1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from azure.identity import DefaultAzureCredential
from azure.mgmt.keyvault import KeyVaultManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-keyvault
# USAGE
python create_vault.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = KeyVaultManagementClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.vaults.begin_create_or_update(
resource_group_name="sample-resource-group",
vault_name="sample-vault",
parameters={
"location": "westus",
"properties": {
"accessPolicies": [
{
"objectId": "00000000-0000-0000-0000-000000000000",
"permissions": {
"certificates": [
"get",
"list",
"delete",
"create",
"import",
"update",
"managecontacts",
"getissuers",
"listissuers",
"setissuers",
"deleteissuers",
"manageissuers",
"recover",
"purge",
],
"keys": [
"encrypt",
"decrypt",
"wrapKey",
"unwrapKey",
"sign",
"verify",
"get",
"list",
"create",
"update",
"import",
"delete",
"backup",
"restore",
"recover",
"purge",
],
"secrets": ["get", "list", "set", "delete", "backup", "restore", "recover", "purge"],
},
"tenantId": "00000000-0000-0000-0000-000000000000",
}
],
"enabledForDeployment": True,
"enabledForDiskEncryption": True,
"enabledForTemplateDeployment": True,
"publicNetworkAccess": "Enabled",
"sku": {"family": "A", "name": "standard"},
"tenantId": "00000000-0000-0000-0000-000000000000",
},
},
).result()
print(response)
# x-ms-original-file: specification/keyvault/resource-manager/Microsoft.KeyVault/stable/2024-11-01/examples/createVault.json
if __name__ == "__main__":
main()
|
