Skip to content

Databricks Secret Scope

AzureKeyVaultSecrets

Bases: SecretsInterface

Retrieves and creates/updates secrets in Azure Key Vault. For more information about Azure Key Vaults, see here.

Example

# Retrieves Secrets from Azure Key Vault

from rtdip_sdk.pipelines.secrets import AzureKeyVaultSecrets

get_key_vault_secret = AzureKeyVaultSecrets(
    vault="https://{YOUR-KEY-VAULT}.azure.net/",
    key="{KEY}",
    secret=None,
    credential="{CREDENTIAL}",
    kwargs=None
)

get_key_vault_secret.get()
# Creates or Updates Secrets in Azure Key Vault

from rtdip_sdk.pipelines.secrets import AzureKeyVaultSecrets

set_key_vault_secret = AzureKeyVaultSecrets(
    vault="https://{YOUR-KEY-VAULT}.azure.net/",
    key="{KEY}",
    secret="{SECRET-TO-BE-SET}",
    credential="{CREDENTIAL}",
    kwargs=None
)

set_key_vault_secret.set()

Parameters:

Name Type Description Default
vault str

Azure Key Vault URL

required
key str

Key for the secret

required
secret str

Secret or Password to be set in the Azure Key Vault

None
credential str

Credential for authenticating with Azure Key Vault

None
kwargs dict

List of additional parameters to be passed when creating a Azure Key Vault Client. Please see here for more details on parameters that can be provided to the client

None
Source code in src/sdk/python/rtdip_sdk/pipelines/secrets/azure_key_vault.py
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
class AzureKeyVaultSecrets(SecretsInterface):
    """
    Retrieves and creates/updates secrets in Azure Key Vault. For more information about Azure Key Vaults, see [here.](https://learn.microsoft.com/en-gb/azure/key-vault/general/overview)

    Example
    -------
    ```python
    # Retrieves Secrets from Azure Key Vault

    from rtdip_sdk.pipelines.secrets import AzureKeyVaultSecrets

    get_key_vault_secret = AzureKeyVaultSecrets(
        vault="https://{YOUR-KEY-VAULT}.azure.net/",
        key="{KEY}",
        secret=None,
        credential="{CREDENTIAL}",
        kwargs=None
    )

    get_key_vault_secret.get()

    ```
    ```python
    # Creates or Updates Secrets in Azure Key Vault

    from rtdip_sdk.pipelines.secrets import AzureKeyVaultSecrets

    set_key_vault_secret = AzureKeyVaultSecrets(
        vault="https://{YOUR-KEY-VAULT}.azure.net/",
        key="{KEY}",
        secret="{SECRET-TO-BE-SET}",
        credential="{CREDENTIAL}",
        kwargs=None
    )

    set_key_vault_secret.set()
    ```

    Parameters:
        vault (str): Azure Key Vault URL
        key (str): Key for the secret
        secret (str): Secret or Password to be set in the Azure Key Vault
        credential (str): Credential for authenticating with Azure Key Vault
        kwargs (dict): List of additional parameters to be passed when creating a Azure Key Vault Client. Please see [here](https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/keyvault/azure-keyvault-secrets) for more details on parameters that can be provided to the client
    """

    vault: str
    key: str
    secret: str
    credential: str
    kwargs: dict

    def __init__(
        self,
        vault: str,
        key: str,
        secret: str = None,
        credential=None,
        kwargs: dict = None,
    ):
        self.vault = vault
        self.key = key
        self.secret = secret
        self.credential = credential
        self.kwargs = {} if kwargs is None else kwargs
        self.client = self._get_akv_client()

    @staticmethod
    def system_type():
        """
        Attributes:
            SystemType (Environment): Requires PYTHON
        """
        return SystemType.PYTHON

    @staticmethod
    def libraries():
        libraries = Libraries()
        libraries.add_pypi_library(get_default_package("azure_key_vault_secret"))
        return libraries

    @staticmethod
    def settings() -> dict:
        return {}

    def _get_akv_client(self):
        return SecretClient(
            vault_url="https://{}.vault.azure.net".format(self.vault),
            credential=self.credential,
            **self.kwargs
        )

    def get(self):
        """
        Retrieves the secret from the Azure Key Vault
        """
        response = self.client.get_secret(name=self.key)
        return response.value

    def set(self):
        """
        Creates or updates a secret in the Azure Key Vault
        """
        self.client.set_secret(name=self.key, value=self.secret)
        return True

system_type() staticmethod

Attributes:

Name Type Description
SystemType Environment

Requires PYTHON

Source code in src/sdk/python/rtdip_sdk/pipelines/secrets/azure_key_vault.py
88
89
90
91
92
93
94
@staticmethod
def system_type():
    """
    Attributes:
        SystemType (Environment): Requires PYTHON
    """
    return SystemType.PYTHON

get()

Retrieves the secret from the Azure Key Vault

Source code in src/sdk/python/rtdip_sdk/pipelines/secrets/azure_key_vault.py
113
114
115
116
117
118
def get(self):
    """
    Retrieves the secret from the Azure Key Vault
    """
    response = self.client.get_secret(name=self.key)
    return response.value

set()

Creates or updates a secret in the Azure Key Vault

Source code in src/sdk/python/rtdip_sdk/pipelines/secrets/azure_key_vault.py
120
121
122
123
124
125
def set(self):
    """
    Creates or updates a secret in the Azure Key Vault
    """
    self.client.set_secret(name=self.key, value=self.secret)
    return True