com.azure.security.keyvault.certificates.package-info Maven / Gradle / Ivy
Show all versions of azure-security-keyvault-certificates Show documentation
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.
/**
* Azure Key Vault is a cloud-based service
* provided by Microsoft Azure that allows users to securely store and manage cryptographic certificates used for encrypting
* and decrypting data. It is a part of Azure Key Vault, which is a cloud-based service for managing cryptographic certificates,
* keys, and secrets.
*
* Azure Key Vault Certificates provides a centralized and highly secure location for storing certificates, which
* eliminates the need to store sensitive certificate material in application code or configuration files.
* By leveraging Azure Key Vault, you can better protect your certificates and ensure their availability
* when needed.
*
* Key features of the Azure Key Vault Certificates service include:
*
*
* - Secure storage: Certificates are stored securely within Azure Key Vault, which provides robust encryption
* and access control mechanisms to protect against unauthorized access.
* - Certificate lifecycle management: You can create, import, and manage certificates within Azure Key Vault.
* It supports common certificate formats such as X.509 and PFX.
* - Certificate management operations: Azure Key Vault provides a comprehensive set of management operations,
* including certificate creation, deletion, retrieval, renewal, and revocation.
* - Integration with Azure services: Key Vault Certificates can be easily integrated with other Azure services,
* such as Azure App Service, Azure Functions, and Azure Virtual Machines, to enable secure authentication
* and encryption.
*
*
* The Azure Key Vault Certificates client library allows developers to securely store and manage certificates
* within Azure Key Vault. The library provides a set of APIs that enable developers to securely create, import,
* retrieve, update, and perform other certificate-related operations.
*
* Key Concepts:
*
* What is a Certificate Client?
*
* The certificate client performs the interactions with the Azure Key Vault service for getting, setting, updating,
* deleting, and listing certificates and its versions. Asynchronous (CertificateAsyncClient) and synchronous (CertificateClient) clients
* exist in the SDK allowing for the selection of a client based on an application's use case. Once you have
* initialized a certificate, you can interact with the primary resource types in Azure Key Vault.
*
* What is an Azure Key Vault Certificate ?
*
* Azure Key Vault supports certificates with secret content types (PKCS12 and PEM). The certificate can be
* backed by keys in Azure Key Vault of types (EC and RSA). In addition to the certificate policy, the following
* attributes may be specified:.
*
*
* - enabled: Specifies whether the certificate is enabled and usable.
* - created: Indicates when this version of the certificate was created.
* - updated: Indicates when this version of the certificate was updated.
*
*
* Getting Started
*
* In order to interact with the Azure Key Vault service, you will need to create an instance of the
* {@link com.azure.security.keyvault.certificates.CertificateClient} or {@link com.azure.security.keyvault.certificates.CertificateAsyncClient} class, a vault url and a credential object.
*
* The examples shown in this document use a credential object named DefaultAzureCredential for authentication,
* which is appropriate for most scenarios, including local development and production environments. Additionally,
* we recommend using a
*
* managed identity for authentication in production environments.
* You can find more information on different ways of authenticating and their corresponding credential types in the
*
* Azure Identity documentation".
*
* Sample: Construct Synchronous Certificate Client
*
* The following code sample demonstrates the creation of a {@link com.azure.security.keyvault.certificates.CertificateClient},
* using the {@link com.azure.security.keyvault.certificates.CertificateClientBuilder} to configure it.
*
*
*
* CertificateClient certificateClient = new CertificateClientBuilder()
* .credential(new DefaultAzureCredentialBuilder().build())
* .vaultUrl("<your-key-vault-url>")
* .httpLogOptions(new HttpLogOptions().setLogLevel(HttpLogDetailLevel.BODY_AND_HEADERS))
* .buildClient();
*
*
*
* Sample: Construct Asynchronous Certificate Client
*
* The following code sample demonstrates the creation of a
* {@link com.azure.security.keyvault.certificates.CertificateAsyncClient}, using the
* {@link com.azure.security.keyvault.certificates.CertificateClientBuilder} to configure it.
*
*
*
* CertificateAsyncClient certificateAsyncClient = new CertificateClientBuilder()
* .credential(new DefaultAzureCredentialBuilder().build())
* .vaultUrl("<your-key-vault-url>")
* .httpLogOptions(new HttpLogOptions().setLogLevel(HttpLogDetailLevel.BODY_AND_HEADERS))
* .buildAsyncClient();
*
*
*
*
*
*
*
* Create a Certificate
* The {@link com.azure.security.keyvault.certificates.CertificateClient} or
* {@link com.azure.security.keyvault.certificates.CertificateAsyncClient} can be used to create a certificate in
* the key vault.
*
* Synchronous Code Sample:
* The following code sample demonstrates how to synchronously create a certificate in the key vault,
* using the {@link com.azure.security.keyvault.certificates.CertificateClient#beginCreateCertificate(java.lang.String, com.azure.security.keyvault.certificates.models.CertificatePolicy)} API.
*
*
*
* CertificatePolicy certPolicy = new CertificatePolicy("Self",
* "CN=SelfSignedJavaPkcs12");
* SyncPoller<CertificateOperation, KeyVaultCertificateWithPolicy> certPoller = certificateClient
* .beginCreateCertificate("certificateName", certPolicy);
* certPoller.waitUntil(LongRunningOperationStatus.SUCCESSFULLY_COMPLETED);
* KeyVaultCertificate cert = certPoller.getFinalResult();
* System.out.printf("Certificate created with name %s%n", cert.getName());
*
*
*
* Note: For the asynchronous sample, refer to
* {@link com.azure.security.keyvault.certificates.CertificateAsyncClient}.
*
*
*
*
*
* Get a Certificate
* The {@link com.azure.security.keyvault.certificates.CertificateClient} or
* {@link com.azure.security.keyvault.certificates.CertificateAsyncClient} can be used to retrieve a certificate from the
* key vault.
*
* Synchronous Code Sample:
* The following code sample demonstrates how to synchronously retrieve a certificate from the key vault, using
* the {@link com.azure.security.keyvault.certificates.CertificateClient#getCertificate(java.lang.String)}.
*
*
*
* CertificatePolicy policy = certificateClient.getCertificatePolicy("certificateName");
* System.out.printf("Received policy with subject name %s%n", policy.getSubject());
*
*
*
* Note: For the asynchronous sample, refer to
* {@link com.azure.security.keyvault.certificates.CertificateAsyncClient}.
*
*
*
*
*
* Delete a Certificate
* The {@link com.azure.security.keyvault.certificates.CertificateClient} or
* {@link com.azure.security.keyvault.certificates.CertificateAsyncClient} can be used to delete a certificate from
* the key vault.
*
* Synchronous Code Sample:
* The following code sample demonstrates how to synchronously delete a certificate from the
* key vault, using the {@link com.azure.security.keyvault.certificates.CertificateClient#beginDeleteCertificate(java.lang.String)} API.
*
*
*
* SyncPoller<DeletedCertificate, Void> deleteCertPoller =
* certificateClient.beginDeleteCertificate("certificateName");
* // Deleted Certificate is accessible as soon as polling beings.
* PollResponse<DeletedCertificate> deleteCertPollResponse = deleteCertPoller.poll();
* System.out.printf("Deleted certificate with name %s and recovery id %s%n",
* deleteCertPollResponse.getValue().getName(), deleteCertPollResponse.getValue().getRecoveryId());
* deleteCertPoller.waitForCompletion();
*
*
*
* Note: For the asynchronous sample, refer to
* {@link com.azure.security.keyvault.certificates.CertificateAsyncClient}.
*
* @see com.azure.security.keyvault.certificates.CertificateClient
* @see com.azure.security.keyvault.certificates.CertificateAsyncClient
* @see com.azure.security.keyvault.certificates.CertificateClientBuilder
*/
package com.azure.security.keyvault.certificates;