Retrieving list of secrets from azure keyvault in python

Question

I'm trying to retrieve and print a list of secrets from an azure keyvault use the python sdk.

The following returns an paged.SecretItemPaged object:

from azure.keyvault import KeyVaultClient, KeyVaultAuthentication
from azure.common.credentials import ServicePrincipalCredentials


az_client_id = '*****'
az_secret = '*****'
az_tenant = '*****'
credentials = None


def auth_callback(server, resource, scope):
    credentials = ServicePrincipalCredentials(
        client_id=az_client_id,
        secret=az_secret,
        tenant=az_tenant,
        resource="https://vault.azure.net"
    )
    token = credentials.token
    return token['token_type'], token['access_token']


client = KeyVaultClient(KeyVaultAuthentication(auth_callback))

secrets = client.get_secrets('https://thevault.vault.azure.net/')

print('vault secrets:\n{}'.format(secrets))

e.g:

vault secrets:
<azure.keyvault.models.secret_item_paged.SecretItemPaged object at 0x7fc494c78b38>

I'm not sure how to handle this object. The documentation isn't giving me any hints, unless I've just missed something.

Laurent Mazuel · Accepted Answer · 2020-12-09T18:03:16.743

SecretItemPaged page is an iterator object, meaning you can use it inside a for loop directly if you want:

for item in secrets:
    print_my_secret(item)

or change it to a list

secrets_as_list = list(secrets)

No magic here, it's just the iterator protocol of Python. You can also use next, and catch the StopIteration exception, etc.

Looking at the get_secrets method, the doc tells you what kind if object it conveys:

And SecretItem is documented here.

Note that all SDK object have a as_dict method if you prefer to work on it as a dict, and not an object with attributes.

Do NOT use the current_page attribute. The iterator protocol implementation hides for you fetching multiple pages from Azure if you have more secrets than the default JSON can handle it. When doing list(secrets), you might fetch 10 pages and do 10 calls to Azure, you don't know, you don't care :). current_page is the state of the last page. It is NOT the entire list of elements.

(I work at MS in this SDK team)

Edit Dec/2020

The answer is still valid, though the functionnality has moved into the azure-keyvault-secrets package instead. Therefore, import are sligtly different, see sample for reading secrets from KeyVault.

Ok, i have it working. Thanks for the detailed response, I understand what's going on now. — Setanta, Jul 30 '18 at 21:27
FYI, the documentation for the `SecretItem` class has apparently moved, the current version is here: [https://learn.microsoft.com/en-us/python/api/azure-keyvault/azure.keyvault.v7_0.models.secret_item_py3.secretitem?view=azure-python](https://learn.microsoft.com/en-us/python/api/azure-keyvault/azure.keyvault.v7_0.models.secret_item_py3.secretitem?view=azure-python) — Doug Mahugh, Feb 21 '19 at 16:26
Ok. I think the functionality now has been included to the latest SecretClient to use `list_properties_of_secrets ` as show in the documentation https://learn.microsoft.com/en-us/python/api/azure-keyvault-secrets/azure.keyvault.secrets.secretclient?view=azure-python#azure-keyvault-secrets-secretclient-list-properties-of-secrets — Prathamesh dhanawade, Mar 08 '23 at 17:09

Retrieving list of secrets from azure keyvault in python

1 Answers1