A KeyVault client wrapper that helps transition between using ADAL (Active Directory Authentication Libraries) and MSI (Managed Service Identity) as a token provider
Project description
keyvaultlib
A KeyVault client wrapper that helps transition between using ADAL (Active Directory Authentication Libraries) and MSI (Managed Service Identity) as a token provider
What is KeyVault ?
Key Vault is an Azure managed cloud service that allows you to securely store secrets in a variety of forms:
- Credentials
- Connection Strings
- Private Keys and Certificates in various formats
- ...
It provides auditing and integrates easily with AAD (Azure-Active-Directory) for user or application based authorization. More about KeyVault can be found in the following link: https://docs.microsoft.com/en-us/azure/key-vault/key-vault-overview
What is ADAL (Active Directory Authentication Libraries) ?
ADAL are a set of libraries provided by the AAD (Azure-Active-Directory) team in a variety of programming languages that allows one to easily interact with their cloud active directory. For example, the libraries could be used for authentication and authorization with Azure resources
More about ADAL can be found in the following link: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-authentication-libraries
What is MSI (Managed-Service-Identity) ?
MSI was created to ease the authentication flow for Azure services, while providing a per-VM granularity of control. Once MSI is enabled on your VM, your virtual machine will be assigned an application or user client ID, with which you could easily receive access tokens for Azure resources, which you may then authorize your VM to use. It also saves the need to store your service principal information on disk, or worse, in your code base.
More about MSI can be found in the following link: https://docs.microsoft.com/en-us/azure/active-directory/managed-service-identity/overview
How to use this wrapper effectively ?
This KeyVault client was created for reducing the small code duplication involving the use of either MSI or ADAL / Service Principal Credentials. A common use case being - having part of your code running on Azure VMs while another part running on your local machine or VM, where MSI is not accessible.
Example
First, install the library via:
$> pip install keyvaultlib
Next, import KeyVaultOAuthClient and choose your authentication strategy;
Currently supported: Using Service Principal credentials for ADAL or MSI
from keyvaultlib import KeyVaultOAuthClient
# MSI Example
client = KeyVaultOAuthClient(use_msi=True)
secret = client.get_secret_with_key_vault_name('my_key_vault', 'my_secret')
# ADAL / SPN Example
client = KeyVaultOAuthClient(
client_id='my_user_or_app_client_id',
client_secret='my_user_or_app_client_secret',
tenant_id='my_AAD_tenant_id'
)
secret = client.get_secret_with_key_vault_name('my_key_vault', 'my_secret')
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for keyvaultlib-1.0.0-py2-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | d7ff6a794b533e9f6128d31b5408e32f0db59270f84cd773f4679463788d6960 |
|
MD5 | 1f37315969d5183ec7b3c708c09847d2 |
|
BLAKE2b-256 | 55a5c8775f469b02e6e179f0c38f784863a20a75892497e6d4697978fe27a46e |