tessl/pypi-azure-mgmt-keyvault
Microsoft Azure Key Vault Management Client Library for Python providing comprehensive programmatic management of Azure Key Vault resources through the Azure Resource Manager API.
—
Pending
Quality
Pending
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
private-endpoints.mddocs/
Private Endpoint Connections
Management of private endpoint connections for secure network access to Key Vault and Managed HSM resources. Private endpoints enable secure connectivity from virtual networks without internet exposure, providing enhanced network security and compliance for sensitive cryptographic workloads.
Capabilities
Key Vault Private Endpoints
Manage private endpoint connections for Azure Key Vault instances, enabling secure access from virtual networks.
def get(
resource_group_name: str,
vault_name: str,
private_endpoint_connection_name: str
) -> PrivateEndpointConnection:
"""
Get the specified private endpoint connection associated with the key vault.
Args:
resource_group_name (str): Name of the resource group
vault_name (str): The name of the key vault
private_endpoint_connection_name (str): Name of the private endpoint connection
Returns:
PrivateEndpointConnection: The private endpoint connection
"""
def put(
resource_group_name: str,
vault_name: str,
private_endpoint_connection_name: str,
properties: PrivateEndpointConnection
) -> PrivateEndpointConnection:
"""
Update a private endpoint connection associated with the key vault.
Args:
resource_group_name (str): Name of the resource group
vault_name (str): The name of the key vault
private_endpoint_connection_name (str): Name of the private endpoint connection
properties (PrivateEndpointConnection): The private endpoint connection properties
Returns:
PrivateEndpointConnection: The updated private endpoint connection
"""
def begin_delete(
resource_group_name: str,
vault_name: str,
private_endpoint_connection_name: str
) -> LROPoller[None]:
"""
Delete the specified private endpoint connection associated with the key vault.
Args:
resource_group_name (str): Name of the resource group
vault_name (str): The name of the key vault
private_endpoint_connection_name (str): Name of the private endpoint connection
Returns:
LROPoller[None]: Long-running operation poller for deletion
"""
def list_by_resource(
resource_group_name: str,
vault_name: str
) -> ItemPaged[PrivateEndpointConnection]:
"""
List private endpoint connections associated with the key vault.
Args:
resource_group_name (str): Name of the resource group
vault_name (str): The name of the key vault
Returns:
ItemPaged[PrivateEndpointConnection]: Paginated list of connections
"""Managed HSM Private Endpoints
Manage private endpoint connections for Azure Managed HSM instances.
def get(
resource_group_name: str,
name: str,
private_endpoint_connection_name: str
) -> MHSMPrivateEndpointConnection:
"""
Get the specified private endpoint connection associated with the managed HSM.
Args:
resource_group_name (str): Name of the resource group
name (str): Name of the managed HSM Pool
private_endpoint_connection_name (str): Name of the private endpoint connection
Returns:
MHSMPrivateEndpointConnection: The private endpoint connection
"""
def put(
resource_group_name: str,
name: str,
private_endpoint_connection_name: str,
properties: MHSMPrivateEndpointConnection
) -> MHSMPrivateEndpointConnection:
"""
Update a private endpoint connection associated with the managed HSM.
Args:
resource_group_name (str): Name of the resource group
name (str): Name of the managed HSM Pool
private_endpoint_connection_name (str): Name of the private endpoint connection
properties (MHSMPrivateEndpointConnection): The connection properties
Returns:
MHSMPrivateEndpointConnection: The updated connection
"""
def begin_delete(
resource_group_name: str,
name: str,
private_endpoint_connection_name: str
) -> LROPoller[None]:
"""
Delete the specified private endpoint connection associated with the managed HSM.
Args:
resource_group_name (str): Name of the resource group
name (str): Name of the managed HSM Pool
private_endpoint_connection_name (str): Name of the private endpoint connection
Returns:
LROPoller[None]: Long-running operation poller for deletion
"""
def list_by_resource(
resource_group_name: str,
name: str
) -> ItemPaged[MHSMPrivateEndpointConnection]:
"""
List private endpoint connections associated with the managed HSM.
Args:
resource_group_name (str): Name of the resource group
name (str): Name of the managed HSM Pool
Returns:
ItemPaged[MHSMPrivateEndpointConnection]: Paginated list of connections
"""Private Link Resources
Discover available private link resources for Key Vault and Managed HSM services.
def list_by_vault(
resource_group_name: str,
vault_name: str
) -> ItemPaged[PrivateLinkResource]:
"""
Get the private link resources supported for the key vault.
Args:
resource_group_name (str): Name of the resource group
vault_name (str): The name of the key vault
Returns:
ItemPaged[PrivateLinkResource]: List of private link resources
"""
def list_by_mhsm_resource(
resource_group_name: str,
name: str
) -> ItemPaged[MHSMPrivateLinkResource]:
"""
Get the private link resources supported for the managed HSM Pool.
Args:
resource_group_name (str): Name of the resource group
name (str): Name of the managed HSM Pool
Returns:
ItemPaged[MHSMPrivateLinkResource]: List of private link resources
"""Usage Examples
Setting Up Key Vault Private Endpoint
from azure.mgmt.keyvault import KeyVaultManagementClient
from azure.mgmt.keyvault.models import (
PrivateEndpointConnection, PrivateLinkServiceConnectionState,
PrivateEndpointServiceConnectionStatus
)
from azure.identity import DefaultAzureCredential
credential = DefaultAzureCredential()
client = KeyVaultManagementClient(credential, "subscription-id")
# Approve a private endpoint connection
connection_state = PrivateLinkServiceConnectionState(
status=PrivateEndpointServiceConnectionStatus.APPROVED,
description="Approved for production workload access"
)
connection = PrivateEndpointConnection(
private_link_service_connection_state=connection_state
)
approved_connection = client.private_endpoint_connections.put(
"my-resource-group",
"my-vault",
"my-private-endpoint-connection",
connection
)
print(f"Connection status: {approved_connection.private_link_service_connection_state.status}")Managing Private Endpoint Connections
# List all private endpoint connections for a vault
for connection in client.private_endpoint_connections.list_by_resource(
"my-resource-group", "my-vault"
):
print(f"Connection: {connection.name}")
print(f"Status: {connection.private_link_service_connection_state.status}")
print(f"Private Endpoint ID: {connection.private_endpoint.id}")
# Get specific connection details
connection = client.private_endpoint_connections.get(
"my-resource-group",
"my-vault",
"my-connection"
)
print(f"Provisioning State: {connection.provisioning_state}")
# Reject a private endpoint connection
reject_state = PrivateLinkServiceConnectionState(
status=PrivateEndpointServiceConnectionStatus.REJECTED,
description="Access denied - security policy violation"
)
rejected_connection = PrivateEndpointConnection(
private_link_service_connection_state=reject_state
)
client.private_endpoint_connections.put(
"my-resource-group",
"my-vault",
"rejected-connection",
rejected_connection
)Discovering Private Link Resources
# Get supported private link resources for Key Vault
for resource in client.private_link_resources.list_by_vault(
"my-resource-group", "my-vault"
):
print(f"Resource: {resource.name}")
print(f"Group ID: {resource.group_id}")
print(f"Required members: {resource.required_members}")
print(f"Required zone names: {resource.required_zone_names}")
# Get private link resources for Managed HSM
for hsm_resource in client.mhsm_private_link_resources.list_by_mhsm_resource(
"my-resource-group", "my-managed-hsm"
):
print(f"HSM Resource: {hsm_resource.name}")
print(f"Group ID: {hsm_resource.group_id}")Types
Key Vault Private Endpoints
class PrivateEndpointConnection:
id: Optional[str]
name: Optional[str]
type: Optional[str]
etag: Optional[str]
private_endpoint: Optional[PrivateEndpoint]
private_link_service_connection_state: Optional[PrivateLinkServiceConnectionState]
provisioning_state: Optional[PrivateEndpointConnectionProvisioningState]
class PrivateEndpoint:
id: Optional[str]
class PrivateLinkServiceConnectionState:
status: Optional[PrivateEndpointServiceConnectionStatus]
description: Optional[str]
actions_required: Optional[ActionsRequired]Managed HSM Private Endpoints
class MHSMPrivateEndpointConnection:
id: Optional[str]
name: Optional[str]
type: Optional[str]
etag: Optional[str]
private_endpoint: Optional[MHSMPrivateEndpoint]
private_link_service_connection_state: Optional[MHSMPrivateLinkServiceConnectionState]
provisioning_state: Optional[PrivateEndpointConnectionProvisioningState]
class MHSMPrivateEndpoint:
id: Optional[str]
class MHSMPrivateLinkServiceConnectionState:
status: Optional[PrivateEndpointServiceConnectionStatus]
description: Optional[str]
actions_required: Optional[ActionsRequired]Private Link Resources
class PrivateLinkResource:
id: Optional[str]
name: Optional[str]
type: Optional[str]
group_id: Optional[str]
required_members: Optional[List[str]]
required_zone_names: Optional[List[str]]
class MHSMPrivateLinkResource:
id: Optional[str]
name: Optional[str]
type: Optional[str]
group_id: Optional[str]
required_members: Optional[List[str]]
required_zone_names: Optional[List[str]]Connection Items
class PrivateEndpointConnectionItem:
id: Optional[str]
etag: Optional[str]
private_endpoint: Optional[PrivateEndpoint]
private_link_service_connection_state: Optional[PrivateLinkServiceConnectionState]
provisioning_state: Optional[PrivateEndpointConnectionProvisioningState]
class MHSMPrivateEndpointConnectionItem:
id: Optional[str]
etag: Optional[str]
private_endpoint: Optional[MHSMPrivateEndpoint]
private_link_service_connection_state: Optional[MHSMPrivateLinkServiceConnectionState]
provisioning_state: Optional[PrivateEndpointConnectionProvisioningState]Enumerations
class PrivateEndpointServiceConnectionStatus(str, Enum):
PENDING = "Pending"
APPROVED = "Approved"
REJECTED = "Rejected"
DISCONNECTED = "Disconnected"
class PrivateEndpointConnectionProvisioningState(str, Enum):
SUCCEEDED = "Succeeded"
CREATING = "Creating"
UPDATING = "Updating"
DELETING = "Deleting"
FAILED = "Failed"
DISCONNECTED = "Disconnected"
class ActionsRequired(str, Enum):
NONE = "None"
RECREATE = "Recreate"Network Security Benefits
Zero-Trust Network Access
Private endpoints enable zero-trust network access by providing dedicated network interfaces within your virtual network, eliminating the need for public internet connectivity to access Key Vault or Managed HSM resources.
Traffic Isolation
All traffic between your virtual network and the Key Vault/Managed HSM service travels over the Microsoft backbone network, providing enhanced security and compliance for sensitive cryptographic operations.
DNS Integration
Private endpoints integrate with Azure Private DNS zones, enabling seamless name resolution within your virtual network infrastructure while maintaining network isolation.
Firewall and NSG Support
Private endpoint traffic can be controlled using Network Security Groups (NSGs) and Azure Firewall rules, providing granular network access control for compliance and security requirements.
Install with Tessl CLI
npx tessl i tessl/pypi-azure-mgmt-keyvault