azure.keyvault package

Module contents

azure.keyvault.KeyVaultClient

alias of CustomKeyVaultClient

class azure.keyvault.KeyVaultId(collection, vault, name, version)[source]

Bases: object

An identifier for an Azure Key Vault resource.

Parameters:
  • collection (str) – The resource collection type.
  • vault (str) – The vault URI.
  • name (str) – The resource name.
  • version (str) – The resource version.
base_id
static create_certificate_id(vault, name, version=None)[source]
Parameters:
  • vault (str) – The vault uri.
  • name (str) – The certificate name.
  • version (str) – The certificate version.
Return type:

KeyVaultId

static create_certificate_issuer_id(vault, name)[source]
Parameters:
  • vault (str) – The vault uri.
  • name (str) – The certificate name.
Return type:

KeyVaultId

static create_certificate_operation_id(vault, name)[source]
Parameters:
  • vault (str) – The vault uri.
  • name (str) – The certificate name.
Return type:

KeyVaultId

static create_key_id(vault, name, version=None)[source]
Parameters:
  • vault (str) – The vault uri.
  • name (str) – The key name.
  • version (str) – The key version.
Return type:

KeyVaultId

static create_object_id(collection, vault, name, version)[source]
Parameters:
  • collection (str) – The resource collection type.
  • vault (str) – The vault URI.
  • name (str) – The resource name.
  • version (str) – The resource version.
Return type:

KeyVaultId

static create_secret_id(vault, name, version=None)[source]
Parameters:
  • vault (str) – The vault uri.
  • name (str) – The secret name.
  • version (str) – The secret version.
Return type:

KeyVaultId

id
static parse_certificate_id(id)[source]
Parameters:id (str) – The resource collection type.
Return type:KeyVaultId
static parse_certificate_issuer_id(id)[source]
Parameters:id (str) – The resource collection type.
Return type:KeyVaultId
static parse_certificate_operation_id(id)[source]
Parameters:id (str) – The resource collection type.
Return type:KeyVaultId
static parse_key_id(id)[source]
Parameters:id (str) – The key uri.
Return type:KeyVaultId
static parse_object_id(collection, id)[source]
Parameters:
  • collection (str) – The resource collection type.
  • id (str) – The resource uri.
Return type:

KeyVaultId

static parse_secret_id(id)[source]
Parameters:id (str) – The secret uri.
Return type:KeyVaultId
version_none = ''
class azure.keyvault.KeyId(uri=None, vault=None, name=None, version=None)[source]

Bases: azure.keyvault.custom.key_vault_id.KeyVaultIdentifier

Creates a key vault key id. If uri is specified the id properties are parsed from the uri, otherwise builds the id from the specified vault, name and version. :param uri: The uri of the key vault key :param vault: The vault uri :param name: The key name :param version: The key version

class azure.keyvault.SecretId(uri=None, vault=None, name=None, version=None)[source]

Bases: azure.keyvault.custom.key_vault_id.KeyVaultIdentifier

Creates a key vault secret id. If uri is specified the id properties are parsed from the uri, otherwise builds the id from the specified vault, name and version. :param uri: The uri of the key vault secret :param vault: The vault uri :param name: The secret name :param version: The secret version

class azure.keyvault.CertificateId(uri=None, vault=None, name=None, version=None)[source]

Bases: azure.keyvault.custom.key_vault_id.KeyVaultIdentifier

Creates a key vault certificate id. If uri is specified the id properties are parsed from the uri, otherwise builds the id from the specified vault, name and version. :param uri: The uri of the key vault certificate :param vault: The vault uri :param name: The certificate name :param version: The certificate version

class azure.keyvault.CertificateIssuerId(uri=None, vault=None, name=None)[source]

Bases: azure.keyvault.custom.key_vault_id.KeyVaultIdentifier

Creates a key vault certificate issuer id. If uri is specified the id properties are parsed from the uri, otherwise builds the id from the specified vault and name. :param uri: The uri of the key vault certificate issuer :param vault: The vault uri :param name: The certificate issuer name

class azure.keyvault.CertificateOperationId(uri=None, vault=None, name=None)[source]

Bases: azure.keyvault.custom.key_vault_id.KeyVaultIdentifier

Creates a key vault certificate operation id. If uri is specified the id properties are parsed from the uri, otherwise builds the id from the specified vault and name. :param uri: The uri of the key vault certificate operation :param vault: The vault uri :param name: The certificate name

class azure.keyvault.StorageAccountId(uri=None, vault=None, name=None)[source]

Bases: azure.keyvault.custom.key_vault_id.KeyVaultIdentifier

Creates a key vault storage account id. If uri is specified the id properties are parsed from the uri, otherwise builds the id from the specified vault and name. :param uri: The uri of the key vault storage account :param vault: The vault uri :param name: The storage account name

class azure.keyvault.StorageSasDefinitionId(uri=None, vault=None, account_name=None, sas_definition=None)[source]

Bases: azure.keyvault.custom.key_vault_id.KeyVaultIdentifier

Creates a key vault storage account sas definition id. If uri is specified the id properties are parsed from the uri, otherwise builds the id from the specified vault, account_name, and sas_definition. :param uri: The uri of the key vault storage account sas definition :param vault: The vault uri :param account_name: The storage account name :param sas_definition: The sas definition name

class azure.keyvault.HttpBearerChallenge(request_uri, challenge)[source]

Bases: object

Parses an HTTP WWW-Authentication Bearer challenge from a server.

get_authorization_server()[source]

Returns the URI for the authorization server if present, otherwise empty string.

get_resource()[source]

Returns the resource if present, otherwise empty string.

get_scope()[source]

Returns the scope if present, otherwise empty string.

get_value(key)[source]
static is_bearer_challenge(authentication_header)[source]

Tests whether an authentication header is a Bearer challenge. :param authentication_header: the authentication header to test rtype: bool

class azure.keyvault.KeyVaultAuthentication(authorization_callback=None, credentials=None)[source]

Bases: msrest.authentication.OAuthTokenAuthentication

Authentication class to be used as credentials for the KeyVaultClient. :Example Usage:

def auth_callack(server, resource, scope):
self.data_creds = self.data_creds or ServicePrincipalCredentials(client_id=self.config.client_id,
secret=self.config.client_secret, tenant=self.config.tenant_id, resource=resource)

token = self.data_creds.token return token[‘token_type’], token[‘access_token’]

self.keyvault_data_client = KeyVaultClient(KeyVaultAuthentication(auth_callack))

Creates a new KeyVaultAuthentication instance used for authentication in the KeyVaultClient :param authorization_callback: A callback used to provide authentication credentials to the key vault data service. This callback should take three str arguments: authorization uri, resource, and scope, and return a tuple of (token type, access token). :param credentials:: Credentials needed for the client to connect to Azure. :type credentials: :mod:`A msrestazure Credentials

object<msrestazure.azure_active_directory>`
refresh_session()[source]

Return updated session if token has expired, attempts to refresh using refresh token.

Return type:requests.Session.
signed_session()[source]
class azure.keyvault.KeyVaultAuthBase(authorization_callback)[source]

Bases: requests.auth.AuthBase

Used for handling authentication challenges, by hooking into the request AuthBase extension model.

Creates a new KeyVaultAuthBase instance used for handling authentication challenges, by hooking into the request AuthBase extension model. :param authorization_callback: A callback used to provide authentication credentials to the key vault data service. This callback should take three str arguments: authorization uri, resource, and scope, and return a tuple of (token type, access token).

return token[‘token_type’], token[‘access_token’]
handle_401(response, **kwargs)[source]

Takes the response authenticates and resends if neccissary :return: The final response to the authenticated request :rtype: requests.Response

handle_redirect(r, **kwargs)[source]

Reset auth_attempted on redirects.

set_authorization_header(request, challenge)[source]