tessl/pypi-azure-keyvault-certificates
Microsoft Corporation Key Vault Certificates Client Library for Python
—
Pending
Quality
Pending
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
certificate-operations.mddocs/
Certificate Operations
Core certificate lifecycle management operations including creation, retrieval, updating, and deletion. These operations provide comprehensive certificate management with support for both self-signed certificates and external issuer integration.
Capabilities
Certificate Creation
Creates a new certificate or new version of an existing certificate. Returns a long-running operation poller that can be used to monitor creation progress and retrieve the final result.
def begin_create_certificate(
certificate_name: str,
policy: CertificatePolicy,
*,
enabled: Optional[bool] = None,
tags: Optional[Dict[str, str]] = None,
preserve_order: Optional[bool] = None,
**kwargs: Any
) -> LROPoller[Union[KeyVaultCertificate, CertificateOperation]]:
"""
Creates a new certificate.
Parameters:
- certificate_name: The name of the certificate
- policy: Certificate management policy defining key properties and issuer settings
- enabled: Whether the certificate is enabled for use
- tags: Application-specific metadata as key-value pairs
- preserve_order: Whether to preserve the order of the certificate chain
Returns:
LROPoller for the create operation. Waiting gives the certificate if successful,
or CertificateOperation if still pending/failed.
Raises:
ValueError: If the certificate policy is invalid
HttpResponseError: For service-side errors
"""Usage example:
from azure.keyvault.certificates import CertificateClient, CertificatePolicy
# Create with default policy
create_poller = client.begin_create_certificate(
certificate_name="my-cert",
policy=CertificatePolicy.get_default()
)
# Wait for completion
certificate = create_poller.result()
print(f"Created certificate: {certificate.name}")
# Create with custom settings
create_poller = client.begin_create_certificate(
certificate_name="app-cert",
policy=CertificatePolicy.get_default(),
enabled=True,
tags={"environment": "production", "app": "web-api"}
)Certificate Retrieval
Retrieves the latest version or a specific version of a certificate from the vault.
def get_certificate(certificate_name: str, **kwargs: Any) -> KeyVaultCertificate:
"""
Get the latest version of a certificate.
Parameters:
- certificate_name: The name of the certificate
Returns:
KeyVaultCertificate: The certificate with its properties, policy, and data
Raises:
ResourceNotFoundError: If the certificate doesn't exist
HttpResponseError: For service-side errors
"""
def get_certificate_version(
certificate_name: str,
version: str,
**kwargs: Any
) -> KeyVaultCertificate:
"""
Get a specific version of a certificate.
Parameters:
- certificate_name: The name of the certificate
- version: The version identifier of the certificate
Returns:
KeyVaultCertificate: The specified certificate version
Raises:
ResourceNotFoundError: If the certificate or version doesn't exist
HttpResponseError: For service-side errors
"""Usage examples:
# Get latest version
certificate = client.get_certificate("my-cert")
print(f"Certificate ID: {certificate.id}")
print(f"Version: {certificate.properties.version}")
print(f"Expires on: {certificate.properties.expires_on}")
# Get specific version
specific_cert = client.get_certificate_version("my-cert", "abc123version")
print(f"Specific version: {specific_cert.properties.version}")Certificate Property Updates
Updates the properties and metadata of an existing certificate without changing the certificate itself.
def update_certificate_properties(
certificate_name: str,
version: Optional[str] = None,
*,
enabled: Optional[bool] = None,
tags: Optional[Dict[str, str]] = None,
**kwargs: Any
) -> KeyVaultCertificate:
"""
Updates the properties of a certificate.
Parameters:
- certificate_name: The name of the certificate
- version: Specific version to update (latest if not specified)
- enabled: Whether the certificate should be enabled
- tags: Updated tags for the certificate
Returns:
KeyVaultCertificate: The updated certificate
Raises:
ResourceNotFoundError: If the certificate doesn't exist
HttpResponseError: For service-side errors
"""Usage examples:
# Disable a certificate
updated_cert = client.update_certificate_properties(
certificate_name="my-cert",
enabled=False
)
# Update tags
updated_cert = client.update_certificate_properties(
certificate_name="my-cert",
tags={
"environment": "staging",
"updated_by": "admin",
"status": "testing"
}
)
# Update specific version
updated_cert = client.update_certificate_properties(
certificate_name="my-cert",
version="specific-version-id",
enabled=True,
tags={"verified": "true"}
)Certificate Deletion
Deletes a certificate from the vault. In vaults with soft-delete enabled, the certificate can be recovered.
def begin_delete_certificate(
certificate_name: str,
**kwargs: Any
) -> LROPoller[DeletedCertificate]:
"""
Deletes a certificate from the vault.
Parameters:
- certificate_name: The name of the certificate to delete
Returns:
LROPoller[DeletedCertificate]: Poller for the delete operation
Raises:
ResourceNotFoundError: If the certificate doesn't exist
HttpResponseError: For service-side errors
"""Usage example:
# Delete certificate
delete_poller = client.begin_delete_certificate("my-cert")
deleted_cert = delete_poller.result()
print(f"Deleted certificate: {deleted_cert.name}")
print(f"Deletion date: {deleted_cert.deleted_on}")
print(f"Recovery ID: {deleted_cert.recovery_id}")
print(f"Scheduled purge: {deleted_cert.scheduled_purge_date}")Version Management
List and manage different versions of a certificate.
def list_properties_of_certificate_versions(
certificate_name: str,
*,
max_page_size: Optional[int] = None,
**kwargs: Any
) -> ItemPaged[CertificateProperties]:
"""
Lists all versions of a certificate.
Parameters:
- certificate_name: The name of the certificate
- max_page_size: Maximum number of items per page
Returns:
ItemPaged[CertificateProperties]: Paged list of certificate version properties
Raises:
ResourceNotFoundError: If the certificate doesn't exist
HttpResponseError: For service-side errors
"""Usage example:
# List all versions of a certificate
for cert_props in client.list_properties_of_certificate_versions("my-cert"):
print(f"Version: {cert_props.version}")
print(f"Created: {cert_props.created_on}")
print(f"Enabled: {cert_props.enabled}")
print(f"Expires: {cert_props.expires_on}")
print("---")
# Get specific version count
versions = list(client.list_properties_of_certificate_versions("my-cert"))
print(f"Total versions: {len(versions)}")Error Handling
Certificate operations can raise various exceptions that should be handled appropriately:
from azure.core.exceptions import ResourceNotFoundError, HttpResponseError
from azure.keyvault.certificates import CertificateClient
try:
certificate = client.get_certificate("non-existent-cert")
except ResourceNotFoundError:
print("Certificate not found")
except HttpResponseError as e:
print(f"HTTP error: {e.status_code} - {e.message}")
except Exception as e:
print(f"Unexpected error: {e}")Long-Running Operations
Certificate creation and deletion are long-running operations that return pollers:
# Monitor creation progress
create_poller = client.begin_create_certificate("my-cert", policy)
# Check if done without blocking
if create_poller.done():
result = create_poller.result()
else:
print("Still creating...")
# Wait with timeout
try:
result = create_poller.result(timeout=30) # 30 second timeout
except Exception as e:
print(f"Operation timed out or failed: {e}")
# Cancel operation if supported
try:
create_poller.cancel()
except Exception:
print("Cancellation not supported or operation already completed")Install with Tessl CLI
npx tessl i tessl/pypi-azure-keyvault-certificates