A Python client library for accessing secrets from Azure Key Vault
Project description
Azure Vault Secrets
A Python client library for securely accessing and managing secrets stored in Azure Key Vault.
Features
- 🔐 Secure secret retrieval from Azure Key Vault
- ⚡ Built-in caching to reduce API calls
- 🔄 Support for secret CRUD operations
- 🛡️ Automatic authentication using Azure credentials
- 🧪 Comprehensive test coverage
- 📝 Type hints for better IDE support
Installation
Prerequisites
- Python 3.9+
- Azure subscription
- Azure Key Vault instance
From PyPI
pip install azure-vault-secrets
From Source
git clone https://github.com/PioManojDatt/azure-vault-secrets.git
cd azure-vault-secrets
pip install -e .
Quick Start
Basic Usage
from azure_vault_secrets import SecretClient
# Initialize the client
client = SecretClient(vault_url="https://<vault-name>.vault.azure.net/")
# Retrieve a secret
secret = client.get_secret("my-secret-name")
print(secret)
# Store a secret
client.set_secret("new-secret", "secret-value")
# List all secrets
secrets = client.list_secrets()
print(secrets)
# Delete a secret
client.delete_secret("secret-to-delete")
With Custom Cache TTL
from azure_vault_secrets import SecretClient
# Initialize with 10-minute cache TTL
client = SecretClient(
vault_url="https://<vault-name>.vault.azure.net/",
cache_ttl_seconds=600,
enable_cache=True
)
# Use the client...
secret = client.get_secret("my-secret")
Disable Caching
client = SecretClient(
vault_url="https://<vault-name>.vault.azure.net/",
enable_cache=False
)
Authentication
The client uses Azure's DefaultAzureCredential for authentication, which supports multiple authentication methods:
- Environment Variables -
AZURE_TENANT_ID,AZURE_CLIENT_ID,AZURE_CLIENT_SECRET - Azure CLI - Automatically uses credentials from
az login - Managed Identity - In Azure services (App Service, Functions, etc.)
- Visual Studio Code - Uses VS Code Azure extension authentication
Setting Up Authentication
Using Azure CLI
az login
Using Environment Variables
export AZURE_TENANT_ID="<your-tenant-id>"
export AZURE_CLIENT_ID="<your-client-id>"
export AZURE_CLIENT_SECRET="<your-client-secret>"
Error Handling
from azure_vault_secrets import SecretClient, SecretNotFoundError, AuthenticationError
client = SecretClient(vault_url="https://<vault-name>.vault.azure.net/")
try:
secret = client.get_secret("my-secret")
except SecretNotFoundError:
print("Secret not found in vault")
except AuthenticationError:
print("Failed to authenticate with Azure")
except Exception as e:
print(f"An error occurred: {e}")
API Reference
SecretClient
Methods
get_secret(secret_name: str) -> str- Retrieve a secretset_secret(secret_name: str, secret_value: str) -> None- Store a secretdelete_secret(secret_name: str) -> None- Delete a secretlist_secrets() -> list- List all secretsclear_cache() -> None- Clear the secret cacheclose() -> None- Close the client connection
SecretCache
Methods
get(key: str) -> Optional[str]- Get a cached valueset(key: str, value: str) -> None- Cache a valueclear() -> None- Clear all cached valuesremove(key: str) -> None- Remove a specific cached valueis_expired(key: str) -> bool- Check if a cached value has expired
Testing
Run the test suite:
pytest tests/
With coverage:
pytest --cov=azure_vault_secrets tests/
Contributing
Contributions are welcome! Please follow these steps:
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
License
This project is licensed under the MIT License - see the LICENSE file for details.
Support
For issues, questions, or suggestions, please open an issue on the GitHub repository.
Changelog
0.1.0 (Initial Release)
- Initial release
- Basic secret CRUD operations
- Caching support
- Azure Key Vault integration
Security Considerations
- Never hardcode secrets in your code
- Always use Azure Key Vault for secret storage
- Regularly rotate your secrets
- Use Managed Identity when running in Azure services
- Keep the Azure SDK up to date
Performance Tips
- Use caching for frequently accessed secrets
- Adjust cache TTL based on your security requirements
- List secrets sparingly (this operation can be expensive)
- Consider using Managed Identity for better performance in Azure
Resources
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file azure_vault_secrets-0.1.1.tar.gz.
File metadata
- Download URL: azure_vault_secrets-0.1.1.tar.gz
- Upload date:
- Size: 8.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
53aeb8870a9153f8e8ab3762c93346f4a4b1e13da0a3c31edf7cc460724d52cd
|
|
| MD5 |
c33d61104e3941527c919db21a521837
|
|
| BLAKE2b-256 |
99206b2d760376e7f3033672c8e800b732fd506d1545d4ca8843a23422abb45d
|
File details
Details for the file azure_vault_secrets-0.1.1-py3-none-any.whl.
File metadata
- Download URL: azure_vault_secrets-0.1.1-py3-none-any.whl
- Upload date:
- Size: 7.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0e0c8e357a96673eed8c28a14da51ea7268a6abcd608652f70043e23488068fc
|
|
| MD5 |
fe6483521d906565559ac34da57c18f2
|
|
| BLAKE2b-256 |
3d3efc48f5536582464101778cba655f6a8de4993aaffa231fbe21c2b347faa3
|