Azure Key Vault

🎀This blog post aims to guide you through the process of configuring a Python application to access information from the Azure Key Vault using the CLI.

🌈Run the below command to create the Resource group.

az group create --name "cnlrg" -l "EastUS"

az keyvault create --name "<cnlkeyvault>" -g "cnlrg"

Resource Group.

🌈Create the key vault using the below syntax.

Key vault.

🌈Let’s generate a secret named ‘cnlSecret’ with the value ‘Success!’. Add the secret to the newly created key vault using the below command.

az keyvault secret set --vault-name "<cnlkeyvault>" --name "cnlSecret" --value "Success!"

🌈Create a Linux Virtual machine.

az vm create \
  --resource-group cnlrg \
  --name cnlVM \
  --image UbuntuLTS \
  --admin-username cnluser \
  --generate-ssh-keys

🌈Take note of the ‘publicIpAddress’ value in the output.

Public IP address.

🌈The ‘az vm identity assign’ command is used to create a system-assigned identity for the virtual machine.

az vm identity assign --name "cnlVM" --resource-group "cnlrg"

🌈Take note of the system-assigned identity.

🌈Next, I will grant the permissions of the identity that was created to my key vault using the below command.

az keyvault set-policy --name "cnlkeyvault" --object-id "<systemAssignedIdentity>" --secret-permissions get list

🌈Let’s login to the VM using ssh.

🌈ssh username@<IP address>.

🌈On the virtual machine, check the existing Python libraries.

python3 --version
pip3 --version -pip

🌈Pip3 will throw an error “the library doesn’t exist”, so install pip3 libraries.

sudo apt update
sudo apt install python3-pip

🌈Now we will install two libraries like key vault secrets and azure. identity that will be used in our Python script.

pip3 install azure-keyvault-secrets

🌈While installing Azure. identity, you will find the below error.

🌈I researched the issue and found the below commands are useful to fix it.

pip3 install --upgrade pip
pip3 install cryptography

🌈Rerun the identity command; this time it should work fine.

pip3 install azure.identity

🌈Now I will create a Python script to read the secret from the Key Vault.

sample.py
from azure.keyvault.secrets import SecretClient
from azure.identity import DefaultAzureCredential

key_vault_name = "cnlkeyvault"
key_vault_uri = f"https://{key_vault_name}.vault.azure.net"
secret_name = "cnlSecret"

credential = DefaultAzureCredential()
client = SecretClient(vault_url=key_vault_uri, credential=credential)
retrieved_secret = client.get_secret(secret_name)

print(f"The value of secret '{secret_name}' in '{key_vault_name}' is: '{retrieved_secret.value}'")

🌈Run the script to check if it is working fine.

python3 sample.py

🌈Successfully retrieved the secret from the Key Vault.

🌈Clean up the Resource group.

az group delete -g cnlrg

Thank you

Thank you, that’s all for today. See you in the next blog 😍