How to create Azure Key Vault using Python
Prerequisite: Below are the prerequisites for following this post. 1. Azure CLI. Refer below articles to install Azure CLI.
[Windows]
Install Azure CLI on windows[Ubuntu]
Install Azure CLI on Ubuntu 2. Python 3.6 or later Create Azure Key Vault using Python
az login
pip install azure-identity
pip install azure-mgmt-keyvault
from azure.identity import AzureCliCredential
from azure.mgmt.keyvault import KeyVaultManagementClient
from azure.mgmt.keyvault.models import VaultCreateOrUpdateParameters
from azure.mgmt.keyvault.models import VaultProperties
from azure.mgmt.keyvault.models import Sku
from azure.mgmt.keyvault.models import Permissions
from azure.mgmt.keyvault.models import AccessPolicyEntry
# Define tenant ID and object ID
# The object ID of a user, service principal or security group
# in the Azure Active Directory tenant for the vault
tenant_id = "Tenant_ID" # Replace with Tenant ID
object_id = "Object_ID" # Replace with Object ID of user, service principal etc..
# Define subscription_id, resource_group_name, keyvault_name and keyvault_location
subscription_id = "subscription_id" # Replace with Subscription ID
resource_group_name = "resource_group_name" # Replace with Resource Group Name
keyvault_name = "keyvault_name" # Replace with Key Vault Name to be created
keyvault_location = "keyvault_location" # Replace with KeyVault Location
# Acquire a credential object using CLI-based authentication
credential = AzureCliCredential()
# Obtain management object for Key Vault, using the credentials from the CLI login
keyvault_client = KeyVaultManagementClient(credential, subscription_id)
# Create a key vault
response = keyvault_client.vaults.begin_create_or_update(
resource_group_name,
keyvault_name,
VaultCreateOrUpdateParameters(
location=keyvault_location,
properties=VaultProperties(
tenant_id=tenant_id,
sku=Sku(name="standard", family="A"),
access_policies=[
AccessPolicyEntry(
tenant_id=tenant_id,
object_id=object_id,
permissions=Permissions(keys=["all"], secrets=["all"]),
)
],
),
),
)
key_vault = response.result()
print(f"Created key vault {key_vault.name} in {key_vault.location} region")
from azure.identity import AzureCliCredential
from azure.mgmt.keyvault import KeyVaultManagementClient
from azure.mgmt.keyvault.models import VaultCreateOrUpdateParameters
from azure.mgmt.keyvault.models import VaultProperties
from azure.mgmt.keyvault.models import Sku
from azure.mgmt.keyvault.models import Permissions
from azure.mgmt.keyvault.models import AccessPolicyEntry
# Define tenant ID and object ID
# The object ID of a user, service principal or security group
# in the Azure Active Directory tenant for the vault
tenant_id = "Tenant_ID" # Replace with Tenant ID
object_id = "Object_ID" # Replace with Object ID of user, service principal etc..
# Define subscription_id, resource_group_name, keyvault_name and keyvault_location
subscription_id = "subscription_id" # Replace with Subscription ID
resource_group_name = "resource_group_name" # Replace with Resource Group Name
keyvault_name = "keyvault_name" # Replace with Key Vault Name to be created
keyvault_location = "keyvault_location" # Replace with KeyVault Location
# Acquire a credential object using CLI-based authentication
credential = AzureCliCredential()
# Obtain management object for Key Vault, using the credentials from the CLI login
keyvault_client = KeyVaultManagementClient(credential, subscription_id)
# Create a key vault
response = keyvault_client.vaults.begin_create_or_update(
resource_group_name,
keyvault_name,
VaultCreateOrUpdateParameters(
location=keyvault_location,
properties=VaultProperties(
tenant_id=tenant_id,
sku=Sku(name="standard", family="A"),
access_policies=[
AccessPolicyEntry(
tenant_id=tenant_id,
object_id=object_id,
permissions=Permissions(keys=["all"], secrets=["all"]),
)
],
),
),
)
key_vault = response.result()
print(f"Created key vault {key_vault.name} in {key_vault.location} region")
Category: Azure
