Skip to main content

Azure Key Vault oriented Swarmauri certificate service for PKCS#10 CSR generation, PEM formatting, and certificate workflow helpers.

Project description

Swarmauri Logo

PyPI - Downloads Hits PyPI - Python Version PyPI - License PyPI - swarmauri_certs_azure Discord

Swarmauri Azure Key Vault Certificate Service

swarmauri_certs_azure provides AzureKeyVaultCertService, a Swarmauri certificate-service adapter for Azure-oriented certificate workflows. The current implementation authenticates with Azure credentials, prepares an Azure Key Vault key client, and creates PKCS#10 certificate signing requests from exportable PEM private key material supplied through Swarmauri KeyRef objects.

Why Swarmauri Azure Key Vault Certificate Service?

Use this package when a Swarmauri deployment needs certificate request generation that fits Azure Key Vault operational patterns. It gives certificate code one Swarmauri interface while preserving Azure authentication through DefaultAzureCredential and keeping CSR construction, RFC 5280 serial helpers, and RFC 7468 PEM formatting in a package-local certificate service.

FAQ

Q: Does this package create certificates directly in Azure Key Vault?

A: Not in the current runtime implementation. It creates CSRs from exportable private key material and prepares an Azure Key Vault key client. Azure certificate creation, import, and lifecycle operations should be handled by the surrounding Azure workflow.

Q: What standards does it cover?

A: The package includes PKCS#10 CSR creation, RFC 5280-style serial number generation helpers, and RFC 7468 PEM certificate formatting helpers.

Q: What credential model does it use?

A: AzureKeyVaultCertService uses a caller-provided Azure credential or falls back to DefaultAzureCredential, which supports local developer login, managed identity, workload identity, and service-principal flows supported by Azure Identity.

Q: What key material is required?

A: The implemented CSR path requires exportable PEM private key material in KeyRef.material. Non-exportable Key Vault signing is not implemented by this simplified service.

Features

  • AzureKeyVaultCertService class for Swarmauri certificate-service workflows.
  • Azure Identity integration through DefaultAzureCredential or a caller-provided credential.
  • Azure Key Vault key client construction for the configured vault URL.
  • PKCS#10 CSR creation from PEM private keys.
  • Common-name subject handling for CSR generation.
  • RFC 5280-oriented serial number helper.
  • RFC 7468 PEM certificate formatting helper.
  • Capability metadata reporting RSA-2048, RSA-SHA256, and CSR support.
  • Python 3.10, 3.11, 3.12, 3.13, and 3.14 support.

Installation

Install with uv:

uv add swarmauri_certs_azure

Install with pip:

pip install swarmauri_certs_azure

Usage

Create a service for an Azure Key Vault URL:

from azure.identity import DefaultAzureCredential

from swarmauri_certs_azure.certs import AzureKeyVaultCertService

service = AzureKeyVaultCertService(
    "https://example-vault.vault.azure.net/",
    credential=DefaultAzureCredential(),
)

print(service.supports()["features"])

Generate a CSR from local exportable key material:

import asyncio
from pathlib import Path

from azure.identity import DefaultAzureCredential

from swarmauri_certs_azure.certs import AzureKeyVaultCertService
from swarmauri_core.crypto.types import KeyRef


async def main() -> None:
    service = AzureKeyVaultCertService(
        "https://example-vault.vault.azure.net/",
        credential=DefaultAzureCredential(),
    )
    key_ref = KeyRef(material=Path("app-private-key.pem").read_bytes())

    csr = await service.create_csr(
        key=key_ref,
        subject={"CN": "app.example.com"},
    )
    Path("app.csr").write_bytes(csr)


asyncio.run(main())

Check helper behavior for PEM output:

from swarmauri_certs_azure.certs.AzureKeyVaultCertService import _serial_or_random

serial = _serial_or_random(None)
assert 0 < serial < 2**128

Related Packages

Certificate service packages:

Foundational packages:

Best Practices

  • Prefer managed identities or workload identity federation over long-lived client secrets.
  • Keep Key Vault permissions scoped to the minimum operations required by the surrounding workflow.
  • Store generated CSRs and issued certificate chains in auditable storage.
  • Use a dedicated cloud CA or Azure certificate workflow for issuance/import operations outside this package.

License

Apache-2.0

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

swarmauri_certs_azure-0.11.0.dev1.tar.gz (8.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

swarmauri_certs_azure-0.11.0.dev1-py3-none-any.whl (9.8 kB view details)

Uploaded Python 3

File details

Details for the file swarmauri_certs_azure-0.11.0.dev1.tar.gz.

File metadata

  • Download URL: swarmauri_certs_azure-0.11.0.dev1.tar.gz
  • Upload date:
  • Size: 8.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_certs_azure-0.11.0.dev1.tar.gz
Algorithm Hash digest
SHA256 d9f562fac9ba02ce8a306423a10c09584fd1b471fb8b8977cc644fdccd9e6a6d
MD5 6eec27a7dbc9c632eb2a476b3f98c9f4
BLAKE2b-256 1f0956382b15a9c68e93a4fc88a3c7f5405c8ffe6c392db2ec636d2425b72b9b

See more details on using hashes here.

File details

Details for the file swarmauri_certs_azure-0.11.0.dev1-py3-none-any.whl.

File metadata

  • Download URL: swarmauri_certs_azure-0.11.0.dev1-py3-none-any.whl
  • Upload date:
  • Size: 9.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_certs_azure-0.11.0.dev1-py3-none-any.whl
Algorithm Hash digest
SHA256 a95b4552e5d4eb2a0fca48ad0d2912ec0cd8538444abc71edfdc8e9fc47e5e08
MD5 4536a8375e2df92bfa37dced357d07e0
BLAKE2b-256 5e5dad24f554481ebf0d190180cd9694cf7c1bfc0a5235680cf2a5d5ba2d61f9

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page