tessl/pypi-azure-keyvault-secrets
Microsoft Azure Key Vault secrets client library for Python providing secure storage and management of sensitive information
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
'%3e%3cpath%20d='M3.389%209.069c0-.009.043-.033.029-.044L.029%207.77l3.287-1.197L6.574%207.77l.106.083.005%204-3.297%201.185V9.068ZM13.582%209.32V2.74l3.405%201.238v4.104L13.583%209.32ZM10.253%2014.66l-3.476%201.268v-4.027l3.476-1.313v4.072ZM10.253%2010.558l-3.476%201.239V7.784l3.476-1.268v4.042ZM10.253%2014.719v3.968L6.777%2020v-3.998l3.476-1.283ZM17%208.139v4.042l-3.418%201.239V9.378L17%208.138ZM3.3%2017.168%200%2015.943v-4.027l3.3%201.224v4.028ZM6.69%2011.916v4.027l-3.302%201.225v-4.072l3.301-1.18ZM6.69%203.743v4.012l-3.33-1.21V2.564l3.33%201.18Z'/%3e%3cpath%20d='M3.3%2013.066%200%2011.842V7.844l3.3%201.224v3.998ZM13.524%209.334l-.175.088.175-.014v4.027l-3.152%201.183-.06-.032v-3.983l1.986-.767-.111.006-1.876.657V6.531l3.213-1.224v4.027Zm-.263.133c-.065.008-.198.023-.233.088.065-.008.198-.023.233-.088Zm-.321.118c-.065.008-.198.023-.233.088.065-.009.198-.023.233-.088Zm-.321.118c-.066.008-.199.023-.234.088.065-.008.199-.023.234-.088ZM13.524%201.266v3.968l-3.213%201.195V2.46l3.213-1.194ZM10.253%202.475v3.968L6.777%207.726V3.743l3.476-1.268ZM8.2%204.458c-.304.064-.627.5-.708.79-.27.963.636%201.081%201.091.364.277-.437.354-1.308-.383-1.154ZM13.524%2013.51v3.983l-3.17%201.177c-.011%200-.043-.067-.043-.07v-3.895l3.213-1.195Zm-.884%201.63c-.495.085-1.068%201.015-.676%201.435.483.517%201.502-.636%201.147-1.246-.098-.169-.286-.221-.47-.19ZM10.165%202.387l-.037.065-3.395%201.249-3.345-1.212L6.88%201.21l3.285%201.178ZM13.437%201.177l-.088.073-3.057%201.127-3.034-1.082-.277-.133L10.151%200l3.286%201.177Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h17v20H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/pypi-azure-keyvault-secrets@4.10.00
# Azure Key Vault Secrets
1
2
A comprehensive Python library for securely managing secrets in Azure Key Vault. This library enables developers to store, retrieve, and manage sensitive information such as passwords, API keys, certificates, and connection strings with enterprise-grade security, authentication, and audit capabilities.
3
4
## Package Information
5
6
- **Package Name**: azure-keyvault-secrets
7
- **Language**: Python
8
- **Installation**: `pip install azure-keyvault-secrets`
9
- **Supported Python Versions**: 3.9, 3.10, 3.11, 3.12, 3.13
10
- **Latest Version**: 4.10.0
11
12
## Core Imports
13
14
```python
15
from azure.keyvault.secrets import (
16
SecretClient,
17
KeyVaultSecret,
18
SecretProperties,
19
DeletedSecret,
20
KeyVaultSecretIdentifier,
21
ApiVersion
22
)
23
```
24
25
For asynchronous operations:
26
27
```python
28
from azure.keyvault.secrets.aio import SecretClient
29
```
30
31
Common authentication imports:
32
33
```python
34
from azure.identity import DefaultAzureCredential
35
```
36
37
Version information:
38
39
```python
40
from azure.keyvault.secrets import __version__
41
```
42
43
## Basic Usage
44
45
```python
46
from azure.keyvault.secrets import SecretClient
47
from azure.identity import DefaultAzureCredential
48
49
# Initialize client with authentication
50
credential = DefaultAzureCredential()
51
vault_url = "https://your-key-vault.vault.azure.net/"
52
client = SecretClient(vault_url=vault_url, credential=credential)
53
54
# Set a secret
55
secret = client.set_secret("database-password", "my-secure-password")
56
print(f"Created secret: {secret.name}")
57
58
# Retrieve a secret
59
retrieved_secret = client.get_secret("database-password")
60
print(f"Secret value: {retrieved_secret.value}")
61
62
# Update secret metadata
63
client.update_secret_properties(
64
"database-password",
65
enabled=True,
66
tags={"environment": "production", "team": "backend"}
67
)
68
69
# List all secrets
70
for secret_properties in client.list_properties_of_secrets():
71
print(f"Secret: {secret_properties.name}, Enabled: {secret_properties.enabled}")
72
```
73
74
## Architecture
75
76
The Azure Key Vault Secrets library follows a clear architectural pattern with separate synchronous and asynchronous clients:
77
78
- **SecretClient (Sync)**: Blocking operations for traditional Python applications
79
- **SecretClient (Async)**: Non-blocking operations for asyncio-based applications
80
- **Model Classes**: Structured data representations (KeyVaultSecret, SecretProperties, etc.)
81
- **Authentication Integration**: Seamless integration with Azure Identity for secure authentication
82
- **Error Handling**: Comprehensive exception handling with Azure Core exceptions
83
84
Both client types provide identical functionality with different execution models. The async client is designed for high-performance scenarios requiring concurrent operations.
85
86
## Capabilities
87
88
### Synchronous Secret Operations
89
90
Complete synchronous client for managing secrets including CRUD operations, versioning, backup/restore, and soft-delete capabilities with recovery options.
91
92
```python { .api }
93
class SecretClient:
94
def __init__(self, vault_url: str, credential: TokenCredential, **kwargs): ...
95
def get_secret(self, name: str, version: Optional[str] = None, **kwargs) -> KeyVaultSecret: ...
96
def set_secret(self, name: str, value: str, **kwargs) -> KeyVaultSecret: ...
97
def update_secret_properties(self, name: str, version: Optional[str] = None, **kwargs) -> SecretProperties: ...
98
def begin_delete_secret(self, name: str, **kwargs) -> LROPoller[DeletedSecret]: ...
99
```
100
101
[Synchronous Operations](./sync-client.md)
102
103
### Asynchronous Secret Operations
104
105
Full async client providing non-blocking secret management operations optimized for concurrent workloads and asyncio applications.
106
107
```python { .api }
108
class SecretClient:
109
def __init__(self, vault_url: str, credential: AsyncTokenCredential, **kwargs): ...
110
async def get_secret(self, name: str, version: Optional[str] = None, **kwargs) -> KeyVaultSecret: ...
111
async def set_secret(self, name: str, value: str, **kwargs) -> KeyVaultSecret: ...
112
async def delete_secret(self, name: str, **kwargs) -> DeletedSecret: ...
113
```
114
115
[Asynchronous Operations](./async-client.md)
116
117
### Secret Models and Data Types
118
119
Comprehensive data models representing secrets, their properties, and metadata with complete type definitions for all secret-related operations.
120
121
```python { .api }
122
class KeyVaultSecret:
123
def __init__(self, properties: SecretProperties, value: Optional[str]): ...
124
name: Optional[str]
125
id: Optional[str]
126
properties: SecretProperties
127
value: Optional[str]
128
129
class SecretProperties:
130
id: Optional[str]
131
name: Optional[str]
132
enabled: Optional[bool]
133
tags: Optional[Dict[str, str]]
134
```
135
136
[Models and Types](./models.md)
137
138
### Error Handling and Exceptions
139
140
Comprehensive error handling patterns and exception management for robust secret operations with proper authentication and network error handling.
141
142
```python { .api }
143
# Common exceptions from azure.core.exceptions
144
ResourceNotFoundError # Secret does not exist
145
ResourceExistsError # Secret already exists
146
ClientAuthenticationError # Authentication failures
147
HttpResponseError # General HTTP errors
148
```
149
150
[Error Handling](./error-handling.md)