Keep your secrets install#
Install the necessary packages: pip install azure.keyvault pip install azure.identity Set secrets Open CMD with administrator rights and set the specifics of the service principal as environment variables: $ SETX AZURE_CLIENT_ID "" $ SETX AZURE_CLIENT_SECRET "" $ SETX AZURE_TENANT_ID "" $ SETX VAULT_URL "" Python implemenatation Install the requirements Now add the specifics of the service principal to the end of the file and save it: AZURE_CLIENT_ID="" AZURE_CLIENT_SECRET="" AZURE_TENANT_ID="" VAULT_URL="" Windows profile file in the $HOME directory: $ cd ~ & nano. The Azure Identity client library, which we are going to use in Python in a moment, will look up the environment service principal variables to authenticate itself to the Key Vault. Note that the -spn ID is the clientId from the output of the previous step: $ az keyvault set-policy -n -spn -secret-permissions delete get list set -key-permissions create decrypt delete encrypt get list unwrapKey wrapKey Set the environment variables Take note of the output, especially the clientId, clientSecret and the tenantId, it should look like this: Ĭreate an access policy that gives the service principal access to the Key Vault. Now create a service principal to manage access policies: $ az ad sp create-for-rbac -name -sdk-auth The Key Vault URL should look something like this: Retrieve and remember the Key Vault properties.vaultUri: $ az keyvault show -n -query "properties.vaultUri" -o json Let’s start by creating an Azure resource group and the Key Vault: $ az login $ az group create -name -l westeurope $ az keyvault create -name -g I am assuming that you have an active Azure subscription, Python 2.7 or 3.5+ and the Azure CLI installed.
0 kommentar(er)
