tessl/pypi-azure-mgmt-keyvault
Microsoft Azure Key Vault Management Client Library for Python providing comprehensive programmatic management of Azure Key Vault resources through the Azure Resource Manager API.
—
Pending
Quality
Pending
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
key-management.mddocs/
Key Management
Management operations for cryptographic keys within Azure Key Vault through the Azure Resource Manager API. Provides key creation, versioning, metadata management, and rotation policy configuration for both software-protected and hardware-protected keys.
Capabilities
Key Creation
Create cryptographic keys with specified algorithms, key sizes, and security properties. Supports both software and hardware-backed keys with various cryptographic operations.
def create_if_not_exist(
resource_group_name: str,
vault_name: str,
key_name: str,
parameters: KeyCreateParameters
) -> Key:
"""
Create the first version of a new key if it does not exist.
Args:
resource_group_name (str): The name of the resource group
vault_name (str): The name of the key vault
key_name (str): The name of the key to create
parameters (KeyCreateParameters): The parameters to create a key
Returns:
Key: The created key resource
"""Key Retrieval
Retrieve specific keys or key versions, with support for getting the current version or accessing historical versions.
def get(resource_group_name: str, vault_name: str, key_name: str) -> Key:
"""
Get the current version of the specified key.
Args:
resource_group_name (str): The name of the resource group
vault_name (str): The name of the key vault
key_name (str): The name of the key to retrieve
Returns:
Key: The key resource
"""
def get_version(
resource_group_name: str,
vault_name: str,
key_name: str,
key_version: str
) -> Key:
"""
Get the specified version of the specified key.
Args:
resource_group_name (str): The name of the resource group
vault_name (str): The name of the key vault
key_name (str): The name of the key
key_version (str): The version of the key
Returns:
Key: The specific key version
"""Key Listing
List keys within a vault or list all versions of a specific key with pagination support.
def list(resource_group_name: str, vault_name: str) -> ItemPaged[Key]:
"""
List keys in the specified key vault.
Args:
resource_group_name (str): The name of the resource group
vault_name (str): The name of the key vault
Returns:
ItemPaged[Key]: Paginated list of keys
"""
def list_versions(
resource_group_name: str,
vault_name: str,
key_name: str
) -> ItemPaged[Key]:
"""
List versions of the specified key.
Args:
resource_group_name (str): The name of the resource group
vault_name (str): The name of the key vault
key_name (str): The name of the key
Returns:
ItemPaged[Key]: Paginated list of key versions
"""Usage Examples
Creating Different Types of Keys
from azure.mgmt.keyvault import KeyVaultManagementClient
from azure.mgmt.keyvault.models import (
KeyCreateParameters, KeyProperties, KeyAttributes,
JsonWebKeyType, JsonWebKeyOperation, JsonWebKeyCurveName
)
from azure.identity import DefaultAzureCredential
credential = DefaultAzureCredential()
client = KeyVaultManagementClient(credential, "subscription-id")
# Create RSA key for encryption/decryption
rsa_key_params = KeyCreateParameters(
properties=KeyProperties(
kty=JsonWebKeyType.RSA,
key_size=2048,
key_ops=[
JsonWebKeyOperation.ENCRYPT,
JsonWebKeyOperation.DECRYPT,
JsonWebKeyOperation.SIGN,
JsonWebKeyOperation.VERIFY
],
attributes=KeyAttributes(
enabled=True
)
)
)
rsa_key = client.keys.create_if_not_exist(
"my-resource-group",
"my-vault",
"my-rsa-key",
rsa_key_params
)
print(f"Created RSA key: {rsa_key.name}")
# Create Elliptic Curve key
ec_key_params = KeyCreateParameters(
properties=KeyProperties(
kty=JsonWebKeyType.EC,
curve=JsonWebKeyCurveName.P_256,
key_ops=[
JsonWebKeyOperation.SIGN,
JsonWebKeyOperation.VERIFY
],
attributes=KeyAttributes(
enabled=True,
expires=1735689600 # Unix timestamp
)
)
)
ec_key = client.keys.create_if_not_exist(
"my-resource-group",
"my-vault",
"my-ec-key",
ec_key_params
)Managing Key Versions
# List all keys in vault
for key in client.keys.list("my-resource-group", "my-vault"):
print(f"Key: {key.name}, Version: {key.properties.version}")
# Get current version of a key
current_key = client.keys.get("my-resource-group", "my-vault", "my-key")
print(f"Current version: {current_key.properties.version}")
# List all versions of a specific key
for key_version in client.keys.list_versions("my-resource-group", "my-vault", "my-key"):
print(f"Version: {key_version.properties.version}")
print(f"Created: {key_version.properties.attributes.created}")
print(f"Enabled: {key_version.properties.attributes.enabled}")
# Get specific version
specific_version = client.keys.get_version(
"my-resource-group",
"my-vault",
"my-key",
"version-id"
)Types
Key Parameters
class KeyCreateParameters:
properties: KeyProperties
tags: Optional[Dict[str, str]]
class KeyProperties:
attributes: Optional[KeyAttributes]
kty: Optional[JsonWebKeyType]
key_ops: Optional[List[JsonWebKeyOperation]]
key_size: Optional[int]
curve: Optional[JsonWebKeyCurveName]
release_policy: Optional[KeyReleasePolicy]
rotation_policy: Optional[RotationPolicy]Key Resource
class Key:
id: Optional[str]
name: Optional[str]
type: Optional[str]
location: Optional[str]
tags: Optional[Dict[str, str]]
properties: Optional[KeyProperties]
class KeyProperties:
attributes: Optional[KeyAttributes]
kty: Optional[JsonWebKeyType]
key_ops: Optional[List[JsonWebKeyOperation]]
key_size: Optional[int]
curve: Optional[JsonWebKeyCurveName]
key_uri: Optional[str]
key_uri_with_version: Optional[str]
version: Optional[str]
release_policy: Optional[KeyReleasePolicy]
rotation_policy: Optional[RotationPolicy]Key Attributes
class KeyAttributes:
enabled: Optional[bool]
not_before: Optional[int]
expires: Optional[int]
created: Optional[int]
updated: Optional[int]
recovery_level: Optional[DeletionRecoveryLevel]
exportable: Optional[bool]Key Rotation
class RotationPolicy:
attributes: Optional[KeyRotationPolicyAttributes]
lifetime_actions: Optional[List[LifetimeAction]]
class KeyRotationPolicyAttributes:
expires_in: Optional[str]
created: Optional[int]
updated: Optional[int]
class LifetimeAction:
trigger: Optional[Trigger]
action: Optional[Action]
class Trigger:
time_after_create: Optional[str]
time_before_expiry: Optional[str]
class Action:
type: Optional[KeyRotationPolicyActionType]Key Release Policy
class KeyReleasePolicy:
content_type: Optional[str]
data: Optional[bytes]Enumerations
class JsonWebKeyType(str, Enum):
EC = "EC"
EC_HSM = "EC-HSM"
RSA = "RSA"
RSA_HSM = "RSA-HSM"
OCT = "oct"
OCT_HSM = "oct-HSM"
class JsonWebKeyOperation(str, Enum):
ENCRYPT = "encrypt"
DECRYPT = "decrypt"
SIGN = "sign"
VERIFY = "verify"
WRAP_KEY = "wrapKey"
UNWRAP_KEY = "unwrapKey"
IMPORT = "import"
RELEASE = "release"
class JsonWebKeyCurveName(str, Enum):
P_256 = "P-256"
P_384 = "P-384"
P_521 = "P-521"
P_256K = "P-256K"
class KeyRotationPolicyActionType(str, Enum):
ROTATE = "Rotate"
NOTIFY = "Notify"
class DeletionRecoveryLevel(str, Enum):
PURGEABLE = "Purgeable"
RECOVERABLE = "Recoverable"
RECOVERABLE_PROTECTED_SUBSCRIPTION = "Recoverable+ProtectedSubscription"
RECOVERABLE_PURGEABLE = "Recoverable+Purgeable"
CUSTOMIZED_RECOVERABLE = "CustomizedRecoverable"
CUSTOMIZED_RECOVERABLE_PROTECTED_SUBSCRIPTION = "CustomizedRecoverable+ProtectedSubscription"
CUSTOMIZED_RECOVERABLE_PURGEABLE = "CustomizedRecoverable+Purgeable"Install with Tessl CLI
npx tessl i tessl/pypi-azure-mgmt-keyvault