-
Notifications
You must be signed in to change notification settings - Fork 154
Expand file tree
/
Copy pathsample7_key_rotation.cpp
More file actions
95 lines (77 loc) · 2.87 KB
/
sample7_key_rotation.cpp
File metadata and controls
95 lines (77 loc) · 2.87 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
/**
* @brief This sample demonstrates how update a key rotation policy, and then rotate the key based
* on the policy.
*
* @remark The following environment variables must be set before running the sample.
* - AZURE_KEYVAULT_URL: To the Key Vault account URL.
*
*/
#include <azure/core.hpp>
#include <azure/identity.hpp>
#include <azure/keyvault/keyvault_keys.hpp>
#include <chrono>
#include <iostream>
#include <vector>
using namespace Azure::Security::KeyVault::Keys;
using namespace Azure::Security::KeyVault::Keys::Cryptography;
using namespace std::chrono_literals;
int main()
{
auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL");
auto credential = std::make_shared<Azure::Identity::DefaultAzureCredential>();
KeyClient keyClient(keyVaultUrl, credential);
auto keyName = "RotateKey-" + Azure::Core::Uuid::CreateUuid().ToString();
auto createKeyResponse = keyClient.CreateEcKey(CreateEcKeyOptions(keyName));
std::cout << "Created key " << createKeyResponse.Value.Name() << "with id "
<< createKeyResponse.Value.Id() << " and version "
<< createKeyResponse.Value.Properties.Version << std::endl;
/* {
"id": "https://redacted.vault.azure.net/keys/GetKeyRotationPolicy/rotationpolicy",
"lifetimeActions": [
{
"trigger": {
"timeAfterCreate": "P18M"
},
"action": {
"type": "Rotate"
}
},
{
"trigger": {
"timeBeforeExpiry": "P30D"
},
"action": {
"type": "Notify"
}
}
],
"attributes":
{
"expiryTime" : "P48M", "created" : 1649797765, "updated" : 1649797765
}
}*/
KeyRotationPolicy policy;
LifetimeActionsType lifetimeAction1;
lifetimeAction1.Trigger.TimeBeforeExpiry = "P18M";
lifetimeAction1.Action = LifetimeActionType::Notify;
policy.LifetimeActions.emplace_back(lifetimeAction1);
LifetimeActionsType lifetimeAction2;
lifetimeAction2.Action = LifetimeActionType::Rotate;
lifetimeAction2.Trigger.TimeBeforeExpiry = "P30D";
policy.LifetimeActions.emplace_back(lifetimeAction2);
policy.Attributes.ExpiryTime = "P48M";
auto putPolicy = keyClient.UpdateKeyRotationPolicy(keyName, policy).Value;
std::cout << "Updated rotation policy " << putPolicy.Id << " for key "
<< createKeyResponse.Value.Name() << std::endl;
auto originalKey = keyClient.GetKey(keyName);
auto rotatedKey = keyClient.RotateKey(keyName);
std::cout << "Rotated key " << originalKey.Value.Name() << std::endl
<< "Original version " << originalKey.Value.Properties.Version << std::endl
<< "New Version " << rotatedKey.Value.Properties.Version << std::endl;
// Delete the key
auto deleteOperation = keyClient.StartDeleteKey(keyName);
deleteOperation.PollUntilDone(2min);
keyClient.PurgeDeletedKey(keyName);
}