[Keyvault] `az keyvault key`: sign and verify #29476

freedge · 2024-07-25T21:48:10Z

It's not possible to provide data to az keyvault key sign and verify as found in #27631, #28027

We now allow for valid base64 data to be given as digest.

$ az keyvault key sign -a RS256 --digest @<(openssl dgst -binary -sha256 bar | base64) --id https://kvfrigo.vault.azure.net/keys/rsaex/0f322aba7573435a96acfba86b521c35
Algorithm    KeyId                                                                          Signature
-----------  -----------------------------------------------------------------------------  --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
RS256        https://kvfrigo.vault.azure.net/keys/rsaex/0f322aba7573435a96acfba86b521c35  e7Wi7PCouEo8ZNlY1dL3IgDm8E63bc8ZE9VW0GQHglHPJjKGHpi9D0MfRFHZXCOHrRAas6JBz0iO5yJBuH+cczMpl+9+lFWNSi7I1efIrPS2NOlrtdhOCI5qLT/nWh++CvRh1+R2iCpVD1uxCkL9sjDwi6k5B+7ySkk9ikUGHG463TFq8/Oftk+mSlNBCd5j3wsva1BOTT1h9qY9eyHZCY319oVRM0jD92jtF2DNu0HF92uhUC8PT/6gjPd6vQtAWxF1LR7KLMx2zCxN9e7aV3bQXtKA4/KMYekE143IY2nMft+XNZ+DT7OIi0TT1ufwdNNjpUk/9LovN+XwYz1p+A==

$ az keyvault key verify -a RS256 --digest @<(openssl dgst -binary -sha256 bar | base64) --id https://kvfrigo.vault.azure.net/keys/rsaex/0f322aba7573435a96acfba86b521c35 --signature e7Wi7PCouEo8ZNlY1dL3IgDm8E63bc8ZE
9VW0GQHglHPJjKGHpi9D0MfRFHZXCOHrRAas6JBz0iO5yJBuH+cczMpl+9+lFWNSi7I1efIrPS2NOlrtdhOCI5qLT/nWh++CvRh1+R2iCpVD1uxCkL9sjDwi6k5B+7ySkk9ikUGHG463TFq8/Oftk+mSlNBCd5j3wsva1BOTT1h9qY9eyHZCY319oVRM0jD92jtF2DNu0HF92uhUC8PT/6gjPd6vQtAWxF1LR7KLMx2zCxN9e7aV3bQXtKA4/KMYekE143IY2nMft+XNZ+DT7OIi0TT1ufwdNNjpUk/9LovN+XwYz1p+A==
Algorithm    IsValid    KeyId
-----------  ---------  -----------------------------------------------------------------------------
RS256        True       https://kvfrigo.vault.azure.net/keys/rsaex/0f322aba7573435a96acfba86b521c35

$ az keyvault key download --id https://kvfrigo.vault.azure.net/keys/rsaex/0f322aba7573435a96acfba86b521c35  -f rsa.pub
$ openssl dgst -verify rsa.pub -sha256 -signature <(echo e7Wi7PCouEo8ZNlY1dL3IgDm8E63bc8ZE9VW0GQHglHPJjKGHpi9D0MfRFHZXCOHrRAas6JBz0iO5yJBuH+cczMpl+9+lFWNSi7I1efIrPS2NOlrtdhOCI5qLT/nWh++CvRh1+R2iCpVD1uxCkL9sjDwi6k5B+7ySkk9ikUGHG463TFq8/Oftk+mSlNBCd5j3wsva1BOTT1h9qY9eyHZCY319oVRM0jD92jtF2DNu0HF92uhUC8PT/6gjPd6vQtAWxF1LR7KLMx2zCxN9e7aV3bQXtKA4/KMYekE143IY2nMft+XNZ+DT7OIi0TT1ufwdNNjpUk/9LovN+XwYz1p+A== | base64 -d) ./bar
Verified OK

This also works for EC keys, however openssl is not able to verify these keys so there is some other bug.

$ az keyvault key sign -a ES256 --digest @<(openssl dgst -binary -sha256 bar | base64) --id https://kvfrigo.vault.azure.net/keys/ecex/68ab9b9141524362bf10fb96e0158414
Algorithm    KeyId                                                                         Signature
-----------  ----------------------------------------------------------------------------  ----------------------------------------------------------------------------------------
ES256        https://kvfrigo.vault.azure.net/keys/ecex/68ab9b9141524362bf10fb96e0158414  pj9a96b0En6/NbHSeRupa0cz26NicpgiUYRCQYXYikU5bPmaloJhDddkjFqxXUI9DaBLCZRI954UP1i9fGN8kA==
$ az keyvault key verify -a ES256 --digest @<(openssl dgst -binary -sha256 bar | base64) --id https://kvfrigo.vault.azure.net/keys/ecex/68ab9b9141524362bf10fb96e0158414 --signature pj9a96b0En6/NbHSeRupa0cz26NicpgiUYRCQYXYikU5bPmaloJhDddkjFqxXUI9DaBLCZRI954UP1i9fGN8kA==
Algorithm    IsValid    KeyId
-----------  ---------  ----------------------------------------------------------------------------
ES256        True       https://kvfrigo.vault.azure.net/keys/ecex/68ab9b9141524362bf10fb96e0158414

$ az keyvault key download --id https://kvfrigo.vault.azure.net/keys/ecex/68ab9b9141524362bf10fb96e0158414 -f ec.pub
$ openssl ec -pubin -in ec.pub  -text -noout
read EC key
Public-Key: (256 bit)
pub:
    04:83:8f:93:9a:74:c3:0a:39:9d:f4:e5:27:f9:19:
    cd:42:71:1a:5e:c4:87:76:8b:6a:06:19:d3:60:73:
    9f:66:8c:28:1c:ea:d1:1e:f4:c2:c9:90:48:79:85:
    a7:27:c6:ff:46:df:36:01:ce:3b:2e:db:1a:c1:a2:
    68:3e:5e:d8:c5
ASN1 OID: prime256v1
NIST CURVE: P-256
$ openssl dgst -verify ec.pub -sha256 -signature <(echo pj9a96b0En6/NbHSeRupa0cz26NicpgiUYRCQYXYikU5bPmaloJhDddkjFqxXUI9DaBLCZRI954UP1i9fGN8kA== | base64 -d) ./bar
Error verifying data

Related command

az keyvault key sign, verify}

Description

az keyvault key sign, verify, are unusable today as described in multiple bugs

Testing Guide

see commit message

History Notes

[Component Name 1] BREAKING CHANGE: az command a: Make some customer-facing breaking change
[Component Name 2] az command b: Add some customer-facing feature

This checklist is used to make sure that common guidelines for a pull request are followed.

The PR title and description has followed the guideline in Submitting Pull Requests.
I adhere to the Command Guidelines.
I adhere to the Error Handling Guidelines.

It's not possible to provide data to az keyvault key sign and verify as found in Azure#27631, Azure#28027 We now allow for valid base64 data to be given as digest. ``` $ az keyvault key sign -a RS256 --digest @<(openssl dgst -binary -sha256 bar | base64) --id https://kvfrigo.vault.azure.net/keys/rsaex/0f322aba7573435a96acfba86b521c35 Algorithm KeyId Signature ----------- ----------------------------------------------------------------------------- -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- RS256 https://kvfrigo.vault.azure.net/keys/rsaex/0f322aba7573435a96acfba86b521c35 e7Wi7PCouEo8ZNlY1dL3IgDm8E63bc8ZE9VW0GQHglHPJjKGHpi9D0MfRFHZXCOHrRAas6JBz0iO5yJBuH+cczMpl+9+lFWNSi7I1efIrPS2NOlrtdhOCI5qLT/nWh++CvRh1+R2iCpVD1uxCkL9sjDwi6k5B+7ySkk9ikUGHG463TFq8/Oftk+mSlNBCd5j3wsva1BOTT1h9qY9eyHZCY319oVRM0jD92jtF2DNu0HF92uhUC8PT/6gjPd6vQtAWxF1LR7KLMx2zCxN9e7aV3bQXtKA4/KMYekE143IY2nMft+XNZ+DT7OIi0TT1ufwdNNjpUk/9LovN+XwYz1p+A== $ az keyvault key verify -a RS256 --digest @<(openssl dgst -binary -sha256 bar | base64) --id https://kvfrigo.vault.azure.net/keys/rsaex/0f322aba7573435a96acfba86b521c35 --signature e7Wi7PCouEo8ZNlY1dL3IgDm8E63bc8ZE 9VW0GQHglHPJjKGHpi9D0MfRFHZXCOHrRAas6JBz0iO5yJBuH+cczMpl+9+lFWNSi7I1efIrPS2NOlrtdhOCI5qLT/nWh++CvRh1+R2iCpVD1uxCkL9sjDwi6k5B+7ySkk9ikUGHG463TFq8/Oftk+mSlNBCd5j3wsva1BOTT1h9qY9eyHZCY319oVRM0jD92jtF2DNu0HF92uhUC8PT/6gjPd6vQtAWxF1LR7KLMx2zCxN9e7aV3bQXtKA4/KMYekE143IY2nMft+XNZ+DT7OIi0TT1ufwdNNjpUk/9LovN+XwYz1p+A== Algorithm IsValid KeyId ----------- --------- ----------------------------------------------------------------------------- RS256 True https://kvfrigo.vault.azure.net/keys/rsaex/0f322aba7573435a96acfba86b521c35 $ az keyvault key download --id https://kvfrigo.vault.azure.net/keys/rsaex/0f322aba7573435a96acfba86b521c35 -f rsa.pub $ openssl dgst -verify rsa.pub -sha256 -signature <(echo e7Wi7PCouEo8ZNlY1dL3IgDm8E63bc8ZE9VW0GQHglHPJjKGHpi9D0MfRFHZXCOHrRAas6JBz0iO5yJBuH+cczMpl+9+lFWNSi7I1efIrPS2NOlrtdhOCI5qLT/nWh++CvRh1+R2iCpVD1uxCkL9sjDwi6k5B+7ySkk9ikUGHG463TFq8/Oftk+mSlNBCd5j3wsva1BOTT1h9qY9eyHZCY319oVRM0jD92jtF2DNu0HF92uhUC8PT/6gjPd6vQtAWxF1LR7KLMx2zCxN9e7aV3bQXtKA4/KMYekE143IY2nMft+XNZ+DT7OIi0TT1ufwdNNjpUk/9LovN+XwYz1p+A== | base64 -d) ./bar Verified OK ``` This also works for EC keys, however openssl is not able to verify these keys so there is some other bug. ``` $ az keyvault key sign -a ES256 --digest @<(openssl dgst -binary -sha256 bar | base64) --id https://kvfrigo.vault.azure.net/keys/ecex/68ab9b9141524362bf10fb96e0158414 Algorithm KeyId Signature ----------- ---------------------------------------------------------------------------- ---------------------------------------------------------------------------------------- ES256 https://kvfrigo.vault.azure.net/keys/ecex/68ab9b9141524362bf10fb96e0158414 pj9a96b0En6/NbHSeRupa0cz26NicpgiUYRCQYXYikU5bPmaloJhDddkjFqxXUI9DaBLCZRI954UP1i9fGN8kA== $ az keyvault key verify -a ES256 --digest @<(openssl dgst -binary -sha256 bar | base64) --id https://kvfrigo.vault.azure.net/keys/ecex/68ab9b9141524362bf10fb96e0158414 --signature pj9a96b0En6/NbHSeRupa0cz26NicpgiUYRCQYXYikU5bPmaloJhDddkjFqxXUI9DaBLCZRI954UP1i9fGN8kA== Algorithm IsValid KeyId ----------- --------- ---------------------------------------------------------------------------- ES256 True https://kvfrigo.vault.azure.net/keys/ecex/68ab9b9141524362bf10fb96e0158414 $ az keyvault key download --id https://kvfrigo.vault.azure.net/keys/ecex/68ab9b9141524362bf10fb96e0158414 -f ec.pub $ openssl ec -pubin -in ec.pub -text -noout read EC key Public-Key: (256 bit) pub: 04:83:8f:93:9a:74:c3:0a:39:9d:f4:e5:27:f9:19: cd:42:71:1a:5e:c4:87:76:8b:6a:06:19:d3:60:73: 9f:66:8c:28:1c:ea:d1:1e:f4:c2:c9:90:48:79:85: a7:27:c6:ff:46:df:36:01:ce:3b:2e:db:1a:c1:a2: 68:3e:5e:d8:c5 ASN1 OID: prime256v1 NIST CURVE: P-256 $ openssl dgst -verify ec.pub -sha256 -signature <(echo pj9a96b0En6/NbHSeRupa0cz26NicpgiUYRCQYXYikU5bPmaloJhDddkjFqxXUI9DaBLCZRI954UP1i9fGN8kA== | base64 -d) ./bar Error verifying data ```

azure-client-tools-bot-prd · 2024-07-25T21:48:13Z

❌AzureCLI-FullTest

️✔️acr

️✔️2020-09-01-hybrid

️✔️3.11

️✔️3.9

️✔️latest

️✔️3.11

️✔️3.9

️✔️acs

️✔️2020-09-01-hybrid

️✔️3.11

️✔️3.9

️✔️latest

️✔️3.11

️✔️3.9

️✔️advisor

️✔️latest

️✔️3.11

️✔️3.9

️✔️ams

️✔️latest

️✔️3.11

️✔️3.9

️✔️apim

️✔️latest

️✔️3.11

️✔️3.9

️✔️appconfig

️✔️latest

️✔️3.11

️✔️3.9

️✔️appservice

️✔️latest

️✔️3.11

️✔️3.9

️✔️aro

️✔️latest

️✔️3.11

️✔️3.9

️✔️backup

️✔️latest

️✔️3.11

️✔️3.9

️✔️batch

️✔️latest

️✔️3.11

️✔️3.9

️✔️batchai

️✔️latest

️✔️3.11

️✔️3.9

️✔️billing

️✔️latest

️✔️3.11

️✔️3.9

️✔️botservice

️✔️latest

️✔️3.11

️✔️3.9

️✔️cdn

️✔️latest

️✔️3.11

️✔️3.9

️✔️cloud

️✔️latest

️✔️3.11

️✔️3.9

️✔️cognitiveservices

️✔️latest

️✔️3.11

️✔️3.9

️✔️compute_recommender

️✔️latest

️✔️3.11

️✔️3.9

️✔️config

️✔️latest

️✔️3.11

️✔️3.9

️✔️configure

️✔️latest

️✔️3.11

️✔️3.9

️✔️consumption

️✔️latest

️✔️3.11

️✔️3.9

️✔️container

️✔️latest

️✔️3.11

️✔️3.9

️✔️containerapp

️✔️latest

️✔️3.11

️✔️3.9

️✔️core

️✔️2018-03-01-hybrid

️✔️3.11

️✔️3.9

️✔️2019-03-01-hybrid

️✔️3.11

️✔️3.9

️✔️2020-09-01-hybrid

️✔️3.11

️✔️3.9

️✔️latest

️✔️3.11

️✔️3.9

️✔️cosmosdb

️✔️latest

️✔️3.11

️✔️3.9

️✔️databoxedge

️✔️2019-03-01-hybrid

️✔️3.11

️✔️3.9

️✔️2020-09-01-hybrid

️✔️3.11

️✔️3.9

️✔️latest

️✔️3.11

️✔️3.9

️✔️dla

️✔️latest

️✔️3.11

️✔️3.9

️✔️dls

️✔️latest

️✔️3.11

️✔️3.9

️✔️dms

️✔️latest

️✔️3.11

️✔️3.9

️✔️eventgrid

️✔️latest

️✔️3.11

️✔️3.9

️✔️eventhubs

️✔️latest

️✔️3.11

️✔️3.9

️✔️feedback

️✔️latest

️✔️3.11

️✔️3.9

️✔️find

️✔️latest

️✔️3.11

️✔️3.9

️✔️hdinsight

️✔️latest

️✔️3.11

️✔️3.9

️✔️identity

️✔️latest

️✔️3.11

️✔️3.9

️✔️iot

️✔️2019-03-01-hybrid

️✔️3.11

️✔️3.9

️✔️2020-09-01-hybrid

️✔️3.11

️✔️3.9

️✔️latest

️✔️3.11

️✔️3.9

❌keyvault

️✔️2018-03-01-hybrid

️✔️3.11

️✔️3.9

️✔️2020-09-01-hybrid

️✔️3.11

️✔️3.9

❌latest

❌3.11

Type Test Case Error Message Line

Failed test_keyvault_key self = <azure.cli.testsdk.base.ExecutionResult object at 0x7f38c7957510>
cli_ctx = <azure.cli.core.mock.DummyCli object at 0x7f38c2dd5110>
command = 'keyvault key verify -n key1-000004 --vault-name cli-test-kv-key-000002 -a RS256 --digest 1234567890123456789012345678.../+C8Vp16HSs/shdAUJx6hBmY1JZtqgo5+1ybYMpUmf6BcTt2Vn6pkDe7XD2w/O8anze/E7prqZPqF2jE1E74y7aO9ufM5R66nwlgumB5mZ6JsjJT+kw=="'
expect_failure = False

    def in_process_execute(self, cli_ctx, command, expect_failure=False):
        from io import StringIO
        from vcr.errors import CannotOverwriteExistingCassetteException

        if command.startswith('az '):
            command = command[3:]

        stdout_buf = StringIO()
        logging_buf = StringIO()
        try:
            # issue: stderr cannot be redirect in this form, as a result some failure information
            # is lost when command fails.
>           self.exit_code = cli_ctx.invoke(shlex.split(command), out_file=stdout_buf) or 0

src/azure-cli-testsdk/azure/cli/testsdk/base.py:302:

env/lib/python3.11/site-packages/knack/cli.py:245: in invoke
    exit_code = self.exception_handler(ex)
src/azure-cli-core/azure/cli/core/init.py:127: in exception_handler
    return handle_exception(ex)


ex = CLIError(CannotOverwriteExistingCassetteException("Can't overwrite existing cassette ('/mnt/vss/work/1/s/src/azure-cl...ed :\npath - assertion failure :\n/keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/eckey1/create\n"))
args = (), kwargs = {}

    def handle_main_exception(ex, *args, **kwargs):  # pylint: disable=unused-argument
        if isinstance(ex, CannotOverwriteExistingCassetteException):
            # This exception usually caused by a no match HTTP request. This is a product error
            # that is caused by change of SDK invocation.
            raise ex

>       raise CliExecutionError(ex)
E       azure.cli.testsdk.exceptions.CliExecutionError: The CLI throws exception CLIError during execution and fails the command.

src/azure-cli-testsdk/azure/cli/testsdk/patches.py:35: CliExecutionError

During handling of the above exception, another exception occurred:

self = <azure.cli.command_modules.keyvault.tests.latest.test_keyvault_commands.KeyVaultKeyScenarioTest testMethod=test_keyvault_key>
resource_group = 'cli_test_keyvault_key000001'
key_vault = 'cli-test-kv-key-000002', key_vault2 = 'cli-test-kv-key-000003'

    @ResourceGroupPreparer(name_prefix='cli_test_keyvault_key')
    @KeyVaultPreparer(name_prefix='cli-test-kv-key-', location='eastus2')
    @KeyVaultPreparer(name_prefix='cli-test-kv-key-', location='eastus2', sku='premium',
                      parameter_name='key_vault2', key='kv2')
    def test_keyvault_key(self, resource_group, key_vault, key_vault2):
        self.kwargs.update({
            'loc': 'eastus2',
            'key': self.create_random_name('key1-', 24),
            'key2': self.create_random_name('key2-', 24)
        })
        keyvault = self.cmd('keyvault show -n {kv} -g {rg}').get_output_in_json()
        self.kwargs['obj_id'] = keyvault['properties']['accessPolicies'][0]['objectId']
        key_perms = keyvault['properties']['accessPolicies'][0]['permissions']['keys']
        key_perms.extend(['encrypt', 'decrypt', 'purge'])
        self.kwargs['key_perms'] = ' '.join(key_perms)

        # create a key
        key = self.cmd('keyvault key create --vault-name {kv} -n {key} -p software',
                       checks=self.check('attributes.enabled', True)).get_output_in_json()
        first_kid = key['key']['kid']
        first_version = first_kid.rsplit('/', 1)[1]
        self.cmd('keyvault key create --vault-name {kv} -n {key2}')

        # encrypt/decrypt
        self.cmd('keyvault set-policy -n {kv} --object-id {obj_id} --key-permissions {key_perms}')
        self.kwargs['plaintext_value'] = 'abcdef'
        self.kwargs['base64_value'] = 'YWJjZGVm'
        self.kwargs['encryption_result1'] = self.cmd('keyvault key encrypt -n {key} --vault-name {kv} -a RSA-OAEP --value "{plaintext_value}" --data-type plaintext').get_output_in_json()['result']
        self.kwargs['encryption_result2'] = self.cmd('keyvault key encrypt -n {key} --vault-name {kv} -a RSA-OAEP --value "{base64_value}" --data-type base64').get_output_in_json()['result']
        self.cmd('keyvault key decrypt -n {key} --vault-name {kv} -a RSA-OAEP --value "{encryption_result1}" --data-type plaintext',
                 checks=self.check('result', '{plaintext_value}'))
        self.cmd('keyvault key decrypt -n {key} --vault-name {kv} -a RSA-OAEP --value "{encryption_result2}" --data-type base64',
                 checks=self.check('result', '{base64_value}'))

        # sign/verify
        self.kwargs['digest'] = '12345678901234567890123456789012'
        self.kwargs['sign_result'] = self.cmd('keyvault key sign -n {key} --vault-name {kv} -a RS256 --digest {digest}').get_output_in_json()['signature']
>       self.cmd('keyvault key verify -n {key} --vault-name {kv} -a RS256 --digest {digest} --signature "{sign_result}"',
                 checks=self.check('isValid', True))

src/azure-cli/azure/cli/command_modules/keyvault/tests/latest/test_keyvault_commands.py:1043:

src/azure-cli-testsdk/azure/cli/testsdk/base.py:176: in cmd
    return execute(self.cli_ctx, command, expect_failure=expect_failure).assert_with_checks(checks)
src/azure-cli-testsdk/azure/cli/testsdk/base.py:251: in init
    self.in_process_execute(cli_ctx, command, expect_failure=expect_failure)
src/azure-cli-testsdk/azure/cli/testsdk/base.py:314: in in_process_execute
    raise ex.exception
env/lib/python3.11/site-packages/knack/cli.py:233: in invoke
    cmd_result = self.invocation.execute(args)
src/azure-cli-core/azure/cli/core/commands/init.py:664: in execute
    raise ex
src/azure-cli-core/azure/cli/core/commands/init.py:731: in run_jobs_serially
    results.append(self.run_job(expanded_arg, cmd_copy))
src/azure-cli-core/azure/cli/core/commands/init.py:701: in run_job
    result = cmd_copy(params)
src/azure-cli-core/azure/cli/core/commands/init.py:334: in call
    return self.handler(*args, **kwargs)
src/azure-cli/azure/cli/command_modules/keyvault/command_type.py:135: in keyvault_command_handler
    return keyvault_exception_handler(ex)
                                       _

ex = CannotOverwriteExistingCassetteException("Can't overwrite existing cassette ('/mnt/vss/_work/1/s/src/azure-cli/azure/c...led :\npath - assertion failure :\n/keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/eckey1/create\n")

    def keyvault_exception_handler(ex):
        from msrest.exceptions import ValidationError, ClientRequestError
        if isinstance(ex, ValidationError):
            try:
                raise CLIError(ex.inner_exception.error.message)
            except AttributeError:
                raise CLIError(ex)
        elif isinstance(ex, ClientRequestError):
            if 'Failed to establish a new connection' in str(ex.inner_exception):
                instance_type = 'Vault'
                if 'managedhsm' in str(ex.inner_exception):
                    instance_type = 'HSM'
                raise CLIError('Max retries exceeded attempting to connect to {instance_type}. '
                               'The {instance_type} may not exist or you may need to flush your DNS cache '
                               'and try again later.'.format(instance_type=instance_type))
            raise CLIError(ex)
        else:
>           raise CLIError(ex)
E           knack.util.CLIError: Can't overwrite existing cassette ('/mnt/vss/_work/1/s/src/azure-cli/azure/cli/command_modules/keyvault/tests/latest/recordings/test_keyvault_key.yaml') in your current record mode ('once').
E           No match for the request (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify?api-version=7.5-preview.1>) was found.
E           Found 11 similar requests with 1 different matcher(s) :
E
E           1 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/key1-000004/create?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/key1-000004/create
E
E           2 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/key1-000004/create?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/key1-000004/create
E
E           3 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/key2-000005/create?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/key2-000005/create
E
E           4 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/decrypt?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/decrypt
E
E           5 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/decrypt?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/decrypt
E
E           6 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/sign?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/sign
E
E           7 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/key1-000004/create?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/key1-000004/create
E
E           8 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/key1-000004/backup?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/key1-000004/backup
E
E           9 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/restore?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/restore
E
E           10 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/eckey1/create?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/eckey1/create
E
E           11 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/eckey1/create?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/eckey1/create

src/azure-cli/azure/cli/command_modules/keyvault/_command_type.py:49: CLIError azure/cli/command_modules/keyvault/tests/latest/test_keyvault_commands.py:1005

❌3.9

Type Test Case Error Message Line

Failed test_keyvault_key self = <azure.cli.testsdk.base.ExecutionResult object at 0x7f3ceaa188e0>
cli_ctx = <azure.cli.core.mock.DummyCli object at 0x7f3ceca674f0>
command = 'keyvault key verify -n key1-000004 --vault-name cli-test-kv-key-000002 -a RS256 --digest 1234567890123456789012345678.../+C8Vp16HSs/shdAUJx6hBmY1JZtqgo5+1ybYMpUmf6BcTt2Vn6pkDe7XD2w/O8anze/E7prqZPqF2jE1E74y7aO9ufM5R66nwlgumB5mZ6JsjJT+kw=="'
expect_failure = False

    def in_process_execute(self, cli_ctx, command, expect_failure=False):
        from io import StringIO
        from vcr.errors import CannotOverwriteExistingCassetteException

        if command.startswith('az '):
            command = command[3:]

        stdout_buf = StringIO()
        logging_buf = StringIO()
        try:
            # issue: stderr cannot be redirect in this form, as a result some failure information
            # is lost when command fails.
>           self.exit_code = cli_ctx.invoke(shlex.split(command), out_file=stdout_buf) or 0

src/azure-cli-testsdk/azure/cli/testsdk/base.py:302:

env/lib/python3.9/site-packages/knack/cli.py:245: in invoke
    exit_code = self.exception_handler(ex)
src/azure-cli-core/azure/cli/core/init.py:127: in exception_handler
    return handle_exception(ex)


ex = CLIError(CannotOverwriteExistingCassetteException("Can't overwrite existing cassette ('/mnt/vss/work/1/s/src/azure-cl...ed :\npath - assertion failure :\n/keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/eckey1/create\n"))
args = (), kwargs = {}

    def handle_main_exception(ex, *args, **kwargs):  # pylint: disable=unused-argument
        if isinstance(ex, CannotOverwriteExistingCassetteException):
            # This exception usually caused by a no match HTTP request. This is a product error
            # that is caused by change of SDK invocation.
            raise ex

>       raise CliExecutionError(ex)
E       azure.cli.testsdk.exceptions.CliExecutionError: The CLI throws exception CLIError during execution and fails the command.

src/azure-cli-testsdk/azure/cli/testsdk/patches.py:35: CliExecutionError

During handling of the above exception, another exception occurred:

self = <azure.cli.command_modules.keyvault.tests.latest.test_keyvault_commands.KeyVaultKeyScenarioTest testMethod=test_keyvault_key>
resource_group = 'cli_test_keyvault_key000001'
key_vault = 'cli-test-kv-key-000002', key_vault2 = 'cli-test-kv-key-000003'

    @ResourceGroupPreparer(name_prefix='cli_test_keyvault_key')
    @KeyVaultPreparer(name_prefix='cli-test-kv-key-', location='eastus2')
    @KeyVaultPreparer(name_prefix='cli-test-kv-key-', location='eastus2', sku='premium',
                      parameter_name='key_vault2', key='kv2')
    def test_keyvault_key(self, resource_group, key_vault, key_vault2):
        self.kwargs.update({
            'loc': 'eastus2',
            'key': self.create_random_name('key1-', 24),
            'key2': self.create_random_name('key2-', 24)
        })
        keyvault = self.cmd('keyvault show -n {kv} -g {rg}').get_output_in_json()
        self.kwargs['obj_id'] = keyvault['properties']['accessPolicies'][0]['objectId']
        key_perms = keyvault['properties']['accessPolicies'][0]['permissions']['keys']
        key_perms.extend(['encrypt', 'decrypt', 'purge'])
        self.kwargs['key_perms'] = ' '.join(key_perms)

        # create a key
        key = self.cmd('keyvault key create --vault-name {kv} -n {key} -p software',
                       checks=self.check('attributes.enabled', True)).get_output_in_json()
        first_kid = key['key']['kid']
        first_version = first_kid.rsplit('/', 1)[1]
        self.cmd('keyvault key create --vault-name {kv} -n {key2}')

        # encrypt/decrypt
        self.cmd('keyvault set-policy -n {kv} --object-id {obj_id} --key-permissions {key_perms}')
        self.kwargs['plaintext_value'] = 'abcdef'
        self.kwargs['base64_value'] = 'YWJjZGVm'
        self.kwargs['encryption_result1'] = self.cmd('keyvault key encrypt -n {key} --vault-name {kv} -a RSA-OAEP --value "{plaintext_value}" --data-type plaintext').get_output_in_json()['result']
        self.kwargs['encryption_result2'] = self.cmd('keyvault key encrypt -n {key} --vault-name {kv} -a RSA-OAEP --value "{base64_value}" --data-type base64').get_output_in_json()['result']
        self.cmd('keyvault key decrypt -n {key} --vault-name {kv} -a RSA-OAEP --value "{encryption_result1}" --data-type plaintext',
                 checks=self.check('result', '{plaintext_value}'))
        self.cmd('keyvault key decrypt -n {key} --vault-name {kv} -a RSA-OAEP --value "{encryption_result2}" --data-type base64',
                 checks=self.check('result', '{base64_value}'))

        # sign/verify
        self.kwargs['digest'] = '12345678901234567890123456789012'
        self.kwargs['sign_result'] = self.cmd('keyvault key sign -n {key} --vault-name {kv} -a RS256 --digest {digest}').get_output_in_json()['signature']
>       self.cmd('keyvault key verify -n {key} --vault-name {kv} -a RS256 --digest {digest} --signature "{sign_result}"',
                 checks=self.check('isValid', True))

src/azure-cli/azure/cli/command_modules/keyvault/tests/latest/test_keyvault_commands.py:1043:

src/azure-cli-testsdk/azure/cli/testsdk/base.py:176: in cmd
    return execute(self.cli_ctx, command, expect_failure=expect_failure).assert_with_checks(checks)
src/azure-cli-testsdk/azure/cli/testsdk/base.py:251: in init
    self.in_process_execute(cli_ctx, command, expect_failure=expect_failure)
src/azure-cli-testsdk/azure/cli/testsdk/base.py:314: in in_process_execute
    raise ex.exception
env/lib/python3.9/site-packages/knack/cli.py:233: in invoke
    cmd_result = self.invocation.execute(args)
src/azure-cli-core/azure/cli/core/commands/init.py:664: in execute
    raise ex
src/azure-cli-core/azure/cli/core/commands/init.py:731: in run_jobs_serially
    results.append(self.run_job(expanded_arg, cmd_copy))
src/azure-cli-core/azure/cli/core/commands/init.py:701: in run_job
    result = cmd_copy(params)
src/azure-cli-core/azure/cli/core/commands/init.py:334: in call
    return self.handler(*args, **kwargs)
src/azure-cli/azure/cli/command_modules/keyvault/command_type.py:135: in keyvault_command_handler
    return keyvault_exception_handler(ex)
                                       _

ex = CannotOverwriteExistingCassetteException("Can't overwrite existing cassette ('/mnt/vss/_work/1/s/src/azure-cli/azure/c...led :\npath - assertion failure :\n/keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/eckey1/create\n")

    def keyvault_exception_handler(ex):
        from msrest.exceptions import ValidationError, ClientRequestError
        if isinstance(ex, ValidationError):
            try:
                raise CLIError(ex.inner_exception.error.message)
            except AttributeError:
                raise CLIError(ex)
        elif isinstance(ex, ClientRequestError):
            if 'Failed to establish a new connection' in str(ex.inner_exception):
                instance_type = 'Vault'
                if 'managedhsm' in str(ex.inner_exception):
                    instance_type = 'HSM'
                raise CLIError('Max retries exceeded attempting to connect to {instance_type}. '
                               'The {instance_type} may not exist or you may need to flush your DNS cache '
                               'and try again later.'.format(instance_type=instance_type))
            raise CLIError(ex)
        else:
>           raise CLIError(ex)
E           knack.util.CLIError: Can't overwrite existing cassette ('/mnt/vss/_work/1/s/src/azure-cli/azure/cli/command_modules/keyvault/tests/latest/recordings/test_keyvault_key.yaml') in your current record mode ('once').
E           No match for the request (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify?api-version=7.5-preview.1>) was found.
E           Found 11 similar requests with 1 different matcher(s) :
E
E           1 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/key1-000004/create?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/key1-000004/create
E
E           2 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/key1-000004/create?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/key1-000004/create
E
E           3 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/key2-000005/create?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/key2-000005/create
E
E           4 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/decrypt?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/decrypt
E
E           5 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/decrypt?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/decrypt
E
E           6 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/sign?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/sign
E
E           7 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/key1-000004/create?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/key1-000004/create
E
E           8 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/key1-000004/backup?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/key1-000004/backup
E
E           9 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/restore?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/restore
E
E           10 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/eckey1/create?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/eckey1/create
E
E           11 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/eckey1/create?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/eckey1/create

src/azure-cli/azure/cli/command_modules/keyvault/_command_type.py:49: CLIError azure/cli/command_modules/keyvault/tests/latest/test_keyvault_commands.py:1005

️✔️kusto

️✔️latest

️✔️3.11

️✔️3.9

️✔️lab

️✔️latest

️✔️3.11

️✔️3.9

️✔️managedservices

️✔️latest

️✔️3.11

️✔️3.9

️✔️maps

️✔️latest

️✔️3.11

️✔️3.9

️✔️marketplaceordering

️✔️latest

️✔️3.11

️✔️3.9

️✔️monitor

️✔️latest

️✔️3.11

️✔️3.9

️✔️mysql

️✔️latest

️✔️3.11

️✔️3.9

️✔️netappfiles

️✔️latest

️✔️3.11

️✔️3.9

️✔️network

️✔️2018-03-01-hybrid

️✔️3.11

️✔️3.9

️✔️latest

️✔️3.11

️✔️3.9

️✔️policyinsights

️✔️latest

️✔️3.11

️✔️3.9

️✔️privatedns

️✔️latest

️✔️3.11

️✔️3.9

️✔️profile

️✔️latest

️✔️3.11

️✔️3.9

️✔️rdbms

️✔️latest

️✔️3.11

️✔️3.9

️✔️redis

️✔️latest

️✔️3.11

️✔️3.9

️✔️relay

️✔️latest

️✔️3.11

️✔️3.9

️✔️resource

️✔️2018-03-01-hybrid

️✔️3.11

️✔️3.9

️✔️2019-03-01-hybrid

️✔️3.11

️✔️3.9

️✔️latest

️✔️3.11

️✔️3.9

️✔️role

️✔️latest

️✔️3.11

️✔️3.9

️✔️search

️✔️latest

️✔️3.11

️✔️3.9

️✔️security

️✔️latest

️✔️3.11

️✔️3.9

️✔️servicebus

️✔️latest

️✔️3.11

️✔️3.9

️✔️serviceconnector

️✔️latest

️✔️3.11

️✔️3.9

️✔️servicefabric

️✔️latest

️✔️3.11

️✔️3.9

️✔️signalr

️✔️latest

️✔️3.11

️✔️3.9

️✔️sql

️✔️latest

️✔️3.11

️✔️3.9

️✔️sqlvm

️✔️latest

️✔️3.11

️✔️3.9

️✔️storage

️✔️2018-03-01-hybrid

️✔️3.11

️✔️3.9

️✔️2019-03-01-hybrid

️✔️3.11

️✔️3.9

️✔️2020-09-01-hybrid

️✔️3.11

️✔️3.9

️✔️latest

️✔️3.11

️✔️3.9

️✔️synapse

️✔️latest

️✔️3.11

️✔️3.9

️✔️telemetry

️✔️2018-03-01-hybrid

️✔️3.11

️✔️3.9

️✔️2019-03-01-hybrid

️✔️3.11

️✔️3.9

️✔️2020-09-01-hybrid

️✔️3.11

️✔️3.9

️✔️latest

️✔️3.11

️✔️3.9

️✔️util

️✔️latest

️✔️3.11

️✔️3.9

️✔️vm

️✔️2018-03-01-hybrid

️✔️3.11

️✔️3.9

️✔️2019-03-01-hybrid

️✔️3.11

️✔️3.9

️✔️2020-09-01-hybrid

️✔️3.11

️✔️3.9

️✔️latest

️✔️3.11

️✔️3.9

azure-client-tools-bot-prd · 2024-07-25T21:48:16Z

Hi @freedge,
Since the current milestone time is less than 7 days, this pr will be reviewed in the next milestone.

azure-client-tools-bot-prd · 2024-07-25T21:48:19Z

️✔️AzureCLI-BreakingChangeTest

️✔️Non Breaking Changes

yonzhan · 2024-07-25T21:48:21Z

Keyvault

microsoft-github-policy-service · 2024-07-25T21:48:25Z

Thank you for your contribution freedge! We will review the pull request and get back to you soon.

freedge · 2024-07-26T08:11:52Z

(for the ecdsa verification this is due to https://github.com/Azure/azure-sdk-for-python/blob/c20cdc581cfb16052ebfec8a233b3fd4b73e4542/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/_internal.py#L104-L116 , openssl just uses a different format to encode the signature and we need a few lines of python to convert it)

freedge requested review from evelyn-ys, jiasli and calvinhzy as code owners July 25, 2024 21:48

azure-client-tools-bot-prd bot added this to the August 2024 (2024-09-03) milestone Jul 25, 2024

microsoft-github-policy-service bot requested a review from yonzhan July 25, 2024 21:48

microsoft-github-policy-service bot added the customer-reported Issues that are reported by GitHub users external to the Azure organization. label Jul 25, 2024

microsoft-github-policy-service bot added the Auto-Assign Auto assign by bot label Jul 25, 2024

microsoft-github-policy-service bot assigned evelyn-ys Jul 25, 2024

microsoft-github-policy-service bot added the KeyVault az keyvault label Jul 25, 2024

evelyn-ys modified the milestones: August 2024 (2024-09-03), October 2024 (2024-11-05), September 2024 (2024-10-08) Aug 26, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Keyvault] `az keyvault key`: sign and verify #29476

[Keyvault] `az keyvault key`: sign and verify #29476

freedge commented Jul 25, 2024

azure-client-tools-bot-prd bot commented Jul 25, 2024 •

edited

Loading

azure-client-tools-bot-prd bot commented Jul 25, 2024

azure-client-tools-bot-prd bot commented Jul 25, 2024 •

edited

Loading

yonzhan commented Jul 25, 2024

microsoft-github-policy-service bot commented Jul 25, 2024

freedge commented Jul 26, 2024

[Keyvault] az keyvault key: sign and verify #29476

Are you sure you want to change the base?

[Keyvault] az keyvault key: sign and verify #29476

Conversation

freedge commented Jul 25, 2024

azure-client-tools-bot-prd bot commented Jul 25, 2024 • edited Loading

azure-client-tools-bot-prd bot commented Jul 25, 2024

azure-client-tools-bot-prd bot commented Jul 25, 2024 • edited Loading

yonzhan commented Jul 25, 2024

microsoft-github-policy-service bot commented Jul 25, 2024

freedge commented Jul 26, 2024

[Keyvault] `az keyvault key`: sign and verify #29476

[Keyvault] `az keyvault key`: sign and verify #29476

azure-client-tools-bot-prd bot commented Jul 25, 2024 •

edited

Loading

azure-client-tools-bot-prd bot commented Jul 25, 2024 •

edited

Loading