Securely Managing Secrets with Azure Key Vault and Python

Introduction

In this article, we'll explore how to leverage Azure Key Vault to store and retrieve secret values using Python. Azure Key Vault is a cloud-based service that allows you to securely store and control access to tokens, passwords, certificates, API keys, and other secrets. It provides robust encryption, access control, and logging capabilities, ensuring that your sensitive data is protected.

Before we dive into the code, you'll need to set up an Azure Key Vault instance within your Azure subscription. This can be done through the Azure Portal, Azure CLI, or Azure PowerShell. During the setup process, you'll need to specify a name for your Key Vault, choose a resource group, and configure access policies to grant permissions to your application or service principal. Once you have your Azure Key Vault instance set up, you can use the Azure Key Vault.

First we need to install required libraries.

pip install azure-identity azure-keyvault-secrets

Setup Secret Client

from azure.keyvault.secrets import SecretClient
import os

# Load the service principal credentials
credential = DefaultAzureCredential()

# Create a SecretClient instance
vault_url = "https://<key-vault-name>.vault.azure.net/"
secret_client = SecretClient(vault_url=vault_url, credential=credential)

Store a secret value

secret_value = "<secret-value>"

# Create or update the secret
secret_name = "<secret-name>"
secret = secret_client.set_secret(name=secret_name, value=secret_value)
print(f"Secret '{secret_name}' created/updated with value '{secret_value}'")

Retrieve a secret value

# Retrieve the secret value
secret_data = secret_client.get_secret(name=secret_name)
print(f"Retrieved secret '{secret_name}' with value '{secret_data.value}'")

Make sure to replace <key-vault-name> with the name of your Azure Key Vault instance and also replace <secret-name> and <secret-value>  with the desired name for your secret and value.

Summary

In this blog post, we explored how to securely store and retrieve secret values using Azure Key Vault and Python. Azure Key Vault provides a robust and secure solution for managing sensitive information. By leveraging the Azure Key Vault Python library, you can easily integrate Key Vault into your Python applications, streamlining the process of securely managing and accessing your secrets.

Note. To authenticate with Azure Key Vault, you need to have the appropriate permissions and credentials.