https://github.com/devwithkrishna/keyvault-management

keyvault management in azure using github workflow
https://github.com/devwithkrishna/keyvault-management

azure azure-sdk-for-python keyvault python

Last synced: 11 months ago
JSON representation

keyvault management in azure using github workflow

• Host: GitHub
• URL: https://github.com/devwithkrishna/keyvault-management
• Owner: devwithkrishna
• License: mit
• Created: 2023-12-08T15:30:19.000Z (about 2 years ago)
• Default Branch: main
• Last Pushed: 2024-09-10T16:07:21.000Z (over 1 year ago)
• Last Synced: 2025-01-16T00:55:50.149Z (about 1 year ago)
• Topics: azure, azure-sdk-for-python, keyvault, python
• Language: Python
• Size: 79.1 KB
• Stars: 1
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# keyvault-management

keyvault management in azure using github workflow

## Parameters

* keyvault_name

* operation

    - get

    - set

    - list

    - delete

    - recover

    - list_deleted_secrets

        

```

usage: kv_mgmt.py [-h] [--client_id CLIENT_ID] [--client_secret CLIENT_SECRET]

                  [--tenant_id TENANT_ID] --keyvault_name KEYVAULT_NAME

                  --operation

                  {get,set,list,delete,list_deleted_secrets,recover}

                  [--secret_name SECRET_NAME] [--secret_value SECRET_VALUE]

                  [--content CONTENT]

```

## Table

|parameter name | mandatory values | optional | 

|---------------|------------------|----------|

|keyvault_name  | yes              |          |

|operation      | yes              |          |

|secret_name    |                  |  yes      |

|secret_value   |                  | yes       |

|content        |                  |  yes      |

## How program works

``` 

This python program leverages the azure sdks - azure identity and azure-keyvault-secrets.

Azure identity is used for authentication to azure and azure-keyvault-secrets to work with keyvault secrets.

```

* Azure Identity - uses DefaultAzureCredential method for authentication.

    - This uses the service principal app id, service principal secret and tenant id to do the authentication

      make sure you have the below.

    ```

    AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_TENANT_ID are the environment variables it will be using

    ```

* I use the .env to supply the above vars and load them using python-dotenv package and use it. or you can pass it as 

    environment variable and use by os method.

The .env file will be of following 

```

AZURE_CLIENT_ID= "value"

AZURE_CLIENT_SECRET = "value"

AZURE_SUBSCRIPTION_ID = "value"

AZURE_TENANT_ID = "value"

```

replace the value with your original values.

AZURE_SUBSCRIPTION_ID - an optional parameter in .env file.

* The environment variables are passed in the github workflows in a differnt method.

    ```

    jobs:

        keyvault_management:

            runs-on: ubuntu-latest

            env:

            AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}

            AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}

            AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}

    ```

    * I have configued AZURE_CLIENT_ID, AZURE_CLIENT_SECRET and AZURE_TENANT_ID as repository secrets / organizational secrets.