.NET SDK samples for recovering and restoring Azure Key Vault entities

This repo contains sample code demonstrating the backup/restore and recoverable deletion functionality of Azure Key Vault using the Azure .Net SDK. The scenarios covered by these samples include:

  • Backing up and restoring Key Vault secrets and keys
  • Enabling recoverable deletion on creating a new vault
  • Enabling recoverable deletion on an existing vault
  • Recovering or permanently deleting deleted vaults
  • Recovering or permanently deleting Key Vault secrets, keys, and certificates

The recoverable deletion functionality is also referred to as 'soft delete'; consequently, a permanent, irrecoverable deletion is referred to as 'purge'.

Samples in this repo:

  • Back up and restore Key Vault entities
  • Enable soft delete
  • Delete, recover and purge a vault
  • Delete, recover and purge vault entities

Getting Started


  • OS: Windows
  • SDKs:
    • Microsoft.Azure.Management.KeyVault.Fluent ver. 1.6.0+
    • KeyVault data SDK: Microsoft.Azure.KeyVault ver. 2.3.2+
  • Azure:
    • a subscription, in which you have the KeyVaultContributor role
    • an Azure Active Directory application, created in the tenant associated with the subscription, and with access to KeyVault; please see Accessing Key Vault from a native application for details.
    • the credentials of the AAD application, in the form of a client secret


  • open the solution in Visual Studio - NuGet should resolve the necessary packages


Follow these steps to get started with this sample:

  1. git clone https://github.com/Azure-Samples/key-vault-dotnet-recovery.git
  2. cd key-vault-dotnet-recovery
  3. edit the app.config file, specifying the tenant, subscription, AD app id, object id and client secret
  4. dotnet run AzureKeyVaultRecoverySamples.csproj



Please see the following links for additional information:

The following samples are also related: