KeyVaultKey with size 2048 which activates in one day and expires in one year. Subscribes to the call asynchronously and prints out the newly KeyVaultKey details when a response has been received.
CreateRsaKeyOptions createRsaKeyOptions = new CreateRsaKeyOptions("keyName")
.setKeySize(2048)
.setNotBefore(OffsetDateTime.now().plusDays(1))
.setExpiresOn(OffsetDateTime.now().plusYears(1));
keyAsyncClient.createRsaKey(createRsaKeyOptions)
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(rsaKey ->
System.out.printf("Created key with name: %s and id: %s %n", rsaKey.getName(),
rsaKey.getId()));
Parameters:
Returns:
createRsaKeyWithResponse
public Mono
Creates a new KeyVaultKey and stores it in the key vault. The create RSA key operation can be used to create any RSA key type in Azure Key Vault. If a KeyVaultKey with the provided name already exists, Azure Key Vault creates a new version of the KeyVaultKey. It requires the keys/create permission.
The CreateRsaKeyOptions parameter is required. The getKeySize() can be optionally specified. The expires and notBefore values are optional. The enabled field is set to true by Azure Key Vault, if not specified.
The keyType indicates the type of KeyVaultKey to create. Possible values include: RSA and RSA_HSM.
Code Samples
Creates a new KeyVaultKey with size 2048 which activates in one day and expires in one year. Subscribes to the call asynchronously and prints out the newly KeyVaultKey details when a response has been received.
CreateRsaKeyOptions createRsaKeyOptions = new CreateRsaKeyOptions("keyName")
.setKeySize(2048)
.setNotBefore(OffsetDateTime.now().plusDays(1))
.setExpiresOn(OffsetDateTime.now().plusYears(1));
keyAsyncClient.createRsaKeyWithResponse(createRsaKeyOptions)
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(createRsaKeyResponse ->
System.out.printf("Created key with name: %s and: id %s%n", createRsaKeyResponse.getValue().getName(),
createRsaKeyResponse.getValue().getId()));
Parameters:
Returns:
getCryptographyAsyncClient
public CryptographyAsyncClient getCryptographyAsyncClient(String keyName)
Creates a CryptographyAsyncClient for the latest version of a given key.
To ensure correct behavior when performing operations such as Decrypt, Unwrap and Verify, it is recommended to use a CryptographyAsyncClient created for the specific key version that was used for the corresponding inverse operation: Encrypt, Wrap, or Sign, respectively.
You can provide a key version either via getCryptographyAsyncClient(String keyName, String keyVersion) or by ensuring it is included in the keyIdentifier passed to keyIdentifier(String keyId) before building a client.
Parameters:
Returns:
getCryptographyAsyncClient
public CryptographyAsyncClient getCryptographyAsyncClient(String keyName, String keyVersion)
Creates a CryptographyAsyncClient for a given key version.
Parameters:
Returns:
keyVersion is null or empty, the client will use the latest version of the key.getDeletedKey
public Mono
Gets the public part of a KeyVaultKey. The get deleted Key operation is applicable for soft-delete enabled vaults. This operation requires the keys/get permission.
Code Samples
Gets the KeyVaultKey from the key vault enabled for soft-delete. Subscribes to the call asynchronously and prints out the KeyVaultKey details when a response has been received.
keyAsyncClient.getDeletedKey("keyName")
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(deletedKey ->
System.out.printf("Deleted key's recovery id:%s%n", deletedKey.getRecoveryId()));
Parameters:
Returns:
getDeletedKeyWithResponse
public Mono
Gets the public part of a KeyVaultKey. The get deleted Key operation is applicable for soft-delete enabled vaults. This operation requires the keys/get permission.
Code Samples
Gets the KeyVaultKey from the key vault enabled for soft-delete. Subscribes to the call asynchronously and prints out the KeyVaultKey details when a response has been received.
keyAsyncClient.getDeletedKeyWithResponse("keyName")
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(getDeletedKeyResponse ->
System.out.printf("Deleted key's recovery id: %s%n", getDeletedKeyResponse.getValue().getRecoveryId()));
Parameters:
Returns:
getKey
public Mono
Gets the public part of the specified KeyVaultKey and key version. The get key operation is applicable to all KeyType and it requires the keys/get permission.
Code Samples
Gets a specific version of the KeyVaultKey in the key vault. Subscribes to the call asynchronously and prints out the KeyVaultKey details when a response has been received.
keyAsyncClient.getKey("keyName")
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(key ->
System.out.printf("Created key with name: %s and: id %s%n", key.getName(),
key.getId()));
Parameters:
Returns:
null
if name is null or empty.getKey
public Mono
Gets the public part of the specified KeyVaultKey and key version. The get key operation is applicable to all KeyType and it requires the keys/get permission.
Code Samples
Gets a specific version of the KeyVaultKey in the key vault. Subscribes to the call asynchronously and prints out the KeyVaultKey details when a response has been received.
String keyVersion = "6A385B124DEF4096AF1361A85B16C204";
keyAsyncClient.getKey("keyName", keyVersion)
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(key ->
System.out.printf("Created key with name: %s and: id %s%n", key.getName(),
key.getId()));
Parameters:
Returns:
null if both name and version are null or empty.getKeyRotationPolicy
public Mono
Gets the KeyRotationPolicy for the KeyVaultKey with the provided name. This operation requires the keys/get permission.
Code Samples
Retrieves the KeyRotationPolicy of a given KeyVaultKey. Subscribes to the call asynchronously and prints out the KeyRotationPolicy details when a response has been received.
keyAsyncClient.getKeyRotationPolicy("keyName")
.subscribe(keyRotationPolicy ->
System.out.printf("Retrieved key rotation policy with id: %s%n", keyRotationPolicy.getId()));
Parameters:
Returns:
getKeyRotationPolicyWithResponse
public Mono
Gets the KeyRotationPolicy for the KeyVaultKey with the provided name. This operation requires the keys/get permission.
Code Samples
Retrieves the KeyRotationPolicy of a given KeyVaultKey. Subscribes to the call asynchronously and prints out the Response<T> and KeyRotationPolicy details when a response has been received.
keyAsyncClient.getKeyRotationPolicyWithResponse("keyName")
.subscribe(getKeyRotationPolicyResponse ->
System.out.printf("Response received successfully with status code: %d. Retrieved key rotation policy"
+ "with id: %s%n", getKeyRotationPolicyResponse.getStatusCode(),
getKeyRotationPolicyResponse.getValue().getId()));
Parameters:
Returns:
getKeyWithResponse
public Mono
Gets the public part of the specified KeyVaultKey and key version. The get key operation is applicable to all KeyType and it requires the keys/get permission.
Code Samples
Gets a specific version of the KeyVaultKey in the key vault. Subscribes to the call asynchronously and prints out the KeyVaultKey details when a response has been received.
String keyVersion = "6A385B124DEF4096AF1361A85B16C204";
keyAsyncClient.getKeyWithResponse("keyName", keyVersion)
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(getKeyResponse ->
System.out.printf("Created key with name: %s and: id %s%n",
getKeyResponse.getValue().getName(), getKeyResponse.getValue().getId()));
Parameters:
Returns:
null if both name and
version are null or empty.getRandomBytes
public Mono
Get the requested number of bytes containing random values from a managed HSM.
Code Samples
Gets a number of bytes containing random values from a Managed HSM. Prints out the retrieved bytes in base64Url format.
int amount = 16;
keyAsyncClient.getRandomBytes(amount)
.subscribe(randomBytes ->
System.out.printf("Retrieved %d random bytes: %s%n", amount, Arrays.toString(randomBytes)));
Parameters:
Returns:
getRandomBytesWithResponse
public Mono
Get the requested number of bytes containing random values from a managed HSM.
Code Samples
Gets a number of bytes containing random values from a Managed HSM. Prints out the Response<T> details and the retrieved bytes in base64Url format.
int amountOfBytes = 16;
keyAsyncClient.getRandomBytesWithResponse(amountOfBytes).subscribe(response ->
System.out.printf("Response received successfully with status code: %d. Retrieved %d random bytes: %s%n",
response.getStatusCode(), amountOfBytes, Arrays.toString(response.getValue())));
Parameters:
Returns:
getVaultUrl
public String getVaultUrl()
Get the vault endpoint url to which service requests are sent to.
Returns:
importKey
public Mono
Imports an externally created JsonWebKey and stores it in the key vault. The import key operation may be used to import any KeyType into Azure Key Vault. If a KeyVaultKey with the provided name already exists, Azure Key Vault creates a new version of the KeyVaultKey. This operation requires the keys/import permission.
ImportKeyOptions is required and its fields name and getKey() cannot be null. The expires and notBefore values in keyImportOptions are optional. If not specified, no values are set for the fields. The enabled field is set to true and the isHardwareProtected() field is set to false by Azure Key Vault, if they are not specified.
Code Samples
Imports a new KeyVaultKey into key vault. Subscribes to the call asynchronously and prints out the newly KeyVaultKey details when a response has been received.
ImportKeyOptions options = new ImportKeyOptions("keyName", jsonWebKeyToImport)
.setHardwareProtected(false);
keyAsyncClient.importKey(options).subscribe(keyVaultKey ->
System.out.printf("Imported key with name: %s and id: %s%n", keyVaultKey.getName(), keyVaultKey.getId()));
Parameters:
Returns:
importKey
public Mono
Imports an externally created JsonWebKey and stores it in the key vault. The import key operation may be used to import any KeyType into Azure Key Vault. If a KeyVaultKey with the provided name already exists, Azure Key Vault creates a new version of the KeyVaultKey. This operation requires the keys/import permission.
Code Samples
Imports a new KeyVaultKey into key vault. Subscribes to the call asynchronously and prints out the newly KeyVaultKey details when a response has been received.
keyAsyncClient.importKey("keyName", jsonWebKeyToImport)
.subscribe(keyVaultKey ->
System.out.printf("Imported key with name: %s and id: %s%n", keyVaultKey.getName(),
keyVaultKey.getId()));
Parameters:
Returns:
importKeyWithResponse
public Mono
Imports an externally created JsonWebKey and stores it in the key vault. The import key operation may be used to import any KeyType into Azure Key Vault. If a KeyVaultKey with the provided name already exists, Azure Key Vault creates a new version of the KeyVaultKey. This operation requires the keys/import permission.
ImportKeyOptions is required and its fields name and getKey() cannot be null. The expires and notBefore values in keyImportOptions are optional. If not specified, no values are set for the fields. The enabled field is set to true and the isHardwareProtected() field is set to false by Azure Key Vault, if they are not specified.
Code Samples
Imports a new KeyVaultKey into key vault. Subscribes to the call asynchronously and prints out the newly KeyVaultKey details when a response has been received.
ImportKeyOptions importKeyOptions = new ImportKeyOptions("keyName", jsonWebKeyToImport)
.setHardwareProtected(false);
keyAsyncClient.importKeyWithResponse(importKeyOptions).subscribe(response ->
System.out.printf("Imported key with name: %s and id: %s%n", response.getValue().getName(),
response.getValue().getId()));
Parameters:
Returns:
listDeletedKeys
public PagedFlux
Lists DeletedKey of the key vault. The DeletedKey are retrieved as JsonWebKey structures that contain the public part of a DeletedKey. The get deleted keys operation is applicable for vaults enabled for soft-delete. This operation requires the keys/list permission.
Code Samples
Lists the DeletedKey in the key vault. Subscribes to the call asynchronously and prints out the recovery id of each DeletedKey when a response has been received.
keyAsyncClient.listDeletedKeys()
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(deletedKey ->
System.out.printf("Deleted key's recovery id:%s%n", deletedKey.getRecoveryId()));
Returns:
listPropertiesOfKeyVersions
public PagedFlux
List all versions of the specified KeyVaultKey. The individual key response in the flux is represented by KeyProperties as only the key identifier, attributes and tags are provided in the response. The key material values are not provided in the response. This operation requires the keys/list permission.
Code Samples
It is possible to get the keys with key material of all the versions from this information. Convert the Flux containing KeyProperties to Flux containing KeyVaultKey using getKey(String name, String version) within Flux#flatMap(Function).
keyAsyncClient.listPropertiesOfKeyVersions("keyName")
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.flatMap(keyProperties -> keyAsyncClient.getKey(keyProperties.getName(), keyProperties.getVersion()))
.subscribe(key ->
System.out.printf("Retrieved key version: %s with name: %s and type: %s%n",
key.getProperties().getVersion(), key.getName(), key.getKeyType()));
Parameters:
Returns:
name does not exist in the key
vault.listPropertiesOfKeys
public PagedFlux
List KeyVaultKey in the key vault. Retrieves a list of the KeyVaultKey in the key vault as JsonWebKey structures that contain the public part of a stored KeyVaultKey. The list operation is applicable to all KeyType and the individual KeyVaultKey response in the list is represented by KeyProperties as only the key identifier, attributes and tags are provided in the response. The key material and individual key versions are not listed in the response. This operation requires the keys/list permission.
Code Samples
It is possible to get KeyVaultKey with key material from this information. Convert the Flux containing KeyProperties to Flux containing KeyVaultKey using getKey(String name, String version) within Flux#flatMap(Function).
keyAsyncClient.listPropertiesOfKeys()
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.flatMap(keyProperties -> keyAsyncClient.getKey(keyProperties.getName(), keyProperties.getVersion()))
.subscribe(key -> System.out.printf("Retrieved key with name: %s and type: %s%n",
key.getName(),
key.getKeyType()));
Returns:
purgeDeletedKey
public Mono
Permanently deletes the specified KeyVaultKey without the possibility of recovery. The purge deleted key operation is applicable for soft-delete enabled vaults. This operation requires the keys/purge permission.
Code Samples
Purges the KeyVaultKey from the key vault enabled for soft-delete. Subscribes to the call asynchronously and prints out the status code from the server response when a response has been received.
keyAsyncClient.purgeDeletedKey("deletedKeyName")
.subscribe(ignored ->
System.out.println("Successfully purged deleted key"));
Parameters:
Returns:
purgeDeletedKeyWithResponse
public Mono
Permanently deletes the specified KeyVaultKey without the possibility of recovery. The purge deleted key operation is applicable for soft-delete enabled vaults. This operation requires the keys/purge permission.
Code Samples
Purges the KeyVaultKey from the key vault enabled for soft-delete. Subscribes to the call asynchronously and prints out the status code from the server response when a response has been received.
keyAsyncClient.purgeDeletedKeyWithResponse("deletedKeyName")
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(purgeDeletedKeyResponse ->
System.out.printf("Purge response status code: %d%n", purgeDeletedKeyResponse.getStatusCode()));
Parameters:
Returns:
releaseKey
public Mono
Releases the latest version of a KeyVaultKey.
The KeyVaultKey must be exportable. This operation requires the keys/release permission.
Code Samples
Releases a KeyVaultKey. Subscribes to the call asynchronously and prints out the signed object that contains the KeyVaultKey when a response has been received.
String targetAttestationToken = "someAttestationToken";
ReleaseKeyResult releaseKeyResult = keyClient.releaseKey("keyName", targetAttestationToken);
System.out.printf("Signed object containing released key: %s%n", releaseKeyResult);
Parameters:
Returns:
releaseKey
public Mono
Releases a key.
The key must be exportable. This operation requires the 'keys/release' permission.
Code Samples
Releases a KeyVaultKey. Subscribes to the call asynchronously and prints out the signed object that contains the KeyVaultKey when a response has been received.
String myKeyVersion = "6A385B124DEF4096AF1361A85B16C204";
String myTargetAttestationToken = "someAttestationToken";
keyAsyncClient.releaseKey("keyName", myKeyVersion, myTargetAttestationToken)
.subscribe(releaseKeyResult ->
System.out.printf("Signed object containing released key: %s%n", releaseKeyResult.getValue()));
Parameters:
null, this call is equivalent to
calling releaseKey(String name, String targetAttestationToken), with the latest key version being released.
Returns:
releaseKeyWithResponse
public Mono
Releases a key.
The key must be exportable. This operation requires the 'keys/release' permission.
Code Samples
Releases a KeyVaultKey. Subscribes to the call asynchronously and prints out the Response<T> details and the signed object that contains the KeyVaultKey when a response has been received.
String releaseKeyVersion = "6A385B124DEF4096AF1361A85B16C204";
String someTargetAttestationToken = "someAttestationToken";
ReleaseKeyOptions releaseKeyOptions = new ReleaseKeyOptions()
.setAlgorithm(KeyExportEncryptionAlgorithm.RSA_AES_KEY_WRAP_256)
.setNonce("someNonce");
keyAsyncClient.releaseKeyWithResponse("keyName", releaseKeyVersion, someTargetAttestationToken,
releaseKeyOptions)
.subscribe(releaseKeyResponse ->
System.out.printf("Response received successfully with status code: %d. Signed object containing"
+ "released key: %s%n", releaseKeyResponse.getStatusCode(),
releaseKeyResponse.getValue().getValue()));
Parameters:
null, this call is equivalent to
calling releaseKey(String name, String targetAttestationToken), with the latest key version being released.
Returns:
restoreKeyBackup
public Mono
Restores a backed up KeyVaultKey to a vault. Imports a previously backed up KeyVaultKey into Azure Key Vault, restoring the KeyVaultKey, its key identifier, attributes and access control policies. The restore operation may be used to import a previously backed up KeyVaultKey. Individual versions of a KeyVaultKey cannot be restored. The KeyVaultKey is restored in its entirety with the same key name as it had when it was backed up. If the key name is not available in the target key vault, the restore operation will be rejected. While the key name is retained during restore, the final key identifier will change if the KeyVaultKey is restored to a different vault. Restore will restore all versions and preserve version identifiers. The restore operation is subject to security constraints: The target key vault must be owned by the same Microsoft Azure Subscription as the source key vault. The user must have the restore permission in the target key vault. This operation requires the keys/restore permission.
Code Samples
Restores the KeyVaultKey in the key vault from its backup. Subscribes to the call asynchronously and prints out the restored key details when a response has been received.
//Pass the Key Backup Byte array to the restore operation.
keyAsyncClient.restoreKeyBackup(keyBackupByteArray)
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(restoreKeyResponse ->
System.out.printf("Restored key with name: %s and: id %s%n", restoreKeyResponse.getName(),
restoreKeyResponse.getId()));
Parameters:
Returns:
restoreKeyBackupWithResponse
public Mono
Restores a backed up KeyVaultKey to a vault. Imports a previously backed up KeyVaultKey into Azure Key Vault, restoring the KeyVaultKey, its key identifier, attributes and access control policies. The restore operation may be used to import a previously backed up KeyVaultKey. Individual versions of a KeyVaultKey cannot be restored. The KeyVaultKey is restored in its entirety with the same key name as it had when it was backed up. If the key name is not available in the target key vault, the restore operation will be rejected. While the key name is retained during restore, the final key identifier will change if the KeyVaultKey is restored to a different vault. Restore will restore all versions and preserve version identifiers. The restore operation is subject to security constraints: The target key vault must be owned by the same Microsoft Azure Subscription as the source key vault. The user must have the restore permission in the target key vault. This operation requires the keys/restore permission.
Code Samples
Restores the KeyVaultKey in the key vault from its backup. Subscribes to the call asynchronously and prints out the restored key details when a response has been received.
//Pass the Key Backup Byte array to the restore operation.
keyAsyncClient.restoreKeyBackupWithResponse(keyBackupByteArray)
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(restoreKeyBackupResponse ->
System.out.printf("Restored key with name: %s and: id %s%n",
restoreKeyBackupResponse.getValue().getName(), restoreKeyBackupResponse.getValue().getId()));
Parameters:
Returns:
rotateKey
public Mono
Rotates a KeyVaultKey. The rotate key operation will do so based on KeyRotationPolicy. This operation requires the keys/rotate permission.
Code Samples
Rotates a KeyVaultKey. Prints out KeyVaultKey details.
keyAsyncClient.rotateKey("keyName")
.subscribe(key ->
System.out.printf("Rotated key with name: %s and version:%s%n", key.getName(),
key.getProperties().getVersion()));
Parameters:
Returns:
rotateKeyWithResponse
public Mono
Rotates a KeyVaultKey. The rotate key operation will do so based on KeyRotationPolicy. This operation requires the keys/rotate permission.
Code Samples
Rotates a KeyVaultKey. Subscribes to the call asynchronously and prints out the Response<T> and KeyVaultKey details when a response has been received.
keyAsyncClient.rotateKeyWithResponse("keyName")
.subscribe(rotateKeyResponse ->
System.out.printf("Response received successfully with status code: %d. Rotated key with name: %s and"
+ "version: %s%n", rotateKeyResponse.getStatusCode(), rotateKeyResponse.getValue().getName(),
rotateKeyResponse.getValue().getProperties().getVersion()));
Parameters:
Returns:
updateKeyProperties
public Mono
Updates the KeyProperties and KeyOperation associated with the specified KeyVaultKey, but not the cryptographic key material of the specified KeyVaultKey in the key vault. The update operation changes specified KeyProperties of an existing stored KeyVaultKey and KeyProperties that are not specified in the request are left unchanged. The cryptographic key material of a KeyVaultKey itself cannot be changed. This operation requires the keys/set permission.
Code Samples
Gets latest version of the KeyVaultKey, changes its notBefore time and then updates it in the Azure Key Vault. Subscribes to the call asynchronously and prints out the KeyVaultKey details when a response has been received.
keyAsyncClient.getKey("keyName")
.subscribe(key -> {
//Update the not before time of the key.
key.getProperties().setNotBefore(OffsetDateTime.now().plusDays(50));
keyAsyncClient.updateKeyProperties(key.getProperties(), KeyOperation.ENCRYPT,
KeyOperation.DECRYPT)
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(updatedKey ->
System.out.printf("Updated key's \"not before time\": %s%n",
updatedKey.getProperties().getNotBefore().toString()));
});
Parameters:
Returns:
updateKeyPropertiesWithResponse
public Mono
Updates the KeyProperties and KeyOperation associated with the specified KeyVaultKey, but not the cryptographic key material of the specified KeyVaultKey in the key vault. The update operation changes specified KeyProperties of an existing stored KeyVaultKey and KeyProperties that are not specified in the request are left unchanged. The cryptographic key material of a KeyVaultKey itself cannot be changed. This operation requires the keys/set permission.
Code Samples
Gets latest version of the KeyVaultKey, changes its notBefore time and then updates it in the Azure Key Vault. Subscribes to the call asynchronously and prints out the KeyVaultKey details when a response has been received.
keyAsyncClient.getKey("keyName")
.subscribe(getKeyResponse -> {
//Update the not before time of the key.
getKeyResponse.getProperties().setNotBefore(OffsetDateTime.now().plusDays(50));
keyAsyncClient.updateKeyPropertiesWithResponse(getKeyResponse.getProperties(), KeyOperation.ENCRYPT,
KeyOperation.DECRYPT)
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(updateKeyResponse ->
System.out.printf("Updated key's \"not before time\": %s%n",
updateKeyResponse.getValue().getProperties().getNotBefore().toString()));
});
Parameters:
Returns:
updateKeyRotationPolicy
public Mono
Updates the KeyRotationPolicy of the key with the provided name. This operation requires the keys/update permission.
Code Samples
Updates the KeyRotationPolicy of a given KeyVaultKey. Subscribes to the call asynchronously and prints out the KeyRotationPolicy details when a response has been received.
List<KeyRotationLifetimeAction> lifetimeActions = new ArrayList<>();
KeyRotationLifetimeAction rotateLifetimeAction = new KeyRotationLifetimeAction(KeyRotationPolicyAction.ROTATE)
.setTimeAfterCreate("P90D");
KeyRotationLifetimeAction notifyLifetimeAction = new KeyRotationLifetimeAction(KeyRotationPolicyAction.NOTIFY)
.setTimeBeforeExpiry("P45D");
lifetimeActions.add(rotateLifetimeAction);
lifetimeActions.add(notifyLifetimeAction);
KeyRotationPolicy keyRotationPolicy = new KeyRotationPolicy()
.setLifetimeActions(lifetimeActions)
.setExpiresIn("P6M");
keyAsyncClient.updateKeyRotationPolicy("keyName", keyRotationPolicy)
.subscribe(updatedPolicy ->
System.out.printf("Updated key rotation policy with id: %s%n", updatedPolicy.getId()));
Parameters:
Returns:
updateKeyRotationPolicyWithResponse
public Mono
Updates the KeyRotationPolicy of the key with the provided name. This operation requires the keys/update permission.
Code Samples
Updates the KeyRotationPolicy of a given KeyVaultKey. Subscribes to the call asynchronously and prints out the Response<T> and KeyRotationPolicy details when a response has been received.
List<KeyRotationLifetimeAction> myLifetimeActions = new ArrayList<>();
KeyRotationLifetimeAction myRotateLifetimeAction = new KeyRotationLifetimeAction(KeyRotationPolicyAction.ROTATE)
.setTimeAfterCreate("P90D");
KeyRotationLifetimeAction myNotifyLifetimeAction = new KeyRotationLifetimeAction(KeyRotationPolicyAction.NOTIFY)
.setTimeBeforeExpiry("P45D");
myLifetimeActions.add(myRotateLifetimeAction);
myLifetimeActions.add(myNotifyLifetimeAction);
KeyRotationPolicy myKeyRotationPolicy = new KeyRotationPolicy()
.setLifetimeActions(myLifetimeActions)
.setExpiresIn("P6M");
keyAsyncClient.updateKeyRotationPolicyWithResponse("keyName", myKeyRotationPolicy)
.subscribe(myUpdatedPolicyResponse ->
System.out.printf("Response received successfully with status code: %d. Updated key rotation policy"
+ "with id: %s%n", myUpdatedPolicyResponse.getStatusCode(),
myUpdatedPolicyResponse.getValue().getId()));
Parameters:
Returns:
Applies to
Azure SDK for Java