[KeyVault-Keys] The CryptographyClient indeed works with a KeyVaultKey

sdk/keyvault/keyvault-keys/review/keyvault-keys.api.md

@@ -50,8 +50,7 @@ export interface CreateRsaKeyOptions extends CreateKeyOptions {
 
 // @public
 export class CryptographyClient {
-    constructor(key: string | KeyVaultKey, // keyUrl or KeyVaultKey
-    credential: TokenCredential, pipelineOptions?: CryptographyClientOptions);
+    constructor(key: string | KeyVaultKey, credential: TokenCredential, pipelineOptions?: CryptographyClientOptions);
     decrypt(algorithm: EncryptionAlgorithm, ciphertext: Uint8Array, options?: DecryptOptions): Promise<DecryptResult>;
     encrypt(algorithm: EncryptionAlgorithm, plaintext: Uint8Array, options?: EncryptOptions): Promise<EncryptResult>;
     sign(algorithm: SignatureAlgorithm, digest: Uint8Array, options?: SignOptions): Promise<SignResult>;

sdk/keyvault/keyvault-keys/samples/javascript/README.md

@@ -12,11 +12,11 @@ urlFragment: keyvault-keys-javascript
 
 These sample programs show how to use the JavaScript client libraries for Azure Key Vault Keys in some common scenarios.
 
-| **File Name**                  | **Description**                                                 |
+| **FileName**                    | **Description**                                                  |
 | ------------------------------- | ---------------------------------------------------------------- |
 | [cryptography.js][cryptography] | uses a key to sign/verify, encrypt/decrypt, and wrap/unwrap data |
 | [helloWorld.js][helloworld]     | creates, reads, lists, and deletes keys                          |
-| [purgeAllKeys.js][purgeAllKeys] | purges all the keys of a Key Vault (useful for repeated tests)    |
+| [purgeAllKeys.js][purgeAllKeys] | purges all the keys of a Key Vault (useful for repeated tests)   |
 
 ## Prerequisites
 

sdk/keyvault/keyvault-keys/samples/javascript/cryptography.js

@@ -28,7 +28,9 @@ async function main() {
   // Connection to Azure Key Vault Cryptography functionality
   let myWorkKey = await client.createKey(keyName, "RSA");
 
-  const cryptoClient = new CryptographyClient(myWorkKey.id, credential);
+  const cryptoClient = new CryptographyClient(
+    myWorkKey.id // Or just `myWorkKey`. You can use either the key or the key Id to create a CryptographyClient.
+  , credential);
 
   // Sign and Verify
   const signatureValue = "MySignature";

sdk/keyvault/keyvault-keys/samples/typescript/README.md

@@ -13,10 +13,10 @@ urlFragment: keyvault-keys-typescript
 These sample programs show how to use the TypeScript client libraries for Azure Key Vault Keys in some common scenarios.
 
 | **File Name**                   | **Description**                                                  |
-| ------------------------------- | ---------------------------------------------------------------- |
+| ------------------------------- | -------------------------------------------------------------    |
 | [cryptography.ts][cryptography] | uses a key to sign/verify, encrypt/decrypt, and wrap/unwrap data |
 | [helloWorld.ts][helloworld]     | creates, reads, lists, and deletes keys                          |
-| [purgeAllKeys.ts][purgeAllKeys] | purges all the keys of a Key Vault (useful for repeated tests)    |
+| [purgeAllKeys.ts][purgeAllKeys] | purges all the keys of a Key Vault (useful for repeated tests)   |
 
 ## Prerequisites
 

sdk/keyvault/keyvault-keys/samples/typescript/src/cryptography.ts

@@ -29,7 +29,9 @@ export async function main(): Promise<void> {
   // Connection to Azure Key Vault Cryptography functionality
   const myWorkKey = await client.createKey(keyName, "RSA");
 
-  const cryptoClient = new CryptographyClient(myWorkKey.id!, credential);
+  const cryptoClient = new CryptographyClient(
+    myWorkKey.id! // Or just `myWorkKey`. You can use either the key or the key Id to create a CryptographyClient.
+  , credential);
 
   // Sign and Verify
   const signatureValue = "MySignature";

sdk/keyvault/keyvault-keys/src/cryptographyClient.ts

@@ -665,14 +665,14 @@ export class CryptographyClient {
    * // or
    * let client = new CryptographyClient(keyVaultKey, credentials);
    * ```
-   * @param key The key to use during cryptography tasks.
+   * @param key The key to use during cryptography tasks. It can be either a Key Vault Key identifier (or URL) or a full KeyVaultKey.
    * @param {TokenCredential} credential An object that implements the `TokenCredential` interface used to authenticate requests to the service. Use the @azure/identity package to create a credential that suits your needs.
    * @param {PipelineOptions} [pipelineOptions={}] Optional. Pipeline options used to configure Key Vault API requests.
    *                                                         Omit this parameter to use the default pipeline configuration.
    * @memberof CryptographyClient
    */
   constructor(
-    key: string | KeyVaultKey, // keyUrl or KeyVaultKey
+    key: string | KeyVaultKey,
     credential: TokenCredential,
     pipelineOptions: CryptographyClientOptions = {}
   ) {

sdk/keyvault/keyvault-keys/test/public/crypto.spec.ts

@@ -4,7 +4,7 @@
 import * as assert from "assert";
 import { createHash, publicEncrypt } from "crypto";
 import * as constants from "constants";
-import { isRecordMode, Recorder } from "@azure/test-utils-recorder";
+import { isRecordMode, Recorder, env } from "@azure/test-utils-recorder";
 import { ClientSecretCredential } from "@azure/identity";
 import { isNode } from "@azure/core-http";
 
@@ -15,6 +15,7 @@ import TestClient from "../utils/testClient";
 import { stringToUint8Array, uint8ArrayToString } from "../utils/crypto";
 
 describe("CryptographyClient (all decrypts happen remotely)", () => {
+  const keyPrefix = `crypto${env.KEY_NAME || "KeyName"}`;
   let client: KeyClient;
   let testClient: TestClient;
   let cryptoClient: CryptographyClient;
@@ -83,6 +84,18 @@ describe("CryptographyClient (all decrypts happen remotely)", () => {
       const decryptedText = uint8ArrayToString(decryptResult.result);
       assert.equal(text, decryptedText);
     });
+
+    it("the CryptographyClient can be created from a full KeyVaultKey object", async function() {
+      const keyName = testClient.formatName(`${keyPrefix}-${this!.test!.title}-${keySuffix}`);
+      const keyVaultKey = await client.createKey(keyName, "RSA");
+      const cryptoClientFromKey = new CryptographyClient(keyVaultKey, credential);
+
+      const text = this.test!.title;
+      const encryptResult = await cryptoClientFromKey.encrypt("RSA1_5", stringToUint8Array(text));
+      const decryptResult = await cryptoClientFromKey.decrypt("RSA1_5", encryptResult.result);
+      const decryptedText = uint8ArrayToString(decryptResult.result);
+      assert.equal(text, decryptedText);
+    });
   }
 
   // Local encryption is only supported in NodeJS.