@azure/keyvault-certificates 4.5.0-beta.1 → 4.5.0

package/README.md

@@ -33,7 +33,7 @@ Key links:
 ### Prerequisites
 
 - An [Azure subscription](https://azure.microsoft.com/free/)
-- A [Key Vault resource](https://docs.microsoft.com/azure/key-vault/quick-create-portal)
+- An existing [Azure Key Vault][azure_keyvault]. If you need to create a key vault, you can do so in the Azure Portal by following the steps in [this document][azure_keyvault_portal]. Alternatively, use the Azure CLI by following [these steps][azure_keyvault_cli].
 
 ### Install the package
 
@@ -57,52 +57,14 @@ npm install @types/node
 
 You also need to enable `compilerOptions.allowSyntheticDefaultImports` in your tsconfig.json. Note that if you have enabled `compilerOptions.esModuleInterop`, `allowSyntheticDefaultImports` is enabled by default. See [TypeScript's compiler options handbook](https://www.typescriptlang.org/docs/handbook/compiler-options.html) for more information.
 
-### Configuring your Key Vault
-
-Use the [Azure Cloud Shell](https://shell.azure.com/bash) snippet below to create/get client secret credentials.
-
-- Create a service principal and configure its access to Azure resources:
-  ```Bash
-  az ad sp create-for-rbac -n <your-application-name> --skip-assignment
-  ```
-  Output:
-  ```json
-  {
-    "appId": "generated-app-ID",
-    "displayName": "dummy-app-name",
-    "name": "http://dummy-app-name",
-    "password": "random-password",
-    "tenant": "tenant-ID"
-  }
-  ```
-- Use the above returned credentials information to set **AZURE_CLIENT_ID**(appId), **AZURE_CLIENT_SECRET**(password) and **AZURE_TENANT_ID**(tenant) environment variables. The following example shows a way to do this in Bash:
-
-  ```Bash
-    export AZURE_CLIENT_ID="generated-app-ID"
-    export AZURE_CLIENT_SECRET="random-password"
-    export AZURE_TENANT_ID="tenant-ID"
-  ```
-
-- Grant the above mentioned application authorization to perform certificate operations on the keyvault:
-
-  ```Bash
-  az keyvault set-policy --name <your-key-vault-name> --spn $AZURE_CLIENT_ID --certificate-permissions backup create delete deleteissuers get getissuers import list listissuers managecontacts manageissuers purge recover restore setissuers update
-  ```
-
-  > --certificate-permissions:
-  > Accepted values: backup, create, delete, deleteissuers, get, getissuers, import, list, listissuers, managecontacts, manageissuers, purge, recover, restore, setissuers, update
-
-  If you have enabled role-based access control (RBAC) for Key Vault instead, you can find roles like "Key Vault Certificates Officer" in our [RBAC guide](https://docs.microsoft.com/azure/key-vault/general/rbac-guide).
-
-- Use the above mentioned Key Vault name to retrieve details of your Vault which also contains your Key Vault URL:
-  ```Bash
-  az keyvault show --name <your-key-vault-name>
-  ```
-
 ## Authenticating with Azure Active Directory
 
 The Key Vault service relies on Azure Active Directory to authenticate requests to its APIs. The [`@azure/identity`](https://www.npmjs.com/package/@azure/identity) package provides a variety of credential types that your application can use to do this. The [README for `@azure/identity`](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/README.md) provides more details and samples to get you started.
 
+In order to interact with the Azure Key Vault service, you will need to create an instance of the [`CertificateClient`](#creating-and-setting-a-certificate) class, a **vault url** and a credential object. The examples shown in this document use a credential object named [`DefaultAzureCredential`][default_azure_credential], which is appropriate for most scenarios, including local development and production environments. Additionally, we recommend using a [managed identity][managed_identity] for authentication in production environments.
+
+You can find more information on different ways of authenticating and their corresponding credential types in the [Azure Identity documentation][azure_identity].
+
 Here's a quick example. First, import `DefaultAzureCredential` and `CertificateClient`:
 
 ```javascript
@@ -110,16 +72,12 @@ const { DefaultAzureCredential } = require("@azure/identity");
 const { CertificateClient } = require("@azure/keyvault-certificates");
 ```
 
-Once these are imported, we can next connect to the key vault service. To do this, we'll need to copy some settings from the key vault we are connecting to into our environment variables. Once they are in our environment, we can access them with the following code:
+Once these are imported, we can next connect to the key vault service:
 
 ```javascript
 const { DefaultAzureCredential } = require("@azure/identity");
 const { CertificateClient } = require("@azure/keyvault-certificates");
 
-// DefaultAzureCredential expects the following three environment variables:
-// * AZURE_TENANT_ID: The tenant ID in Azure Active Directory
-// * AZURE_CLIENT_ID: The application (client) ID registered in the AAD tenant
-// * AZURE_CLIENT_SECRET: The client secret for the registered application
 const credential = new DefaultAzureCredential();
 
 // Build the URL to reach your key vault
@@ -366,7 +324,7 @@ main();
 
 ### Getting the full information of a certificate
 
-Azure's KeyVault's design makes sharp distinctions between Keys,
+Azure Key Vault's design makes sharp distinctions between Keys,
 Secrets and Certificates. The Key Vault service's Certificates
 features were designed making use of it's Keys and Secrets capabilities.
 Let's evaluate the composition of a Key Vault Certificate:
@@ -375,12 +333,12 @@ Let's evaluate the composition of a Key Vault Certificate:
 > and secret are also created with the same name. The Key Vault
 > key allows key operations and the Key Vault secret allows retrieval
 > of the certificate value as a secret. A Key Vault certificate
-> also contains public x509 certificate metadata.  
+> also contains public x509 certificate metadata.
 > _Source: [Composition of a Certificate][composition-of-a-certificate]._
 
 Knowing that the private key is stored in a Key Vault Secret,
 with the public certificate included, we can retrieve it
-by using the [KeyVault Secrets client][keyvault-secrets-client].
+by using the Key Vault Secrets client.
 
 ```ts
 // Using the same credential object we used before,
@@ -402,7 +360,7 @@ fs.writeFileSync("myCertificate.p12", PKCS12Certificate);
 ```
 
 Note that, by default, the content type of the certificates
-is [PKCS 12][pkcs_12]. By specifying the content type
+is PKCS 12. By specifying the content type
 of your certificate, you'll be able to retrieve it in PEM format.
 Before showing how to create PEM certificates,
 let's first explore how to retrieve a PEM secret key
@@ -691,12 +649,20 @@ See our [troubleshooting guide](https://github.com/Azure/azure-sdk-for-js/blob/m
 
 You can find more code samples through the following links:
 
-- [KeyVault Certificates Samples (JavaScript)](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/keyvault/keyvault-certificates/samples/v4/javascript)
-- [KeyVault Certificates Samples (TypeScript)](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/keyvault/keyvault-certificates/samples/v4/typescript)
-- [KeyVault Certificates Test Cases](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/keyvault/keyvault-certificates/test/)
+- [Key Vault Certificates Samples (JavaScript)](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/keyvault/keyvault-certificates/samples/v4/javascript)
+- [Key Vault Certificates Samples (TypeScript)](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/keyvault/keyvault-certificates/samples/v4/typescript)
+- [Key Vault Certificates Test Cases](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/keyvault/keyvault-certificates/test/)
 
 ## Contributing
 
 If you'd like to contribute to this library, please read the [contributing guide](https://github.com/Azure/azure-sdk-for-js/blob/main/CONTRIBUTING.md) to learn more about how to build and test the code.
 
+[azure_keyvault]: https://docs.microsoft.com/azure/key-vault/general/overview
+[azure_keyvault_cli]: https://docs.microsoft.com/azure/key-vault/general/quick-create-cli
+[azure_keyvault_portal]: https://docs.microsoft.com/azure/key-vault/general/quick-create-portal
+[default_azure_credential]: https://docs.microsoft.com/java/api/overview/azure/identity-readme?view=azure-java-stable#defaultazurecredential
+[managed_identity]: https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview
+[azure_identity]: https://docs.microsoft.com/java/api/overview/azure/identity-readme?view=azure-java-stable
+[composition-of-a-certificate]: https://docs.microsoft.com/azure/key-vault/certificates/about-certificates#composition-of-a-certificate
+
 ![Impressions](https://azure-sdk-impressions.azurewebsites.net/api/impressions/azure-sdk-for-js%2Fsdk%2Fkeyvault%2Fkeyvault-certificates%2FREADME.png)

package/dist/index.js

@@ -1617,7 +1617,7 @@ class KeyVaultClient extends coreHttpCompat__namespace.ExtendedServiceClient {
         const defaults = {
             requestContentType: "application/json; charset=utf-8"
         };
-        const packageDetails = `azsdk-js-keyvault-certificates/4.5.0-beta.1`;
+        const packageDetails = `azsdk-js-keyvault-certificates/4.5.0`;
         const userAgentPrefix = options.userAgentOptions && options.userAgentOptions.userAgentPrefix
             ? `${options.userAgentOptions.userAgentPrefix} ${packageDetails}`
             : `${packageDetails}`;
@@ -3100,7 +3100,7 @@ function getPropertiesFromCertificateBundle(certificateBundle) {
 
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
-const SDK_VERSION = "4.5.0-beta.1";
+const SDK_VERSION = "4.5.0";
 
 // Copyright (c) Microsoft Corporation.
 const tracingClient = coreTracing.createTracingClient({