KeyVaultBackupClient Class
Performs Key Vault backup and restore operations.
Constructor
KeyVaultBackupClient(vault_url: str, credential: TokenCredential, **kwargs: Any)Parameters
| Name | Description |
|---|---|
|
vault_url
Required
|
URL of the vault on which the client will operate. This is also called the vault's "DNS Name". You should validate that this URL references a valid Key Vault or Managed HSM resource. See https://aka.ms/azsdk/blog/vault-uri for details. |
|
credential
Required
|
An object which can provide an access token for the vault, such as a credential from identity |
Keyword-Only Parameters
| Name | Description |
|---|---|
|
api_version
|
ApiVersion or
str
Version of the service API to use. Defaults to the most recent. |
|
verify_challenge_resource
|
Whether to verify the authentication challenge resource matches the Key Vault or Managed HSM domain. Defaults to True. |
Methods
| begin_backup |
Begin a full backup of the Key Vault. |
| begin_pre_backup |
Initiates a pre-backup check of whether a full Key Vault backup can be performed. If the pre-backup check fails, calling wait() on the returned poller will raise an error. Otherwise, a full backup can be performed. |
| begin_pre_restore |
Initiates a pre-restore check of whether a full Key Vault restore can be performed. If the pre-restore check fails, calling wait() on the returned poller will raise an error. Otherwise, a full restore can be performed. |
| begin_restore |
Restore a Key Vault backup. This method restores either a complete Key Vault backup or when |
| close |
Close sockets opened by the client. Calling this method is unnecessary when using the client as a context manager. |
| send_request |
Runs a network request using the client's existing pipeline. The request URL can be relative to the vault URL. The service API version used for the request is the same as the client's unless otherwise specified. This method does not raise if the response is an error; to raise an exception, call raise_for_status() on the returned response object. For more information about how to send custom requests with this method, see https://aka.ms/azsdk/dpcodegen/python/send_request. |
begin_backup
Begin a full backup of the Key Vault.
begin_backup(blob_storage_url: str, *, use_managed_identity: Literal[True], continuation_token: str | None = None, **kwargs: Any) -> LROPoller[KeyVaultBackupResult]Parameters
| Name | Description |
|---|---|
|
blob_storage_url
Required
|
URL of the blob storage container in which the backup will be stored, for example https://<account>.blob.core.windows.net/backup. |
Keyword-Only Parameters
| Name | Description |
|---|---|
|
sas_token
|
Optional Shared Access Signature (SAS) token to authorize access to the blob. Required unless use_managed_identity is set to True. |
|
use_managed_identity
|
Indicates which authentication method should be used. If set to True, Managed HSM will use the configured user-assigned managed identity to authenticate with Azure Storage. Otherwise, a SAS token has to be specified. |
|
continuation_token
|
A continuation token to restart polling from a saved state. |
Returns
| Type | Description |
|---|---|
|
An LROPoller instance. Call result() on this object to wait for the operation to complete and get a KeyVaultBackupResult. |
begin_pre_backup
Initiates a pre-backup check of whether a full Key Vault backup can be performed.
If the pre-backup check fails, calling wait() on the returned poller will raise an error. Otherwise, a full backup can be performed.
begin_pre_backup(blob_storage_url: str, *, use_managed_identity: Literal[True], continuation_token: str | None = None, **kwargs: Any) -> LROPoller[None]Parameters
| Name | Description |
|---|---|
|
blob_storage_url
Required
|
URL of the blob storage container in which the backup will be stored, for example https://<account>.blob.core.windows.net/backup. |
Keyword-Only Parameters
| Name | Description |
|---|---|
|
sas_token
|
Optional Shared Access Signature (SAS) token to authorize access to the blob. Required unless use_managed_identity is set to True. |
|
use_managed_identity
|
Indicates which authentication method should be used. If set to True, Managed HSM will use the configured user-assigned managed identity to authenticate with Azure Storage. Otherwise, a SAS token has to be specified. |
|
continuation_token
|
A continuation token to restart polling from a saved state. |
Returns
| Type | Description |
|---|---|
|
An LROPoller instance. Call wait() on this object to wait for the operation to complete. If the check fails, an error will be raised. |
begin_pre_restore
Initiates a pre-restore check of whether a full Key Vault restore can be performed.
If the pre-restore check fails, calling wait() on the returned poller will raise an error. Otherwise, a full restore can be performed.
begin_pre_restore(folder_url: str, *, use_managed_identity: Literal[True], continuation_token: str | None = None, **kwargs: Any) -> LROPoller[None]Parameters
| Name | Description |
|---|---|
|
folder_url
Required
|
URL of the blob holding the backup. This would be the folder_url of a KeyVaultBackupResult returned by begin_backup, for example https://<account>.blob.core.windows.net/backup/mhsm-account-2020090117323313 |
Keyword-Only Parameters
| Name | Description |
|---|---|
|
sas_token
|
Optional Shared Access Signature (SAS) token to authorize access to the blob. Required unless use_managed_identity is set to True. |
|
use_managed_identity
|
Indicates which authentication method should be used. If set to True, Managed HSM will use the configured user-assigned managed identity to authenticate with Azure Storage. Otherwise, a SAS token has to be specified. |
|
continuation_token
|
A continuation token to restart polling from a saved state. |
Returns
| Type | Description |
|---|---|
|
An LROPoller instance. Call wait() on this object to wait for the operation to complete. If the check fails, an error will be raised. |
begin_restore
Restore a Key Vault backup.
This method restores either a complete Key Vault backup or when key_name has a value, a single key.
begin_restore(folder_url: str, *, use_managed_identity: Literal[True], key_name: str | None = None, continuation_token: str | None = None, **kwargs: Any) -> LROPoller[None]Parameters
| Name | Description |
|---|---|
|
folder_url
Required
|
URL of the blob holding the backup. This would be the folder_url of a KeyVaultBackupResult returned by begin_backup, for example https://<account>.blob.core.windows.net/backup/mhsm-account-2020090117323313 |
Keyword-Only Parameters
| Name | Description |
|---|---|
|
sas_token
|
Optional Shared Access Signature (SAS) token to authorize access to the blob. Required unless use_managed_identity is set to True. |
|
use_managed_identity
|
Indicates which authentication method should be used. If set to True, Managed HSM will use the configured user-assigned managed identity to authenticate with Azure Storage. Otherwise, a SAS token has to be specified. |
|
key_name
|
Name of a single key in the backup. When set, only this key will be restored. |
|
continuation_token
|
A continuation token to restart polling from a saved state. |
Returns
| Type | Description |
|---|---|
|
An LROPoller instance. Call wait() or result() on this object to wait for the operation to complete (the return value is None in either case). |
close
Close sockets opened by the client.
Calling this method is unnecessary when using the client as a context manager.
close() -> Nonesend_request
Runs a network request using the client's existing pipeline.
The request URL can be relative to the vault URL. The service API version used for the request is the same as the client's unless otherwise specified. This method does not raise if the response is an error; to raise an exception, call raise_for_status() on the returned response object. For more information about how to send custom requests with this method, see https://aka.ms/azsdk/dpcodegen/python/send_request.
send_request(request: HttpRequest, *, stream: bool = False, **kwargs: Any) -> HttpResponseParameters
| Name | Description |
|---|---|
|
request
Required
|
The network request you want to make. |
Keyword-Only Parameters
| Name | Description |
|---|---|
|
stream
|
Whether the response payload will be streamed. Defaults to False. Default value: False
|
Returns
| Type | Description |
|---|---|
|
The response of your network call. Does not do error handling on your response. |
