User GuidesAiimi

Azure Key Vault Wrapper

The AzureKeyVault class is a wrapper for Azure's Key Vault service. It provides simplified access to secrets, certificates, and keys stored within a specified vault. It extends the KeyVault class and utilises Azure SDK clients to interact with the vault. It is particularly useful in applications that require secure storage and retrieval of sensitive information.

For support building queries use our Query Builder guide.

Initialisation

AzureKeyVault(vault_url=None)

  • Parameters:

    • vault_url: A string representing the URL of the Azure Key Vault. If not provided, the class attempts to retrieve it from the VAULT_URL environment variable.

  • Raises:

    • Exception: If no vault URL is found either through the parameter or the environment variable.

  • Notes:

    • The class uses DefaultAzureCredential for authentication, which supports various authentication methods, including managed identity and environment variables.

Attributes

  • secret_client: An instance of SecretClient for managing secrets.

  • cert_client: An instance of CertificateClient for managing certificates.

  • key_client: An instance of KeyClient for managing keys.

Methods

Get Secret

get_secret(name: str) -> str Retrieves the value of a secret from the Azure Key Vault.

  • Parameters:

    • name: A string representing the name of the secret.

  • Returns:

    • A string containing the value of the secret.

Get Certificate

get_certificate(name: str) Retrieves a certificate from the Azure Key Vault and returns it in PEM format.

  • Parameters:

    • name: A string representing the name of the certificate.

  • Returns:

    • A string containing the certificate in PEM format.

Get Key

get_key(name: str) Retrieves a key from the Azure Key Vault and returns it in PEM format. Supports both public and private RSA keys.

  • Parameters:

    • name: A string representing the name of the key.

  • Returns:

    • A string containing the key in PEM format.

  • Raises:

    • ValueError: If the key is not of type RSA.

  • Notes:

    • The method checks for the presence of private key components to determine whether to return a private or public key.

Example 

from aiimi_insight_engine.key_vault.azure_key_vault import AzureKeyVault 
vault = AzureKeyVault("https://mysecurevault.vault.azure.net/") 
my_secret = vault.get_secret("secret_name")
PreviousQuery BuildersNextCreating a Native Enrichment Step

Last updated