or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

Files

docs

async-client.mderror-handling.mdindex.mdmodels.mdsync-client.md

index.mddocs/

0
# Azure Key Vault Secrets
1


2
A comprehensive Python library for securely managing secrets in Azure Key Vault. This library enables developers to store, retrieve, and manage sensitive information such as passwords, API keys, certificates, and connection strings with enterprise-grade security, authentication, and audit capabilities.
3


4
## Package Information
5


6
- **Package Name**: azure-keyvault-secrets
7
- **Language**: Python
8
- **Installation**: `pip install azure-keyvault-secrets`
9
- **Supported Python Versions**: 3.9, 3.10, 3.11, 3.12, 3.13
10
- **Latest Version**: 4.10.0
11


12
## Core Imports
13


14
```python
15
from azure.keyvault.secrets import (
16
    SecretClient, 
17
    KeyVaultSecret, 
18
    SecretProperties, 
19
    DeletedSecret,
20
    KeyVaultSecretIdentifier,
21
    ApiVersion
22
)
23
```
24


25
For asynchronous operations:
26


27
```python
28
from azure.keyvault.secrets.aio import SecretClient
29
```
30


31
Common authentication imports:
32


33
```python
34
from azure.identity import DefaultAzureCredential
35
```
36


37
Version information:
38


39
```python
40
from azure.keyvault.secrets import __version__
41
```
42


43
## Basic Usage
44


45
```python
46
from azure.keyvault.secrets import SecretClient
47
from azure.identity import DefaultAzureCredential
48


49
# Initialize client with authentication
50
credential = DefaultAzureCredential()
51
vault_url = "https://your-key-vault.vault.azure.net/"
52
client = SecretClient(vault_url=vault_url, credential=credential)
53


54
# Set a secret
55
secret = client.set_secret("database-password", "my-secure-password")
56
print(f"Created secret: {secret.name}")
57


58
# Retrieve a secret
59
retrieved_secret = client.get_secret("database-password")
60
print(f"Secret value: {retrieved_secret.value}")
61


62
# Update secret metadata
63
client.update_secret_properties(
64
    "database-password",
65
    enabled=True,
66
    tags={"environment": "production", "team": "backend"}
67
)
68


69
# List all secrets
70
for secret_properties in client.list_properties_of_secrets():
71
    print(f"Secret: {secret_properties.name}, Enabled: {secret_properties.enabled}")
72
```
73


74
## Architecture
75


76
The Azure Key Vault Secrets library follows a clear architectural pattern with separate synchronous and asynchronous clients:
77


78
- **SecretClient (Sync)**: Blocking operations for traditional Python applications
79
- **SecretClient (Async)**: Non-blocking operations for asyncio-based applications
80
- **Model Classes**: Structured data representations (KeyVaultSecret, SecretProperties, etc.)
81
- **Authentication Integration**: Seamless integration with Azure Identity for secure authentication
82
- **Error Handling**: Comprehensive exception handling with Azure Core exceptions
83


84
Both client types provide identical functionality with different execution models. The async client is designed for high-performance scenarios requiring concurrent operations.
85


86
## Capabilities
87


88
### Synchronous Secret Operations
89


90
Complete synchronous client for managing secrets including CRUD operations, versioning, backup/restore, and soft-delete capabilities with recovery options.
91


92
```python { .api }
93
class SecretClient:
94
    def __init__(self, vault_url: str, credential: TokenCredential, **kwargs): ...
95
    def get_secret(self, name: str, version: Optional[str] = None, **kwargs) -> KeyVaultSecret: ...
96
    def set_secret(self, name: str, value: str, **kwargs) -> KeyVaultSecret: ...
97
    def update_secret_properties(self, name: str, version: Optional[str] = None, **kwargs) -> SecretProperties: ...
98
    def begin_delete_secret(self, name: str, **kwargs) -> LROPoller[DeletedSecret]: ...
99
```
100


101
[Synchronous Operations](./sync-client.md)
102


103
### Asynchronous Secret Operations
104


105
Full async client providing non-blocking secret management operations optimized for concurrent workloads and asyncio applications.
106


107
```python { .api }
108
class SecretClient:
109
    def __init__(self, vault_url: str, credential: AsyncTokenCredential, **kwargs): ...
110
    async def get_secret(self, name: str, version: Optional[str] = None, **kwargs) -> KeyVaultSecret: ...
111
    async def set_secret(self, name: str, value: str, **kwargs) -> KeyVaultSecret: ...
112
    async def delete_secret(self, name: str, **kwargs) -> DeletedSecret: ...
113
```
114


115
[Asynchronous Operations](./async-client.md)
116


117
### Secret Models and Data Types
118


119
Comprehensive data models representing secrets, their properties, and metadata with complete type definitions for all secret-related operations.
120


121
```python { .api }
122
class KeyVaultSecret:
123
    def __init__(self, properties: SecretProperties, value: Optional[str]): ...
124
    name: Optional[str]
125
    id: Optional[str] 
126
    properties: SecretProperties
127
    value: Optional[str]
128


129
class SecretProperties:
130
    id: Optional[str]
131
    name: Optional[str]
132
    enabled: Optional[bool]
133
    tags: Optional[Dict[str, str]]
134
```
135


136
[Models and Types](./models.md)
137


138
### Error Handling and Exceptions
139


140
Comprehensive error handling patterns and exception management for robust secret operations with proper authentication and network error handling.
141


142
```python { .api }
143
# Common exceptions from azure.core.exceptions
144
ResourceNotFoundError  # Secret does not exist
145
ResourceExistsError    # Secret already exists  
146
ClientAuthenticationError  # Authentication failures
147
HttpResponseError      # General HTTP errors
148
```
149


150
[Error Handling](./error-handling.md)