com.azure.security.keyvault.secrets.package-info Maven / Gradle / Ivy
Show all versions of azure-security-keyvault-secrets Show documentation
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.
/**
* Azure Key Vault is a cloud-based service
* provided by Microsoft Azure that allows users to store, manage, and access secrets, such as passwords, certificates,
* and other sensitive information, securely in the cloud. The service provides a centralized and secure location for
* storing secrets, which can be accessed by authorized applications and users with appropriate permissions.
* Azure Key Vault Secrets offers several key features, including:
*
* - Secret management: It allows users to store, manage, and access secrets securely, and provides features such
* as versioning, backup, and restoration.
* - Access control: It offers
*
* role-based access control (RBAC) and enables users to grant specific permissions to access secrets to
* other users, applications, or services.
* - Integration with other Azure services: Azure Key Vault Secrets can be integrated with other Azure services,
* such as Azure App Service, Azure Functions, and Azure Virtual Machines, to simplify the process of securing
* sensitive information.
* - High availability and scalability: The service is designed to provide high availability and scalability,
* with the ability to handle large volumes of secrets and requests.
*
*
* The Azure Key Vault Secrets client library allows developers to interact with the Azure Key Vault service
* from their applications. The library provides a set of APIs that enable developers to securely store, manage, and
* retrieve secrets in a key vault, and supports operations such as creating, updating, deleting, and retrieving secrets.
*
* Key Concepts:
*
* What is a Secret Client?
* The secret client performs the interactions with the Azure Key Vault service for getting, setting, updating,
* deleting, and listing secrets and its versions. Asynchronous (SecretAsyncClient) and synchronous (SecretClient)
* clients exist in the SDK allowing for selection of a client based on an application's use case.
* Once you've initialized a secret, you can interact with the primary resource types in Key Vault.
*
* What is an Azure Key Vault Secret ?
* A secret is the fundamental resource within Azure Key Vault. From a developer's perspective, Key Vault APIs
* accept and return secret values as strings. In addition to the secret data, the following attributes may be
* specified:
*
*
* - enabled: Specifies whether the secret data can be retrieved.
* - notBefore: Identifies the time after which the secret will be active.
* - expires: Identifies the expiration time on or after which the secret data should not be retrieved.
* - created: Indicates when this version of the secret was created.
* - updated: Indicates when this version of the secret was updated.
*
*
* Getting Started
*
* In order to interact with the Azure Key Vault service, you will need to create an instance of the
* {@link com.azure.security.keyvault.secrets.SecretClient} or {@link com.azure.security.keyvault.secrets.SecretAsyncClient} class, a vault url and a credential object.
*
* The examples shown in this document use a credential object named DefaultAzureCredential for authentication,
* which is appropriate for most scenarios, including local development and production environments. Additionally,
* we recommend using a
*
* managed identity for authentication in production environments.
* You can find more information on different ways of authenticating and their corresponding credential types in the
*
* Azure Identity documentation".
*
* Sample: Construct Synchronous Secret Client
*
* The following code sample demonstrates the creation of a {@link com.azure.security.keyvault.secrets.SecretClient},
* using the {@link com.azure.security.keyvault.secrets.SecretClientBuilder} to configure it.
*
*
*
* SecretClient secretClient = new SecretClientBuilder()
* .credential(new DefaultAzureCredentialBuilder().build())
* .vaultUrl("<your-key-vault-url>")
* .buildClient();
*
*
*
* Sample: Construct Asynchronous Secret Client
*
* The following code sample demonstrates the creation of a
* {@link com.azure.security.keyvault.secrets.SecretAsyncClient}, using the
* {@link com.azure.security.keyvault.secrets.SecretClientBuilder} to configure it.
*
*
*
* SecretAsyncClient secretAsyncClient = new SecretClientBuilder()
* .credential(new DefaultAzureCredentialBuilder().build())
* .vaultUrl("<your-key-vault-url>")
* .buildAsyncClient();
*
*
*
*
*
* Create a Secret
* The {@link com.azure.security.keyvault.secrets.SecretClient} or
* {@link com.azure.security.keyvault.secrets.SecretAsyncClient} can be used to create a secret in the key vault.
*
* Synchronous Code Sample:
* The following code sample demonstrates how to synchronously create and store a secret in the key vault,
* using the {@link com.azure.security.keyvault.secrets.SecretClient#setSecret(java.lang.String, java.lang.String)} API.
*
*
*
*
* KeyVaultSecret secret = secretClient.setSecret("secretName", "secretValue");
* System.out.printf("Secret is created with name %s and value %s%n", secret.getName(), secret.getValue());
*
*
*
* Asynchronous Code Sample:
* The following code sample demonstrates how to asynchronously create and store a secret in the key vault,
* using the {@link com.azure.security.keyvault.secrets.SecretAsyncClient}.
*
* Note: For the asynchronous sample, refer to
* {@link com.azure.security.keyvault.secrets.SecretAsyncClient}.
*
*
*
* Get a Secret
* The {@link com.azure.security.keyvault.secrets.SecretClient} or
* {@link com.azure.security.keyvault.secrets.SecretAsyncClient} can be used to retrieve a secret from the
* key vault.
*
* Synchronous Code Sample:
* The following code sample demonstrates how to synchronously retrieve a previously stored secret from the
* key vault, using the {@link com.azure.security.keyvault.secrets.SecretClient#getSecret(java.lang.String)} API.
*
*
*
* KeyVaultSecret secret = secretClient.getSecret("secretName");
* System.out.printf("Secret is returned with name %s and value %s%n",
* secret.getName(), secret.getValue());
*
*
*
* Note: For the asynchronous sample, refer to
* {@link com.azure.security.keyvault.secrets.SecretAsyncClient}.
*
*
*
* Delete a Secret
* The {@link com.azure.security.keyvault.secrets.SecretClient} or
* {@link com.azure.security.keyvault.secrets.SecretAsyncClient} can be used to delete a secret from the
* key vault.
*
* Synchronous Code Sample:
* The following code sample demonstrates how to synchronously delete a secret from the
* key vault, using the {@link com.azure.security.keyvault.secrets.SecretClient#beginDeleteSecret(java.lang.String)} API.
*
*
*
*
* SyncPoller<DeletedSecret, Void> deleteSecretPoller = secretClient.beginDeleteSecret("secretName");
*
* // Deleted Secret is accessible as soon as polling begins.
* PollResponse<DeletedSecret> deleteSecretPollResponse = deleteSecretPoller.poll();
*
* // Deletion date only works for a SoftDelete-enabled Key Vault.
* System.out.println("Deleted Date %s" + deleteSecretPollResponse.getValue()
* .getDeletedOn().toString());
* System.out.printf("Deleted Secret's Recovery Id %s", deleteSecretPollResponse.getValue()
* .getRecoveryId());
*
* // Secret is being deleted on server.
* deleteSecretPoller.waitForCompletion();
*
*
*
* Note: For the asynchronous sample, refer to
* {@link com.azure.security.keyvault.secrets.SecretAsyncClient}.
*
* @see com.azure.security.keyvault.secrets.SecretClient
* @see com.azure.security.keyvault.secrets.SecretAsyncClient
* @see com.azure.security.keyvault.secrets.SecretClientBuilder
* @see com.azure.security.keyvault.secrets.models.KeyVaultSecret
*/
package com.azure.security.keyvault.secrets;