Home

Awesome

Build pypi versions codecov license

essentials-configuration-keyvault

Azure Key Vault source for essentials-configuration.

pip install essentials-configuration-keyvault

essentials-configuration provides a way to handle configuration roots composed of different layers, such as configuration files and environmental variables. Layers are applied in order and can override each others' values, enabling different scenarios like configuration by environment (e.g. DEV, TEST, PROD) and system instance.

essentials-configuration-keyvault provides a solution to add secrets stored in Azure Key Vault into configuration objects.

Example:

from azure.identity import DefaultAzureCredential
from azure.keyvault.secrets import SecretClient
from config.common import ConfigurationBuilder
from config.keyvault import KeyVaultSource

key_vault_name = "example-keyvault-name"

secrets_client = SecretClient(
    vault_url=f"https://{key_vault_name}.vault.azure.net",
    credential=DefaultAzureCredential(),
)

builder = ConfigurationBuilder(KeyVaultSource(secrets_client))

# when the configuration object is built, secrets are fetched from
# the linked key vault and put into the configuration object (e.g.
# database connection strings, API keys for SendGrid, etc.)
config = builder.build()

Refer to the official Key Vault documentation for more information about its Python client library..

How to run the tests using a real Key Vault

The provided tests can either use a mocked SecretClient, or use a real Key Vault. To use a real Key Vault service:

  1. create a Key Vault (ref.)
  2. sign-in using any way supported by azure.identity.DefaultAzureCredential 3 (e.g. VS Code or az login)
  3. run the tests with the following command:
KEYVAULT_NAME="<YOUR_KEYVAULT_NAME>" pytest -s