Repository for explaining how to use Azure key vaults in our projects.
This package is designed for easily pulling and creating secrets in Azure key vaults.
pip install git+ssh://git@github.com/zypp-io/keyvault.git
This function sets the keyvault secrets to the runtime environment variables. This function will only work if you have set the required environment variables
from keyvault import secrets_to_environment
secrets_to_environment(keyvault_name="mykeyvault")
Function for reading the local .env file and capturing the secret_name, secret_value as key value pairs.
from keyvault import get_dotenv_secrets
get_dotenv_secrets(dotenv_file=".env")
This function can be used to pull secrets from the vault. This function will only work if you have set the required environment variables
from keyvault import get_keyvault_secrets
secrets = get_keyvault_secrets(keyvault_name="mykeyvault")
# Returns a dictionary containing secret_name, secret_value pairs
This function is designed for making it easy to upload sensitive project secrets to Azure key vault.
The function reads the .env file and uploads the names and values to Azure key vault.
from keyvault import dotenv_to_keyvault
dotenv_to_keyvault(keyvault_name="mykeyvault", dotenv_file=".env")
# Uploads your current .env variables to azure key vault
The function lets you upload a dictionary, where the key-value pairs are the secretname-secretvalues in Azure key vault.
from keyvault import dict_to_keyvault
dict_to_keyvault(keyvault_name="mykeyvault", secret_dict={'SECRET_NAME': 'secret value'})
It is also possible to add an expiry date or the content type of the secrets:
from keyvault import dict_to_keyvault
from datetime import datetime, timedelta
expiry_date = datetime.now() + timedelta(days=80)
dict_to_keyvault(
keyvault_name="mykeyvault",
secret_dict={'SECRET_NAME': 'secret value'},
expires_on=expiry_date,
content_type="text/plain"
)
The function lets you delete secrets in the keyvault. Secrets will be deleted with soft_delete enabled.
from keyvault import delete_keyvault_secrets
delete_keyvault_secrets(keyvault_name="mykeyvault", secret_list=["SECRET_NAME"])
There are 3 environment variables that are necessary for authenticating with the azure key vault. These variables always need to be present in the project in order for the secrets to be retrieved.
AZURE_CLIENT_ID=REPLACE-ME
AZURE_CLIENT_SECRET=REPLACE-ME
AZURE_TENANT_ID=REPLACE-ME
FAQs
A small package for handling project secrets
We found that keyvault demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.