Azure SDK for Python: Key Vault Secrets Samples

Azure Key Vault Secrets Samples

Explore the following Python code samples to learn how to interact with Azure Key Vault secrets using the Azure SDK for Python. These examples cover common operations like creating, retrieving, updating, and deleting secrets.

1. Setting a Secret

This sample demonstrates how to create a new secret in your Azure Key Vault.


from azure.identity import DefaultAzureCredential
from azure.keyvault.secrets import SecretClient

# Replace with your Key Vault URL
keyvault_url = f"https://YOUR_KEY_VAULT_NAME.vault.azure.net/"
credential = DefaultAzureCredential()
client = SecretClient(vault_url=keyvault_url, credential=credential)

secret_name = "MySampleSecret"
secret_value = "MySuperSecretValue123!"

try:
    print(f"Setting secret '{secret_name}'...")
    client.set_secret(secret_name, secret_value)
    print("Secret set successfully.")
except Exception as e:
    print(f"Error setting secret: {e}")

Try This Sample

2. Getting a Secret

Retrieve the value of an existing secret from your Azure Key Vault.


from azure.identity import DefaultAzureCredential
from azure.keyvault.secrets import SecretClient

keyvault_url = f"https://YOUR_KEY_VAULT_NAME.vault.azure.net/"
credential = DefaultAzureCredential()
client = SecretClient(vault_url=keyvault_url, credential=credential)

secret_name = "MySampleSecret"

try:
    print(f"Getting secret '{secret_name}'...")
    secret = client.get_secret(secret_name)
    print(f"Secret Name: {secret.name}")
    print(f"Secret Value: {secret.value}")
except Exception as e:
    print(f"Error getting secret: {e}")

Try This Sample

3. Listing Secrets

Iterate through all secrets stored in your Azure Key Vault.


from azure.identity import DefaultAzureCredential
from azure.keyvault.secrets import SecretClient

keyvault_url = f"https://YOUR_KEY_VAULT_NAME.vault.azure.net/"
credential = DefaultAzureCredential()
client = SecretClient(vault_url=keyvault_url, credential=credential)

print("Listing secrets in Key Vault:")
try:
    for secret_properties in client.list_properties_of_secrets():
        print(f"- {secret_properties.name}")
except Exception as e:
    print(f"Error listing secrets: {e}")

Try This Sample

4. Deleting a Secret

Permanently remove a secret from your Azure Key Vault.


from azure.identity import DefaultAzureCredential
from azure.keyvault.secrets import SecretClient

keyvault_url = f"https://YOUR_KEY_VAULT_NAME.vault.azure.net/"
credential = DefaultAzureCredential()
client = SecretClient(vault_url=keyvault_url, credential=credential)

secret_name = "MySampleSecret"

try:
    print(f"Deleting secret '{secret_name}'...")
    # You might want to back up the secret before deleting
    client.begin_delete_secret(secret_name)
    print("Secret deletion initiated.")
    # To permanently delete, you may need to purge the vault if soft-delete is enabled
    # and pending deletion objects exist.
except Exception as e:
    print(f"Error deleting secret: {e}")

Try This Sample