azure.keyvault package

Module contents

azure.keyvault.KeyVaultClient

alias of azure.keyvault.custom.key_vault_client.CustomKeyVaultClient

class azure.keyvault.KeyVaultId(collection, vault, name, version)[source]

Bases: object

An identifier for an Azure Key Vault resource.

Parameters
  • collection (str) – The resource collection type.

  • vault (str) – The vault URI.

  • name (str) – The resource name.

  • version (str) – The resource version.

property base_id
static create_certificate_id(vault, name, version=None)[source]
Parameters
  • vault (str) – The vault uri.

  • name (str) – The certificate name.

  • version (str) – The certificate version.

Return type

KeyVaultId

static create_certificate_issuer_id(vault, name)[source]
Parameters
  • vault (str) – The vault uri.

  • name (str) – The certificate name.

Return type

KeyVaultId

static create_certificate_operation_id(vault, name)[source]
Parameters
  • vault (str) – The vault uri.

  • name (str) – The certificate name.

Return type

KeyVaultId

static create_key_id(vault, name, version=None)[source]
Parameters
  • vault (str) – The vault uri.

  • name (str) – The key name.

  • version (str) – The key version.

Return type

KeyVaultId

static create_object_id(collection, vault, name, version)[source]
Parameters
  • collection (str) – The resource collection type.

  • vault (str) – The vault URI.

  • name (str) – The resource name.

  • version (str) – The resource version.

Return type

KeyVaultId

static create_secret_id(vault, name, version=None)[source]
Parameters
  • vault (str) – The vault uri.

  • name (str) – The secret name.

  • version (str) – The secret version.

Return type

KeyVaultId

property id
static parse_certificate_id(id)[source]
Parameters

id (str) – The resource collection type.

Return type

KeyVaultId

static parse_certificate_issuer_id(id)[source]
Parameters

id (str) – The resource collection type.

Return type

KeyVaultId

static parse_certificate_operation_id(id)[source]
Parameters

id (str) – The resource collection type.

Return type

KeyVaultId

static parse_key_id(id)[source]
Parameters

id (str) – The key uri.

Return type

KeyVaultId

static parse_object_id(collection, id)[source]
Parameters
  • collection (str) – The resource collection type.

  • id (str) – The resource uri.

Return type

KeyVaultId

static parse_secret_id(id)[source]
Parameters

id (str) – The secret uri.

Return type

KeyVaultId

version_none = ''
class azure.keyvault.KeyId(uri=None, vault=None, name=None, version=None)[source]

Bases: azure.keyvault.custom.key_vault_id.KeyVaultIdentifier

Creates a key vault key id. If uri is specified the id properties are parsed from the uri, otherwise builds the id from the specified vault, name and version. :param uri: The uri of the key vault key :param vault: The vault uri :param name: The key name :param version: The key version

class azure.keyvault.SecretId(uri=None, vault=None, name=None, version=None)[source]

Bases: azure.keyvault.custom.key_vault_id.KeyVaultIdentifier

Creates a key vault secret id. If uri is specified the id properties are parsed from the uri, otherwise builds the id from the specified vault, name and version. :param uri: The uri of the key vault secret :param vault: The vault uri :param name: The secret name :param version: The secret version

class azure.keyvault.CertificateId(uri=None, vault=None, name=None, version=None)[source]

Bases: azure.keyvault.custom.key_vault_id.KeyVaultIdentifier

Creates a key vault certificate id. If uri is specified the id properties are parsed from the uri, otherwise builds the id from the specified vault, name and version. :param uri: The uri of the key vault certificate :param vault: The vault uri :param name: The certificate name :param version: The certificate version

class azure.keyvault.CertificateIssuerId(uri=None, vault=None, name=None)[source]

Bases: azure.keyvault.custom.key_vault_id.KeyVaultIdentifier

Creates a key vault certificate issuer id. If uri is specified the id properties are parsed from the uri, otherwise builds the id from the specified vault and name. :param uri: The uri of the key vault certificate issuer :param vault: The vault uri :param name: The certificate issuer name

class azure.keyvault.CertificateOperationId(uri=None, vault=None, name=None)[source]

Bases: azure.keyvault.custom.key_vault_id.KeyVaultIdentifier

Creates a key vault certificate operation id. If uri is specified the id properties are parsed from the uri, otherwise builds the id from the specified vault and name. :param uri: The uri of the key vault certificate operation :param vault: The vault uri :param name: The certificate name

class azure.keyvault.StorageAccountId(uri=None, vault=None, name=None)[source]

Bases: azure.keyvault.custom.key_vault_id.KeyVaultIdentifier

Creates a key vault storage account id. If uri is specified the id properties are parsed from the uri, otherwise builds the id from the specified vault and name. :param uri: The uri of the key vault storage account :param vault: The vault uri :param name: The storage account name

class azure.keyvault.StorageSasDefinitionId(uri=None, vault=None, account_name=None, sas_definition=None)[source]

Bases: azure.keyvault.custom.key_vault_id.KeyVaultIdentifier

Creates a key vault storage account sas definition id. If uri is specified the id properties are parsed from the uri, otherwise builds the id from the specified vault, account_name, and sas_definition. :param uri: The uri of the key vault storage account sas definition :param vault: The vault uri :param account_name: The storage account name :param sas_definition: The sas definition name

class azure.keyvault.HttpBearerChallenge(request_uri, challenge)[source]

Bases: object

Parses an HTTP WWW-Authentication Bearer challenge from a server.

get_authorization_server()[source]

Returns the URI for the authorization server if present, otherwise empty string.

get_resource()[source]

Returns the resource if present, otherwise empty string.

get_scope()[source]

Returns the scope if present, otherwise empty string.

get_value(key)[source]
static is_bearer_challenge(authentication_header)[source]

Tests whether an authentication header is a Bearer challenge. :param authentication_header: the authentication header to test rtype: bool

class azure.keyvault.HttpChallenge(request_uri, challenge, response_headers=None)[source]

Bases: object

Parses an HTTP WWW-Authentication Bearer challenge from a server.

get_authorization_server()[source]

Returns the URI for the authorization server if present, otherwise empty string.

get_resource()[source]

Returns the resource if present, otherwise empty string.

get_scope()[source]

Returns the scope if present, otherwise empty string.

get_value(key)[source]
is_bearer_challenge()[source]

Tests whether the HttpChallenge a Bearer challenge. rtype: bool

is_pop_challenge()[source]

Tests whether the HttpChallenge is a proof of possession challenge. rtype: bool

supports_message_protection()[source]

Returns True if challenge vault supports message protection

supports_pop()[source]

Returns True if challenge supports pop token auth else False

class azure.keyvault.KeyVaultAuthentication(authorization_callback=None, credentials=None)[source]

Bases: msrest.authentication.OAuthTokenAuthentication

Authentication class to be used as credentials for the KeyVaultClient. :Example Usage:

def auth_callack(server, resource, scope):
self.data_creds = self.data_creds or ServicePrincipalCredentials(client_id=self.config.client_id,

secret=self.config.client_secret, tenant=self.config.tenant_id, resource=resource)

token = self.data_creds.token return token[‘token_type’], token[‘access_token’]

self.keyvault_data_client = KeyVaultClient(KeyVaultAuthentication(auth_callack))

Creates a new KeyVaultAuthentication instance used for authentication in the KeyVaultClient :param authorization_callback: A callback used to provide authentication credentials to the key vault data service. This callback should take three str arguments: authorization uri, resource, and scope, and return a tuple of (token type, access token). :param credentials:: Credentials needed for the client to connect to Azure. :type credentials: :mod:`A msrestazure Credentials

object<msrestazure.azure_active_directory>`

refresh_session()[source]

Return updated session if token has expired, attempts to refresh using refresh token.

Return type

requests.Session.

signed_session(session=None)[source]

Create requests session with any required auth headers applied.

If a session object is provided, configure it directly. Otherwise, create a new session and return it.

Parameters

session (requests.Session) – The session to configure for authentication

Return type

requests.Session

class azure.keyvault.KeyVaultAuthBase(authorization_callback)[source]

Bases: requests.auth.AuthBase

Used for handling authentication challenges, by hooking into the request AuthBase extension model.

Creates a new KeyVaultAuthBase instance used for handling authentication challenges, by hooking into the request AuthBase extension model. :param authorization_callback: A callback used to provide authentication credentials to the key vault data service. This callback should take four str arguments: authorization uri, resource, scope, and scheme, and return an AccessToken

return AccessToken(scheme=token[‘token_type’], token=token[‘access_token’])

Note: for backward compatibility a tuple of the scheme and token can also be returned.

return token[‘token_type’], token[‘access_token’]

azure.keyvault.generate_pop_key()[source]

Generates a key which can be used for Proof Of Possession token authentication. :return:

class azure.keyvault.AccessToken(scheme, token, key)

Bases: tuple

Create new instance of AccessToken(scheme, token, key)

property key

Alias for field number 2

property scheme

Alias for field number 0

property token

Alias for field number 1