com.azure.keyvault

Class SecretAsyncClient

java.lang.Object

com.azure.core.ServiceClient

com.azure.keyvault.SecretAsyncClient

public final class SecretAsyncClient
extends ServiceClient

The SecretAsyncClient provides asynchronous methods to manage secrets in the Azure Key Vault. The client supports creating, retrieving, updating, deleting, purging, backing up, restoring and listing the secrets. The client also supports listing deleted secrets for a soft-delete enabled Azure Key Vault.

Samples to construct the client

 SecretAsyncClient.builder()
   .endpoint("https://myvault.vault.azure.net/")
   .credential(keyVaultCredential)
   .build()
 

See Also:

SecretAsyncClientBuilder

Method Summary

Modifier and Type	Method and Description
reactor.core.publisher.Mono<Response<byte[]>>	backupSecret(String name) Requests a backup of the specified secret be downloaded to the client.
static SecretAsyncClientBuilder	builder() Creates a builder that can configure options for the SecretAsyncClient before creating an instance of it.
reactor.core.publisher.Mono<Response<DeletedSecret>>	deleteSecret(String name) Deletes a secret from the key vault.
reactor.core.publisher.Mono<Response<DeletedSecret>>	getDeletedSecret(String name) The get deleted secret operation returns the secrets that have been deleted for a vault enabled for soft-delete.
reactor.core.publisher.Mono<Response<Secret>>	getSecret(SecretBase secretBase) Get the secret which represents secretBase from the key vault.
reactor.core.publisher.Mono<Response<Secret>>	getSecret(String name) Get the latest version of the specified secret from the key vault.
reactor.core.publisher.Mono<Response<Secret>>	getSecret(String name, String version) Get the specified secret with specified version from the key vault.
reactor.core.publisher.Flux<DeletedSecret>	listDeletedSecrets() Lists deleted secrets of the key vault.
reactor.core.publisher.Flux<SecretBase>	listSecrets() List secrets in the key vault.
reactor.core.publisher.Flux<SecretBase>	listSecretVersions(String name) List all versions of the specified secret.
reactor.core.publisher.Mono<VoidResponse>	purgeDeletedSecret(String name) The purge deleted secret operation removes the secret permanently, without the possibility of recovery.
reactor.core.publisher.Mono<Response<Secret>>	recoverDeletedSecret(String name) Recovers the deleted secret in the key vault to its latest version and can only be performed on a soft-delete enabled vault.
reactor.core.publisher.Mono<Response<Secret>>	restoreSecret(byte[] backup) Restores a backed up secret, and all its versions, to a vault.
reactor.core.publisher.Mono<Response<Secret>>	setSecret(Secret secret) The set operation adds a secret to the key vault.
reactor.core.publisher.Mono<Response<Secret>>	setSecret(String name, String value) The set operation adds a secret to the key vault.
reactor.core.publisher.Mono<Response<SecretBase>>	updateSecret(SecretBase secret) Updates the attributes associated with the specified secret, but not the value of the specified secret in the key vault.

Methods inherited from class com.azure.core.ServiceClient

httpPipeline

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

builder

public static SecretAsyncClientBuilder builder()

Creates a builder that can configure options for the SecretAsyncClient before creating an instance of it.

Returns:

A new builder to create a SecretAsyncClient from.

setSecret

public reactor.core.publisher.Mono<Response<Secret>> setSecret(Secret secret)

The set operation adds a secret to the key vault. If the named secret already exists, Azure Key Vault creates a new version of that secret. This operation requires the secrets/set permission.

The Secret is required. The expires, contentType and notBefore values in secret are optional. The enabled field is set to true by key vault, if not specified.

Code Samples

Creates a new secret which activates in 1 day and expires in 1 year in the Azure Key Vault. Subscribes to the call asynchronously and prints out the newly created secret details when a response is received.

 Secret secret = new Secret("secretName", "secretValue")
   .notBefore(OffsetDateTime.now().plusDays(1))
   .expires(OffsetDateTime.now().plusDays(365));

 secretAsyncClient.setSecret(secret).subscribe(secretResponse ->
   System.out.printf("Secret is created with name %s and value %s \n", secretResponse.value().name(), secretResponse.value().value()));
 

Parameters:

secret - The Secret object containing information about the secret and its properties. The properties secret.name and secret.value must be non null.

Returns:

A Mono containing a Response whose value contains the created secret.

Throws:

NullPointerException - if secret is null.

ResourceModifiedException - if secret is malformed.

HttpRequestException - if name or value is empty string.

setSecret

public reactor.core.publisher.Mono<Response<Secret>> setSecret(String name,
                                                               String value)

The set operation adds a secret to the key vault. If the named secret already exists, Azure Key Vault creates a new version of that secret. This operation requires the secrets/set permission.

Code Samples

Creates a new secret in the key vault. Subscribes to the call asynchronously and prints out the newly created secret details when a response is received.

 secretAsyncClient.setSecret("secretName", "secretValue").subscribe(secretResponse ->
   System.out.printf("Secret is created with name %s and value %s \n", secretResponse.value().name(), secretResponse.value().value()));
 

Parameters:

name - The name of the secret. It is required and cannot be null.

value - The value of the secret. It is required and cannot be null.

Returns:

A Mono containing a Response whose value contains the created secret.

Throws:

ResourceModifiedException - if invalid name or value are specified.

HttpRequestException - if name or value is empty string.

getSecret

public reactor.core.publisher.Mono<Response<Secret>> getSecret(String name,
                                                               String version)

Get the specified secret with specified version from the key vault. The get operation is applicable to any secret stored in Azure Key Vault. This operation requires the secrets/get permission.

Code Samples

Gets a specific version of the secret in the key vault. Subscribes to the call asynchronously and prints out the returned secret details when a response is received.

 String secretVersion = "6A385B124DEF4096AF1361A85B16C204";
 secretAsyncClient.getSecret("secretName", secretVersion).subscribe(secretResponse ->
   System.out.printf("Secret with name %s, value %s and version %s", secretResponse.value().name(),
   secretResponse.value().value(), secretResponse.value().version()));
 

Parameters:

name - The name of the secret, cannot be null

version - The version of the secret to retrieve. If this is an empty String or null, this call is equivalent to calling SecretAsyncClient.getSecret(String), with the latest version being retrieved.

Returns:

A Mono containing a Response whose value contains the requested secret.

Throws:

ResourceNotFoundException - when a secret with name and version doesn't exist in the key vault.

HttpRequestException - if name name} or version is empty string.

getSecret

public reactor.core.publisher.Mono<Response<Secret>> getSecret(SecretBase secretBase)

Get the secret which represents secretBase from the key vault. The get operation is applicable to any secret stored in Azure Key Vault. This operation requires the secrets/get permission.

The list operations SecretAsyncClient.listSecrets() and SecretAsyncClient.listSecretVersions(String) return the Flux containing base secret as output excluding the include the value of the secret. This operation can then be used to get the full secret with its value from secretBase.

 secretAsyncClient.listSecrets().subscribe(secretBase ->
     client.getSecret(secretBase).subscribe(secretResponse ->
       System.out.printf("Secret with name %s and value %s \n", secretResponse.value().name(), secretResponse.value().value())));
 

Parameters:

secretBase - The base secret secret base holding attributes of the secret being requested.

Returns:

A Response whose value contains the requested secret.

Throws:

ResourceNotFoundException - when a secret with name and version doesn't exist in the key vault.

HttpRequestException - if SecretBase.name() name} or version is empty string.

getSecret

public reactor.core.publisher.Mono<Response<Secret>> getSecret(String name)

Get the latest version of the specified secret from the key vault. The get operation is applicable to any secret stored in Azure Key Vault. This operation requires the secrets/get permission.

Code Samples

Gets latest version of the secret in the key vault. Subscribes to the call asynchronously and prints out the returned secret details when a response is received.

 secretAsyncClient.getSecret("secretName").subscribe(secretResponse ->
   System.out.printf("Secret with name %s , value %s \n", secretResponse.value().name(),
   secretResponse.value().value()));
 

Parameters:

name - The name of the secret.

Returns:

A Mono containing a Response whose value contains the requested secret.

Throws:

ResourceNotFoundException - when a secret with name doesn't exist in the key vault.

HttpRequestException - if name is empty string.

updateSecret

public reactor.core.publisher.Mono<Response<SecretBase>> updateSecret(SecretBase secret)

Updates the attributes associated with the specified secret, but not the value of the specified secret in the key vault. The update operation changes specified attributes of an existing stored secret and attributes that are not specified in the request are left unchanged. The value of a secret itself cannot be changed. This operation requires the secrets/set permission.

Code Samples

Gets latest version of the secret, changes its notBefore time and then updates it in the Azure Key Vault. Subscribes to the call asynchronously and prints out the returned secret details when a response is received.

 secretAsyncClient.getSecret("secretName").subscribe(secretResponse -> {
     Secret secret = secretResponse.value();
     //Update the not before time of the secret.
     secret.notBefore(OffsetDateTime.now().plusDays(50));
     secretAsyncClient.updateSecret(secret).subscribe(secretResponse ->
         System.out.printf("Secret's updated not before time %s \n", secretResponse.value().notBefore().toString()));
   });
 

The secret is required and its fields name and version cannot be null.

Parameters:

secret - The base secret object with updated properties.

Returns:

A Mono containing a Response whose value contains the updated secret.

Throws:

NullPointerException - if secret is null.

ResourceNotFoundException - when a secret with name and version doesn't exist in the key vault.

HttpRequestException - if SecretBase.name() name} or version is empty string.

deleteSecret

public reactor.core.publisher.Mono<Response<DeletedSecret>> deleteSecret(String name)

Deletes a secret from the key vault. If soft-delete is enabled on the key vault then the secret is placed in the deleted state and requires to be purged for permanent deletion else the secret is permanently deleted. The delete operation applies to any secret stored in Azure Key Vault but it cannot be applied to an individual version of a secret. This operation requires the secrets/delete permission.

Code Samples

Deletes the secret in the Azure Key Vault. Subscribes to the call asynchronously and prints out the deleted secret details when a response is received.

 secretAsyncClient.deleteSecret("secretName").subscribe(deletedSecretResponse ->
   System.out.printf("Deleted Secret's Recovery Id %s \n", deletedSecretResponse.value().recoveryId()));
 

Parameters:

name - The name of the secret to be deleted.

Returns:

A Mono containing a Response whose value contains the deleted secret.

Throws:

ResourceNotFoundException - when a secret with name doesn't exist in the key vault.

HttpRequestException - when a secret with name is empty string.

getDeletedSecret

public reactor.core.publisher.Mono<Response<DeletedSecret>> getDeletedSecret(String name)

The get deleted secret operation returns the secrets that have been deleted for a vault enabled for soft-delete. This operation requires the secrets/list permission.

Code Samples

Gets the deleted secret from the key vault enabled for soft-delete. Subscribes to the call asynchronously and prints out the deleted secret details when a response is received.

 //Assuming secret is deleted on a soft-delete enabled vault.
 secretAsyncClient.getDeletedSecret("secretName").subscribe(deletedSecretResponse ->
   System.out.printf("Deleted Secret with recovery Id %s \n", deletedSecretResponse.value().recoveryId()));
 

Parameters:

name - The name of the deleted secret.

Returns:

A Mono containing a Response whose value contains the deleted secret.

Throws:

ResourceNotFoundException - when a secret with name doesn't exist in the key vault.

HttpRequestException - when a secret with name is empty string.

purgeDeletedSecret

public reactor.core.publisher.Mono<VoidResponse> purgeDeletedSecret(String name)

The purge deleted secret operation removes the secret permanently, without the possibility of recovery. This operation can only be enabled on a soft-delete enabled vault. This operation requires the secrets/purge permission.

Code Samples

Purges the deleted secret from the key vault enabled for soft-delete. Subscribes to the call asynchronously and prints out the status code from the server response when a response is received.

 //Assuming secret is deleted on a soft-delete enabled vault.
 secretAsyncClient.purgeDeletedSecret("deletedSecretName").subscribe(purgeResponse ->
   System.out.printf("Purge Status response %d \n", purgeResponse.statusCode()));
 

Parameters:

name - The name of the secret.

Returns:

A Mono containing a VoidResponse.

Throws:

ResourceNotFoundException - when a secret with name doesn't exist in the key vault.

HttpRequestException - when a secret with name is empty string.

recoverDeletedSecret

public reactor.core.publisher.Mono<Response<Secret>> recoverDeletedSecret(String name)

Recovers the deleted secret in the key vault to its latest version and can only be performed on a soft-delete enabled vault. This operation requires the secrets/recover permission.

Code Samples

Recovers the deleted secret from the key vault enabled for soft-delete. Subscribes to the call asynchronously and prints out the recovered secret details when a response is received.

 //Assuming secret is deleted on a soft-delete enabled vault.
 secretAsyncClient.recoverDeletedSecret("deletedSecretName").subscribe(recoveredSecretResponse ->
   System.out.printf("Recovered Secret with name %s \n", recoveredSecretResponse.value().name()));
 

Parameters:

name - The name of the deleted secret to be recovered.

Returns:

A Mono containing a Response whose value contains the recovered secret.

Throws:

ResourceNotFoundException - when a secret with name doesn't exist in the key vault.

HttpRequestException - when a secret with name is empty string.

backupSecret

public reactor.core.publisher.Mono<Response<byte[]>> backupSecret(String name)

Requests a backup of the specified secret be downloaded to the client. All versions of the secret will be downloaded. This operation requires the secrets/backup permission.

Code Samples

Backs up the secret from the key vault. Subscribes to the call asynchronously and prints out the length of the secret's backup byte array returned in the response.

 secretAsyncClient.backupSecret("secretName").subscribe(secretBackupResponse ->
   System.out.printf("Secret's Backup Byte array's length %s \n", secretBackupResponse.value().length));
 

Parameters:

name - The name of the secret.

Returns:

A Mono containing a Response whose value contains the backed up secret blob.

Throws:

ResourceNotFoundException - when a secret with name doesn't exist in the key vault.

HttpRequestException - when a secret with name is empty string.

restoreSecret

public reactor.core.publisher.Mono<Response<Secret>> restoreSecret(byte[] backup)

Restores a backed up secret, and all its versions, to a vault. This operation requires the secrets/restore permission.

Code Samples

Restores the secret in the key vault from its backup. Subscribes to the call asynchronously and prints out the restored secret details when a response is received.

 //Pass the Secret Backup Byte array to the restore operation.
 secretAsyncClient.restoreSecret(secretBackupByteArray).subscribe(secretResponse ->
   System.out.printf("Restored Secret with name %s and value %s \n", secretResponse.value().name(), secretResponse.value().value()));
 

Parameters:

backup - The backup blob associated with the secret.

Returns:

A Mono containing a Response whose value contains the restored secret.

Throws:

ResourceModifiedException - when backup blob is malformed.

listSecrets

public reactor.core.publisher.Flux<SecretBase> listSecrets()

List secrets in the key vault. The list Secrets operation is applicable to the entire vault. The individual secret response in the flux is represented by SecretBase as only the base secret identifier and its attributes are provided in the response. The secret values and individual secret versions are not listed in the response. This operation requires the secrets/list permission.

It is possible to get full Secrets with values from this information. Convert the Flux containing base secret to Flux containing secret using SecretAsyncClient.getSecret(SecretBase baseSecret) within Flux.flatMap(Function).

 Flux<Secret> secrets = secretAsyncClient.listSecrets()
   .flatMap(secretBase ->
     client.getSecret(secretBase).map(secretResponse -> secretResponse.value()));
 

Returns:

A Flux containing secret of all the secrets in the vault.

listDeletedSecrets

public reactor.core.publisher.Flux<DeletedSecret> listDeletedSecrets()

Lists deleted secrets of the key vault. The get deleted secrets operation returns the secrets that have been deleted for a vault enabled for soft-delete. This operation requires the secrets/list permission.

Code Samples

Lists the deleted secrets in the key vault. Subscribes to the call asynchronously and prints out the recovery id of each deleted secret when a response is received.

 secretAsyncClient.listDeletedSecrets().subscribe(deletedSecret ->
   System.out.printf("Deleted secret's recovery Id %s \n", deletedSecret.recoveryId()));
 

Returns:

A Flux containing all of the deleted secrets in the vault.

listSecretVersions

public reactor.core.publisher.Flux<SecretBase> listSecretVersions(String name)

List all versions of the specified secret. The individual secret response in the flux is represented by SecretBase as only the base secret identifier and its attributes are provided in the response. The secret values are not provided in the response. This operation requires the secrets/list permission.

It is possible to get the Secret with value of all the versions from this information. Convert the Flux containing base secret to Flux containing secret using SecretAsyncClient.getSecret(SecretBase baseSecret) within Flux.flatMap(Function).

 Flux<Secret> secrets = secretAsyncClient.listSecretVersions("secretName")
   .flatMap(secretBase ->
     client.getSecret(secretBase).map(secretResponse -> secretResponse.value()));
 

Parameters:

name - The name of the secret.

Returns:

A Flux containing secret of all the versions of the specified secret in the vault. Flux is empty if secret with name does not exist in key vault

Throws:

ResourceNotFoundException - when a secret with name doesn't exist in the key vault.

HttpRequestException - when a secret with name is empty string.