KeyVaultBackupClient class
The KeyVaultBackupClient provides methods to generate backups and restore backups of any given Azure Key Vault instance. This client supports generating full backups, selective restores of specific keys and full restores of Key Vault instances.
Constructors
| Key |
Creates an instance of the KeyVaultBackupClient. Example usage: |
Properties
| vault |
The base URL to the vault |
Methods
| begin |
Starts generating a backup of an Azure Key Vault on the specified Storage Blob account, using a user-assigned Managed Identity to access the Storage account. This function returns a Long Running Operation poller that allows you to wait indefinitely until the Key Vault backup is generated. Example usage: Starts a full backup operation. |
| begin |
Starts generating a backup of an Azure Key Vault on the specified Storage Blob account. This function returns a Long Running Operation poller that allows you to wait indefinitely until the Key Vault backup is generated. Example usage: Starts a full backup operation. |
| begin |
Starts restoring all key materials using the SAS token pointing to a previously stored Azure Blob storage backup folder, using a user-assigned Managed Identity to access the storage account. This function returns a Long Running Operation poller that allows you to wait indefinitely until the Key Vault restore operation is complete. Example usage: Starts a full restore operation. |
| begin |
Starts restoring all key materials using the SAS token pointing to a previously stored Azure Blob storage backup folder. This function returns a Long Running Operation poller that allows you to wait indefinitely until the Key Vault restore operation is complete. Example usage: Starts a full restore operation. |
| begin |
Starts restoring all key versions of a given key using to a previously stored Azure Blob storage backup folder. The Blob storage backup folder will be accessed using user-assigned Managed Identity. This function returns a Long Running Operation poller that allows you to wait indefinitely until the Key Vault selective restore is complete. Example usage: Creates a new role assignment. |
| begin |
Starts restoring all key versions of a given key using user supplied SAS token pointing to a previously stored Azure Blob storage backup folder. This function returns a Long Running Operation poller that allows you to wait indefinitely until the Key Vault selective restore is complete. Example usage: Creates a new role assignment. |
Constructor Details
KeyVaultBackupClient(string, TokenCredential, KeyVaultBackupClientOptions)
Creates an instance of the KeyVaultBackupClient.
Example usage:
import { KeyVaultBackupClient } from "@azure/keyvault-admin";
import { DefaultAzureCredential } from "@azure/identity";
let vaultUrl = `https://<MY KEY VAULT HERE>.vault.azure.net`;
let credentials = new DefaultAzureCredential();
let client = new KeyVaultBackupClient(vaultUrl, credentials);
new KeyVaultBackupClient(vaultUrl: string, credential: TokenCredential, options?: KeyVaultBackupClientOptions)Parameters
- vaultUrl
-
string
the URL of the Key Vault. It should have this shape: https://${your-key-vault-name}.vault.azure.net. You should validate that this URL references a valid Key Vault or Managed HSM resource. See https://aka.ms/azsdk/blog/vault-uri for details.
- credential
- TokenCredential
An object that implements the TokenCredential interface used to authenticate requests to the service. Use the @azure/identity package to create a credential that suits your needs.
- options
- KeyVaultBackupClientOptions
options used to configure Key Vault API requests.
Property Details
vaultUrl
The base URL to the vault
vaultUrl: stringProperty Value
string
Method Details
beginBackup(string, KeyVaultBeginBackupOptions)
Starts generating a backup of an Azure Key Vault on the specified Storage Blob account, using a user-assigned Managed Identity to access the Storage account.
This function returns a Long Running Operation poller that allows you to wait indefinitely until the Key Vault backup is generated.
Example usage:
const client = new KeyVaultBackupClient(url, credentials);
const blobStorageUri = "<blob-storage-uri>"; // <Blob storage URL>/<folder name>
const sasToken = "<sas-token>";
const poller = await client.beginBackup(blobStorageUri);
// Serializing the poller
//
// const serialized = poller.toString();
//
// A new poller can be created with:
//
// await client.beginBackup(blobStorageUri, { resumeFrom: serialized });
//
// Waiting until it's done
const backupUri = await poller.pollUntilDone();
console.log(backupUri);
Starts a full backup operation.
function beginBackup(blobStorageUri: string, options?: KeyVaultBeginBackupOptions): Promise<PollerLike<KeyVaultBackupOperationState, KeyVaultBackupResult>>Parameters
- blobStorageUri
-
string
The URL of the blob storage resource, including the path to the container where the backup will end up being stored.
- options
- KeyVaultBeginBackupOptions
The optional parameters.
Returns
beginBackup(string, string, KeyVaultBeginBackupOptions)
Starts generating a backup of an Azure Key Vault on the specified Storage Blob account.
This function returns a Long Running Operation poller that allows you to wait indefinitely until the Key Vault backup is generated.
Example usage:
const client = new KeyVaultBackupClient(url, credentials);
const blobStorageUri = "<blob-storage-uri>"; // <Blob storage URL>/<folder name>
const sasToken = "<sas-token>";
const poller = await client.beginBackup(blobStorageUri, sasToken);
// Serializing the poller
//
// const serialized = poller.toString();
//
// A new poller can be created with:
//
// await client.beginBackup(blobStorageUri, sasToken, { resumeFrom: serialized });
//
// Waiting until it's done
const backupUri = await poller.pollUntilDone();
console.log(backupUri);
Starts a full backup operation.
function beginBackup(blobStorageUri: string, sasToken: string, options?: KeyVaultBeginBackupOptions): Promise<PollerLike<KeyVaultBackupOperationState, KeyVaultBackupResult>>Parameters
- blobStorageUri
-
string
The URL of the blob storage resource, including the path to the container where the backup will end up being stored.
- sasToken
-
string
The SAS token used to access the blob storage resource.
- options
- KeyVaultBeginBackupOptions
The optional parameters.
Returns
beginRestore(string, KeyVaultBeginRestoreOptions)
Starts restoring all key materials using the SAS token pointing to a previously stored Azure Blob storage backup folder, using a user-assigned Managed Identity to access the storage account.
This function returns a Long Running Operation poller that allows you to wait indefinitely until the Key Vault restore operation is complete.
Example usage:
const client = new KeyVaultBackupClient(url, credentials);
const blobStorageUri = "<blob-storage-uri>"; // <Blob storage URL>/<folder name>
const sasToken = "<sas-token>";
const poller = await client.beginRestore(blobStorageUri);
// The poller can be serialized with:
//
// const serialized = poller.toString();
//
// A new poller can be created with:
//
// await client.beginRestore(blobStorageUri, { resumeFrom: serialized });
//
// Waiting until it's done
const backupUri = await poller.pollUntilDone();
console.log(backupUri);
Starts a full restore operation.
function beginRestore(folderUri: string, options?: KeyVaultBeginRestoreOptions): Promise<PollerLike<KeyVaultRestoreOperationState, KeyVaultRestoreResult>>Parameters
- folderUri
-
string
The URL of the blob storage resource where the previous successful full backup was stored.
- options
- KeyVaultBeginRestoreOptions
The optional parameters.
Returns
beginRestore(string, string, KeyVaultBeginRestoreOptions)
Starts restoring all key materials using the SAS token pointing to a previously stored Azure Blob storage backup folder.
This function returns a Long Running Operation poller that allows you to wait indefinitely until the Key Vault restore operation is complete.
Example usage:
const client = new KeyVaultBackupClient(url, credentials);
const blobStorageUri = "<blob-storage-uri>"; // <Blob storage URL>/<folder name>
const sasToken = "<sas-token>";
const poller = await client.beginRestore(blobStorageUri, sasToken);
// The poller can be serialized with:
//
// const serialized = poller.toString();
//
// A new poller can be created with:
//
// await client.beginRestore(blobStorageUri, sasToken, { resumeFrom: serialized });
//
// Waiting until it's done
const backupUri = await poller.pollUntilDone();
console.log(backupUri);
Starts a full restore operation.
function beginRestore(folderUri: string, sasToken: string, options?: KeyVaultBeginRestoreOptions): Promise<PollerLike<KeyVaultRestoreOperationState, KeyVaultRestoreResult>>Parameters
- folderUri
-
string
The URL of the blob storage resource where the previous successful full backup was stored.
- sasToken
-
string
The SAS token. If no SAS token is provided, user-assigned Managed Identity will be used to access the blob storage resource.
- options
- KeyVaultBeginRestoreOptions
The optional parameters.
Returns
beginSelectiveKeyRestore(string, string, KeyVaultBeginSelectiveKeyRestoreOptions)
Starts restoring all key versions of a given key using to a previously stored Azure Blob storage backup folder. The Blob storage backup folder will be accessed using user-assigned Managed Identity.
This function returns a Long Running Operation poller that allows you to wait indefinitely until the Key Vault selective restore is complete.
Example usage:
const client = new KeyVaultBackupClient(url, credentials);
const blobStorageUri = "<blob-storage-uri>";
const sasToken = "<sas-token>";
const keyName = "<key-name>";
const poller = await client.beginSelectiveKeyRestore(keyName, blobStorageUri, sasToken);
// Serializing the poller
//
// const serialized = poller.toString();
//
// A new poller can be created with:
//
// await client.beginSelectiveKeyRestore(keyName, blobStorageUri, sasToken, { resumeFrom: serialized });
//
// Waiting until it's done
await poller.pollUntilDone();
Creates a new role assignment.
function beginSelectiveKeyRestore(keyName: string, folderUri: string, options?: KeyVaultBeginSelectiveKeyRestoreOptions): Promise<PollerLike<KeyVaultSelectiveKeyRestoreOperationState, KeyVaultSelectiveKeyRestoreResult>>Parameters
- keyName
-
string
The name of the key that wants to be restored.
- folderUri
-
string
The URL of the blob storage resource, with the folder name of the blob where the previous successful full backup was stored.
The optional parameters.
Returns
beginSelectiveKeyRestore(string, string, string, KeyVaultBeginSelectiveKeyRestoreOptions)
Starts restoring all key versions of a given key using user supplied SAS token pointing to a previously stored Azure Blob storage backup folder.
This function returns a Long Running Operation poller that allows you to wait indefinitely until the Key Vault selective restore is complete.
Example usage:
const client = new KeyVaultBackupClient(url, credentials);
const blobStorageUri = "<blob-storage-uri>";
const sasToken = "<sas-token>";
const keyName = "<key-name>";
const poller = await client.beginSelectiveKeyRestore(keyName, blobStorageUri, sasToken);
// Serializing the poller
//
// const serialized = poller.toString();
//
// A new poller can be created with:
//
// await client.beginSelectiveKeyRestore(keyName, blobStorageUri, sasToken, { resumeFrom: serialized });
//
// Waiting until it's done
await poller.pollUntilDone();
Creates a new role assignment.
function beginSelectiveKeyRestore(keyName: string, folderUri: string, sasToken: string, options?: KeyVaultBeginSelectiveKeyRestoreOptions): Promise<PollerLike<KeyVaultSelectiveKeyRestoreOperationState, KeyVaultSelectiveKeyRestoreResult>>Parameters
- keyName
-
string
The name of the key that wants to be restored.
- folderUri
-
string
The URL of the blob storage resource, with the folder name of the blob where the previous successful full backup was stored.
- sasToken
-
string
The SAS token. If no SAS token is provided, user-assigned Managed Identity will be used to access the blob storage resource.
The optional parameters.