tessl/pypi-azure-keyvault-secrets
Microsoft Azure Key Vault secrets client library for Python providing secure storage and management of sensitive information
—
Pending
Quality
Pending
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
async-client.mddocs/
Asynchronous Secret Operations
Full async client providing non-blocking secret management operations optimized for concurrent workloads and asyncio applications. Supports all secret operations in an asynchronous context with proper async/await patterns.
Capabilities
Client Initialization
Create an async SecretClient instance for non-blocking secret operations.
class SecretClient:
def __init__(
self,
vault_url: str,
credential: AsyncTokenCredential,
*,
api_version: Optional[Union[ApiVersion, str]] = None,
verify_challenge_resource: bool = True,
**kwargs
):
"""
Initialize an async SecretClient for non-blocking operations.
Parameters:
- vault_url (str): URL of the Azure Key Vault
- credential (AsyncTokenCredential): Async authentication credential
- api_version (ApiVersion | str, optional): API version to use (default: ApiVersion.V7_6)
- verify_challenge_resource (bool, optional): Whether to verify challenge resource (default: True)
"""Basic Async Secret Operations
Core async operations for creating, retrieving, and updating secrets.
async def get_secret(
self,
name: str,
version: Optional[str] = None,
**kwargs
) -> KeyVaultSecret:
"""
Asynchronously get a secret by name and optional version.
Parameters:
- name (str): Name of the secret
- version (str, optional): Version of the secret. If not specified, gets the latest version
Returns:
KeyVaultSecret: The complete secret including value and properties
Raises:
ResourceNotFoundError: Secret does not exist
ClientAuthenticationError: Authentication failed
"""
async def set_secret(
self,
name: str,
value: str,
*,
enabled: Optional[bool] = None,
tags: Optional[Dict[str, str]] = None,
content_type: Optional[str] = None,
not_before: Optional[datetime] = None,
expires_on: Optional[datetime] = None,
**kwargs
) -> KeyVaultSecret:
"""
Asynchronously create or update a secret.
Parameters:
- name (str): Name of the secret
- value (str): Value of the secret
- enabled (bool, optional): Whether the secret is enabled
- tags (Dict[str, str], optional): User-defined metadata
- content_type (str, optional): Content type of the secret
- not_before (datetime, optional): Not valid before date
- expires_on (datetime, optional): Expiration date
Returns:
KeyVaultSecret: The created or updated secret
"""
async def update_secret_properties(
self,
name: str,
version: Optional[str] = None,
*,
enabled: Optional[bool] = None,
tags: Optional[Dict[str, str]] = None,
content_type: Optional[str] = None,
not_before: Optional[datetime] = None,
expires_on: Optional[datetime] = None,
**kwargs
) -> SecretProperties:
"""
Asynchronously update secret metadata without changing the value.
Parameters:
- name (str): Name of the secret
- version (str, optional): Version to update. If not specified, updates latest version
- enabled (bool, optional): Whether the secret is enabled
- tags (Dict[str, str], optional): User-defined metadata
- content_type (str, optional): Content type of the secret
- not_before (datetime, optional): Not valid before date
- expires_on (datetime, optional): Expiration date
Returns:
SecretProperties: Updated secret properties
"""Async Listing Operations
Async operations for discovering secrets and their versions using async iterators.
def list_properties_of_secrets(
self,
**kwargs
) -> AsyncItemPaged[SecretProperties]:
"""
Asynchronously list properties of all secrets in the vault.
Returns:
AsyncItemPaged[SecretProperties]: Async iterator of secret properties (no values)
"""
def list_properties_of_secret_versions(
self,
name: str,
**kwargs
) -> AsyncItemPaged[SecretProperties]:
"""
Asynchronously list all versions of a specific secret.
Parameters:
- name (str): Name of the secret
Returns:
AsyncItemPaged[SecretProperties]: Async iterator of secret version properties
"""Async Backup and Restore Operations
Async operations for backing up and restoring secrets.
async def backup_secret(
self,
name: str,
**kwargs
) -> bytes:
"""
Asynchronously backup a secret for external storage or migration.
Parameters:
- name (str): Name of the secret to backup
Returns:
bytes: Encrypted backup data
Raises:
ResourceNotFoundError: Secret does not exist
"""
async def restore_secret_backup(
self,
backup: bytes,
**kwargs
) -> SecretProperties:
"""
Asynchronously restore a secret from backup data.
Parameters:
- backup (bytes): Encrypted backup data from backup_secret()
Returns:
SecretProperties: Properties of the restored secret
Raises:
ResourceExistsError: Secret already exists
"""Async Deletion and Recovery Operations
Async soft-delete operations with direct completion (no LRO poller).
async def delete_secret(
self,
name: str,
**kwargs
) -> DeletedSecret:
"""
Asynchronously delete a secret (soft delete with recovery option).
Parameters:
- name (str): Name of the secret to delete
Returns:
DeletedSecret: Information about the deleted secret
Note:
Unlike the sync client, this handles polling internally and returns the final result.
"""
async def get_deleted_secret(
self,
name: str,
**kwargs
) -> DeletedSecret:
"""
Asynchronously get information about a deleted secret.
Parameters:
- name (str): Name of the deleted secret
Returns:
DeletedSecret: Information about the deleted secret including recovery details
"""
def list_deleted_secrets(
self,
**kwargs
) -> AsyncItemPaged[DeletedSecret]:
"""
Asynchronously list all deleted secrets that can be recovered.
Returns:
AsyncItemPaged[DeletedSecret]: Async iterator of deleted secrets
"""
async def purge_deleted_secret(
self,
name: str,
**kwargs
) -> None:
"""
Asynchronously and permanently delete a secret (cannot be recovered).
Parameters:
- name (str): Name of the deleted secret to purge
Warning:
This operation is irreversible.
"""
async def recover_deleted_secret(
self,
name: str,
**kwargs
) -> SecretProperties:
"""
Asynchronously recover a deleted secret.
Parameters:
- name (str): Name of the deleted secret to recover
Returns:
SecretProperties: Properties of the recovered secret
Note:
Unlike the sync client, this handles polling internally and returns the final result.
"""Async Client Management
Async operations for managing the client lifecycle and custom requests.
async def close(self) -> None:
"""
Asynchronously close the client and clean up resources.
"""
def send_request(
self,
request: HttpRequest,
*,
stream: bool = False,
**kwargs
) -> Awaitable[AsyncHttpResponse]:
"""
Send a custom HTTP request using the client's pipeline.
Parameters:
- request (HttpRequest): The request to send
- stream (bool, optional): Whether to stream the response
Returns:
Awaitable[AsyncHttpResponse]: Awaitable HTTP response
"""Async Context Manager Support
Use async SecretClient as an async context manager for automatic resource cleanup.
async def __aenter__(self) -> SecretClient: ...
async def __aexit__(self, *args) -> None: ...Properties
@property
def vault_url(self) -> str:
"""The URL of the Key Vault."""Usage Examples
Basic Async Operations
import asyncio
from azure.keyvault.secrets.aio import SecretClient
from azure.identity.aio import DefaultAzureCredential
async def main():
credential = DefaultAzureCredential()
client = SecretClient("https://vault.vault.azure.net/", credential)
try:
# Set a secret
secret = await client.set_secret("async-secret", "async-value")
print(f"Created: {secret.name}")
# Get the secret
retrieved = await client.get_secret("async-secret")
print(f"Value: {retrieved.value}")
# Delete the secret
deleted = await client.delete_secret("async-secret")
print(f"Deleted: {deleted.name}")
finally:
await client.close()
asyncio.run(main())Using Async Context Manager
import asyncio
from azure.keyvault.secrets.aio import SecretClient
from azure.identity.aio import DefaultAzureCredential
async def main():
credential = DefaultAzureCredential()
async with SecretClient("https://vault.vault.azure.net/", credential) as client:
# Client automatically closed when exiting context
secret = await client.set_secret("temp-secret", "temporary-value")
value = (await client.get_secret("temp-secret")).value
print(f"Secret value: {value}")
asyncio.run(main())Concurrent Operations
import asyncio
from azure.keyvault.secrets.aio import SecretClient
from azure.identity.aio import DefaultAzureCredential
async def create_secret(client, name, value):
return await client.set_secret(name, value)
async def main():
credential = DefaultAzureCredential()
async with SecretClient("https://vault.vault.azure.net/", credential) as client:
# Create multiple secrets concurrently
tasks = [
create_secret(client, f"secret-{i}", f"value-{i}")
for i in range(5)
]
secrets = await asyncio.gather(*tasks)
for secret in secrets:
print(f"Created: {secret.name}")
asyncio.run(main())Async Iteration
import asyncio
from azure.keyvault.secrets.aio import SecretClient
from azure.identity.aio import DefaultAzureCredential
async def main():
credential = DefaultAzureCredential()
async with SecretClient("https://vault.vault.azure.net/", credential) as client:
# List all secrets asynchronously
async for secret_props in client.list_properties_of_secrets():
print(f"Secret: {secret_props.name}")
# List versions of a specific secret
async for version_props in client.list_properties_of_secret_versions("my-secret"):
print(f"Version: {version_props.version}")
asyncio.run(main())Complete Async Workflow
import asyncio
from azure.keyvault.secrets.aio import SecretClient
from azure.identity.aio import DefaultAzureCredential
async def secret_lifecycle(client):
# Create secret
secret = await client.set_secret(
"lifecycle-secret",
"initial-value",
tags={"environment": "test"}
)
# Update properties
await client.update_secret_properties(
"lifecycle-secret",
tags={"environment": "test", "updated": "true"}
)
# Backup
backup_data = await client.backup_secret("lifecycle-secret")
# Delete
await client.delete_secret("lifecycle-secret")
# Recover
recovered = await client.recover_deleted_secret("lifecycle-secret")
return recovered
async def main():
credential = DefaultAzureCredential()
async with SecretClient("https://vault.vault.azure.net/", credential) as client:
result = await secret_lifecycle(client)
print(f"Lifecycle complete for: {result.name}")
asyncio.run(main())Required Imports
from typing import Dict, Optional, Union, Awaitable
from datetime import datetime
from azure.core.async_paging import AsyncItemPaged
from azure.core.credentials_async import AsyncTokenCredential
from azure.core import HttpRequest, AsyncHttpResponse
from azure.keyvault.secrets import (
KeyVaultSecret,
SecretProperties,
DeletedSecret,
KeyVaultSecretIdentifier,
ApiVersion
)
from azure.keyvault.secrets.aio import SecretClientInstall with Tessl CLI
npx tessl i tessl/pypi-azure-keyvault-secrets