Azure Key
Vault
source for
essentials-configuration
.
pip install essentials-configuration-keyvault
essentials-configuration
provides a way to handle configuration roots
composed of different layers, such as configuration files and environmental
variables. Layers are applied in order and can override each others' values,
enabling different scenarios like configuration by environment (e.g. DEV, TEST,
PROD) and system instance.
essentials-configuration-keyvault
provides a solution to add secrets stored
in Azure Key Vault into configuration objects.
Example:
from azure.identity import DefaultAzureCredential
from azure.keyvault.secrets import SecretClient
from config.common import ConfigurationBuilder
from config.keyvault import KeyVaultSource
key_vault_name = "example-keyvault-name"
secrets_client = SecretClient(
vault_url=f"https://{key_vault_name}.vault.azure.net",
credential=DefaultAzureCredential(),
)
builder = ConfigurationBuilder(KeyVaultSource(secrets_client))
# when the configuration object is built, secrets are fetched from
# the linked key vault and put into the configuration object (e.g.
# database connection strings, API keys for SendGrid, etc.)
config = builder.build()
Refer to the official Key Vault documentation for more information about its Python client library..
The provided tests can either use a mocked SecretClient
, or use a real Key Vault.
To use a real Key Vault service:
- create a Key Vault (ref.)
- sign-in using any way supported by
azure.identity.DefaultAzureCredential
3 (e.g. VS Code oraz login
) - run the tests with the following command:
KEYVAULT_NAME="<YOUR_KEYVAULT_NAME>" pytest -s