Merge pull request #225989 from diberry/diberry/keyvault-passwordless

Key Vault Certificates - Quickstart JS - passwordless

Author: prmerger-automator[bot]

articles/key-vault/certificates/quick-create-node.md

@@ -3,15 +3,15 @@ title: Quickstart -  Azure Key Vault certificate client library for JavaScript (
 description: Learn how to create, retrieve, and delete certificates from an Azure key vault using the JavaScript client library
 author: msmbaldwin
 ms.author: mbaldwin
-ms.date: 01/04/2023
+ms.date: 02/01/2023
 ms.service: key-vault
 ms.subservice: certificates
 ms.topic: quickstart
 ms.devlang: javascript
-ms.custom: devx-track-js, mode-api
+ms.custom: devx-track-js, mode-api, passwordless-js
 ---
 
-# Quickstart: Azure Key Vault certificate client library for JavaScript (version 4)
+# Quickstart: Azure Key Vault certificate client library for JavaScript
 
 Get started with the Azure Key Vault certificate client library for JavaScript. [Azure Key Vault](../general/overview.md) is a cloud service that provides a secure store for certificates. You can securely store keys, passwords, certificates, and other secrets. Azure key vaults may be created and managed through the Azure portal. In this quickstart, you learn how to create, retrieve, and delete certificates from an Azure key vault using the JavaScript client library
 
@@ -39,7 +39,7 @@ This quickstart assumes you're running [Azure CLI](/cli/azure/install-azure-cli)
 
 1. Run the `login` command.
 
-    ```azurecli-interactive
+    ```azurecli
     az login
     ```
 
@@ -76,42 +76,68 @@ Create a Node.js application that uses your key vault.
     npm install @azure/keyvault-certificates
     ```
 
-1. Install the Azure Identity library, [@azure/identity](https://www.npmjs.com/package/@azure/identity) package to authenticate to a Key Vault.
+1. Install the Azure Identity client library, [@azure/identity](https://www.npmjs.com/package/@azure/identity), to authenticate to a Key Vault.
 
     ```terminal
     npm install @azure/identity
     ```
 
 ## Grant access to your key vault
 
-Create an access policy for your key vault that grants key permissions to your user account
+Create a vault access policy for your key vault that grants key permissions to your user account.
 
 ```azurecli
-az keyvault set-policy --name <YourKeyVaultName> --upn [email protected] --key-permissions delete get list create purge
+az keyvault set-policy --name <YourKeyVaultName> --upn [email protected] --certificate-permissions delete get list create purge update
 ```
 
 ## Set environment variables
 
 This application is using key vault name as an environment variable called `KEY_VAULT_NAME`.
 
-Windows
+### [Windows](#tab/windows)
+
 ```cmd
 set KEY_VAULT_NAME=<your-key-vault-name>
 ````
 
+### [PowerShell](#tab/powershell)
+
 Windows PowerShell
 ```powershell
 $Env:KEY_VAULT_NAME="<your-key-vault-name>"
 ```
 
-macOS or Linux
+### [macOS or Linux](#tab/linux)
+
 ```cmd
 export KEY_VAULT_NAME=<your-key-vault-name>
 ```
+---
+
+## Authenticate and create a client
+
+Application requests to most Azure services must be authorized. Using the [DefaultAzureCredential](/javascript/api/@azure/identity/#@azure-identity-getdefaultazurecredential) method provided by the [Azure Identity client library](/javascript/api/@azure/identity) is the recommended approach for implementing passwordless connections to Azure services in your code. `DefaultAzureCredential` supports multiple authentication methods and determines which method should be used at runtime. This approach enables your app to use different authentication methods in different environments (local vs. production) without implementing environment-specific code. 
+
+In this quickstart, `DefaultAzureCredential` authenticates to key vault using the credentials of the local development user logged into the Azure CLI. When the application is deployed to Azure, the same `DefaultAzureCredential` code can automatically discover and use a managed identity that is assigned to an App Service, Virtual Machine, or other services. For more information, see [Managed Identity Overview](/azure/active-directory/managed-identities-azure-resources/overview).
+
+In this code, the name of your key vault is used to create the key vault URI, in the format `https://<your-key-vault-name>.vault.azure.net`. For more information about authenticating to key vault, see [Developer's Guide](/azure/key-vault/general/developers-guide#authenticate-to-key-vault-in-code).
 
 ## Code example
 
-These code samples demonstrate how to create a client, set a certificate, retrieve a certificate, and delete a certificate. 
+This code uses the following [Key Vault Certificate classes and methods](/javascript/api/overview/azure/keyvault-certificates-readme):
+    
+* [DefaultAzureCredential class](/javascript/api/@azure/identity/#@azure-identity-getdefaultazurecredential)
+* [CertificateClient class](/javascript/api/@azure/keyvault-certificates/certificateclient)
+    * [beginCreateCertificate](/javascript/api/@azure/keyvault-certificates/certificateclient#@azure-keyvault-certificates-certificateclient-begincreatecertificate)
+    * [getCertificate](/javascript/api/@azure/keyvault-certificates/certificateclient#@azure-keyvault-certificates-certificateclient-getcertificate)
+    * [getCertificateVersion](/javascript/api/@azure/keyvault-certificates/certificateclient#@azure-keyvault-certificates-certificateclient-getcertificateversion)
+    * [updateCertificateProperties](/javascript/api/@azure/keyvault-certificates/certificateclient#@azure-keyvault-certificates-certificateclient-updatecertificateproperties)
+    * [updateCertificatePolicy](/javascript/api/@azure/keyvault-certificates/certificateclient#@azure-keyvault-certificates-certificateclient-updatecertificateproperties)
+    * [beginDeleteCertificate](/javascript/api/@azure/keyvault-certificates/certificateclient#@azure-keyvault-certificates-certificateclient-begindeletecertificate)
+* [PollerLike interface](/javascript/api/@azure/core-lro/pollerlike)
+    * [getResult](/javascript/api/@azure/core-lro/pollerlike#@azure-core-lro-pollerlike-getresult)
+    * [pollUntilDone](/javascript/api/@azure/core-lro/pollerlike@azure-core-lro-pollerlike-polluntildone)
+
 
 ### Set up the app framework
 
@@ -127,10 +153,10 @@ These code samples demonstrate how to create a client, set a certificate, retrie
       // - AZURE_TENANT_ID: The tenant ID in Azure Active Directory
       // - AZURE_CLIENT_ID: The application (client) ID registered in the AAD tenant
       // - AZURE_CLIENT_SECRET: The client secret for the registered application
-      const url = process.env["AZURE_KEY_VAULT_URI"] || "<keyvault-url>";
       const credential = new DefaultAzureCredential();
 
       const keyVaultName = process.env["KEY_VAULT_NAME"];
+      if(!keyVaultName) throw new Error("KEY_VAULT_NAME is empty");
       const url = "https://" + keyVaultName + ".vault.azure.net";
 
       const client = new CertificateClient(url, credential);