-
Notifications
You must be signed in to change notification settings - Fork 5
Backup format in Lowkey Vault
Lowkey Vault is not compatible with original backups used by Azure Key Vault. This is due to the fact that Azure Key Vault needs to protect our backups while Lowkey Vault has no such requirements. In fact it is better if we can make it more accessible and simple.
Both formats are in the end using a Base64 string without padding, therefore as far as the original Azure clients are concerned, it is compatible. In case you need to prepare a key or secret that can be easily imported at the beginning of your test run, you can simply prepare the contents once and create a backup you can restore every time you start your tests.
In case:
- Your use case would benefit from more flexible backups, for example using a template defining how your keys look like; or
- You need to see the backup contents, such as you want to check it in using a human-readable format to git
You can easily decode the Base64 string (please don't forget about the lack of padding) from the response, then decompress the GZip compressed JSON backup produced by Lowkey Vault.
Decompression can be done using the unpackBackup(byte[]) method of LowkeyVaultManagementClient.
Put together a valid JSON backup string, then use GZip to compress it, then encode using Base64 (without using padding) when creating your restore request.
Compression can be done using the compressBackup(String) method of LowkeyVaultManagementClient.
A few examples of sample backups using API version 7.2 and 7.3 can be found here.
The inclusion of rotation policy is a breaking change in backups. In case you have old backups using v1.5.x or earlier, and you wish to use them with v1.6.x or later Lowkey Vault, please wrap your uncompressed JSON in a { "versions": <existing_array> }format