Sample:
"""
Azure Key Vault CRUD Operations Script
Demonstrates Create, Read, Update, and Delete operations on Key Vault secrets
"""
import sys
from azure.keyvault.secrets import SecretClient
from azure.identity import DefaultAzureCredential
from azure.core.exceptions import ResourceNotFoundError, HttpResponseError
def create_secret(client, secret_name, secret_value):
"""Create a new secret in Azure Key Vault"""
try:
print(f"\n[CREATE] Creating secret '{secret_name}'...")
secret = client.set_secret(secret_name, secret_value)
print(f"✓ Secret created successfully")
print(f" Name: {secret.name}")
print(f" Value: {secret.value}")
print(f" Version: {secret.properties.version}")
return secret
except HttpResponseError as e:
print(f"✗ Failed to create secret: {e.message}")
raise
def read_secret(client, secret_name):
"""Read/retrieve a secret from Azure Key Vault"""
try:
print(f"\n[READ] Retrieving secret '{secret_name}'...")
secret = client.get_secret(secret_name)
print(f"✓ Secret retrieved successfully")
print(f" Name: {secret.name}")
print(f" Value: {secret.value}")
print(f" Version: {secret.properties.version}")
print(f" Enabled: {secret.properties.enabled}")
return secret
except ResourceNotFoundError:
print(f"✗ Secret '{secret_name}' not found")
raise
except HttpResponseError as e:
print(f"✗ Failed to read secret: {e.message}")
raise
def update_secret(client, secret_name, new_value):
"""Update an existing secret with a new value"""
try:
print(f"\n[UPDATE] Updating secret '{secret_name}' to new value...")
updated_secret = client.set_secret(secret_name, new_value)
print(f"✓ Secret updated successfully")
print(f" Name: {updated_secret.name}")
print(f" New Value: {updated_secret.value}")
print(f" New Version: {updated_secret.properties.version}")
return updated_secret
except HttpResponseError as e:
print(f"✗ Failed to update secret: {e.message}")
raise
def delete_secret(client, secret_name):
"""Delete a secret (soft-delete)"""
try:
print(f"\n[DELETE] Deleting secret '{secret_name}'...")
deleted_secret = client.begin_delete_secret(secret_name).wait()
print(f"✓ Secret deleted successfully (soft-delete)")
print(f" Name: {deleted_secret.name}")
print(f" Scheduled Purge Date: {deleted_secret.scheduled_purge_date}")
print(f" Deleted Date: {deleted_secret.deleted_date}")
return deleted_secret
except ResourceNotFoundError:
print(f"✗ Secret '{secret_name}' not found")
raise
except HttpResponseError as e:
print(f"✗ Failed to delete secret: {e.message}")
raise
def purge_secret(client, secret_name):
"""Purge a deleted secret (permanent deletion)"""
try:
print(f"\n[PURGE] Purging deleted secret '{secret_name}'...")
client.purge_deleted_secret(secret_name)
print(f"✓ Secret purged successfully (permanent deletion)")
except ResourceNotFoundError:
print(f"✗ Deleted secret '{secret_name}' not found")
raise
except HttpResponseError as e:
print(f"✗ Failed to purge secret: {e.message}")
raise
def main():
"""Main function to demonstrate all CRUD operations"""
# Configuration - Replace with your Key Vault name
KEY_VAULT_NAME = "your-key-vault-name" # Update this!
KEY_VAULT_URL = f"https://{KEY_VAULT_NAME}.vault.azure.net"
SECRET_NAME = "demo-secret"
INITIAL_VALUE = "initial-value"
UPDATED_VALUE = "updated-value"
print("=" * 60)
print("Azure Key Vault CRUD Operations Demo")
print("=" * 60)
print(f"Key Vault URL: {KEY_VAULT_URL}")
try:
# Initialize the Key Vault client with DefaultAzureCredential
print("\n[INIT] Authenticating with DefaultAzureCredential...")
credential = DefaultAzureCredential()
client = SecretClient(vault_url=KEY_VAULT_URL, credential=credential)
print("✓ Authentication successful")
# 1. CREATE - Create a new secret
create_secret(client, SECRET_NAME, INITIAL_VALUE)
# 2. READ - Retrieve the secret
read_secret(client, SECRET_NAME)
# 3. UPDATE - Update the secret to a new value
update_secret(client, SECRET_NAME, UPDATED_VALUE)
# Read again to verify the update
read_secret(client, SECRET_NAME)
# 4. DELETE - Soft delete the secret
delete_secret(client, SECRET_NAME)
# 5. PURGE - Permanently delete the secret
purge_secret(client, SECRET_NAME)
print("\n" + "=" * 60)
print("✓ All CRUD operations completed successfully!")
print("=" * 60)
except Exception as e:
print(f"\n✗ Error occurred: {type(e).__name__}: {str(e)}")
sys.exit(1)
finally:
# Clean up credential
if 'credential' in locals():
credential.close()
if __name__ == "__main__":
main()deleted_secret = client.begin_delete_secret(secret_name).wait() // here is supposed to return None.
Sample:
deleted_secret = client.begin_delete_secret(secret_name).wait() // here is supposed to return None.