Keyvault Class

Reference

Manages secrets stored in the Azure Key Vault associated with an Azure Machine Learning workspace.

Each Azure Machine Learning workspace has an associated Azure Key Vault. The Keyvault class is a simplified wrapper of the Azure Key Vault that allows you to manage secrets in the key vault including setting, retrieving, deleting, and listing secrets. Use the Keyvault class to pass secrets to remote runs securely without exposing sensitive information in cleartext.

For more information, see Using secrets in training runs.

Class Keyvault constructor.

Inheritance: builtins.object

Keyvault

Constructor

Keyvault(workspace)

Parameters

Name	Description
workspace Required	Workspace The Azure Machine Learning Workspace associated with this key vault.
workspace Required	Workspace The Azure Machine Learning Workspace associated with this key vault.

Remarks

In submitted runs on local and remote compute, you can use the get_secret method of the Run instance to get the secret value from Key Vault. To get multiple secrets, use the get_secrets method of the Run instance.

These Run methods gives you a simple shortcut because the Run instance is aware of its Workspace and Keyvault, and can directly obtain the secret without the need to instantiate the Workspace and Keyvault within the remote run.

The following example shows how to access the default key vault associated with a workspace and set a secret.


   import uuid

   local_secret = os.environ.get("LOCAL_SECRET", default = str(uuid.uuid4())) # Use random UUID as a substitute for real secret.
   keyvault = ws.get_default_keyvault()
   keyvault.set_secret(name="secret-name", value = local_secret)

Full sample is available from https://github.com/Azure/MachineLearningNotebooks/blob/master/how-to-use-azureml/manage-azureml-service/authentication-in-azureml/authentication-in-azureml.ipynb

Methods

delete_secret	Delete the secret with the specified name.
delete_secrets	Delete a list of secrets from the Azure Key Vault associated with the workspace.
get_secret	Return the secret value for a given secret name.
get_secret_content_type	Return the secret's content type for a given secret name.
get_secrets	Return the secret values for a given list of secret names.
list_secrets	Return the list of secret names from the Azure Key Vault associated with the workspace. This method does not return the secret values.
set_secret	Add a secret to the Azure Key Vault associated with the workspace.
set_secrets	Add the dictionary of secrets to the Azure Key Vault associated with the workspace.

delete_secret

Delete the secret with the specified name.

delete_secret(name)

Parameters

Name	Description
name Required	str The name of the secret to delete.

Returns

Type	Description
None

delete_secrets

Delete a list of secrets from the Azure Key Vault associated with the workspace.

delete_secrets(secrets)

Parameters

Name	Description
secrets_batch Required	list[str] The list of secrets to delete.
secrets Required

Returns

Type	Description
None

get_secret

Return the secret value for a given secret name.

get_secret(name)

Parameters

Name	Description
name Required	str The secret name to return the value for.

Returns

Type	Description
str	The secret value for a specified secret name.

get_secret_content_type

Return the secret's content type for a given secret name.

get_secret_content_type(name)

Parameters

Name	Description
name Required	str The secret name to return the content type for.

Returns

Type	Description
str	The secret content type for a specified secret name.

get_secrets

Return the secret values for a given list of secret names.

get_secrets(secrets)

Parameters

Name	Description
secrets Required	list[str] The list of secret names to retrieve values for.

Returns

Type	Description
dict(str: str)	A dictionary of found and not found secrets.

list_secrets

Return the list of secret names from the Azure Key Vault associated with the workspace.

This method does not return the secret values.

list_secrets()

Returns

Type	Description
dict(str:str)	A list of dictionary of secret names with format {name : "secretName"}

set_secret

Add a secret to the Azure Key Vault associated with the workspace.

set_secret(name, value, content_type=KeyVaultContentType.not_provided)

Parameters

Name	Description
name Required	str The name of the secret to add.
value Required	<xref:azureml.core.azureml._restclient.models.KeyVaultContentType> The value of the secret to add.
value Required	The content type of the secret to add.
content_type	Default value: KeyVaultContentType.not_provided

Returns

Type	Description
None

set_secrets

Add the dictionary of secrets to the Azure Key Vault associated with the workspace.

set_secrets(secrets_batch)

Parameters

Name	Description
secrets_batch Required	dict(<xref:str:str>) A dictionary of secret names and values to add.

Returns

Type	Description
None

Share via

Keyvault Class

Constructor

Parameters

Remarks

Methods

delete_secret

Parameters

Returns

delete_secrets

Parameters

Returns

get_secret

Parameters

Returns

get_secret_content_type

Parameters

Returns

get_secrets

Parameters

Returns

list_secrets

Returns

set_secret

Parameters

Returns

set_secrets

Parameters

Returns

Feedback

Additional resources