Skip to content

Instantly share code, notes, and snippets.

@sadukie

sadukie/0-getPasswordsDefaultAzureCredential.py

Last active October 17, 2022 14:47
Show Gist options
  • Save sadukie/b1d7a991093071d5e7a992d78be5fc44 to your computer and use it in GitHub Desktop.
Save sadukie/b1d7a991093071d5e7a992d78be5fc44 to your computer and use it in GitHub Desktop.
Download ZIP
Authentication with the Azure Identity SDK for Python
Raw
0-getPasswordsDefaultAzureCredential.py
import os
from azure.keyvault.secrets import SecretClient
from azure.identity import DefaultAzureCredential
keyVaultName = os.environ["KEY_VAULT_NAME"]
tenantId = os.environ["AZURE_TENANT_ID"]
secretName = "SecretPassword"
KVUri = f"https://{keyVaultName}.vault.azure.net"
# Breaking changes in 1.11.0
credential = DefaultAzureCredential(additionally_allowed_tenants=[tenantId])
client = SecretClient(vault_url=KVUri, credential=credential)
print(f"Retrieving your secret from {keyVaultName}.")
retrieved_secret = client.get_secret(secretName)
print(f"Your secret is '{retrieved_secret.value}'.")
print(" done.")
Raw
1-getPasswordsInteractiveBrowser.py
import os
from azure.keyvault.secrets import SecretClient
from azure.identity import InteractiveBrowserCredential
keyVaultName = os.environ["KEY_VAULT_NAME"]
tenantId = os.environ["AZURE_TENANT_ID"]
secretName = "SecretPassword"
KVUri = f"https://{keyVaultName}.vault.azure.net"
interactiveBrowserCredential = InteractiveBrowserCredential(additionally_allowed_tenants=[tenantId])
client = SecretClient(vault_url=KVUri, credential=interactiveBrowserCredential)
print(f"Retrieving your secret from {keyVaultName}.")
retrieved_secret = client.get_secret(secretName)
print(f"Your secret is '{retrieved_secret.value}'.")
print(" done.")
Raw
2-getPasswordsDeviceCode.py
import os
from azure.keyvault.secrets import SecretClient
from azure.identity import DeviceCodeCredential
keyVaultName = os.environ["KEY_VAULT_NAME"]
tenantId = os.environ["AZURE_TENANT_ID"]
secretName = "SecretPassword"
KVUri = f"https://{keyVaultName}.vault.azure.net"
deviceCodeCredential = DeviceCodeCredential(additionally_allowed_tenants=[tenantId])
client = SecretClient(vault_url=KVUri, credential=deviceCodeCredential)
print(f"Retrieving your secret from {keyVaultName}.")
retrieved_secret = client.get_secret(secretName)
print(f"Your secret is '{retrieved_secret.value}'.")
print(" done.")
Raw
3-getPasswordsVSCode.py
# Authenticating with VS Code Credential
import os
from azure.keyvault.secrets import SecretClient
from azure.identity import VisualStudioCodeCredential
keyVaultName = os.environ["KEY_VAULT_NAME"]
tenantId = os.environ["AZURE_TENANT_ID"]
secretName = "SecretPassword"
KVUri = f"https://{keyVaultName}.vault.azure.net"
# This is going to be removed in an upcoming update.
# See https://github.com/Azure/azure-sdk-for-python/issues/26602#issuecomment-1266302720
vsCodeCredential = VisualStudioCodeCredential(additionally_allowed_tenants=[tenantId])
client = SecretClient(vault_url=KVUri, credential=vsCodeCredential)
print(f"Retrieving your secret from {keyVaultName}.")
retrieved_secret = client.get_secret(secretName)
print(f"Your secret is '{retrieved_secret.value}'.")
print(" done.")
Raw
4-getPasswordsX509.py
import os
from dotenv import load_dotenv
from azure.keyvault.secrets import SecretClient
from azure.identity import CertificateCredential
load_dotenv()
keyVaultName = os.environ["KEY_VAULT_NAME"]
tenantId = os.environ["AZURE_TENANT_ID"]
clientId = os.environ["AZURE_CLIENT_ID"]
certPath = os.environ["AZURE_CLIENT_CERTIFICATE_PATH_WITH_PASSWORD"]
certPass = os.environ["CERTIFICATE_PASSWORD"]
secretName = "SecretPassword"
KVUri = f"https://{keyVaultName}.vault.azure.net"
# Passworded certificate demo
certCredential = CertificateCredential(tenant_id=tenantId,client_id=clientId,certificate_path=certPath,password=certPass)
client = SecretClient(vault_url=KVUri, credential=certCredential)
print(f"Retrieving your secret from {keyVaultName}.")
retrieved_secret = client.get_secret(secretName)
print(f"Your secret is '{retrieved_secret.value}'.")
print(" done.")
Raw
5-getPasswordsChainedToken.py
import os
from azure.keyvault.secrets import SecretClient
from azure.identity import ChainedTokenCredential, ManagedIdentityCredential, VisualStudioCodeCredential, AzureCliCredential
keyVaultName = os.environ["KEY_VAULT_NAME"]
secretName = "SecretPassword"
KVUri = f"https://{keyVaultName}.vault.azure.net"
managedIdentityCredential = ManagedIdentityCredential()
vsCodeCredential = VisualStudioCodeCredential()
cliCredential = AzureCliCredential()
credential = ChainedTokenCredential(managedIdentityCredential,vsCodeCredential, cliCredential)
client = SecretClient(vault_url=KVUri, credential=credential)
print(f"Retrieving your secret from {keyVaultName}.")
retrieved_secret = client.get_secret(secretName)
print(f"Your secret is '{retrieved_secret.value}'.")
print(" done.")
Raw
6-getPasswordsChooseYourOwnAdventure.py
import os
from pydoc import cli
from azure.keyvault.secrets import SecretClient
from azure.identity import ChainedTokenCredential, DefaultAzureCredential, ManagedIdentityCredential, VisualStudioCodeCredential, AzureCliCredential, InteractiveBrowserCredential, DeviceCodeCredential, EnvironmentCredential, AzurePowerShellCredential
keyVaultName = os.environ["KEY_VAULT_NAME"]
tenantId = os.environ["AZURE_TENANT_ID"]
secretName = "SecretPassword"
KVUri = f"https://{keyVaultName}.vault.azure.net"
# All sorts of credentials to play with
# Multi-tenant issues introduced in 1.11.0 - additionally_allowed_tenants param assists
# See more details here: https://devblogs.microsoft.com/azure-sdk/guidance-for-multi-tenant-applications-using-the-azure-identity-libraries/
defaultAzureCredential = DefaultAzureCredential(additionally_allowed_tenants=[tenantId])
environmentCredential = EnvironmentCredential()
managedIdentityCredential = ManagedIdentityCredential()
cliCredential = AzureCliCredential()
powershellCredential = AzurePowerShellCredential()
interactiveBrowserCredential = InteractiveBrowserCredential(additionally_allowed_tenants=[tenantId])
vsCodeCredential = VisualStudioCodeCredential(additionally_allowed_tenants=[tenantId])
deviceCodeCredential = DeviceCodeCredential(additionally_allowed_tenants=[tenantId])
manualDefaultAzureCredential = ChainedTokenCredential(environmentCredential, managedIdentityCredential,
vsCodeCredential, cliCredential, powershellCredential, interactiveBrowserCredential)
credential = ChainedTokenCredential(deviceCodeCredential)
client = SecretClient(vault_url=KVUri, credential=credential)
print(f"Retrieving your secret from {keyVaultName}.")
retrieved_secret = client.get_secret(secretName)
print(f"Your secret is '{retrieved_secret.value}'.")
print(" done.")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment