[keyvault] move azkeys to security folder (Azure#20430)

* move

* add security path

* changes

* update tests

* fix yml ci

* update link

* Charles feedback

Co-authored-by: Charles Lowell <[email protected]>

---------

Co-authored-by: Charles Lowell <[email protected]>

Author: gracewilcox

sdk/security/keyvault/azkeys/CHANGELOG.md

@@ -0,0 +1,101 @@
+# Release History
+
+## 0.10.0 (Unreleased)
+
+### Features Added
+
+### Breaking Changes
+* Moved from `sdk/keyvault/azkeys` to `sdk/security/keyvault/azkeys`
+
+### Bugs Fixed
+
+### Other Changes
+
+## 0.9.0 (2022-11-08)
+
+### Breaking Changes
+* `NewClient` returns an `error`
+
+## 0.8.1 (2022-09-20)
+
+### Features Added
+* Added `ClientOptions.DisableChallengeResourceVerification`.
+  See https://aka.ms/azsdk/blog/vault-uri for more information.
+
+## 0.8.0 (2022-09-12)
+
+### Breaking Changes
+* Verify the challenge resource matches the vault domain.
+
+## 0.7.0 (2022-08-09)
+
+### Breaking Changes
+* Changed type of `NewClient` options parameter to `azkeys.ClientOptions`, which embeds
+  the former type, `azcore.ClientOptions`
+
+## 0.6.0 (2022-07-07)
+
+### Breaking Changes
+* The `Client` API now corresponds more directly to the Key Vault REST API.
+  Most method signatures and types have changed. See the
+  [module documentation](https://aka.ms/azsdk/go/keyvault-keys/docs)
+  for updated code examples and more details.
+
+### Other Changes
+* Upgrade to latest `azcore`
+
+## 0.5.1 (2022-05-12)
+
+### Other Changes
+* Update to latest `azcore` and `internal` modules.
+
+## 0.5.0 (2022-04-06)
+
+### Features Added
+* Added the Name property on `Key`
+
+### Breaking Changes
+* Requires go 1.18
+* `ListPropertiesOfDeletedKeysPager` has `More() bool` and `NextPage(context.Context) (ListPropertiesOfDeletedKeysPage, error)` for paging over deleted keys.
+* `ListPropertiesOfKeyVersionsPager` has `More() bool` and `NextPage(context.Context) (ListPropertiesOfKeyVersionsPage, error)` for paging over deleted keys.
+* Removing `RawResponse *http.Response` from `crypto` response types
+
+## 0.4.0 (2022-03-08)
+
+### Features Added
+* Adds the `ReleasePolicy` parameter to the `UpdateKeyPropertiesOptions` struct.
+* Adds the `Immutable` boolean to the `KeyReleasePolicy` model.
+* Added a `ToPtr` method on `KeyType` constant
+
+### Breaking Changes
+* Requires go 1.18
+* Changed the `Data` to `EncodedPolicy` on the `KeyReleasePolicy` struct.
+* Changed the `Updated`, `Created`, and `Expires` properties to `UpdatedOn`, `CreatedOn`, and `ExpiresOn`.
+* Renamed `JSONWebKeyOperation` to `Operation`.
+* Renamed `JSONWebKeyCurveName` to `CurveName`
+* Prefixed all KeyType constants with `KeyType`
+* Changed `KeyBundle` to `KeyVaultKey` and `DeletedKeyBundle` to `DeletedKey`
+* Renamed `KeyAttributes` to `KeyProperties`
+* Renamed `ListKeyVersions` to `ListPropertiesOfKeyVersions`
+* Removed `Attributes` struct
+* Changed `CreateOCTKey`/`Response`/`Options` to `CreateOctKey`/`Response`/`Options`
+* Removed all `RawResponse *http.Response` fields from response structs.
+
+## 0.3.0 (2022-02-08)
+
+### Breaking Changes
+* Changed the `Tags` properties from `map[string]*string` to `map[string]string`
+
+### Bugs Fixed
+* Fixed a bug in `UpdateKeyProperties` where the `KeyOps` would be deleted if the `UpdateKeyProperties.KeyOps` value was left empty.
+
+## 0.2.0 (2022-01-12)
+
+### Bugs Fixed
+* Fixes a bug in `crypto.NewClient` where the key version was required in the path, it is no longer required but is recommended.
+
+### Other Changes
+* Updates `azcore` dependency from `v0.20.0` to `v0.21.0`
+
+## 0.1.0 (2021-11-09)
+* This is the initial release of the `azkeys` library

sdk/security/keyvault/azkeys/LICENSE.txt

@@ -0,0 +1,21 @@
+    MIT License
+
+    Copyright (c) Microsoft Corporation. All rights reserved.
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE

sdk/security/keyvault/azkeys/README.md

@@ -0,0 +1,146 @@
+# Azure Key Vault Keys client module for Go
+
+* Cryptographic key management (this module) - create, store, and control access to the keys used to encrypt your data
+* Secrets management ([azsecrets](https://aka.ms/azsdk/go/keyvault-secrets/docs)) - securely store and control access to tokens, passwords, certificates, API keys, and other secrets
+* Certificate management ([azcertificates](https://aka.ms/azsdk/go/keyvault-certificates/docs)) - create, manage, and deploy public and private SSL/TLS certificates
+
+[Source code][key_client_src] | [Package (pkg.go.dev)][goget_azkeys] | [Product documentation][keyvault_docs] | [Samples][keys_samples]
+
+## Getting started
+
+### Install packages
+
+Install `azkeys` and `azidentity` with `go get`:
+```Bash
+go get github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys
+go get github.com/Azure/azure-sdk-for-go/sdk/azidentity
+```
+[azidentity][azure_identity] is used for Azure Active Directory authentication as demonstrated below.
+
+### Prerequisites
+
+* An [Azure subscription][azure_sub]
+* A supported Go version (the Azure SDK supports the two most recent Go releases)
+* A key vault. If you need to create one, see the Key Vault documentation for instructions on doing so in the [Azure Portal][azure_keyvault_portal] or with the [Azure CLI][azure_keyvault_cli].
+
+### Authentication
+
+This document demonstrates using [azidentity.NewDefaultAzureCredential][default_cred_ref] to authenticate. This credential type works in both local development and production environments. We recommend using a [managed identity][managed_identity] in production.
+
+[Client][client_docs] accepts any [azidentity][azure_identity] credential. See the [azidentity][azure_identity] documentation for more information about other credential types.
+
+#### Create a client
+
+Constructing the client requires your vault's URL, which you can get from the Azure CLI or the Azure Portal.
+
+```go
+import (
+	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
+	"github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys"
+)
+
+func main() {
+	cred, err := azidentity.NewDefaultAzureCredential(nil)
+	if err != nil {
+		// TODO: handle error
+	}
+
+	client, err := azkeys.NewClient("https://<TODO: your vault name>.vault.azure.net", cred, nil)
+	if err != nil {
+		// TODO: handle error
+	}
+}
+```
+
+## Key concepts
+
+### Keys
+
+Azure Key Vault can create and store RSA and elliptic curve keys. Both can optionally be protected by hardware security modules (HSMs). Azure Key Vault can also perform cryptographic operations with them. For more information about keys and supported operations and algorithms, see the [Key Vault documentation](https://docs.microsoft.com/azure/key-vault/keys/about-keys).
+
+[Client][client_docs] can create keys in the vault, get existing keys from the vault, update key metadata, and delete keys, as shown in the examples below.
+
+## Examples
+
+Get started with our [examples][keys_samples].
+
+## Troubleshooting
+
+### Error Handling
+
+All methods which send HTTP requests return `*azcore.ResponseError` when these requests fail. `ResponseError` has error details and the raw response from Key Vault.
+
+```go
+import "github.com/Azure/azure-sdk-for-go/sdk/azcore"
+
+resp, err := client.GetKey(context.Background(), "keyName", nil)
+if err != nil {
+    var httpErr *azcore.ResponseError
+    if errors.As(err, &httpErr) {
+        // TODO: investigate httpErr
+    } else {
+        // TODO: not an HTTP error
+    }
+}
+```
+
+### Logging
+
+This module uses the logging implementation in `azcore`. To turn on logging for all Azure SDK modules, set `AZURE_SDK_GO_LOGGING` to `all`. By default the logger writes to stderr. Use the `azcore/log` package to control log output. For example, logging only HTTP request and response events, and printing them to stdout:
+
+```go
+import azlog "github.com/Azure/azure-sdk-for-go/sdk/azcore/log"
+
+// Print log events to stdout
+azlog.SetListener(func(cls azlog.Event, msg string) {
+	fmt.Println(msg)
+})
+
+// Includes only requests and responses in credential logs
+azlog.SetEvents(azlog.EventRequest, azlog.EventResponse)
+```
+
+### Accessing `http.Response`
+
+You can access the raw `*http.Response` returned by Key Vault using the `runtime.WithCaptureResponse` method and a context passed to any client method.
+
+```go
+import "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
+
+var response *http.Response
+ctx := runtime.WithCaptureResponse(context.TODO(), &response)
+_, err = client.GetKey(ctx, "keyName", nil)
+if err != nil {
+    // TODO: handle error
+}
+// TODO: do something with response
+```
+
+###  Additional Documentation
+
+For more extensive documentation on Azure Key Vault, see the [API reference documentation][reference_docs].
+
+## Contributing
+
+This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.
+
+When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
+
+This project has adopted the [Microsoft Open Source Code of Conduct][code_of_conduct]. For more information, see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [email protected] with any additional questions or comments.
+
+
+[azure_identity]: https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity
+[azure_keyvault_cli]: https://docs.microsoft.com/azure/key-vault/general/quick-create-cli
+[azure_keyvault_portal]: https://docs.microsoft.com/azure/key-vault/general/quick-create-portal
+[azure_sub]: https://azure.microsoft.com/free/
+[default_cred_ref]: https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#NewDefaultAzureCredential
+[code_of_conduct]: https://opensource.microsoft.com/codeofconduct/
+[keyvault_docs]: https://docs.microsoft.com/azure/key-vault/
+[goget_azkeys]: https://aka.ms/azsdk/go/keyvault-keys/docs
+[reference_docs]: https://aka.ms/azsdk/go/keyvault-keys/docs
+[client_docs]: https://aka.ms/azsdk/go/keyvault-keys/docs#Client
+[key_client_src]: https://github.com/Azure/azure-sdk-for-go/tree/main/sdk/keyvault/azkeys/client.go
+[keys_samples]: https://aka.ms/azsdk/go/keyvault-keys/docs#pkg-examples
+[managed_identity]: https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview
+
+![Impressions](https://azure-sdk-impressions.azurewebsites.net/api/impressions/azure-sdk-for-go%2Fsdk%2Fsecurity%2Fkeyvault%2Fazkeys%2FREADME.png)

sdk/security/keyvault/azkeys/TROUBLESHOOTING.md

@@ -0,0 +1,4 @@
+# Troubleshoot Azure Key Vault Keys Client Module Issues
+
+See our [Azure Key Vault SDK Troubleshooting Guide](https://github.com/Azure/azure-sdk-for-go/blob/main/sdk/keyvault/TROUBLESHOOTING.md)
+to troubleshoot issues common to Azure Key Vault client modules.

sdk/security/keyvault/azkeys/assets.json

@@ -0,0 +1,6 @@
+{
+  "AssetsRepo": "Azure/azure-sdk-assets",
+  "AssetsRepoPrefixPath": "go",
+  "TagPrefix": "go/security/keyvault/azkeys",
+  "Tag": "go/security/keyvault/azkeys_d569f3aad0"
+}