com.microsoft.azure.keyvault

Interface KeyVaultClient

All Superinterfaces:

AutoCloseable, Closeable, FilterableService<KeyVaultClient>

All Known Implementing Classes:

KeyVaultClientImpl

public interface KeyVaultClient
extends Closeable, FilterableService<KeyVaultClient>

A client for the Azure Key Vault service.

Applications typically call one of the KeyVaultClientService create methods to obtain an instance of this class.

Method Summary

Modifier and Type	Method and Description
Future<byte[]>	backupKeyAsync(String vault, String keyName) Creates a backup of a key.
Future<KeyBundle>	createKeyAsync(String vault, String keyName, String keyType, Integer keySize, String[] keyOps, KeyAttributes keyAttributes, Map<String,String> tags) Creates a new key and returns its attributes.
Future<KeyOperationResult>	decryptAsync(String keyIdentifier, String algorithm, byte[] cipherText) Performs a DECRYPT operation using the specified key.
Future<KeyBundle>	deleteKeyAsync(String vault, String keyName) Deletes a vault key, including all its versions.
Future<Secret>	deleteSecretAsync(String vault, String secretName) Deletes a vault secret, including all its versions.
Future<KeyOperationResult>	encryptAsync(String keyIdentifier, String algorithm, byte[] plainText) Performs an ENCRYPT operation using the specified key.
Future<KeyOperationResult>	encryptAsync(String vault, String keyName, String keyVersion, String algorithm, byte[] plainText) Performs an ENCRYPT operation using the specified key.
String	getApiVersion() Gets the API version.
URI	getBaseUri() Gets the URI used as the base for all cloud service requests.
CloudCredentials	getCredentials() Gets or sets the credential
Future<KeyBundle>	getKeyAsync(String keyIdentifier) Returns key data.
Future<KeyBundle>	getKeyAsync(String vault, String keyName, String keyVersion) Returns key data.
Future<ListKeysResponseMessage>	getKeysAsync(String vault, Integer maxresults) Returns a list of keys in the vault.
Future<ListKeysResponseMessage>	getKeysNextAsync(String nextLink) Returns the next page of the list of keys in the vault.
Future<ListKeysResponseMessage>	getKeyVersionsAsync(String vault, String keyName, Integer maxresults) Returns a list of versions of a vault key.
Future<ListKeysResponseMessage>	getKeyVersionsNextAsync(String nextLink) Returns the next page of the list of versions of a vault key.
int	getLongRunningOperationInitialTimeout() Gets or sets the initial timeout for Long Running Operations.
int	getLongRunningOperationRetryTimeout() Gets or sets the retry timeout for Long Running Operations.
Future<Secret>	getSecretAsync(String secretIdentifier) Returns secret data.
Future<Secret>	getSecretAsync(String vault, String secretName, String secretVersion) Returns secret data.
Future<ListSecretsResponseMessage>	getSecretsAsync(String vault, Integer maxresults) Returns a list of secrets in the vault.
Future<ListSecretsResponseMessage>	getSecretsNextAsync(String nextLink)
Future<ListSecretsResponseMessage>	getSecretVersionsAsync(String vault, String secretName, Integer maxresults)
Future<ListSecretsResponseMessage>	getSecretVersionsNextAsync(String nextLink)
ServiceClient<?>	getServiceClient() The underlying ServiceClient, used mainly for tests.
Future<KeyBundle>	importKeyAsync(String vault, String keyName, KeyBundle keyBundle, Boolean importToHardware) Imports an existing key into the service.
Future<KeyBundle>	restoreKeyAsync(String vault, byte[] keyBackup) Restores a key into the specified vault.
void	setCredentials(CloudCredentials credentialsValue) Gets or sets the credential
void	setLongRunningOperationInitialTimeout(int longRunningOperationInitialTimeoutValue) Gets or sets the initial timeout for Long Running Operations.
void	setLongRunningOperationRetryTimeout(int longRunningOperationRetryTimeoutValue) Gets or sets the retry timeout for Long Running Operations.
Future<Secret>	setSecretAsync(String vault, String secretName, String value, String contentType, SecretAttributes secretAttributes, Map<String,String> tags) Sets the value of a secret and returns its attributes.
Future<KeyOperationResult>	signAsync(String keyIdentifier, String algorithm, byte[] digest) Performs a SIGN operation using the specified key.
Future<KeyOperationResult>	signAsync(String vault, String keyName, String keyVersion, String algorithm, byte[] digest) Performs a SIGN operation using the specified key.
Future<KeyOperationResult>	unwrapKeyAsync(String keyIdentifier, String algorithm, byte[] wrappedKey) Performs am UNWRAPKEY operation using the specified key.
Future<KeyBundle>	updateKeyAsync(String keyIdentifier, String[] keyOps, KeyAttributes attributes, Map<String,String> tags) Updates attributes of a version of a key.
Future<KeyBundle>	updateKeyAsync(String vault, String keyName, String[] keyOps, KeyAttributes attributes, Map<String,String> tags) Updates attributes of the current version of a key.
Future<Secret>	updateSecretAsync(String secretIdentifier, String contentType, SecretAttributes secretAttributes, Map<String,String> tags) Updates attributes of a version of a secret.
Future<Secret>	updateSecretAsync(String vault, String secretName, String contentType, SecretAttributes secretAttributes, Map<String,String> tags) Updates attributes of the current version of a secret..
Future<Boolean>	verifyAsync(String keyIdentifier, String algorithm, byte[] digest, byte[] signature) Performs a VERIFY operation using the specified key.
Future<KeyOperationResult>	wrapKeyAsync(String keyIdentifier, String algorithm, byte[] key) Performs a WRAPKEY operation using the specified key.
Future<KeyOperationResult>	wrapKeyAsync(String vault, String keyName, String keyVersion, String algorithm, byte[] key) Performs a WRAPKEY operation using the specified key.

Methods inherited from interface java.io.Closeable

close

Methods inherited from interface com.microsoft.windowsazure.core.FilterableService

withRequestFilterFirst, withRequestFilterLast, withResponseFilterFirst, withResponseFilterLast

Method Detail

getApiVersion

String getApiVersion()

Gets the API version.

Returns:

The ApiVersion value.

getBaseUri

URI getBaseUri()

Gets the URI used as the base for all cloud service requests.

Returns:

The BaseUri value.

getCredentials

CloudCredentials getCredentials()

Gets or sets the credential

Returns:

The Credentials value.

setCredentials

void setCredentials(CloudCredentials credentialsValue)

Gets or sets the credential

Parameters:

credentialsValue - The Credentials value.

getLongRunningOperationInitialTimeout

int getLongRunningOperationInitialTimeout()

Gets or sets the initial timeout for Long Running Operations.

Returns:

The LongRunningOperationInitialTimeout value.

setLongRunningOperationInitialTimeout

void setLongRunningOperationInitialTimeout(int longRunningOperationInitialTimeoutValue)

Gets or sets the initial timeout for Long Running Operations.

Parameters:

longRunningOperationInitialTimeoutValue - The LongRunningOperationInitialTimeout value.

getLongRunningOperationRetryTimeout

int getLongRunningOperationRetryTimeout()

Gets or sets the retry timeout for Long Running Operations.

Returns:

The LongRunningOperationRetryTimeout value.

setLongRunningOperationRetryTimeout

void setLongRunningOperationRetryTimeout(int longRunningOperationRetryTimeoutValue)

Gets or sets the retry timeout for Long Running Operations.

Parameters:

longRunningOperationRetryTimeoutValue - The LongRunningOperationRetryTimeout value.

getServiceClient

ServiceClient<?> getServiceClient()

The underlying ServiceClient, used mainly for tests.

encryptAsync

Future<KeyOperationResult> encryptAsync(String vault,
                                        String keyName,
                                        String keyVersion,
                                        String algorithm,
                                        byte[] plainText)

Performs an ENCRYPT operation using the specified key.

Parameters:

vault - The vault URI.

keyName - The key name.

keyVersion - The key version. Can be null, on which case the current key version is used.

algorithm - The algorithm name. You may use a constant from JsonWebKeyEncryptionAlgorithm.

plainText - The data to be encrypted.

Returns:

An instance of KeyOperationResult.

encryptAsync

Future<KeyOperationResult> encryptAsync(String keyIdentifier,
                                        String algorithm,
                                        byte[] plainText)

Performs an ENCRYPT operation using the specified key.

Parameters:

keyIdentifier - The key URI.

algorithm - The algorithm name. You may use a constant from JsonWebKeyEncryptionAlgorithm.

plainText - The data to be encrypted.

Returns:

An instance of KeyOperationResult.

decryptAsync

Future<KeyOperationResult> decryptAsync(String keyIdentifier,
                                        String algorithm,
                                        byte[] cipherText)

Performs a DECRYPT operation using the specified key.

Parameters:

keyIdentifier - The key URI.

algorithm - The algorithm name. You may use a constant from JsonWebKeyEncryptionAlgorithm.

plainText - The data to be encrypted.

Returns:

An instance of KeyOperationResult.

signAsync

Future<KeyOperationResult> signAsync(String vault,
                                     String keyName,
                                     String keyVersion,
                                     String algorithm,
                                     byte[] digest)

Performs a SIGN operation using the specified key.

Parameters:

vault - The vault URI.

keyName - The key name.

keyVersion - The key version. Can be null, on which case the current key version is used.

algorithm - The algorithm name. You may use a constant from JsonWebKeySignatureAlgorithm.

digest - The digest to be signed.

Returns:

An instance of KeyOperationResult.

signAsync

Future<KeyOperationResult> signAsync(String keyIdentifier,
                                     String algorithm,
                                     byte[] digest)

Performs a SIGN operation using the specified key.

Parameters:

keyIdentifier - The key URI.

algorithm - The algorithm name. You may use a constant from JsonWebKeySignatureAlgorithm.

digest - The digest to be signed.

Returns:

An instance of KeyOperationResult.

verifyAsync

Future<Boolean> verifyAsync(String keyIdentifier,
                            String algorithm,
                            byte[] digest,
                            byte[] signature)

Performs a VERIFY operation using the specified key.

Parameters:

keyIdentifier - The key URI.

algorithm - The algorithm name. You may use a constant from JsonWebKeySignatureAlgorithm.

digest - The signed digest.

signature - The signature to be verified.

Returns:

true if the signature was verified, false otherwise.

wrapKeyAsync

Future<KeyOperationResult> wrapKeyAsync(String vault,
                                        String keyName,
                                        String keyVersion,
                                        String algorithm,
                                        byte[] key)

Performs a WRAPKEY operation using the specified key.

Parameters:

vault - The vault URI.

keyName - The key name.

keyVersion - The key version. Can be null, on which case the current key version is used.

algorithm - The algorithm name. You may use a constant from JsonWebKeyEncryptionAlgorithm.

key - The key to be wrapped

Returns:

An instance of KeyOperationResult.

wrapKeyAsync

Future<KeyOperationResult> wrapKeyAsync(String keyIdentifier,
                                        String algorithm,
                                        byte[] key)

Performs a WRAPKEY operation using the specified key.

Parameters:

keyIdentifier - The key URI.

algorithm - The algorithm name. You may use a constant from JsonWebKeyEncryptionAlgorithm.

key - The key to be wrapped

Returns:

An instance of KeyOperationResult.

unwrapKeyAsync

Future<KeyOperationResult> unwrapKeyAsync(String keyIdentifier,
                                          String algorithm,
                                          byte[] wrappedKey)

Performs am UNWRAPKEY operation using the specified key.

Parameters:

keyIdentifier - The key URI.

algorithm - The algorithm name. You may use a constant from JsonWebKeyEncryptionAlgorithm.

wrappedKey - The key to be unwrapped.

Returns:

An instance of KeyOperationResult.

createKeyAsync

Future<KeyBundle> createKeyAsync(String vault,
                                 String keyName,
                                 String keyType,
                                 Integer keySize,
                                 String[] keyOps,
                                 KeyAttributes keyAttributes,
                                 Map<String,String> tags)

Creates a new key and returns its attributes.

This method actually creates a new key version for the informed key name. Existing key versions for that name are left untouched and don't cause a conflict exception.

The new key will become the current version for the informed key name, and will be used whenever the key version is not explicitly informed on an operation.

Parameters:

vault - The vault URI.

keyName - The key name.

keyType - The key type identifier. You may use a constant from JsonWebKeyType.

keySize - The key size, which corresponds to the key strength. If null, a default size is used for the specified type.

keyOps - The operations that will be allowed on the new key. You may use values from JsonWebKeyOperation.

keyAttributes - An optional instance of KeyAttributes. If null, default values are used.

tags - An optional map of tags. If null, the key will have no tags.

Returns:

A key bundle containing data about the created key.

getKeyAsync

Future<KeyBundle> getKeyAsync(String vault,
                              String keyName,
                              String keyVersion)

Returns key data.

Parameters:

vault - The vault URI.

keyName - The key name.

keyVersion - The key version. If null, the current key version is returned. The returned version can be identified from the \"kid\" attribute.

Returns:

A key bundle containing data about the requested key.

getKeyAsync

Future<KeyBundle> getKeyAsync(String keyIdentifier)

Returns key data.

Parameters:

keyIdentifier - The key URI.

Returns:

A key bundle containing data about the requested key.

getKeysAsync

Future<ListKeysResponseMessage> getKeysAsync(String vault,
                                             Integer maxresults)

Returns a list of keys in the vault. This method returns only one entry for each key in the vault (i.e. if a key has multiple versions, it's returned only once).

The service may use paging. In order to obtain all keys, the caller must verify the value of ListKeysResponseMessage.getNextLink(), and if not null, call getKeysNextAsync(String) to return the next page.

The caller is not required to fetch all pages (i.e. the server does not hold significant resources). However, the link to next page may expire, so make sure you use it as soon as possible.

Parameters:

vault - The vault URI.

maxresults - The maximum number of keys to return. If null, all keys are returned. This has no influence over the number of pages.

Returns:

getKeysNextAsync

Future<ListKeysResponseMessage> getKeysNextAsync(String nextLink)

Returns the next page of the list of keys in the vault.

See Also:

getKeyAsync(String)

getKeyVersionsAsync

Future<ListKeysResponseMessage> getKeyVersionsAsync(String vault,
                                                    String keyName,
                                                    Integer maxresults)

Returns a list of versions of a vault key.

The service may use paging. In order to obtain all versions, the caller must verify the value of ListKeysResponseMessage.getNextLink(), and if not null, call getKeysNextAsync(String) to return the next page.

The caller is not required to fetch all pages (i.e. the server does not hold significant resources). However, the link to next page may expire, so make sure you use it as soon as possible.

Parameters:

vault - The vault URI.

keyName - The name of key to get versions from.

maxresults - The maximum number of keys to return. If null, all versions are returned. This has no influence over the number of pages.

getKeyVersionsNextAsync

Future<ListKeysResponseMessage> getKeyVersionsNextAsync(String nextLink)

Returns the next page of the list of versions of a vault key.

See Also:

getKeyVersionsAsync(String, String, Integer)

deleteKeyAsync

Future<KeyBundle> deleteKeyAsync(String vault,
                                 String keyName)

Deletes a vault key, including all its versions.

Parameters:

vault - The vault URI.

keyName - The key name.

Returns:

The object that represents the current key version, as seen before the delete operation is performed.

updateKeyAsync

Future<KeyBundle> updateKeyAsync(String vault,
                                 String keyName,
                                 String[] keyOps,
                                 KeyAttributes attributes,
                                 Map<String,String> tags)

Updates attributes of the current version of a key.

Parameters:

vault - The vault URI.

keyName - The key name.

keyOps - The operations that will be allowed on the key. You may use values from JsonWebKeyOperation. If null, this attribute is not modified.

keyAttributes - An optional instance of KeyAttributes. If null, no attribute is modified.

tags - An optional map of tags. If null, this attribute is not modified.

Returns:

A key bundle that reflects the performed modifications.

updateKeyAsync

Future<KeyBundle> updateKeyAsync(String keyIdentifier,
                                 String[] keyOps,
                                 KeyAttributes attributes,
                                 Map<String,String> tags)

Updates attributes of a version of a key.

If key URI contains the version identifier, only that version is modified. Otherwise, only the current version is modified.

Parameters:

keyIdentifier - The key URI.

keyOps - The operations that will be allowed on the key. You may use values from JsonWebKeyOperation. If null, this attribute is not modified.

keyAttributes - An optional instance of KeyAttributes. If null, no attribute is modified.

tags - An optional map of tags. If null, this attribute is not modified.

Returns:

A key bundle that reflects the performed modifications.

importKeyAsync

Future<KeyBundle> importKeyAsync(String vault,
                                 String keyName,
                                 KeyBundle keyBundle,
                                 Boolean importToHardware)

Imports an existing key into the service.

This method actually creates a new key version for the informed key name. Existing key versions for that name are left untouched and don't cause a conflict exception.

The key being imported will become the current version for the informed key name, and will be used whenever the key version is not explicitly informed on an operation.

Parameters:

vault - The vault URI.

keyName - The name of key to import.

keyBundle - Key material and attributes. The key identifier must not be informed.

importToHardware - true if the key is to be imported to hardware, false if not. If null, the system will use the default for key type.

Returns:

A key bundle containing data about the imported key.

backupKeyAsync

Future<byte[]> backupKeyAsync(String vault,
                              String keyName)

Creates a backup of a key. The backup can be used to restore the key into the same vault, or into other vaults of same subscription.

All versions of the informed key are backed up. The backup value opaquely identifies the key name and version, as well as the current version.

IMPORTANT: The service does not store the backup value anywhere. The caller must properly save the backup value in order to restore it afterwards.

Parameters:

vault - The vault URI.

keyName - The name of key to backup.

Returns:

An opaque byte[] containing the key backup. The data is encrypted to a high-security key and cannot be inspected. It can only used by a restore operation.

See Also:

restoreKeyAsync(String, byte[])

restoreKeyAsync

Future<KeyBundle> restoreKeyAsync(String vault,
                                  byte[] keyBackup)

Restores a key into the specified vault.

All versions of the backed up key are restored. The key name is obtained from the backup value. The current version becomes the one that was current when the backup value was obtained.

Parameters:

vault - The vault URI.

keyBackup - The key backup value, typically obtained through backupKeyAsync(String, String).

Returns:

A key bundle containing data about the restored key. While this operation restores all key versions, only the current version of key is returned.

getSecretAsync

Future<Secret> getSecretAsync(String vault,
                              String secretName,
                              String secretVersion)

Returns secret data.

Parameters:

vault - The vault URI.

secretName - The secret name.

secretVersion - The secret version. If null, the current secret version is returned. The returned version can be identified from the \"id\" attribute.

Returns:

A bundle containing data about the requested secret.

getSecretAsync

Future<Secret> getSecretAsync(String secretIdentifier)

Returns secret data.

Parameters:

secretIdentifier - The secret URI.

Returns:

A bundle containing data about the requested secret.

setSecretAsync

Future<Secret> setSecretAsync(String vault,
                              String secretName,
                              String value,
                              String contentType,
                              SecretAttributes secretAttributes,
                              Map<String,String> tags)

Sets the value of a secret and returns its attributes.

This method actually creates a new secret version for the informed secret name. Existing secret versions for that name are left untouched and don't cause a conflict exception.

The informed value will become the current for the informed secret name, and will be used whenever the secret version is not explicitly informed on an operation.

Parameters:

vault - The vault URI.

secretName - The secret name.

value - The secret value.

contentType - The value content type. This is not validated. It may be used by clients, though.

secretAttributes - An optional instance of SecretAttributes. If null, default values are used.

tags - An optional map of tags. If null, the secret will have no tags.

Returns:

A bundle containing data about the created secret.

updateSecretAsync

Future<Secret> updateSecretAsync(String vault,
                                 String secretName,
                                 String contentType,
                                 SecretAttributes secretAttributes,
                                 Map<String,String> tags)

Updates attributes of the current version of a secret..

Parameters:

vault - The vault URI.

secretName - The secret name.

contentType - The value content type.

secretAttributes - An optional instance of SecretAttributes. If null, no attribute is modified.

tags - An optional map of tags. If null, this attribute is not modified.

Returns:

A bundle that reflects the performed modifications.

updateSecretAsync

Future<Secret> updateSecretAsync(String secretIdentifier,
                                 String contentType,
                                 SecretAttributes secretAttributes,
                                 Map<String,String> tags)

Updates attributes of a version of a secret.

If secret URI contains the version identifier, only that version is modified. Otherwise, only the current version is modified.

Parameters:

secretIdentifier - The secret URI.

contentType - The value content type.

secretAttributes - An optional instance of SecretAttributes. If null, no attribute is modified.

tags - An optional map of tags. If null, this attribute is not modified.

Returns:

A bundle that reflects the performed modifications.

deleteSecretAsync

Future<Secret> deleteSecretAsync(String vault,
                                 String secretName)

Deletes a vault secret, including all its versions.

Parameters:

vault - The vault URI.

secretName - The secret name.

Returns:

The object that represents the current secret version, as seen before the delete operation is performed.

getSecretsAsync

Future<ListSecretsResponseMessage> getSecretsAsync(String vault,
                                                   Integer maxresults)

Returns a list of secrets in the vault. This method returns only one entry for each secret in the vault (i.e. if a secret has multiple versions, it's returned only once).

The service may use paging. In order to obtain all secrets, the caller must verify the value of ListSecretsResponseMessage.getNextLink() , and if not null, call getSecretsNextAsync(String) to return the next page.

The caller is not required to fetch all pages (i.e. the server does not hold significant resources). However, the link to next page may expire, so make sure you use it as soon as possible.

Parameters:

vault - The vault URI.

maxresults - The maximum number of secrets to return. If null, all secrets are returned. This has no influence over the number of pages.

Returns:

getSecretsNextAsync

Future<ListSecretsResponseMessage> getSecretsNextAsync(String nextLink)

getSecretVersionsAsync

Future<ListSecretsResponseMessage> getSecretVersionsAsync(String vault,
                                                          String secretName,
                                                          Integer maxresults)

getSecretVersionsNextAsync

Future<ListSecretsResponseMessage> getSecretVersionsNextAsync(String nextLink)