Update docs

sdk/keyvault/azure-security-keyvault-certificates/CHANGELOG.md

@@ -4,11 +4,7 @@
 
 ### Features Added
 
-### Breaking Changes
-
-### Bugs Fixed
-
-### Other Changes
+- Keyvault 7.3 support added for Certificates.
 
 ## 4.0.0-beta.2 (2022-03-08)
 

sdk/keyvault/azure-security-keyvault-keys/CHANGELOG.md

@@ -4,11 +4,7 @@
 
 ### Features Added
 
-### Breaking Changes
-
-### Bugs Fixed
-
-### Other Changes
+- Keyvault 7.3 support added for Keys.
 
 ## 4.2.0 (2021-10-05)
 

sdk/keyvault/azure-security-keyvault-keys/README.md

@@ -376,18 +376,18 @@ Headers:
 
 Several Azure Key Vault keys client library samples are available to you in this GitHub repository. These samples provide example code for additional scenarios commonly encountered while working with Azure Key Vault:
 
-- [Sample1_HelloWorld.md][hello_world_sample] - for working with Azure Key Vault, including:
+- [sample1_hello_world.md][hello_world_sample] - for working with Azure Key Vault, including:
 
   - Create a key
   - Get an existing key
   - Update an existing key
   - Delete a key
 
-- [Sample2_BackupAndRestore.md][backup_and_restore_sample] - Contains the code snippets working with Azure Key Vault keys, including:
+- [sample2_backup_and_restore.md][backup_and_restore_sample] - Contains the code snippets working with Azure Key Vault keys, including:
 
   - Backup and recover a key
 
-- [Sample3_GetKeys.md][get_keys_sample] - Example code for working with Azure Key Vault keys, including:
+- [sample3_get_keys.md][get_keys_sample] - Example code for working with Azure Key Vault keys, including:
 
   - Create keys
   - List all keys in the Key Vault
@@ -396,17 +396,22 @@ Several Azure Key Vault keys client library samples are available to you in this
   - Delete keys from the Key Vault
   - List deleted keys in the Key Vault
 
-<!-- - [Sample4_EncryptDecrypt.md][encrypt_decrypt_sample] - Example code for performing cryptographic operations with Azure Key Vault keys, including:
+- [sample4_encrypt_decrypt.md][encrypt_decrypt_sample] - Example code for performing cryptographic operations with Azure Key Vault keys, including:
 
   - Encrypt and Decrypt data with the CryptographyClient
 
-- [Sample5_SignVerify.md][sign_verify_sample] - Example code for working with Azure Key Vault keys, including:
+- [sample5_sign_verify.md][sign_verify_sample] - Example code for working with Azure Key Vault keys, including:
 
   - Sign a precalculated digest and verify the signature with Sign and Verify
   - Sign raw data and verify the signature with SignData and VerifyData
 
-- [Sample6_WrapUnwrap.md][wrap_unwrap_sample] - Example code for working with Azure Key Vault keys, including:
-  - Wrap and Unwrap a symmetric key -->
+- [sample6_wrap_unwrap.md][wrap_unwrap_sample] - Example code for working with Azure Key Vault keys, including:
+  - Wrap and Unwrap a symmetric key 
+
+- [sample7_key_rotation.md][key_rotation_sample] - Example code for working with Azure Key Vault keys, including:
+  - Define Rotation policy
+  - Apply rotation policy
+  - Rotate key
 
 ### Additional Documentation
 
@@ -434,15 +439,19 @@ For more information see the [Code of Conduct FAQ][coc_faq] or contact opencode@
 [azure_cli]: https://docs.microsoft.com/cli/azure
 [azure_identity]: https://github.com/Azure/azure-sdk-for-cpp/tree/main/sdk/identity/azure-identity
 [azure_sub]: https://azure.microsoft.com/free/
+<!-- ----------------SAMPLES ---------------- -->
+[hello_world_sample]: https://github.com/Azure/azure-sdk-for-cpp/blob/main/sdk/keyvault/azure-security-keyvault-keys/samples/sample1_hello_world.md
 [backup_and_restore_sample]: https://github.com/Azure/azure-sdk-for-cpp/blob/main/sdk/keyvault/azure-security-keyvault-keys/samples/sample2_backup_and_restore.md
 [code_of_conduct]: https://opensource.microsoft.com/codeofconduct/
 [get_keys_sample]: https://github.com/Azure/azure-sdk-for-cpp/blob/main/sdk/keyvault/azure-security-keyvault-keys/samples/sample3_get_keys.md
+[encrypt_decrypt_sample]: https://github.com/Azure/azure-sdk-for-cpp/blob/main/sdk/keyvault/azure-security-keyvault-keys/samples/sample4_encrypt_decrypt.md
+[sign_verify_sample]: https://github.com/Azure/azure-sdk-for-cpp/blob/main/sdk/keyvault/azure-security-keyvault-keys/samples/sample5_sign_verify.md
+[wrap_unwrap_sample]: https://github.com/Azure/azure-sdk-for-cpp/blob/main/sdk/keyvault/azure-security-keyvault-keys/samples/sample6_wrap_unwrap.md
+[key_rotation_sample]: https://github.com/Azure/azure-sdk-for-cpp/blob/main/sdk/keyvault/azure-security-keyvault-keys/samples/sample7_key_rotation.md
+
+<!-- ----------------SAMPLES ---------------- -->
 
-<!-- [encrypt_decrypt_sample]: https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/keyvault/Azure.Security.KeyVault.Keys/samples/Sample4_EncryptDecrypt.md -->
-<!-- [sign_verify_sample]: https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/keyvault/Azure.Security.KeyVault.Keys/samples/Sample5_SignVerify.md -->
-<!-- [wrap_unwrap_sample]: https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/keyvault/Azure.Security.KeyVault.Keys/samples/Sample6_WrapUnwrap.md -->
 
-[hello_world_sample]: https://github.com/Azure/azure-sdk-for-cpp/blob/main/sdk/keyvault/azure-security-keyvault-keys/samples/sample1_hello_world.md
 [key_client_class]: https://github.com/Azure/azure-sdk-for-cpp/blob/main/sdk/keyvault/azure-security-keyvault-keys/inc/azure/keyvault/keys/key_client.hpp
 [crypto_client_class]: https://github.com/Azure/azure-sdk-for-cpp/blob/main/sdk/keyvault/azure-security-keyvault-keys/src/cryptography/cryptography_client.cpp
 [key_client_vcpkg_package]: https://github.com/microsoft/vcpkg/tree/master/ports/azure-security-keyvault-keys-cpp

sdk/keyvault/azure-security-keyvault-keys/samples/README.md

@@ -17,3 +17,4 @@ description: Samples for the azure-security-keyVault-keys client library.
 - Encrypting and decrypt keys
 - Signing and verifying keys
 - Wrapping and unwrap a key
+- Rotating a key

sdk/keyvault/azure-security-keyvault-keys/samples/sample6_wrap_unwrap.md

@@ -0,0 +1,106 @@
+# Creating, wrapping and unwrapping keys
+
+This sample demonstrates how to create, get, wrap and unwrap a key in Azure Key Vault.
+To get started, you'll need a URI to an Azure Key Vault. See the [README](https://github.com/Azure/azure-sdk-for-cpp/blob/main/sdk/keyvault/azure-security-keyvault-keys/README.md) for links and instructions.
+
+## Creating a KeyClient
+
+To create a new `KeyClient` to create, get, update, or delete keys, you need the endpoint to an Azure Key Vault and credentials.
+
+Key Vault Keys client for C++ currently supports the `ClientSecretCredential` for authenticating.
+
+In the sample below, you can create a credential by setting the Tenant ID, Client ID and client secret as environment variables.
+
+```cpp Snippet:KeysSample6CreateCredential
+  auto tenantId = std::getenv("AZURE_TENANT_ID");
+  auto clientId = std::getenv("AZURE_CLIENT_ID");
+  auto clientSecret = std::getenv("AZURE_CLIENT_SECRET");
+  auto credential = std::make_shared<Azure::Identity::ClientSecretCredential>(tenantId, clientId, clientSecret);
+```
+
+Then, in the sample below, you can set `keyVaultUrl` based on an environment variable, configuration setting, or any way that works for your application.
+
+```cpp Snippet:KeysSample6KeyClient
+KeyClient keyClient(std::getenv("AZURE_KEYVAULT_URL"), credential);
+```
+
+## Creating a key
+
+Let's create an RSA key valid for 1 year.
+If the key already exists in the Azure Key Vault, then a new version of the key is created.
+
+```cpp Snippet:KeysSample6CreateKey
+auto rsaKey = CreateRsaKeyOptions(rsaKeyName);
+rsaKey.KeySize = 2048;
+rsaKey.ExpiresOn = std::chrono::system_clock::now() + std::chrono::hours(24 * 365);
+
+keyClient.CreateRsaKey(rsaKey);
+```
+
+## Creating the CryptographyClient
+
+Let's create a CryptographyClient instance using the created key.
+
+```cpp Snippet:KeysSample6CryptoClient
+CryptographyClient cryptoClient(cloudRsaKey.Id(), credential);
+
+```
+
+## Wrap the key
+
+Now we will wrap the key.
+```cpp Snippet:KeysSample6WrapKey
+// keyDataSource simulates a symmetric private key created locally in the system. It is not
+// relevant for the sample how to create the private key as it depends on the OS.
+// For example, on linux, the key can be created using openSSL.
+uint8_t const keyDataSource[]
+    = "MIIBOgIBAAJBAKUFtjMCrEZzg30Rb5EQnFy6fFUTn3wwVPM9yW4Icn7EMk34ic+"
+      "3CYytbOqbRQDDUtbyUCdMEu2OZ0RPqL4GWMECAwEAAQJAcHi7HHs25XF3bbeDfbB/"
+      "kae8c9PDAEaEr6At+......";
+std::vector<uint8_t> keyData(std::begin(keyDataSource), std::end(keyDataSource));
+std::cout << " - Using a sample generated key: " << Azure::Core::Convert::Base64Encode(keyData)
+          << std::endl;
+
+auto wrapResult = cryptoClient.WrapKey(KeyWrapAlgorithm::RsaOaep, keyData).Value;
+std::cout << " - Encrypted data using the algorithm " << wrapResult.Algorithm.ToString()
+          << ", with key " << wrapResult.KeyId << ". The resulting encrypted data is: "
+          << Azure::Core::Convert::Base64Encode(wrapResult.EncryptedKey) << std::endl;
+
+```
+
+## Unwrap the key
+
+Let's unwrap the key.
+```cpp Snippet:KeysSample6UnwrapKey
+auto unwrapResult
+    = cryptoClient.UnwrapKey(KeyWrapAlgorithm::RsaOaep, wrapResult.EncryptedKey).Value;
+std::cout << " - Decrypted data using the algorithm " << unwrapResult.Algorithm.ToString()
+          << ", with key " << unwrapResult.KeyId << ". The resulting decrypted data is: "
+          << Azure::Core::Convert::Base64Encode(unwrapResult.Key) << std::endl;
+```
+
+## Deleting a key
+
+The cloud RSA key is no longer needed, so we need to delete it from the Key Vault.
+
+```cpp Snippet:KeysSample1DeleteKey
+DeleteKeyOperation operation = keyClient.StartDeleteKey(rsaKeyName);
+```
+
+## Purging a deleted key
+
+If the Azure Key Vault is soft delete-enabled and you want to permanently delete the key before its `ScheduledPurgeDate`,
+the deleted key needs to be purged. Before it can be purged, you need to wait until the key is fully deleted.
+
+```cpp Snippet:KeysSample1PurgeKey
+// You only need to wait for completion if you want to purge or recover the key.
+operation.PollUntilDone(std::chrono::milliseconds(2000));
+
+keyClient.PurgeDeletedKey(rsaKeyName);
+```
+
+## Source
+
+- [sample6_wrap_unwrap.cpp](https://github.com/Azure/azure-sdk-for-cpp/blob/main/sdk/keyvault/azure-security-keyvault-keys/test/samples/sample6-wrap-unwrap/sample6_wrap_unwrap.cpp)
+
+[defaultazurecredential]: https://github.com/Azure/azure-sdk-for-cpp/blob/main/sdk/identity/azure-identity/README.md

sdk/keyvault/azure-security-keyvault-keys/samples/sample7_key_rotation.md

@@ -0,0 +1,108 @@
+# Creating, updating rotation policy, and rotating keys
+
+This sample demonstrates how to create a key, update the rotation policy of the key, rotate the key in Azure Key Vault.
+To get started, you'll need a URI to an Azure Key Vault. See the [README](https://github.com/Azure/azure-sdk-for-cpp/blob/main/sdk/keyvault/azure-security-keyvault-keys/README.md) for links and instructions.
+
+## Creating a KeyClient
+
+To create a new `KeyClient` to create, get, update, or delete keys, you need the endpoint to an Azure Key Vault and credentials.
+
+Key Vault Keys client for C++ currently supports the `ClientSecretCredential` for authenticating.
+
+In the sample below, you can create a credential by setting the Tenant ID, Client ID and client secret as environment variables.
+
+```cpp Snippet:KeysSample7CreateCredential
+auto tenantId = std::getenv("AZURE_TENANT_ID");
+auto clientId = std::getenv("AZURE_CLIENT_ID");
+auto clientSecret = std::getenv("AZURE_CLIENT_SECRET");
+auto credential = std::make_shared<Azure::Identity::ClientSecretCredential>(tenantId, clientId, clientSecret);
+```
+
+Then, in the sample below, you can set `keyVaultUrl` based on an environment variable, configuration setting, or any way that works for your application.
+
+```cpp Snippet:KeysSample7KeyClient
+KeyClient keyClient(std::getenv("AZURE_KEYVAULT_URL"), credential);
+```
+
+## Creating a key
+
+Let's create an EC key.
+If the key already exists in the Azure Key Vault, then a new version of the key is created.
+
+```cpp Snippet:KeysSample7CreateKey
+auto keyName = "RotateKey-" + Azure::Core::Uuid::CreateUuid().ToString();
+auto createKeyResponse = keyClient.CreateEcKey(CreateEcKeyOptions(keyName));
+
+std::cout << "Created key " << createKeyResponse.Value.Name() << "with id "
+          << createKeyResponse.Value.Id() << " and version "
+          << createKeyResponse.Value.Properties.Version << std::endl;
+```
+
+## Create the key rotation policy 
+
+Next we will define the key rotation policy as needed.
+
+```cpp Snippet:KeysSample7DefinePolicy
+KeyRotationPolicy policy;
+
+LifetimeActionsType lifetimeAction1;
+lifetimeAction1.Trigger.TimeBeforeExpiry = "P18M";
+lifetimeAction1.Action = LifetimeActionType::Notify;
+policy.LifetimeActions.emplace_back(lifetimeAction1);
+
+LifetimeActionsType lifetimeAction2;
+lifetimeAction2.Action = LifetimeActionType::Rotate;
+lifetimeAction2.Trigger.TimeBeforeExpiry = "P30D";
+policy.LifetimeActions.emplace_back(lifetimeAction2);
+
+policy.Attributes.ExpiryTime = "P48M";
+```
+
+## Updating key properties
+
+Now we will update the key with the new rotation policy.
+
+```cpp Snippet:KeysSample7UpdateKeyRotation
+auto putPolicy = keyClient.UpdateKeyRotationPolicy(keyName, policy).Value;
+
+std::cout << "Updated rotation policy " << putPolicy.Id << " for key "
+          << createKeyResponse.Value.Name() << std::endl;
+```
+
+## Calling Rotate and checking the result
+
+Next we will rotate the key and check the result of the api call.
+```cpp Snippet:KeysSample7RotateKey
+auto originalKey = keyClient.GetKey(keyName);
+auto rotatedKey = keyClient.RotateKey(keyName);
+
+std::cout << "Rotated key " << originalKey.Value.Name() << std::endl
+          << "Original version " << originalKey.Value.Properties.Version << std::endl
+          << "New Version " << rotatedKey.Value.Properties.Version << std::endl;
+```
+
+## Deleting a key
+
+The cloud RSA key is no longer needed, so we need to delete it from the Key Vault.
+
+```cpp Snippet:KeysSample1DeleteKey
+DeleteKeyOperation operation = keyClient.StartDeleteKey(rsaKeyName);
+```
+
+## Purging a deleted key
+
+If the Azure Key Vault is soft delete-enabled and you want to permanently delete the key before its `ScheduledPurgeDate`,
+the deleted key needs to be purged. Before it can be purged, you need to wait until the key is fully deleted.
+
+```cpp Snippet:KeysSample1PurgeKey
+// You only need to wait for completion if you want to purge or recover the key.
+operation.PollUntilDone(std::chrono::milliseconds(2000));
+
+keyClient.PurgeDeletedKey(rsaKeyName);
+```
+
+## Source
+
+- [sample7_key_rotation.cpp](https://github.com/Azure/azure-sdk-for-cpp/blob/main/sdk/keyvault/azure-security-keyvault-keys/test/samples/sample7-key-rotation/sample7_key_rotation.cpp)
+
+[defaultazurecredential]: https://github.com/Azure/azure-sdk-for-cpp/blob/main/sdk/identity/azure-identity/README.md

sdk/keyvault/azure-security-keyvault-keys/test/samples/CMakeLists.txt

@@ -9,3 +9,5 @@ add_subdirectory(sample3-get-keys)
 add_subdirectory(sample4-encrypt-decrypt)
 add_subdirectory(sample5-sign-verify)
 add_subdirectory(sample6-wrap-unwrap)
+add_subdirectory(sample7-key-rotation)
+

sdk/keyvault/azure-security-keyvault-keys/test/samples/sample7-key-rotation/CMakeLists.txt

@@ -0,0 +1,16 @@
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# SPDX-License-Identifier: MIT
+
+cmake_minimum_required (VERSION 3.13)
+
+project (sample7-key-rotation LANGUAGES CXX)
+set(CMAKE_CXX_STANDARD 14)
+set(CMAKE_CXX_STANDARD_REQUIRED True)
+
+add_executable (
+  sample7-key-rotation
+  sample7_key_rotation.cpp
+)
+create_per_service_target_build_for_sample(keyvault sample7-key-rotation)
+
+target_link_libraries(sample7-key-rotation PRIVATE azure-security-keyvault-keys azure-identity get-env-helper)