Skip to main content

A KeyVault client wrapper that helps transition between using ADAL (Active Directory Authentication Libraries) and MSI (Managed Service Identity) as a token provider

Project description

keyvaultlib

A KeyVault client wrapper that helps transition between using ADAL (Active Directory Authentication Libraries) and MSI (Managed Service Identity) as a token provider. Moreover, this library provides support for User-Assigned identities (MSI) and non-public (e.g. Government) Azure clouds.

What is KeyVault ?

Key Vault is an Azure managed cloud service that allows you to securely store secrets in a variety of forms:

  • Credentials
  • Connection Strings
  • Private Keys and Certificates in various formats
  • ...

It provides auditing and integrates easily with AAD (Azure-Active-Directory) for user or application based authorization. More about KeyVault can be found in the following link: https://docs.microsoft.com/en-us/azure/key-vault/key-vault-overview

What is ADAL (Active Directory Authentication Libraries) ?

ADAL are a set of libraries provided by the AAD (Azure-Active-Directory) team in a variety of programming languages that allows one to easily interact with their cloud active directory. For example, the libraries could be used for authentication and authorization with Azure resources

More about ADAL can be found in the following link: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-authentication-libraries

What is MSI (Managed-Service-Identity) ?

MSI was created to ease the authentication flow for Azure services, while providing a per-VM granularity of control. Once MSI is enabled on your VM, your virtual machine will be assigned an application or user client ID, with which you could easily receive access tokens for Azure resources, which you may then authorize your VM to use. It also saves the need to store your service principal information on disk, or worse, in your code base.

More about MSI can be found in the following link: https://docs.microsoft.com/en-us/azure/active-directory/managed-service-identity/overview

How to use this wrapper effectively ?

This KeyVault client was created for reducing the small code duplication involving the use of either MSI or ADAL / Service Principal Credentials. A common use case being - having part of your code running on Azure VMs while another part running on your local machine or VM, where MSI is not accessible.

Example

First, install the library via:

$> pip install keyvaultlib

Next, import KeyVaultOAuthClient and choose your authentication strategy;

Currently supported: Using Service Principal credentials for ADAL or MSI

from keyvaultlib.key_vault import KeyVaultOAuthClient

# MSI Example
client = KeyVaultOAuthClient(use_msi=True)
secret = client.get_secret_with_key_vault_name('my-key-vault', 'my-secret')

# MSI - User Assigned Identity example
client = KeyVaultOAuthClient(use_msi=True, client_id='my_user_assigned_client_id')
secret = client.get_secret_with_key_vault_name('my-key-vault', 'my-secret')

# ADAL / SPN Example
client = KeyVaultOAuthClient(
  client_id='my_user_or_app_client_id', 
  client_secret='my_user_or_app_client_secret', 
  tenant_id='my_AAD_tenant_id'
)
secret = client.get_secret_with_key_vault_name('my-key-vault', 'my-secret')

# Setting retry counts for request-throttling (Default is 5)
client = KeyVaultOAuthClient(
  client_id='my_user_or_app_client_id', 
  client_secret='my_user_or_app_client_secret', 
  tenant_id='my_AAD_tenant_id'
)
secret = client.get_secret_with_key_vault_name('my-key-vault', 'my-secret', throttling_retry_attempts=2)

# Using government / non-public Azure Clouds Example:
from msrestazure.azure_cloud import AZURE_US_GOV_CLOUD

client = KeyVaultOAuthClient(
  client_id='my_user_or_app_client_id', 
  client_secret='my_user_or_app_client_secret', 
  tenant_id='my_AAD_tenant_id',
  cloud=AZURE_US_GOV_CLOUD
)
secret = client.get_secret_with_key_vault_name('my-key-vault', 'my-secret')

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

keyvaultlib-1.1.4.tar.gz (4.8 kB view details)

Uploaded Source

Built Distribution

keyvaultlib-1.1.4-py2.py3-none-any.whl (5.9 kB view details)

Uploaded Python 2Python 3

File details

Details for the file keyvaultlib-1.1.4.tar.gz.

File metadata

  • Download URL: keyvaultlib-1.1.4.tar.gz
  • Upload date:
  • Size: 4.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.15.0 pkginfo/1.4.2 requests/2.22.0 setuptools/41.2.0 requests-toolbelt/0.8.0 tqdm/4.28.1 CPython/2.7.15

File hashes

Hashes for keyvaultlib-1.1.4.tar.gz
Algorithm Hash digest
SHA256 21ded09979e9cf158e19d316e9dd1401419ebbcf373293b162ceab7479cfe0b7
MD5 041accf5112aba6e4b119b016c8a2914
BLAKE2b-256 4638e486dd59a52711ea23813b367874e7d06b92c73ca7356ba1bf672d512756

See more details on using hashes here.

File details

Details for the file keyvaultlib-1.1.4-py2.py3-none-any.whl.

File metadata

  • Download URL: keyvaultlib-1.1.4-py2.py3-none-any.whl
  • Upload date:
  • Size: 5.9 kB
  • Tags: Python 2, Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.15.0 pkginfo/1.4.2 requests/2.22.0 setuptools/41.2.0 requests-toolbelt/0.8.0 tqdm/4.28.1 CPython/2.7.15

File hashes

Hashes for keyvaultlib-1.1.4-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 f5ac5f4f872c78daa8f0a43754fe593c6de713ab3753a8eb1506c0fa40c65a85
MD5 4fa584f64cc41cf2879b9165db0d73e4
BLAKE2b-256 b40cc41e9f3fcd8e3cccdf7833a923437d41b12ca477928ccf522850f507eb4e

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page