Skip to main content

A KeyVault client wrapper that helps transition between using ADAL (Active Directory Authentication Libraries) and MSI (Managed Service Identity) as a token provider

Project description


A KeyVault client wrapper that helps transition between using ADAL (Active Directory Authentication Libraries) and MSI (Managed Service Identity) as a token provider. Moreover, this library provides support for User-Assigned identities (MSI) and non-public (e.g. Government) Azure clouds.

What is KeyVault ?

Key Vault is an Azure managed cloud service that allows you to securely store secrets in a variety of forms:

  • Credentials
  • Connection Strings
  • Private Keys and Certificates in various formats
  • ...

It provides auditing and integrates easily with AAD (Azure-Active-Directory) for user or application based authorization. More about KeyVault can be found in the following link:

What is ADAL (Active Directory Authentication Libraries) ?

ADAL are a set of libraries provided by the AAD (Azure-Active-Directory) team in a variety of programming languages that allows one to easily interact with their cloud active directory. For example, the libraries could be used for authentication and authorization with Azure resources

More about ADAL can be found in the following link:

What is MSI (Managed-Service-Identity) ?

MSI was created to ease the authentication flow for Azure services, while providing a per-VM granularity of control. Once MSI is enabled on your VM, your virtual machine will be assigned an application or user client ID, with which you could easily receive access tokens for Azure resources, which you may then authorize your VM to use. It also saves the need to store your service principal information on disk, or worse, in your code base.

More about MSI can be found in the following link:

How to use this wrapper effectively ?

This KeyVault client was created for reducing the small code duplication involving the use of either MSI or ADAL / Service Principal Credentials. A common use case being - having part of your code running on Azure VMs while another part running on your local machine or VM, where MSI is not accessible.


First, install the library via:

$> pip install keyvaultlib

Next, import KeyVaultOAuthClient and choose your authentication strategy;

Currently supported: Using Service Principal credentials for ADAL or MSI

from keyvaultlib.key_vault import KeyVaultOAuthClient

# MSI Example
client = KeyVaultOAuthClient(use_msi=True)
secret = client.get_secret_with_key_vault_name('my-key-vault', 'my-secret')

# MSI - User Assigned Identity example
client = KeyVaultOAuthClient(use_msi=True, client_id='my_user_assigned_client_id')
secret = client.get_secret_with_key_vault_name('my-key-vault', 'my-secret')

# ADAL / SPN Example
client = KeyVaultOAuthClient(
secret = client.get_secret_with_key_vault_name('my-key-vault', 'my-secret')

# Using government / non-public Azure Clouds Example:
client = KeyVaultOAuthClient(
secret = client.get_secret_with_key_vault_name('my-key-vault', 'my-secret')

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for keyvaultlib, version 1.0.5
Filename, size File type Python version Upload date Hashes
Filename, size keyvaultlib-1.0.5-py2-none-any.whl (4.4 kB) File type Wheel Python version py2 Upload date Hashes View
Filename, size keyvaultlib-1.0.5.tar.gz (4.2 kB) File type Source Python version None Upload date Hashes View

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Huawei Huawei PSF Sponsor Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page