|
Add this skill
npx mdskills install sickn33/azure-keyvault-pyComprehensive Azure Key Vault reference with clear examples but lacks agent workflow instructions
Secure storage and management for secrets, cryptographic keys, and certificates.
# Secrets
pip install azure-keyvault-secrets azure-identity
# Keys (cryptographic operations)
pip install azure-keyvault-keys azure-identity
# Certificates
pip install azure-keyvault-certificates azure-identity
# All
pip install azure-keyvault-secrets azure-keyvault-keys azure-keyvault-certificates azure-identity
AZURE_KEYVAULT_URL=https://.vault.azure.net/
from azure.identity import DefaultAzureCredential
from azure.keyvault.secrets import SecretClient
credential = DefaultAzureCredential()
vault_url = "https://.vault.azure.net/"
client = SecretClient(vault_url=vault_url, credential=credential)
# Set secret
secret = client.set_secret("database-password", "super-secret-value")
print(f"Created: {secret.name}, version: {secret.properties.version}")
# Get secret
secret = client.get_secret("database-password")
print(f"Value: {secret.value}")
# Get specific version
secret = client.get_secret("database-password", version="abc123")
# List secrets (names only, not values)
for secret_properties in client.list_properties_of_secrets():
print(f"Secret: {secret_properties.name}")
# List versions
for version in client.list_properties_of_secret_versions("database-password"):
print(f"Version: {version.version}, Created: {version.created_on}")
# Delete secret (soft delete)
poller = client.begin_delete_secret("database-password")
deleted_secret = poller.result()
# Purge (permanent delete, if soft-delete enabled)
client.purge_deleted_secret("database-password")
# Recover deleted secret
client.begin_recover_deleted_secret("database-password").result()
from azure.identity import DefaultAzureCredential
from azure.keyvault.keys import KeyClient
credential = DefaultAzureCredential()
vault_url = "https://.vault.azure.net/"
client = KeyClient(vault_url=vault_url, credential=credential)
from azure.keyvault.keys import KeyType
# Create RSA key
rsa_key = client.create_rsa_key("rsa-key", size=2048)
# Create EC key
ec_key = client.create_ec_key("ec-key", curve="P-256")
# Get key
key = client.get_key("rsa-key")
print(f"Key type: {key.key_type}")
# List keys
for key_properties in client.list_properties_of_keys():
print(f"Key: {key_properties.name}")
# Delete key
poller = client.begin_delete_key("rsa-key")
deleted_key = poller.result()
from azure.keyvault.keys.crypto import CryptographyClient, EncryptionAlgorithm
# Get crypto client for a specific key
crypto_client = CryptographyClient(key, credential=credential)
# Or from key ID
crypto_client = CryptographyClient(
"https://.vault.azure.net/keys//",
credential=credential
)
# Encrypt
plaintext = b"Hello, Key Vault!"
result = crypto_client.encrypt(EncryptionAlgorithm.rsa_oaep, plaintext)
ciphertext = result.ciphertext
# Decrypt
result = crypto_client.decrypt(EncryptionAlgorithm.rsa_oaep, ciphertext)
decrypted = result.plaintext
# Sign
from azure.keyvault.keys.crypto import SignatureAlgorithm
import hashlib
digest = hashlib.sha256(b"data to sign").digest()
result = crypto_client.sign(SignatureAlgorithm.rs256, digest)
signature = result.signature
# Verify
result = crypto_client.verify(SignatureAlgorithm.rs256, digest, signature)
print(f"Valid: {result.is_valid}")
from azure.identity import DefaultAzureCredential
from azure.keyvault.certificates import CertificateClient, CertificatePolicy
credential = DefaultAzureCredential()
vault_url = "https://.vault.azure.net/"
client = CertificateClient(vault_url=vault_url, credential=credential)
# Create self-signed certificate
policy = CertificatePolicy.get_default()
poller = client.begin_create_certificate("my-cert", policy=policy)
certificate = poller.result()
# Get certificate
certificate = client.get_certificate("my-cert")
print(f"Thumbprint: {certificate.properties.x509_thumbprint.hex()}")
# Get certificate with private key (as secret)
from azure.keyvault.secrets import SecretClient
secret_client = SecretClient(vault_url=vault_url, credential=credential)
cert_secret = secret_client.get_secret("my-cert")
# cert_secret.value contains PEM or PKCS12
# List certificates
for cert in client.list_properties_of_certificates():
print(f"Certificate: {cert.name}")
# Delete certificate
poller = client.begin_delete_certificate("my-cert")
deleted = poller.result()
| Client | Package | Purpose |
|---|---|---|
SecretClient | azure-keyvault-secrets | Store/retrieve secrets |
KeyClient | azure-keyvault-keys | Manage cryptographic keys |
CryptographyClient | azure-keyvault-keys | Encrypt/decrypt/sign/verify |
CertificateClient | azure-keyvault-certificates | Manage certificates |
from azure.identity.aio import DefaultAzureCredential
from azure.keyvault.secrets.aio import SecretClient
async def get_secret():
credential = DefaultAzureCredential()
client = SecretClient(vault_url=vault_url, credential=credential)
async with client:
secret = await client.get_secret("my-secret")
print(secret.value)
import asyncio
asyncio.run(get_secret())
from azure.core.exceptions import ResourceNotFoundError, HttpResponseError
try:
secret = client.get_secret("nonexistent")
except ResourceNotFoundError:
print("Secret not found")
except HttpResponseError as e:
if e.status_code == 403:
print("Access denied - check RBAC permissions")
raise
Install via CLI
npx mdskills install sickn33/azure-keyvault-pyAzure Keyvault Py is a free, open-source AI agent skill. |
Install Azure Keyvault Py with a single command:
npx mdskills install sickn33/azure-keyvault-pyThis downloads the skill files into your project and your AI agent picks them up automatically.
Azure Keyvault Py works with Claude Code, Claude Desktop, Cursor, Vscode Copilot, Windsurf, Continue Dev, Codex, Gemini Cli, Amp, Roo Code, Goose, Opencode, Trae, Qodo, Command Code. Skills use the open SKILL.md format which is compatible with any AI coding agent that reads markdown instructions.