在 Azure Key Vault 中使用 JavaScript 备份、删除和还原密钥
使用相应的编程身份验证凭据创建 KeyClient,然后创建 CryptographyClient 来使用客户端在 Azure Key Vault 中设置、更新和轮换密钥。
备份、删除、清除和还原密钥
在删除密钥及其版本之前,请备份该密钥并将其序列化到安全数据存储。 备份密钥后,请删除密钥及所有版本。 如果保管库使用软删除,可以等待清除日期来手动传递或清除密钥。 清除密钥后,可以从备份还原密钥及所有版本。 如果要在清除之前还原密钥,你无需使用备份对象,而是可以恢复已软删除的密钥及所有版本。
// Authenticate to Azure Key Vault
const credential = new DefaultAzureCredential();
const client = new KeyClient(
`https://${process.env.AZURE_KEYVAULT_NAME}.vault.azure.cn`,
credential
);
// Create key
const keyName = `myKey-${Date.now()}`;
const key = await client.createRsaKey(keyName);
console.log(`${key.name} is created`);
// Backup key and all versions (as Uint8Array)
const keyBackup = await client.backupKey(keyName);
console.log(`${key.name} is backed up`);
// Delete key - wait until delete is complete
await (await client.beginDeleteKey(keyName)).pollUntilDone();
console.log(`${key.name} is deleted`);
// Purge soft-deleted key
await client.purgeDeletedKey(keyName);
console.log(`Soft-deleted key, ${key.name}, is purged`);
if (keyBackup) {
// Restore key and all versions to
// Get last version
const { name, key, properties } = await client.restoreKeyBackup(keyBackup);
console.log(`${name} is restored from backup, latest version is ${properties.version}`);
// do something with key
}