[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"skill-2d8fa017-834d-4ffa-8878-9fbe78441987":3,"$fg5j2ucuNF5MNd2lTw3d_sSbDCIfeCj6cgSAkxZH07LI":43},{"id":4,"title":5,"description":6,"categoryId":7,"moduleId":8,"tags":9,"prompt":10,"icon":11,"source":12,"sourceUrl":13,"authorId":14,"authorName":15,"isPublic":16,"stars":17,"runs":18,"createdAt":19,"updatedAt":19,"module":20,"category":27,"packages":34},"2d8fa017-834d-4ffa-8878-9fbe78441987","azure-keyvault-py","Azure Key Vault SDK for Python。用于密钥、密钥和证书管理的安全存储。","cat_coding_devops","mod_coding","sickn33,coding","---\nname: azure-keyvault-py\ndescription: Azure Key Vault SDK for Python. Use for secrets, keys, and certificates management with secure storage.\nrisk: unknown\nsource: community\ndate_added: '2026-02-27'\n---\n\n# Azure Key Vault SDK for Python\n\nSecure storage and management for secrets, cryptographic keys, and certificates.\n\n## Installation\n\n```bash\n# Secrets\npip install azure-keyvault-secrets azure-identity\n\n# Keys (cryptographic operations)\npip install azure-keyvault-keys azure-identity\n\n# Certificates\npip install azure-keyvault-certificates azure-identity\n\n# All\npip install azure-keyvault-secrets azure-keyvault-keys azure-keyvault-certificates azure-identity\n```\n\n## Environment Variables\n\n```bash\nAZURE_KEYVAULT_URL=https:\u002F\u002F\u003Cvault-name>.vault.azure.net\u002F\n```\n\n## Secrets\n\n### SecretClient Setup\n\n```python\nfrom azure.identity import DefaultAzureCredential\nfrom azure.keyvault.secrets import SecretClient\n\ncredential = DefaultAzureCredential()\nvault_url = \"https:\u002F\u002F\u003Cvault-name>.vault.azure.net\u002F\"\n\nclient = SecretClient(vault_url=vault_url, credential=credential)\n```\n\n### Secret Operations\n\n```python\n# Set secret\nsecret = client.set_secret(\"database-password\", \"super-secret-value\")\nprint(f\"Created: {secret.name}, version: {secret.properties.version}\")\n\n# Get secret\nsecret = client.get_secret(\"database-password\")\nprint(f\"Value: {secret.value}\")\n\n# Get specific version\nsecret = client.get_secret(\"database-password\", version=\"abc123\")\n\n# List secrets (names only, not values)\nfor secret_properties in client.list_properties_of_secrets():\n    print(f\"Secret: {secret_properties.name}\")\n\n# List versions\nfor version in client.list_properties_of_secret_versions(\"database-password\"):\n    print(f\"Version: {version.version}, Created: {version.created_on}\")\n\n# Delete secret (soft delete)\npoller = client.begin_delete_secret(\"database-password\")\ndeleted_secret = poller.result()\n\n# Purge (permanent delete, if soft-delete enabled)\nclient.purge_deleted_secret(\"database-password\")\n\n# Recover deleted secret\nclient.begin_recover_deleted_secret(\"database-password\").result()\n```\n\n## Keys\n\n### KeyClient Setup\n\n```python\nfrom azure.identity import DefaultAzureCredential\nfrom azure.keyvault.keys import KeyClient\n\ncredential = DefaultAzureCredential()\nvault_url = \"https:\u002F\u002F\u003Cvault-name>.vault.azure.net\u002F\"\n\nclient = KeyClient(vault_url=vault_url, credential=credential)\n```\n\n### Key Operations\n\n```python\nfrom azure.keyvault.keys import KeyType\n\n# Create RSA key\nrsa_key = client.create_rsa_key(\"rsa-key\", size=2048)\n\n# Create EC key\nec_key = client.create_ec_key(\"ec-key\", curve=\"P-256\")\n\n# Get key\nkey = client.get_key(\"rsa-key\")\nprint(f\"Key type: {key.key_type}\")\n\n# List keys\nfor key_properties in client.list_properties_of_keys():\n    print(f\"Key: {key_properties.name}\")\n\n# Delete key\npoller = client.begin_delete_key(\"rsa-key\")\ndeleted_key = poller.result()\n```\n\n### Cryptographic Operations\n\n```python\nfrom azure.keyvault.keys.crypto import CryptographyClient, EncryptionAlgorithm\n\n# Get crypto client for a specific key\ncrypto_client = CryptographyClient(key, credential=credential)\n# Or from key ID\ncrypto_client = CryptographyClient(\n    \"https:\u002F\u002F\u003Cvault>.vault.azure.net\u002Fkeys\u002F\u003Ckey-name>\u002F\u003Cversion>\",\n    credential=credential\n)\n\n# Encrypt\nplaintext = b\"Hello, Key Vault!\"\nresult = crypto_client.encrypt(EncryptionAlgorithm.rsa_oaep, plaintext)\nciphertext = result.ciphertext\n\n# Decrypt\nresult = crypto_client.decrypt(EncryptionAlgorithm.rsa_oaep, ciphertext)\ndecrypted = result.plaintext\n\n# Sign\nfrom azure.keyvault.keys.crypto import SignatureAlgorithm\nimport hashlib\n\ndigest = hashlib.sha256(b\"data to sign\").digest()\nresult = crypto_client.sign(SignatureAlgorithm.rs256, digest)\nsignature = result.signature\n\n# Verify\nresult = crypto_client.verify(SignatureAlgorithm.rs256, digest, signature)\nprint(f\"Valid: {result.is_valid}\")\n```\n\n## Certificates\n\n### CertificateClient Setup\n\n```python\nfrom azure.identity import DefaultAzureCredential\nfrom azure.keyvault.certificates import CertificateClient, CertificatePolicy\n\ncredential = DefaultAzureCredential()\nvault_url = \"https:\u002F\u002F\u003Cvault-name>.vault.azure.net\u002F\"\n\nclient = CertificateClient(vault_url=vault_url, credential=credential)\n```\n\n### Certificate Operations\n\n```python\n# Create self-signed certificate\npolicy = CertificatePolicy.get_default()\npoller = client.begin_create_certificate(\"my-cert\", policy=policy)\ncertificate = poller.result()\n\n# Get certificate\ncertificate = client.get_certificate(\"my-cert\")\nprint(f\"Thumbprint: {certificate.properties.x509_thumbprint.hex()}\")\n\n# Get certificate with private key (as secret)\nfrom azure.keyvault.secrets import SecretClient\nsecret_client = SecretClient(vault_url=vault_url, credential=credential)\ncert_secret = secret_client.get_secret(\"my-cert\")\n# cert_secret.value contains PEM or PKCS12\n\n# List certificates\nfor cert in client.list_properties_of_certificates():\n    print(f\"Certificate: {cert.name}\")\n\n# Delete certificate\npoller = client.begin_delete_certificate(\"my-cert\")\ndeleted = poller.result()\n```\n\n## Client Types Table\n\n| Client | Package | Purpose |\n|--------|---------|---------|\n| `SecretClient` | `azure-keyvault-secrets` | Store\u002Fretrieve secrets |\n| `KeyClient` | `azure-keyvault-keys` | Manage cryptographic keys |\n| `CryptographyClient` | `azure-keyvault-keys` | Encrypt\u002Fdecrypt\u002Fsign\u002Fverify |\n| `CertificateClient` | `azure-keyvault-certificates` | Manage certificates |\n\n## Async Clients\n\n```python\nfrom azure.identity.aio import DefaultAzureCredential\nfrom azure.keyvault.secrets.aio import SecretClient\n\nasync def get_secret():\n    credential = DefaultAzureCredential()\n    client = SecretClient(vault_url=vault_url, credential=credential)\n    \n    async with client:\n        secret = await client.get_secret(\"my-secret\")\n        print(secret.value)\n\nimport asyncio\nasyncio.run(get_secret())\n```\n\n## Error Handling\n\n```python\nfrom azure.core.exceptions import ResourceNotFoundError, HttpResponseError\n\ntry:\n    secret = client.get_secret(\"nonexistent\")\nexcept ResourceNotFoundError:\n    print(\"Secret not found\")\nexcept HttpResponseError as e:\n    if e.status_code == 403:\n        print(\"Access denied - check RBAC permissions\")\n    raise\n```\n\n## Best Practices\n\n1. **Use DefaultAzureCredential** for authentication\n2. **Use managed identity** in Azure-hosted applications\n3. **Enable soft-delete** for recovery (enabled by default)\n4. **Use RBAC** over access policies for fine-grained control\n5. **Rotate secrets** regularly using versioning\n6. **Use Key Vault references** in App Service\u002FFunctions config\n7. **Cache secrets** appropriately to reduce API calls\n8. **Use async clients** for high-throughput scenarios\n\n## When to Use\nThis skill is applicable to execute the workflow or actions described in the overview.\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.\n","","imported","https:\u002F\u002Fgithub.com\u002Fsickn33\u002Fantigravity-awesome-skills","user_system_seed","SkillOPIC",true,106,1090,"2026-05-16 13:06:41",{"id":8,"name":21,"slug":22,"icon":23,"description":24,"sort":25,"createdAt":26},"编程开发","coding","mdi-code-braces","代码生成、调试、审查，提升开发效率",2,"2026-05-16 12:53:40",{"id":7,"name":28,"slug":29,"icon":30,"description":31,"moduleId":8,"sort":32,"skillCount":33,"createdAt":26},"DevOps","devops","mdi-cog-outline","CI\u002FCD、容器化、部署运维",3,162,[35],{"id":36,"skillId":4,"version":37,"fileName":38,"fileSize":39,"filePath":40,"fileHash":41,"manifest":42,"createdAt":19},"9464db7e-47f7-40a3-bdde-3dc0e8b70159","1.0.0","azure-keyvault-py.zip",2355,"uploads\u002Fskills\u002F2d8fa017-834d-4ffa-8878-9fbe78441987\u002Fazure-keyvault-py.zip","a8af44e69c292c092c3af7634fec0eff37ec5c37b8cdb8845870a9b619dbbcd1","[{\"path\":\"SKILL.md\",\"isDirectory\":false,\"size\":7075}]",{"code":44,"message":45,"data":46},200,"success",{"items":47,"stats":48,"page":51},[],{"averageRating":49,"totalRatings":49,"ratingCounts":50},0,[49,49,49,49,49],{"limit":52,"offset":49,"hasMore":53,"nextOffset":52,"ratedOnly":16},15,false]