Azure Key Vault oriented Swarmauri certificate service for PKCS#10 CSR generation, PEM formatting, and certificate workflow helpers.
Project description
Swarmauri Azure Key Vault Certificate Service
swarmauri_certs_azure provides AzureKeyVaultCertService, a Swarmauri certificate-service adapter for Azure-oriented certificate workflows. The current implementation authenticates with Azure credentials, prepares an Azure Key Vault key client, and creates PKCS#10 certificate signing requests from exportable PEM private key material supplied through Swarmauri KeyRef objects.
Why Swarmauri Azure Key Vault Certificate Service?
Use this package when a Swarmauri deployment needs certificate request generation that fits Azure Key Vault operational patterns. It gives certificate code one Swarmauri interface while preserving Azure authentication through DefaultAzureCredential and keeping CSR construction, RFC 5280 serial helpers, and RFC 7468 PEM formatting in a package-local certificate service.
FAQ
Q: Does this package create certificates directly in Azure Key Vault?
A: Not in the current runtime implementation. It creates CSRs from exportable private key material and prepares an Azure Key Vault key client. Azure certificate creation, import, and lifecycle operations should be handled by the surrounding Azure workflow.
Q: What standards does it cover?
A: The package includes PKCS#10 CSR creation, RFC 5280-style serial number generation helpers, and RFC 7468 PEM certificate formatting helpers.
Q: What credential model does it use?
A: AzureKeyVaultCertService uses a caller-provided Azure credential or falls back to DefaultAzureCredential, which supports local developer login, managed identity, workload identity, and service-principal flows supported by Azure Identity.
Q: What key material is required?
A: The implemented CSR path requires exportable PEM private key material in KeyRef.material. Non-exportable Key Vault signing is not implemented by this simplified service.
Features
AzureKeyVaultCertServiceclass for Swarmauri certificate-service workflows.- Azure Identity integration through
DefaultAzureCredentialor a caller-provided credential. - Azure Key Vault key client construction for the configured vault URL.
- PKCS#10 CSR creation from PEM private keys.
- Common-name subject handling for CSR generation.
- RFC 5280-oriented serial number helper.
- RFC 7468 PEM certificate formatting helper.
- Capability metadata reporting RSA-2048, RSA-SHA256, and CSR support.
- Python 3.10, 3.11, 3.12, 3.13, and 3.14 support.
Installation
Install with uv:
uv add swarmauri_certs_azure
Install with pip:
pip install swarmauri_certs_azure
Usage
Create a service for an Azure Key Vault URL:
from azure.identity import DefaultAzureCredential
from swarmauri_certs_azure.certs import AzureKeyVaultCertService
service = AzureKeyVaultCertService(
"https://example-vault.vault.azure.net/",
credential=DefaultAzureCredential(),
)
print(service.supports()["features"])
Generate a CSR from local exportable key material:
import asyncio
from pathlib import Path
from azure.identity import DefaultAzureCredential
from swarmauri_certs_azure.certs import AzureKeyVaultCertService
from swarmauri_core.crypto.types import KeyRef
async def main() -> None:
service = AzureKeyVaultCertService(
"https://example-vault.vault.azure.net/",
credential=DefaultAzureCredential(),
)
key_ref = KeyRef(material=Path("app-private-key.pem").read_bytes())
csr = await service.create_csr(
key=key_ref,
subject={"CN": "app.example.com"},
)
Path("app.csr").write_bytes(csr)
asyncio.run(main())
Check helper behavior for PEM output:
from swarmauri_certs_azure.certs.AzureKeyVaultCertService import _serial_or_random
serial = _serial_or_random(None)
assert 0 < serial < 2**128
Related Packages
Certificate service packages:
- swarmauri_certs_acme
- swarmauri_certs_local_ca
- swarmauri_certs_self_signed
- swarmauri_certs_x509
- swarmauri_certs_cfssl
- swarmauri_certservice_aws_kms
Foundational packages:
- swarmauri_core defines certificate interfaces and
KeyRef. - swarmauri_base provides
CertServiceBase. - swarmauri provides namespace imports and plugin discovery.
Best Practices
- Prefer managed identities or workload identity federation over long-lived client secrets.
- Keep Key Vault permissions scoped to the minimum operations required by the surrounding workflow.
- Store generated CSRs and issued certificate chains in auditable storage.
- Use a dedicated cloud CA or Azure certificate workflow for issuance/import operations outside this package.
License
Apache-2.0
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file swarmauri_certs_azure-0.11.0.dev1.tar.gz.
File metadata
- Download URL: swarmauri_certs_azure-0.11.0.dev1.tar.gz
- Upload date:
- Size: 8.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d9f562fac9ba02ce8a306423a10c09584fd1b471fb8b8977cc644fdccd9e6a6d
|
|
| MD5 |
6eec27a7dbc9c632eb2a476b3f98c9f4
|
|
| BLAKE2b-256 |
1f0956382b15a9c68e93a4fc88a3c7f5405c8ffe6c392db2ec636d2425b72b9b
|
File details
Details for the file swarmauri_certs_azure-0.11.0.dev1-py3-none-any.whl.
File metadata
- Download URL: swarmauri_certs_azure-0.11.0.dev1-py3-none-any.whl
- Upload date:
- Size: 9.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a95b4552e5d4eb2a0fca48ad0d2912ec0cd8538444abc71edfdc8e9fc47e5e08
|
|
| MD5 |
4536a8375e2df92bfa37dced357d07e0
|
|
| BLAKE2b-256 |
5e5dad24f554481ebf0d190180cd9694cf7c1bfc0a5235680cf2a5d5ba2d61f9
|