or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

docs

async-client.mderror-handling.mdindex.mdmodels.mdsync-client.md
tile.json

tessl/pypi-azure-keyvault-secrets

Microsoft Azure Key Vault secrets client library for Python providing secure storage and management of sensitive information

Workspace
tessl
Visibility
Public
Created
Last updated
Describes
pypipkg:pypi/azure-keyvault-secrets@4.10.x

To install, run

npx @tessl/cli install tessl/pypi-azure-keyvault-secrets@4.10.0

index.mddocs/

Azure Key Vault Secrets

A comprehensive Python library for securely managing secrets in Azure Key Vault. This library enables developers to store, retrieve, and manage sensitive information such as passwords, API keys, certificates, and connection strings with enterprise-grade security, authentication, and audit capabilities.

Package Information

  • Package Name: azure-keyvault-secrets
  • Language: Python
  • Installation: pip install azure-keyvault-secrets
  • Supported Python Versions: 3.9, 3.10, 3.11, 3.12, 3.13
  • Latest Version: 4.10.0

Core Imports

from azure.keyvault.secrets import (
    SecretClient, 
    KeyVaultSecret, 
    SecretProperties, 
    DeletedSecret,
    KeyVaultSecretIdentifier,
    ApiVersion
)

For asynchronous operations:

from azure.keyvault.secrets.aio import SecretClient

Common authentication imports:

from azure.identity import DefaultAzureCredential

Version information:

from azure.keyvault.secrets import __version__

Basic Usage

from azure.keyvault.secrets import SecretClient
from azure.identity import DefaultAzureCredential

# Initialize client with authentication
credential = DefaultAzureCredential()
vault_url = "https://your-key-vault.vault.azure.net/"
client = SecretClient(vault_url=vault_url, credential=credential)

# Set a secret
secret = client.set_secret("database-password", "my-secure-password")
print(f"Created secret: {secret.name}")

# Retrieve a secret
retrieved_secret = client.get_secret("database-password")
print(f"Secret value: {retrieved_secret.value}")

# Update secret metadata
client.update_secret_properties(
    "database-password",
    enabled=True,
    tags={"environment": "production", "team": "backend"}
)

# List all secrets
for secret_properties in client.list_properties_of_secrets():
    print(f"Secret: {secret_properties.name}, Enabled: {secret_properties.enabled}")

Architecture

The Azure Key Vault Secrets library follows a clear architectural pattern with separate synchronous and asynchronous clients:

  • SecretClient (Sync): Blocking operations for traditional Python applications
  • SecretClient (Async): Non-blocking operations for asyncio-based applications
  • Model Classes: Structured data representations (KeyVaultSecret, SecretProperties, etc.)
  • Authentication Integration: Seamless integration with Azure Identity for secure authentication
  • Error Handling: Comprehensive exception handling with Azure Core exceptions

Both client types provide identical functionality with different execution models. The async client is designed for high-performance scenarios requiring concurrent operations.

Capabilities

Synchronous Secret Operations

Complete synchronous client for managing secrets including CRUD operations, versioning, backup/restore, and soft-delete capabilities with recovery options.

class SecretClient:
    def __init__(self, vault_url: str, credential: TokenCredential, **kwargs): ...
    def get_secret(self, name: str, version: Optional[str] = None, **kwargs) -> KeyVaultSecret: ...
    def set_secret(self, name: str, value: str, **kwargs) -> KeyVaultSecret: ...
    def update_secret_properties(self, name: str, version: Optional[str] = None, **kwargs) -> SecretProperties: ...
    def begin_delete_secret(self, name: str, **kwargs) -> LROPoller[DeletedSecret]: ...

Synchronous Operations

Asynchronous Secret Operations

Full async client providing non-blocking secret management operations optimized for concurrent workloads and asyncio applications.

class SecretClient:
    def __init__(self, vault_url: str, credential: AsyncTokenCredential, **kwargs): ...
    async def get_secret(self, name: str, version: Optional[str] = None, **kwargs) -> KeyVaultSecret: ...
    async def set_secret(self, name: str, value: str, **kwargs) -> KeyVaultSecret: ...
    async def delete_secret(self, name: str, **kwargs) -> DeletedSecret: ...

Asynchronous Operations

Secret Models and Data Types

Comprehensive data models representing secrets, their properties, and metadata with complete type definitions for all secret-related operations.

class KeyVaultSecret:
    def __init__(self, properties: SecretProperties, value: Optional[str]): ...
    name: Optional[str]
    id: Optional[str] 
    properties: SecretProperties
    value: Optional[str]

class SecretProperties:
    id: Optional[str]
    name: Optional[str]
    enabled: Optional[bool]
    tags: Optional[Dict[str, str]]

Models and Types

Error Handling and Exceptions

Comprehensive error handling patterns and exception management for robust secret operations with proper authentication and network error handling.

# Common exceptions from azure.core.exceptions
ResourceNotFoundError  # Secret does not exist
ResourceExistsError    # Secret already exists  
ClientAuthenticationError  # Authentication failures
HttpResponseError      # General HTTP errors

Error Handling