CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/pypi-azure

Microsoft Azure Client Libraries for Python meta-package providing comprehensive access to Azure cloud services and management capabilities

Pending

Quality

Pending

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

Overview
Eval results
Files

security-identity.mddocs/

Security and Identity

Azure security and identity services provide key management, secret storage, certificate management, and identity/access management capabilities. This includes Azure Key Vault for secure key and secret storage, and Graph RBAC for identity and access management operations.

Capabilities

Azure Key Vault

Securely stores and manages cryptographic keys, secrets, and certificates used by cloud applications and services. Provides centralized secret management with access control and audit logging.

class KeyVaultClient:
    """
    Client for Azure Key Vault operations.
    
    Parameters:
    - credentials: KeyVaultAuthentication credentials
    """
    def __init__(self, credentials, **kwargs): ...
    
    # Key operations
    def create_key(self, vault_base_url: str, key_name: str, kty: str, **kwargs): ...
    def import_key(self, vault_base_url: str, key_name: str, key: object, **kwargs): ...
    def delete_key(self, vault_base_url: str, key_name: str, **kwargs): ...
    def update_key(self, vault_base_url: str, key_name: str, key_version: str, **kwargs): ...
    def get_key(self, vault_base_url: str, key_name: str, key_version: str, **kwargs): ...
    def get_keys(self, vault_base_url: str, **kwargs): ...
    def get_key_versions(self, vault_base_url: str, key_name: str, **kwargs): ...
    def backup_key(self, vault_base_url: str, key_name: str, **kwargs): ...
    def restore_key(self, vault_base_url: str, key_bundle_backup: str, **kwargs): ...
    
    # Secret operations  
    def set_secret(self, vault_base_url: str, secret_name: str, value: str, **kwargs): ...
    def delete_secret(self, vault_base_url: str, secret_name: str, **kwargs): ...
    def update_secret(self, vault_base_url: str, secret_name: str, secret_version: str, **kwargs): ...
    def get_secret(self, vault_base_url: str, secret_name: str, secret_version: str, **kwargs): ...
    def get_secrets(self, vault_base_url: str, **kwargs): ...
    def get_secret_versions(self, vault_base_url: str, secret_name: str, **kwargs): ...
    def backup_secret(self, vault_base_url: str, secret_name: str, **kwargs): ...
    def restore_secret(self, vault_base_url: str, secret_bundle_backup: str, **kwargs): ...
    
    # Certificate operations
    def create_certificate(self, vault_base_url: str, certificate_name: str, **kwargs): ...
    def import_certificate(self, vault_base_url: str, certificate_name: str, certificate_data: str, **kwargs): ...
    def delete_certificate(self, vault_base_url: str, certificate_name: str, **kwargs): ...
    def update_certificate(self, vault_base_url: str, certificate_name: str, certificate_version: str, **kwargs): ...
    def get_certificate(self, vault_base_url: str, certificate_name: str, certificate_version: str, **kwargs): ...
    def get_certificates(self, vault_base_url: str, **kwargs): ...
    def get_certificate_versions(self, vault_base_url: str, certificate_name: str, **kwargs): ...
    
    # Cryptographic operations
    def encrypt(self, vault_base_url: str, key_name: str, key_version: str, algorithm: str, value: str, **kwargs): ...
    def decrypt(self, vault_base_url: str, key_name: str, key_version: str, algorithm: str, value: str, **kwargs): ...
    def sign(self, vault_base_url: str, key_name: str, key_version: str, algorithm: str, value: str, **kwargs): ...
    def verify(self, vault_base_url: str, key_name: str, key_version: str, algorithm: str, digest: str, signature: str, **kwargs): ...
    def wrap_key(self, vault_base_url: str, key_name: str, key_version: str, algorithm: str, value: str, **kwargs): ...
    def unwrap_key(self, vault_base_url: str, key_name: str, key_version: str, algorithm: str, value: str, **kwargs): ...

Key Vault Authentication

Provides authentication mechanisms for Key Vault operations.

class KeyVaultAuthentication:
    """
    Authentication for Key Vault operations.
    
    Parameters:
    - authorization_callback: callable, function that returns access token
    """
    def __init__(self, authorization_callback: callable): ...
    
    def signed_session(self, session=None):
        """Create authenticated session for Key Vault requests."""

class KeyVaultAuthBase:
    """Base class for Key Vault authentication."""
    def __init__(self): ...

class AccessToken:
    """Represents an access token for Key Vault authentication."""
    def __init__(self, token: str, expires_on: int): ...
    
    token: str  # Access token string
    expires_on: int  # Token expiration timestamp

Key Vault Models

Identity classes for Key Vault resources.

class KeyVaultId:
    """Base class for Key Vault resource identifiers."""
    def __init__(self, vault: str, name: str, version: str = None): ...
    
    @property
    def vault(self) -> str: ...  # Vault URL
    
    @property  
    def name(self) -> str: ...  # Resource name
    
    @property
    def version(self) -> str: ...  # Resource version

class KeyId(KeyVaultId):
    """Identifier for Key Vault keys."""
    pass

class SecretId(KeyVaultId):
    """Identifier for Key Vault secrets."""  
    pass

class CertificateId(KeyVaultId):
    """Identifier for Key Vault certificates."""
    pass

class CertificateIssuerId(KeyVaultId):
    """Identifier for certificate issuers."""
    pass

class CertificateOperationId(KeyVaultId):
    """Identifier for certificate operations."""
    pass

class StorageAccountId(KeyVaultId):
    """Identifier for managed storage accounts."""
    pass

class StorageSasDefinitionId(KeyVaultId):
    """Identifier for storage SAS definitions."""
    pass

HTTP Challenge Authentication

Low-level HTTP authentication components for Key Vault.

class HttpBearerChallenge:
    """Represents an HTTP Bearer authentication challenge."""
    def __init__(self, request_uri: str, challenge: str): ...

class HttpChallenge:
    """Base HTTP authentication challenge."""
    def __init__(self): ...

class HttpBearerChallengeCache:
    """Cache for HTTP Bearer challenges."""
    def __init__(self): ...
    
    def get_challenge_for_url(self, url: str): ...
    def set_challenge_for_url(self, url: str, challenge: object): ...
    def clear(self): ...

def generate_pop_key() -> str:
    """Generate a Proof of Possession (PoP) key for authentication."""

Graph RBAC Management

Manages Azure Active Directory identity and access control operations including applications, service principals, users, and groups.

class GraphRbacManagementClient:
    """
    Client for Azure Active Directory Graph RBAC operations.
    
    Parameters:
    - credentials: Authentication credentials
    - tenant_id: str, Azure Active Directory tenant ID  
    """
    def __init__(self, credentials, tenant_id: str, **kwargs): ...
    
    @property
    def applications(self): ...  # Application operations
    
    @property
    def service_principals(self): ...  # Service principal operations
    
    @property
    def users(self): ...  # User operations
    
    @property
    def groups(self): ...  # Group operations
    
    @property
    def oauth2(self): ...  # OAuth2 operations
    
    @property
    def signed_in_user(self): ...  # Current user operations

Application Operations

Manage Azure AD applications.

class ApplicationOperations:
    def create(self, parameters, **kwargs):
        """Create a new application."""
    
    def delete(self, application_object_id: str, **kwargs):
        """Delete an application."""
    
    def get(self, application_object_id: str, **kwargs):
        """Get an application by object ID."""
    
    def list(self, **kwargs):
        """List applications in the tenant."""
    
    def patch(self, application_object_id: str, parameters, **kwargs):
        """Update an application."""
    
    def list_owners(self, application_object_id: str, **kwargs):
        """Get owners of an application."""
    
    def add_owner(self, application_object_id: str, parameters, **kwargs):
        """Add an owner to an application."""
    
    def remove_owner(self, application_object_id: str, owner_object_id: str, **kwargs):
        """Remove an owner from an application."""
    
    def list_key_credentials(self, application_object_id: str, **kwargs):
        """Get key credentials for an application."""
    
    def update_key_credentials(self, application_object_id: str, parameters, **kwargs):
        """Update key credentials for an application."""
    
    def list_password_credentials(self, application_object_id: str, **kwargs):
        """Get password credentials for an application."""
    
    def update_password_credentials(self, application_object_id: str, parameters, **kwargs):
        """Update password credentials for an application."""

Service Principal Operations

Manage Azure AD service principals.

class ServicePrincipalOperations:
    def create(self, parameters, **kwargs):
        """Create a new service principal."""
    
    def delete(self, object_id: str, **kwargs):
        """Delete a service principal."""
    
    def get(self, object_id: str, **kwargs):
        """Get a service principal by object ID."""
    
    def list(self, **kwargs):
        """List service principals in the tenant."""
    
    def patch(self, object_id: str, parameters, **kwargs):
        """Update a service principal."""
    
    def list_owners(self, object_id: str, **kwargs):
        """Get owners of a service principal."""
    
    def list_key_credentials(self, object_id: str, **kwargs):
        """Get key credentials for a service principal."""
    
    def update_key_credentials(self, object_id: str, parameters, **kwargs):
        """Update key credentials for a service principal."""
    
    def list_password_credentials(self, object_id: str, **kwargs):
        """Get password credentials for a service principal."""
    
    def update_password_credentials(self, object_id: str, parameters, **kwargs):
        """Update password credentials for a service principal."""

Usage Examples

Working with Key Vault Secrets

from azure.keyvault import KeyVaultClient
from azure.keyvault.authentication import KeyVaultAuthentication

# Authentication callback
def auth_callback(server, resource, scope):
    # Implement your authentication logic here
    # This should return an access token
    return access_token

# Create client
credentials = KeyVaultAuthentication(auth_callback)
client = KeyVaultClient(credentials)

vault_url = "https://myvault.vault.azure.net/"

# Set a secret
secret = client.set_secret(vault_url, "database-password", "my-secret-value")
print(f"Secret ID: {secret.id}")

# Get a secret
retrieved_secret = client.get_secret(vault_url, "database-password", "")
print(f"Secret value: {retrieved_secret.value}")

# List all secrets
secrets = client.get_secrets(vault_url)
for secret in secrets:
    print(f"Secret: {secret.id}")

Working with Key Vault Keys

from azure.keyvault import KeyVaultClient

# Create a key
key = client.create_key(vault_url, "encryption-key", "RSA")
print(f"Key ID: {key.key.kid}")

# Encrypt data
encryption_result = client.encrypt(
    vault_url, 
    "encryption-key", 
    "", 
    "RSA-OAEP", 
    "Hello, World!"
)
print(f"Encrypted: {encryption_result.result}")

# Decrypt data  
decryption_result = client.decrypt(
    vault_url,
    "encryption-key",
    "",
    "RSA-OAEP", 
    encryption_result.result
)
print(f"Decrypted: {decryption_result.result}")

Managing Azure AD Applications

from azure.graphrbac import GraphRbacManagementClient
from azure.graphrbac.models import ApplicationCreateParameters

# Create Graph RBAC client
graph_client = GraphRbacManagementClient(credentials, tenant_id)

# Create an application
app_params = ApplicationCreateParameters(
    display_name="My Application",
    homepage="https://myapp.com",
    identifier_uris=["https://myapp.com/app"]
)

app = graph_client.applications.create(app_params)
print(f"Created application: {app.display_name} (ID: {app.object_id})")

# List applications
applications = graph_client.applications.list()
for app in applications:
    print(f"Application: {app.display_name}")

# Create service principal for the application
sp_params = ServicePrincipalCreateParameters(app_id=app.app_id)
service_principal = graph_client.service_principals.create(sp_params)
print(f"Created service principal: {service_principal.object_id}")

Install with Tessl CLI

npx tessl i tessl/pypi-azure

docs

compute-services.md

index.md

messaging-integration.md

monitoring-analytics.md

platform-services.md

resource-management.md

security-identity.md

tile.json