Bibliotecas de Azure Key Vault para PythonAzure Key Vault libraries for Python

Información generalOverview

Cree, actualice y elimine claves y secretos en Azure Key Vault con las bibliotecas de cliente.Create, update, and delete keys and secrets in Azure Key Vault with the client libraries.

Uso de las bibliotecas de administración de Azure Key Vault para crear almacenes de claves, autorizar aplicaciones y administrar permisos.Use the Azure Key Vault management libraries to create key vaults, authorize applications, and manage permissions.

Obtenga más información sobre Azure Key Vault.Learn more about Azure Key Vault.

Instalación de las bibliotecasInstall the libraries

Biblioteca de clienteClient library

pip install azure-keyvault

EjemplosExamples

Recupere una clave de web JSON desde un almacén de claves.Retrieve a JSON web key from a Key Vault.

from azure.keyvault import KeyVaultClient, KeyVaultAuthentication
from azure.common.credentials import ServicePrincipalCredentials

credentials = None

def auth_callback(server, resource, scope):
    credentials = ServicePrincipalCredentials(
        client_id = '', #client id
        secret = '',
        tenant = '',
        resource = "https://vault.azure.net"
    )
    token = credentials.token
    return token['token_type'], token['access_token']

client = KeyVaultClient(KeyVaultAuthentication(auth_callback))

key_bundle = client.get_key(vault_url, key_name, key_version)
json_key = key_bundle.key

De forma similar, puede utilizar el siguiente fragmento de código para recuperar un secreto desde el almacén:Similarly, you can use the following snippet to retrieve a secret from the vault:

from azure.keyvault import KeyVaultClient, KeyVaultAuthentication
from azure.common.credentials import ServicePrincipalCredentials

credentials = None

def auth_callback(server, resource, scope):
    credentials = ServicePrincipalCredentials(
        client_id = '',
        secret = '',
        tenant = '',
        resource = "https://vault.azure.net"
    )
    token = credentials.token
    return token['token_type'], token['access_token']

client = KeyVaultClient(KeyVaultAuthentication(auth_callback))

secret_bundle = client.get_secret("https://VAULT_ID.vault.azure.net/", "SECRET_ID", "SECRET_VERSION")

print(secret_bundle.value)

API de administraciónManagement API

pip install azure-mgmt-keyvault

EjemploExample

En el ejemplo siguiente se muestra cómo crear un almacén de claves de Azure Key Vault.The following example shows how to create an Azure Key Vault.

from azure.mgmt.keyvault import KeyVaultManagementClient

GROUP_NAME = 'your_resource_group_name'
KV_NAME = 'your_key_vault_name'
#The object ID of the User or Application for access policies. Find this number in the portal
OBJECT_ID = '00000000-0000-0000-0000-000000000000'

kv_client = KeyVaultManagementClient(credentials, subscription_id)

vault = kv_client.vaults.create_or_update(
    GROUP_NAME,
    KV_NAME,
    {
        'location': 'eastus',
        'properties': {
            'sku': {
                'name': 'standard'
            },
            'tenant_id': os.environ['AZURE_TENANT_ID'],
            'access_policies': [{
                'tenant_id': os.environ['AZURE_TENANT_ID'],
                'object_id': OBJECT_ID,
                'permissions': {
                    'keys': ['all'],
                    'secrets': ['all']
                }
            }]
        }
    }
)

EjemplosSamples

Vea la lista completa de ejemplos de Azure Key Vault.View the complete list of Azure Key Vault samples.