Using the Azure Python SDK, I would like to return a KeyVaultClient using the get_client_from_auth_file method in order to get secrets from a KeyVault without going through a KeyVaultManagementClient.
According to the documentation, it appears to be possible to create a client from any SDK client class.
I am able to do this:
from azure.common.client_factory import get_client_from_auth_file
from azure.mgmt.keyvault import KeyVaultManagementClient
_kv_mgmt_client = get_client_from_auth_file(KeyVaultManagementClient)
but not this:
from azure.common.client_factory import get_client_from_auth_file
from azure.keyvault import KeyVaultClient
_kv_client = get_client_from_auth_file(KeyVaultClient)
This is the error message: TypeError: __init__() got an unexpected keyword argument 'base_url'
Upon review, get_client_from_auth_file returns several results including base_url, so the following helper function resolves the TypeError.
class KeyVaultClientHelper:
def __init__(self, credentials, **kwargs):
self._credentials = credentials
And the KeyVaultClient is successful until it tries to get a secret and it returns Unauthorized.
helper = get_client_from_auth_file(KeyVaultClientHelper)
client = KeyVaultClient(helper._credentials)
print(client.get_secret("http://my-vault-url...", "MY-KEY", '').value))
However, I am successful in getting secrets using a ServicePrincipalCredential with the same auth file.
this was a bug in azure-common, fixed in 1.1.22: https://pypi.org/project/azure-common/1.1.22/
Thanks!