File: sample_azure-keyvault.rst

package info (click to toggle)
python-azure 20181112%2Bgit-2
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 407,300 kB
  • sloc: python: 717,190; makefile: 201; sh: 76
file content (95 lines) | stat: -rw-r--r-- 3,378 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
KeyVault
========

For general information on resource management, see :doc:`Resource Management<resourcemanagement>`.

Create the client
-----------------

The following code creates an instance of the client.

See :doc:`Resource Management Authentication <quickstart_authentication>`
for details on handling Azure Active Directory authentication with the Python SDK, and creating a ``Credentials`` instance.

.. important:: You must specify `resource="https://vault.azure.net"` while authenticating to get a valid token

.. code:: python

    from azure.keyvault import KeyVaultClient
    from azure.common.credentials import UserPassCredentials
    
    # See above for details on creating different types of AAD credentials
    credentials = UserPassCredentials(
        'user@domain.com',  # Your user
        'my_password',      # Your password
        resource='https://vault.azure.net'
    )

    client = KeyVaultClient(
        credentials
    )

Access policies
---------------

Some operations require the correct access policies for your credentials.

If you get an "Unauthorized" error, please add the correct access policies 
to this credentials using the Azure Portal, the Azure CLI or the :doc:`Key Vault Management SDK itself <sample_azure-mgmt-keyvault>`

Example
-------

``KEY_VAULT_URI`` is the base url of your keyvault. Eg. `https://myvault.vault.azure.net`

.. code:: python


    # Create a key
    key_bundle = client.create_key(KEY_VAULT_URI, 'FirstKey', 'RSA')
    key_id = KeyVaultId.parse_key_id(key_bundle.key.kid)

    # Update a key without version
    client.update_key(key_id.vault, key_id.name, key_id.version_none, key_attributes={'enabled': False})

    # Update a key with version
    client.update_key(key_id.vault, key_id.name, key_id.version, key_attributes={'enabled': False})

    # Print a list of versions for a key
    versions = client.get_key_versions(KEY_VAULT_URI, 'FirstKey')
    for version in versions:
        print(version.kid)  # https://myvault.vault.azure.net/keys/FirstKey/000102030405060708090a0b0c0d0e0f

    # Read a key without version
    client.get_key(key_id.vault, key_id.name, key_id.version_none)

    # Read a key with version
    client.get_key(key_id.vault, key_id.name, key_id.version)

    # Delete a key
    client.delete_key(KEY_VAULT_URI, 'FirstKey')


    # Create a secret
    secret_bundle = client.set_secret(KEY_VAULT_URI, 'FirstSecret', 'Hush, that is secret!!')
    secret_id = KeyVaultId.parse_secret_id(secret_bundle.id)

    # Update a secret without version
    client.update_secret(secret_id.vault, secret_id.name, secret_id.version_none, secret_attributes={'enabled': False})

    # Update a secret with version
    client.update_key(secret_id.vault, secret_id.name, secret_id.version, secret_attributes={'enabled': False})

    # Print a list of versions for a secret
    versions = client.get_secret_versions(KEY_VAULT_URI, 'FirstSecret')
    for version in versions:
        print(version.id)  # https://myvault.vault.azure.net/secrets/FirstSecret/000102030405060708090a0b0c0d0e0f

    # Read a secret without version
    client.get_secret(secret_id.vault, secret_id.name, secret_id.version_none)

    # Read a secret with version
    client.get_secret(secret_id.vault, secret_id.name, secret_id.version)

    # Delete a secret
    client.delete_secret(KEY_VAULT_URI, 'FirstSecret')