public final class KeyAsyncClient extends Object
KeyAsyncClient provides asynchronous methods to manage keys in the Azure Key Vault.
The client supports creating, retrieving, updating, deleting, purging, backing up, restoring and listing the
keys. The client also supports listing deleted keys for a soft-delete
enabled Azure Key Vault.
Samples to construct the async client
KeyAsyncClient keyAsyncClient = new KeyClientBuilder()
.vaultUrl("https://myvault.azure.net/")
.credential(new DefaultAzureCredentialBuilder().build())
.buildAsyncClient();
KeyClientBuilder,
PagedFlux| Modifier and Type | Method and Description |
|---|---|
Mono<byte[]> |
backupKey(String name)
Requests a backup of the specified
key be downloaded to the client. |
Mono<com.azure.core.http.rest.Response<byte[]>> |
backupKeyWithResponse(String name)
Requests a backup of the specified
key be downloaded to the client. |
com.azure.core.util.polling.PollerFlux<DeletedKey,Void> |
beginDeleteKey(String name)
Deletes a
key of any type from the key vault. |
com.azure.core.util.polling.PollerFlux<KeyVaultKey,Void> |
beginRecoverDeletedKey(String name)
Recovers the
deleted key in the key vault to its latest version and can only be performed
on a soft-delete enabled vault. |
Mono<KeyVaultKey> |
createEcKey(CreateEcKeyOptions createEcKeyOptions)
Creates a new
EC key and stores it in the key vault. |
Mono<com.azure.core.http.rest.Response<KeyVaultKey>> |
createEcKeyWithResponse(CreateEcKeyOptions createEcKeyOptions)
Creates a new
EC key and stores it in the key vault. |
Mono<KeyVaultKey> |
createKey(CreateKeyOptions createKeyOptions)
Creates a new
key and stores it in the key vault. |
Mono<KeyVaultKey> |
createKey(String name,
KeyType keyType)
Creates a new
key and stores it in the key vault. |
Mono<com.azure.core.http.rest.Response<KeyVaultKey>> |
createKeyWithResponse(CreateKeyOptions createKeyOptions)
Creates a new
key and stores it in the key vault. |
Mono<KeyVaultKey> |
createOctKey(CreateOctKeyOptions createOctKeyOptions)
Creates and stores a new
symmetric key in the key vault. |
Mono<com.azure.core.http.rest.Response<KeyVaultKey>> |
createOctKeyWithResponse(CreateOctKeyOptions createOctKeyOptions)
Creates and stores a new
symmetric key in the key vault. |
Mono<KeyVaultKey> |
createRsaKey(CreateRsaKeyOptions createRsaKeyOptions)
/**
Creates a new
RSA key and stores it in the key vault. |
Mono<com.azure.core.http.rest.Response<KeyVaultKey>> |
createRsaKeyWithResponse(CreateRsaKeyOptions createRsaKeyOptions)
Creates a new
RSA key and stores it in the key vault. |
Mono<DeletedKey> |
getDeletedKey(String name)
Gets the public part of a
deleted key. |
Mono<com.azure.core.http.rest.Response<DeletedKey>> |
getDeletedKeyWithResponse(String name)
Gets the public part of a
deleted key. |
Mono<KeyVaultKey> |
getKey(String name)
Gets the public part of the specified
key and key version. |
Mono<KeyVaultKey> |
getKey(String name,
String version)
Gets the public part of the specified
key and key version. |
Mono<com.azure.core.http.rest.Response<KeyVaultKey>> |
getKeyWithResponse(String name,
String version)
Gets the public part of the specified
key and key version. |
String |
getVaultUrl()
Get the vault endpoint url to which service requests are sent to.
|
Mono<KeyVaultKey> |
importKey(ImportKeyOptions importKeyOptions)
Imports an externally created
key and stores it in the key vault. |
Mono<KeyVaultKey> |
importKey(String name,
JsonWebKey keyMaterial)
Imports an externally created
key and stores it in the key vault. |
Mono<com.azure.core.http.rest.Response<KeyVaultKey>> |
importKeyWithResponse(ImportKeyOptions importKeyOptions)
Imports an externally created
key and stores it in the key vault. |
com.azure.core.http.rest.PagedFlux<DeletedKey> |
listDeletedKeys()
Lists
deleted keys of the key vault. |
com.azure.core.http.rest.PagedFlux<KeyProperties> |
listPropertiesOfKeys()
List
keys in the key vault. |
com.azure.core.http.rest.PagedFlux<KeyProperties> |
listPropertiesOfKeyVersions(String name)
List all versions of the specified
keys. |
Mono<Void> |
purgeDeletedKey(String name)
Permanently deletes the specified
key without the possibility of recovery. |
Mono<com.azure.core.http.rest.Response<Void>> |
purgeDeletedKeyWithResponse(String name)
Permanently deletes the specified
key without the possibility of recovery. |
Mono<KeyVaultKey> |
restoreKeyBackup(byte[] backup)
Restores a backed up
key to a vault. |
Mono<com.azure.core.http.rest.Response<KeyVaultKey>> |
restoreKeyBackupWithResponse(byte[] backup)
Restores a backed up
key to a vault. |
Mono<KeyVaultKey> |
updateKeyProperties(KeyProperties keyProperties,
KeyOperation... keyOperations)
Updates the
attributes and key operations associated with the
specified key, but not the cryptographic key material of the specified
key in the key vault. |
Mono<com.azure.core.http.rest.Response<KeyVaultKey>> |
updateKeyPropertiesWithResponse(KeyProperties keyProperties,
KeyOperation... keyOperations)
Updates the
attributes and key operations associated with the
specified key, but not the cryptographic key material of the specified
key in the key vault. |
public String getVaultUrl()
public Mono<KeyVaultKey> createKey(String name, KeyType keyType)
key and stores it in the key vault. The create key operation can be used to
create any keyType in Azure Key Vault. If a key with the provided name
already exists, Azure Key Vault creates a new version of the key. It requires the
keys/create permission.
The keyType indicates the type of key to create. Possible values include:
EC, EC-HSM, RSA, RSA-HSM,
OCT and OCT-HSM.
Code Samples
Creates a new EC key. Subscribes to the call asynchronously and prints out the newly
created key details when a response has been received.
keyAsyncClient.createKey("keyName", KeyType.EC)
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(key ->
System.out.printf("Created key with name: %s and id: %s %n", key.getName(),
key.getId()));
name - The name of the key being created.keyType - The type of key to create. For valid values, see KeyType.Mono containing the created key.com.azure.core.exception.HttpResponseException - If name is an empty string.NullPointerException - If name or keyType are null.public Mono<com.azure.core.http.rest.Response<KeyVaultKey>> createKeyWithResponse(CreateKeyOptions createKeyOptions)
key and stores it in the key vault. The create key operation can be used to
create any keyType in Azure Key Vault. If a key with the provided name
already exists, Azure Key Vault creates a new version of the key. It requires the
keys/create permission.
The keyType indicates the type of key to create. Possible values include:
EC, EC-HSM, RSA, RSA-HSM,
OCT and OCT-HSM.
Code Samples
Creates a new EC key. Subscribes to the call asynchronously and prints out the newly
created key details when a response has been received.
CreateKeyOptions createKeyOptions = new CreateKeyOptions("keyName", KeyType.RSA)
.setNotBefore(OffsetDateTime.now().plusDays(1))
.setExpiresOn(OffsetDateTime.now().plusYears(1));
keyAsyncClient.createKeyWithResponse(createKeyOptions)
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(createKeyResponse ->
System.out.printf("Created key with name: %s and: id %s%n", createKeyResponse.getValue().getName(),
createKeyResponse.getValue().getId()));
createKeyOptions - The options object containing information about the
key being created.Mono containing a Response whose value contains the
created key.com.azure.core.exception.HttpResponseException - If CreateKeyOptions.getName() is an empty string.NullPointerException - If name or keyType are null.com.azure.core.exception.ResourceModifiedException - If createKeyOptions is malformed.public Mono<KeyVaultKey> createKey(CreateKeyOptions createKeyOptions)
key and stores it in the key vault. The create key operation can be used to
create any keyType in Azure Key Vault. If a key with the provided name
already exists, Azure Key Vault creates a new version of the key. It requires the
keys/create permission.
The CreateKeyOptions parameter is required. The expires and
notBefore values are optional. The
enabled field is set to true by Azure Key Vault, if not specified.
The keyType indicates the type of key to create.
Possible values include: EC, EC-HSM, RSA,
RSA-HSM, OCT and OCT-HSM.
Code Samples
Creates a new RSA key which activates in one day and expires in one year. Subscribes to
the call asynchronously and prints out the newly created key details when a response has been
received.
CreateKeyOptions createKeyOptions = new CreateKeyOptions("keyName", KeyType.RSA)
.setNotBefore(OffsetDateTime.now().plusDays(1))
.setExpiresOn(OffsetDateTime.now().plusYears(1));
keyAsyncClient.createKey(createKeyOptions)
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(key ->
System.out.printf("Created key with name: %s and id: %s %n", key.getName(),
key.getId()));
createKeyOptions - The options object containing information about the
key being created.Mono containing the created key.com.azure.core.exception.HttpResponseException - If CreateKeyOptions.getName() is an empty string.NullPointerException - If createKeyOptions is null.com.azure.core.exception.ResourceModifiedException - If createKeyOptions is malformed.public Mono<KeyVaultKey> createRsaKey(CreateRsaKeyOptions createRsaKeyOptions)
RSA key and stores it in the key vault. The create RSA key operation can be
used to create any RSA key type in Azure Key Vault. If a key with the provided name already
exists, Azure Key Vault creates a new version of the key. It requires the
keys/create permission.
The CreateRsaKeyOptions parameter is required. The keySize
can be optionally specified. The expires and
notBefore values are optional. The
enabled field is set to true by Azure Key Vault, if not
specified.
The keyType indicates the type of key to create.
Possible values include: RSA and RSA-HSM.
Code Samples
Creates a new RSA key with size 2048 which activates in one day and expires in one year.
Subscribes to the call asynchronously and prints out the newly created key details when a
response has been received.
CreateRsaKeyOptions createRsaKeyOptions = new CreateRsaKeyOptions("keyName")
.setKeySize(2048)
.setNotBefore(OffsetDateTime.now().plusDays(1))
.setExpiresOn(OffsetDateTime.now().plusYears(1));
keyAsyncClient.createRsaKey(createRsaKeyOptions)
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(rsaKey ->
System.out.printf("Created key with name: %s and id: %s %n", rsaKey.getName(),
rsaKey.getId()));
createRsaKeyOptions - The options object containing information about the
RSA key being created.Mono containing the created key.com.azure.core.exception.HttpResponseException - If CreateKeyOptions.getName() is an empty string.NullPointerException - If createRsaKeyOptions is null.com.azure.core.exception.ResourceModifiedException - If createRsaKeyOptions is malformed.public Mono<com.azure.core.http.rest.Response<KeyVaultKey>> createRsaKeyWithResponse(CreateRsaKeyOptions createRsaKeyOptions)
RSA key and stores it in the key vault. The create RSA key operation can be
used to create any RSA key type in Azure Key Vault. If a key with the provided name already
exists, Azure Key Vault creates a new version of the key. It requires the
keys/create permission.
The CreateRsaKeyOptions parameter is required. The keySize
can be optionally specified. The expires and
notBefore values are optional. The
enabled field is set to true by Azure Key Vault, if not
specified.
The keyType indicates the type of key to create.
Possible values include: RSA and RSA-HSM.
Code Samples
Creates a new RSA key with size 2048 which activates in one day and expires in one year.
Subscribes to the call asynchronously and prints out the newly created key details when a
response has been received.
CreateRsaKeyOptions createRsaKeyOptions = new CreateRsaKeyOptions("keyName")
.setKeySize(2048)
.setNotBefore(OffsetDateTime.now().plusDays(1))
.setExpiresOn(OffsetDateTime.now().plusYears(1));
keyAsyncClient.createRsaKeyWithResponse(createRsaKeyOptions)
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(createRsaKeyResponse ->
System.out.printf("Created key with name: %s and: id %s%n", createRsaKeyResponse.getValue().getName(),
createRsaKeyResponse.getValue().getId()));
createRsaKeyOptions - The options object containing information about the
RSA key being created.Mono containing a Response whose value contains the
created key.com.azure.core.exception.HttpResponseException - If CreateKeyOptions.getName() is an empty string.NullPointerException - If createRsaKeyOptions is null.com.azure.core.exception.ResourceModifiedException - If createRsaKeyOptions is malformed.public Mono<KeyVaultKey> createEcKey(CreateEcKeyOptions createEcKeyOptions)
EC key and stores it in the key vault. The create EC key operation can be
used to create any EC key type in Azure Key Vault. If a key with the
provided name already exists, Azure Key Vault creates a new version of the key. It requires
the keys/create permission.
The CreateEcKeyOptions parameter is required. The key curve
can be optionally specified. If not specified, the default value P-256 is used by
Azure Key Vault. The expires and
notBefore values are optional. The
enabled field is set to true by Azure Key Vault, if not specified.
The keyType indicates the type of KeyVaultKey key to create.
Possible values include: EC and EC-HSM.
Code Samples
Creates a new EC key with a P-384 web key curve. The key
activates in one day and expires in one year. Subscribes to the call asynchronously and prints out the newly
created key details when a response has been received.
CreateEcKeyOptions createEcKeyOptions = new CreateEcKeyOptions("keyName")
.setCurveName(KeyCurveName.P_384)
.setNotBefore(OffsetDateTime.now().plusDays(1))
.setExpiresOn(OffsetDateTime.now().plusYears(1));
keyAsyncClient.createEcKey(createEcKeyOptions)
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(ecKey ->
System.out.printf("Created key with name: %s and id: %s %n", ecKey.getName(),
ecKey.getId()));
createEcKeyOptions - The options object containing information about the
EC key being created.Mono containing the created key.com.azure.core.exception.HttpResponseException - If CreateKeyOptions.getName() is an empty string.NullPointerException - If ecKeyCreateOptions is null.com.azure.core.exception.ResourceModifiedException - If ecKeyCreateOptions is malformed.public Mono<com.azure.core.http.rest.Response<KeyVaultKey>> createEcKeyWithResponse(CreateEcKeyOptions createEcKeyOptions)
EC key and stores it in the key vault. The create EC key operation can be
used to create any EC key type in Azure Key Vault. If a key with the
provided name already exists, Azure Key Vault creates a new version of the key. It requires
the keys/create permission.
The CreateEcKeyOptions parameter is required. The key curve
can be optionally specified. If not specified, the default value P-256 is used by
Azure Key Vault. The expires and
notBefore values are optional. The
enabled field is set to true by Azure Key Vault, if not
specified.
The keyType indicates the type of KeyVaultKey key to create.
Possible values include: EC and EC-HSM.
Code Samples
Creates a new EC key with a P-384 web key curve. The key
activates in one day and expires in one year. Subscribes to the call asynchronously and prints out the newly
created key details when a response has been received.
CreateEcKeyOptions createEcKeyOptions = new CreateEcKeyOptions("keyName")
.setCurveName(KeyCurveName.P_384)
.setNotBefore(OffsetDateTime.now().plusDays(1))
.setExpiresOn(OffsetDateTime.now().plusYears(1));
keyAsyncClient.createEcKeyWithResponse(createEcKeyOptions)
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(createEcKeyResponse ->
System.out.printf("Created key with name: %s and: id %s%n", createEcKeyResponse.getValue().getName(),
createEcKeyResponse.getValue().getId()));
createEcKeyOptions - The options object containing information about the
EC key being created.Mono containing a Response whose value contains the
created key.com.azure.core.exception.HttpResponseException - If CreateKeyOptions.getName() is an empty string.NullPointerException - If ecKeyCreateOptions is null.com.azure.core.exception.ResourceModifiedException - If ecKeyCreateOptions is malformed.public Mono<KeyVaultKey> createOctKey(CreateOctKeyOptions createOctKeyOptions)
symmetric key in the key vault. If a key with
the provided name already exists, Azure Key Vault creates a new version of the key. This operation requires
the keys/create permission.
The CreateOctKeyOptions parameter is required. The expires
and notBefore values are optional. The
enabled field is set to true by Azure Key Vault, if not
specified.
The keyType indicates the type of KeyVaultKey key to create.
Possible values include: OCT and OCT-HSM.
Code Samples
Creates a new symmetric key. The key activates in one day and expires
in one year. Subscribes to the call asynchronously and prints out the details of the newly
created key when a response has been received.
CreateOctKeyOptions createOctKeyOptions = new CreateOctKeyOptions("keyName")
.setNotBefore(OffsetDateTime.now().plusDays(1))
.setExpiresOn(OffsetDateTime.now().plusYears(1));
keyAsyncClient.createOctKey(createOctKeyOptions)
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(octKey ->
System.out.printf("Created key with name: %s and id: %s %n", octKey.getName(),
octKey.getId()));
createOctKeyOptions - The options object containing information about the
symmetric key being created.Mono containing the created key.com.azure.core.exception.HttpResponseException - If CreateKeyOptions.getName() is an empty string.NullPointerException - If ecKeyCreateOptions is null.com.azure.core.exception.ResourceModifiedException - If ecKeyCreateOptions is malformed.public Mono<com.azure.core.http.rest.Response<KeyVaultKey>> createOctKeyWithResponse(CreateOctKeyOptions createOctKeyOptions)
symmetric key in the key vault. If a key with
the provided name already exists, Azure Key Vault creates a new version of the key. This operation requires
the keys/create permission.
The CreateOctKeyOptions parameter is required. The expires
and notBefore values are optional. The
enabled field is set to true by Azure Key Vault, if not
specified.
The keyType indicates the type of KeyVaultKey key to create.
Possible values include: OCT and OCT-HSM.
Code Samples
Creates a new symmetric key. The key activates in one day and expires
in one year. Subscribes to the call asynchronously and prints out the details of the newly
created key when a response has been received.
CreateOctKeyOptions createOctKeyOptions = new CreateOctKeyOptions("keyName")
.setNotBefore(OffsetDateTime.now().plusDays(1))
.setExpiresOn(OffsetDateTime.now().plusYears(1));
keyAsyncClient.createOctKeyWithResponse(createOctKeyOptions)
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(createOctKeyResponse ->
System.out.printf("Created key with name: %s and: id %s%n", createOctKeyResponse.getValue().getName(),
createOctKeyResponse.getValue().getId()));
createOctKeyOptions - The options object containing information about the
symmetric key being created.Mono containing a Response whose value contains the
created key.com.azure.core.exception.HttpResponseException - If CreateKeyOptions.getName() is an empty string.NullPointerException - If createOctKeyOptions is null.com.azure.core.exception.ResourceModifiedException - If createOctKeyOptions is malformed.public Mono<KeyVaultKey> importKey(String name, JsonWebKey keyMaterial)
key and stores it in the key vault. The import key operation
may be used to import any key type into Azure Key Vault. If a key with
the provided name already exists, Azure Key Vault creates a new version of the key. This
operation requires the keys/import permission.
Code Samples
Imports a new key into key vault. Subscribes to the call asynchronously and prints out the
newly imported key details when a response has been received.
keyAsyncClient.importKey("keyName", jsonWebKeyToImport)
.subscribe(keyVaultKey ->
System.out.printf("Imported key with name: %s and id: %s%n", keyVaultKey.getName(),
keyVaultKey.getId()));
name - The name for the imported key.keyMaterial - The Json web key being imported.Mono containing a Response whose value contains the
imported key.com.azure.core.exception.HttpResponseException - If name is an empty string.public Mono<KeyVaultKey> importKey(ImportKeyOptions importKeyOptions)
key and stores it in the key vault. The import key operation
may be used to import any key type into Azure Key Vault. If a key with
the provided name already exists, Azure Key Vault creates a new version of the key. This
operation requires the keys/import permission.
ImportKeyOptions is required and its fields name and
key material cannot be null. The
expires and notBefore values
in keyImportOptions are optional. If not specified, no values are set for the fields. The
enabled field is set to true and the
hsm field is set to false by Azure Key Vault, if they are
not specified.
Code Samples
Imports a new key into key vault. Subscribes to the call asynchronously and prints out the
newly imported key details when a response has been received.
ImportKeyOptions options = new ImportKeyOptions("keyName", jsonWebKeyToImport)
.setHardwareProtected(false);
keyAsyncClient.importKey(options).subscribe(keyVaultKey ->
System.out.printf("Imported key with name: %s and id: %s%n", keyVaultKey.getName(), keyVaultKey.getId()));
importKeyOptions - The options object containing information about the
JsonWebKey being imported.Mono containing the imported key.com.azure.core.exception.HttpResponseException - If KeyProperties.getName() is an empty string.NullPointerException - If importKeyOptions is null.public Mono<com.azure.core.http.rest.Response<KeyVaultKey>> importKeyWithResponse(ImportKeyOptions importKeyOptions)
key and stores it in the key vault. The import key operation
may be used to import any key type into Azure Key Vault. If a key with
the provided name already exists, Azure Key Vault creates a new version of the key. This
operation requires the keys/import permission.
ImportKeyOptions is required and its fields name and
key material cannot be null. The
expires and notBefore values
in keyImportOptions are optional. If not specified, no values are set for the fields. The
enabled field is set to true and the
hsm field is set to false by Azure Key Vault, if they are
not specified.
Code Samples
Imports a new key into key vault. Subscribes to the call asynchronously and prints out the
newly imported key details when a response has been received.
ImportKeyOptions importKeyOptions = new ImportKeyOptions("keyName", jsonWebKeyToImport)
.setHardwareProtected(false);
keyAsyncClient.importKeyWithResponse(importKeyOptions).subscribe(response ->
System.out.printf("Imported key with name: %s and id: %s%n", response.getValue().getName(),
response.getValue().getId()));
importKeyOptions - The options object containing information about the
JsonWebKey being imported.Mono containing a Response whose value contains the
imported key.com.azure.core.exception.HttpResponseException - If KeyProperties.getName() is an empty string.NullPointerException - If importKeyOptions is null.public Mono<KeyVaultKey> getKey(String name, String version)
key and key version. The get key operation is
applicable to all key types and it requires the keys/get permission.
Code Samples
Gets a specific version of the key in the key vault. Subscribes to the call asynchronously
and prints out the retrieved key details when a response has been received.
String keyVersion = "6A385B124DEF4096AF1361A85B16C204";
keyAsyncClient.getKey("keyName", keyVersion)
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(key ->
System.out.printf("Created key with name: %s and: id %s%n", key.getName(),
key.getId()));
name - The name of the key, cannot be null.version - The version of the key to retrieve. If this is an empty String or null, this call is
equivalent to calling KeyAsyncClient.getKey(String), with the latest version being retrieved.Mono containing the requested key.
The content of the key is null if both name and version are null or empty.com.azure.core.exception.HttpResponseException - If a valid name and a non null/empty version is specified.com.azure.core.exception.ResourceNotFoundException - When a key with the provided name doesn't exist in
the key vault or an empty/null name and a non-null/empty version is provided.public Mono<com.azure.core.http.rest.Response<KeyVaultKey>> getKeyWithResponse(String name, String version)
key and key version. The get key operation is
applicable to all key types and it requires the keys/get permission.
Code Samples
Gets a specific version of the key in the key vault. Subscribes to the call asynchronously
and prints out the retrieved key details when a response has been received.
String keyVersion = "6A385B124DEF4096AF1361A85B16C204";
keyAsyncClient.getKeyWithResponse("keyName", keyVersion)
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(getKeyResponse ->
System.out.printf("Created key with name: %s and: id %s%n",
getKeyResponse.getValue().getName(), getKeyResponse.getValue().getId()));
name - The name of the key, cannot be null.version - The version of the key to retrieve. If this is an empty String or null, this call is
equivalent to calling KeyAsyncClient.getKey(String), with the latest version being retrieved.Mono containing a Response whose value contains the
requested key. The content of the key is null if both name and
version are null or empty.com.azure.core.exception.HttpResponseException - If a valid name and a non-null/empty version is specified.com.azure.core.exception.ResourceNotFoundException - When a key with the provided name doesn't exist in
the key vault or an empty/null name and a non-null/empty version is provided.public Mono<KeyVaultKey> getKey(String name)
key and key version. The get key operation is
applicable to all key types and it requires the keys/get permission.
Code Samples
Gets a specific version of the key in the key vault. Subscribes to the call asynchronously
and prints out the retrieved key details when a response has been received.
keyAsyncClient.getKey("keyName")
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(key ->
System.out.printf("Created key with name: %s and: id %s%n", key.getName(),
key.getId()));
name - The name of the key, cannot be null.Mono containing the requested key. The content of the key is null
if name is null or empty.com.azure.core.exception.HttpResponseException - If a valid name and a non-null/empty version is specified.com.azure.core.exception.ResourceNotFoundException - When a key with the provided name doesn't exist in
the key vault or an empty/null name and a non-null/empty version is provided.public Mono<com.azure.core.http.rest.Response<KeyVaultKey>> updateKeyPropertiesWithResponse(KeyProperties keyProperties, KeyOperation... keyOperations)
attributes and key operations associated with the
specified key, but not the cryptographic key material of the specified
key in the key vault. The update operation changes specified
attributes of an existing stored key and
attributes that are not specified in the request are left unchanged. The cryptographic
key material of a key itself cannot be changed. This operation requires the
keys/set permission.
Code Samples
Gets latest version of the key, changes its notBefore time and then updates it in the
Azure Key Vault. Subscribes to the call asynchronously and prints out the returned key
details when a response has been received.
keyAsyncClient.getKey("keyName")
.subscribe(getKeyResponse -> {
//Update the not before time of the key.
getKeyResponse.getProperties().setNotBefore(OffsetDateTime.now().plusDays(50));
keyAsyncClient.updateKeyPropertiesWithResponse(getKeyResponse.getProperties(), KeyOperation.ENCRYPT,
KeyOperation.DECRYPT)
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(updateKeyResponse ->
System.out.printf("Updated key's \"not before time\": %s%n",
updateKeyResponse.getValue().getProperties().getNotBefore().toString()));
});
keyProperties - The key properties object with updated properties.keyOperations - The updated key operations to associate with the key.Mono containing a Response whose value contains the
updated key.com.azure.core.exception.HttpResponseException - If name or
version is an empty string.NullPointerException - If key is null.com.azure.core.exception.ResourceNotFoundException - When a key with name and
version doesn't exist in the key vault.public Mono<KeyVaultKey> updateKeyProperties(KeyProperties keyProperties, KeyOperation... keyOperations)
attributes and key operations associated with the
specified key, but not the cryptographic key material of the specified
key in the key vault. The update operation changes specified
attributes of an existing stored key and
attributes that are not specified in the request are left unchanged. The cryptographic
key material of a key itself cannot be changed. This operation requires the
keys/set permission.
Code Samples
Gets latest version of the key, changes its notBefore time and then updates it in the
Azure Key Vault. Subscribes to the call asynchronously and prints out the returned key
details when a response has been received.
keyAsyncClient.getKey("keyName")
.subscribe(key -> {
//Update the not before time of the key.
key.getProperties().setNotBefore(OffsetDateTime.now().plusDays(50));
keyAsyncClient.updateKeyProperties(key.getProperties(), KeyOperation.ENCRYPT,
KeyOperation.DECRYPT)
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(updatedKey ->
System.out.printf("Updated key's \"not before time\": %s%n",
updatedKey.getProperties().getNotBefore().toString()));
});
keyProperties - The key properties object with updated properties.keyOperations - The updated key operations to associate with the key.Mono containing the updated key.com.azure.core.exception.HttpResponseException - If name or
version is an empty string.NullPointerException - If key is null.com.azure.core.exception.ResourceNotFoundException - When a key with name and
version doesn't exist in the key vault.public com.azure.core.util.polling.PollerFlux<DeletedKey,Void> beginDeleteKey(String name)
key of any type from the key vault. If soft-delete is enabled on the key vault then
the key is placed in the deleted state and requires to be purged for permanent deletion
else the key is permanently deleted. The delete operation applies to any
key stored in Azure Key Vault but it cannot be applied to an individual version
of a key. This operation removes the cryptographic material associated with the
key, which means the key is not usable for Sign/Verify,
Wrap/Unwrap or Encrypt/Decrypt operations. This operation requires the keys/delete
permission.
Code Samples
Deletes the key in the Azure Key Vault. Subscribes to the call asynchronously and prints
out the deleted key details when a response has been received.
keyAsyncClient.beginDeleteKey("keyName")
.subscribe(pollResponse -> {
System.out.printf("Deletion status: %s%n", pollResponse.getStatus());
System.out.printf("Key name: %s%n", pollResponse.getValue().getName());
System.out.printf("Key delete date: %s%n", pollResponse.getValue().getDeletedOn());
});
name - The name of the key to be deleted.PollerFlux to poll on the deleted key status.com.azure.core.exception.HttpResponseException - When a key with name is an empty string.com.azure.core.exception.ResourceNotFoundException - When a key with name doesn't exist in the key vault.public Mono<DeletedKey> getDeletedKey(String name)
deleted key. The get deleted Key operation is applicable for
soft-delete enabled vaults. This operation requires the keys/get permission.
Code Samples
Gets the deleted key from the key vault enabled for soft-delete. Subscribes to the call
asynchronously and prints out the deleted key details when a response has been received.
keyAsyncClient.getDeletedKey("keyName")
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(deletedKey ->
System.out.printf("Deleted key's recovery id:%s%n", deletedKey.getRecoveryId()));
name - The name of the deleted key.Mono containing the deleted key.com.azure.core.exception.HttpResponseException - When a key with name is an empty string.com.azure.core.exception.ResourceNotFoundException - When a key with name doesn't exist in the key vault.public Mono<com.azure.core.http.rest.Response<DeletedKey>> getDeletedKeyWithResponse(String name)
deleted key. The get deleted Key operation is applicable for
soft-delete enabled vaults. This operation requires the keys/get permission.
Code Samples
Gets the deleted key from the key vault enabled for soft-delete. Subscribes to the call
asynchronously and prints out the deleted key details when a response has been received.
keyAsyncClient.getDeletedKeyWithResponse("keyName")
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(getDeletedKeyResponse ->
System.out.printf("Deleted key's recovery id: %s%n", getDeletedKeyResponse.getValue().getRecoveryId()));
name - The name of the deleted key.Mono containing a Response whose value contains the
deleted key.com.azure.core.exception.HttpResponseException - When a key with name is an empty string.com.azure.core.exception.ResourceNotFoundException - When a key with name doesn't exist in the key vault.public Mono<Void> purgeDeletedKey(String name)
key without the possibility of recovery. The purge
deleted key operation is applicable for soft-delete enabled vaults. This operation requires the
keys/purge permission.
Code Samples
Purges the deleted key from the key vault enabled for soft-delete. Subscribes to the call
asynchronously and prints out the status code from the server response when a response has been received.
keyAsyncClient.purgeDeletedKey("deletedKeyName")
.subscribe(ignored ->
System.out.println("Successfully purged deleted key"));
name - The name of the deleted key.Mono.com.azure.core.exception.HttpResponseException - When a key with name is an empty string.com.azure.core.exception.ResourceNotFoundException - When a key with name doesn't exist in the key vault.public Mono<com.azure.core.http.rest.Response<Void>> purgeDeletedKeyWithResponse(String name)
key without the possibility of recovery. The purge
deleted key operation is applicable for soft-delete enabled vaults. This operation requires the
keys/purge permission.
Code Samples
Purges the deleted key from the key vault enabled for soft-delete. Subscribes to the call
asynchronously and prints out the status code from the server response when a response has been received.
keyAsyncClient.purgeDeletedKeyWithResponse("deletedKeyName")
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(purgeDeletedKeyResponse ->
System.out.printf("Purge response status code: %d%n", purgeDeletedKeyResponse.getStatusCode()));
name - The name of the deleted key.Mono containing a Response containing status code and HTTP headers.com.azure.core.exception.HttpResponseException - When a key with name is an empty string.com.azure.core.exception.ResourceNotFoundException - When a key with name doesn't exist in the key vault.public com.azure.core.util.polling.PollerFlux<KeyVaultKey,Void> beginRecoverDeletedKey(String name)
deleted key in the key vault to its latest version and can only be performed
on a soft-delete enabled vault. An attempt to recover an non-deleted key will return an
error. Consider this the inverse of the delete operation on soft-delete enabled vaults. This operation
requires the keys/recover permission.
Code Samples
Recovers the deleted key from the key vault enabled for soft-delete. Subscribes to the
call asynchronously and prints out the recovered key details when a response has been received.
keyAsyncClient.beginRecoverDeletedKey("deletedKeyName")
.subscribe(pollResponse -> {
System.out.printf("Recovery status: %s%n", pollResponse.getStatus());
System.out.printf("Key name: %s%n", pollResponse.getValue().getName());
System.out.printf("Key type: %s%n", pollResponse.getValue().getKeyType());
});
name - The name of the deleted key to be recovered.PollerFlux to poll on the recovered key status.com.azure.core.exception.HttpResponseException - When a key with name is an empty string.com.azure.core.exception.ResourceNotFoundException - When a key with name doesn't exist in the key vault.public Mono<byte[]> backupKey(String name)
key be downloaded to the client. The key backup
operation exports a key from Azure Key Vault in a protected form. Note that this operation
does not return key material in a form that can be used outside the Azure Key Vault system, the returned key
material is either protected to a Azure Key Vault HSM or to Azure Key Vault itself. The intent of this
operation is to allow a client to generate a key in one Azure Key Vault instance, backup the
key, and then restore it into another Azure Key Vault instance. The backup operation may
be used to export, in protected form, any key type from Azure Key Vault. Individual versions
of a key cannot be backed up. Backup/Restore can be performed within geographical
boundaries only; meaning that a backup from one geographical area cannot be restored to another geographical
area. For example, a backup from the US geographical area cannot be restored in an EU geographical area. This
operation requires the key/backup permission.
Code Samples
Backs up the key from the key vault. Subscribes to the call asynchronously and prints out
the length of the key's backup byte array returned in the response.
keyAsyncClient.backupKey("keyName")
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(bytes ->
System.out.printf("Key backup byte array length: %s%n", bytes.length));
public Mono<com.azure.core.http.rest.Response<byte[]>> backupKeyWithResponse(String name)
key be downloaded to the client. The key backup
operation exports a key from Azure Key Vault in a protected form. Note that this operation
does not return key material in a form that can be used outside the Azure Key Vault system, the returned key
material is either protected to a Azure Key Vault HSM or to Azure Key Vault itself. The intent of this
operation is to allow a client to generate a key in one Azure Key Vault instance, backup the
key, and then restore it into another Azure Key Vault instance. The backup operation may
be used to export, in protected form, any key type from Azure Key Vault. Individual versions
of a key cannot be backed up. Backup/Restore can be performed within geographical
boundaries only; meaning that a backup from one geographical area cannot be restored to another geographical
area. For example, a backup from the US geographical area cannot be restored in an EU geographical area. This
operation requires the key/backup permission.
Code Samples
Backs up the key from the key vault. Subscribes to the call asynchronously and prints out
the length of the key's backup byte array returned in the response.
keyAsyncClient.backupKeyWithResponse("keyName")
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(backupKeyResponse ->
System.out.printf("Key backup byte array length: %s%n", backupKeyResponse.getValue().length));
name - The name of the key.Mono containing a Response whose value contains the backed up
key blob.com.azure.core.exception.ResourceNotFoundException - When a key with name doesn't exist in the key vault.com.azure.core.exception.HttpResponseException - When a key with name is an empty string.public Mono<KeyVaultKey> restoreKeyBackup(byte[] backup)
key to a vault. Imports a previously backed up key
into Azure Key Vault, restoring the key, its key identifier, attributes and access control
policies. The restore operation may be used to import a previously backed up key. Individual
versions of a key cannot be restored. The key is restored in its entirety
with the same key name as it had when it was backed up. If the key name is not available in the target key vault,
the restore operation will be rejected. While the key name is retained during restore, the final key identifier
will change if the key is restored to a different vault. Restore will restore all versions
and preserve version identifiers. The restore operation is subject to security constraints: The target key
vault must be owned by the same Microsoft Azure Subscription as the source key vault. The user must have
the restore permission in the target key vault. This operation requires the keys/restore
permission.
Code Samples
Restores the key in the key vault from its backup. Subscribes to the call asynchronously
and prints out the restored key details when a response has been received.
keyAsyncClient.restoreKeyBackup(keyBackupByteArray)
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(restoreKeyResponse ->
System.out.printf("Restored key with name: %s and: id %s%n", restoreKeyResponse.getName(),
restoreKeyResponse.getId()));
backup - The backup blob associated with the key.Mono containing the restored key.com.azure.core.exception.ResourceModifiedException - When backup blob is malformed.public Mono<com.azure.core.http.rest.Response<KeyVaultKey>> restoreKeyBackupWithResponse(byte[] backup)
key to a vault. Imports a previously backed up key
into Azure Key Vault, restoring the key, its key identifier, attributes and access control
policies. The restore operation may be used to import a previously backed up key. Individual
versions of a key cannot be restored. The key is restored in its entirety
with the same key name as it had when it was backed up. If the key name is not available in the target key vault,
the restore operation will be rejected. While the key name is retained during restore, the final key identifier
will change if the key is restored to a different vault. Restore will restore all versions
and preserve version identifiers. The restore operation is subject to security constraints: The target key
vault must be owned by the same Microsoft Azure Subscription as the source key vault. The user must have
the restore permission in the target key vault. This operation requires the keys/restore
permission.
Code Samples
Restores the key in the key vault from its backup. Subscribes to the call asynchronously
and prints out the restored key details when a response has been received.
keyAsyncClient.restoreKeyBackupWithResponse(keyBackupByteArray)
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(restoreKeyBackupResponse ->
System.out.printf("Restored key with name: %s and: id %s%n",
restoreKeyBackupResponse.getValue().getName(), restoreKeyBackupResponse.getValue().getId()));
backup - The backup blob associated with the key.Mono containing a Response whose value contains the
restored key.com.azure.core.exception.ResourceModifiedException - When backup blob is malformed.public com.azure.core.http.rest.PagedFlux<KeyProperties> listPropertiesOfKeys()
keys in the key vault. Retrieves a list of the keys in the key
vault as JsonWebKey structures that contain the public part of a stored key. The list
operation is applicable to all key types and the individual key response
in the list is represented by KeyProperties as only the key identifier, attributes and tags are
provided in the response. The key material and individual key versions are not listed in the response. This
operation requires the keys/list permission.
It is possible to get full keys with key material from this information. Convert the
Flux containing key properties to Flux containing
key using KeyAsyncClient.getKey(String, String) within
Flux.flatMap(Function).
keyAsyncClient.listPropertiesOfKeys()
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.flatMap(keyProperties -> keyAsyncClient.getKey(keyProperties.getName(), keyProperties.getVersion()))
.subscribe(key -> System.out.printf("Retrieved key with name: %s and type: %s%n",
key.getName(),
key.getKeyType()));
PagedFlux containing key of all the keys in the vault.public com.azure.core.http.rest.PagedFlux<DeletedKey> listDeletedKeys()
deleted keys of the key vault. The deleted keys are retrieved as
JsonWebKey structures that contain the public part of a deleted key. The get deleted
keys operation is applicable for vaults enabled for soft-delete. This operation requires the keys/list
permission.
Code Samples
Lists the deleted keys in the key vault. Subscribes to the call asynchronously and prints
out the recovery id of each deleted key when a response has been received.
keyAsyncClient.listDeletedKeys()
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.subscribe(deletedKey ->
System.out.printf("Deleted key's recovery id:%s%n", deletedKey.getRecoveryId()));
PagedFlux containing all of the deleted keys in the vault.public com.azure.core.http.rest.PagedFlux<KeyProperties> listPropertiesOfKeyVersions(String name)
keys. The individual key response in the flux is
represented by KeyProperties as only the key identifier, attributes and tags are provided in the
response. The key material values are not provided in the response. This operation requires the
keys/list permission.
It is possible to get the keys with key material of all the versions from this information. Convert the
Flux containing key properties to Flux containing
key using KeyAsyncClient.getKey(String, String) within
Flux.flatMap(Function).
keyAsyncClient.listPropertiesOfKeyVersions("keyName")
.contextWrite(Context.of("key1", "value1", "key2", "value2"))
.flatMap(keyProperties -> keyAsyncClient.getKey(keyProperties.getName(), keyProperties.getVersion()))
.subscribe(key ->
System.out.printf("Retrieved key version: %s with name: %s and type: %s%n",
key.getProperties().getVersion(), key.getName(), key.getKeyType()));
name - The name of the key.PagedFlux containing KeyProperties of all the versions of the specified
keys in the vault. Flux is empty if key with name does not exist in the key
vault.com.azure.core.exception.ResourceNotFoundException - When a given key name is null or an empty string.Visit the Azure for Java Developers site for more Java documentation, including quick starts, tutorials, and code samples.