docs-archive/apache-airflow-providers-microsoft-azure/4.0.0/_sources/_api/airflow/providers/microsoft/azure/secrets/key_vault/index.rst.txt - airflow-site - Git at Google

 :py:mod:`airflow.providers.microsoft.azure.secrets.key_vault`
 =============================================================

 .. py:module:: airflow.providers.microsoft.azure.secrets.key_vault


 Module Contents
 ---------------

 Classes
 ~~~~~~~

 .. autoapisummary::

    airflow.providers.microsoft.azure.secrets.key_vault.AzureKeyVaultBackend


 .. py:class:: AzureKeyVaultBackend(connections_prefix = 'airflow-connections', variables_prefix = 'airflow-variables', config_prefix = 'airflow-config', vault_url = '', sep = '-', **kwargs)

    Bases: :py:obj:`airflow.secrets.BaseSecretsBackend`, :py:obj:`airflow.utils.log.logging_mixin.LoggingMixin`

    Retrieves Airflow Connections or Variables from Azure Key Vault secrets.

    The Azure Key Vault can be configured as a secrets backend in the ``airflow.cfg``:

    .. code-block:: ini

        [secrets]
        backend = airflow.providers.microsoft.azure.secrets.key_vault.AzureKeyVaultBackend
        backend_kwargs = {"connections_prefix": "airflow-connections", "vault_url": "<azure_key_vault_uri>"}

    For example, if the secrets prefix is ``airflow-connections-smtp-default``, this would be accessible
    if you provide ``{"connections_prefix": "airflow-connections"}`` and request conn_id ``smtp-default``.
    And if variables prefix is ``airflow-variables-hello``, this would be accessible
    if you provide ``{"variables_prefix": "airflow-variables"}`` and request variable key ``hello``.

    For client authentication, the ``DefaultAzureCredential`` from the Azure Python SDK is used as
    credential provider, which supports service principal, managed identity and user credentials

    For example, to specify a service principal with secret you can set the environment variables
    ``AZURE_TENANT_ID``, ``AZURE_CLIENT_ID`` and ``AZURE_CLIENT_SECRET``.

    .. seealso::
        For more details on client authentication refer to the ``DefaultAzureCredential`` Class reference:
        https://docs.microsoft.com/en-us/python/api/azure-identity/azure.identity.defaultazurecredential?view=azure-python

    :param connections_prefix: Specifies the prefix of the secret to read to get Connections
        If set to None (null), requests for connections will not be sent to Azure Key Vault
    :param variables_prefix: Specifies the prefix of the secret to read to get Variables
        If set to None (null), requests for variables will not be sent to Azure Key Vault
    :param config_prefix: Specifies the prefix of the secret to read to get Variables.
        If set to None (null), requests for configurations will not be sent to Azure Key Vault
    :param vault_url: The URL of an Azure Key Vault to use
    :param sep: separator used to concatenate secret_prefix and secret_id. Default: "-"

    .. py:method:: client(self)

       Create a Azure Key Vault client.


    .. py:method:: get_conn_value(self, conn_id)

       Get a serialized representation of Airflow Connection from an Azure Key Vault secret

       :param conn_id: The Airflow connection id to retrieve


    .. py:method:: get_conn_uri(self, conn_id)

       Return URI representation of Connection conn_id.

       As of Airflow version 2.3.0 this method is deprecated.

       :param conn_id: the connection id
       :return: deserialized Connection


    .. py:method:: get_variable(self, key)

       Get an Airflow Variable from an Azure Key Vault secret.

       :param key: Variable Key
       :return: Variable Value


    .. py:method:: get_config(self, key)

       Get Airflow Configuration

       :param key: Configuration Option Key
       :return: Configuration Option Value


    .. py:method:: build_path(path_prefix, secret_id, sep = '-')
       :staticmethod:

       Given a path_prefix and secret_id, build a valid secret name for the Azure Key Vault Backend.
       Also replaces underscore in the path with dashes to support easy switching between
       environment variables, so ``connection_default`` becomes ``connection-default``.

       :param path_prefix: The path prefix of the secret to retrieve
       :param secret_id: Name of the secret
       :param sep: Separator used to concatenate path_prefix and secret_id
	:py:mod:`airflow.providers.microsoft.azure.secrets.key_vault`
	=============================================================

	.. py:module:: airflow.providers.microsoft.azure.secrets.key_vault


	Module Contents
	---------------

	Classes
	~~~~~~~

	.. autoapisummary::

	airflow.providers.microsoft.azure.secrets.key_vault.AzureKeyVaultBackend




	.. py:class:: AzureKeyVaultBackend(connections_prefix = 'airflow-connections', variables_prefix = 'airflow-variables', config_prefix = 'airflow-config', vault_url = '', sep = '-', **kwargs)

	Bases: :py:obj:`airflow.secrets.BaseSecretsBackend`, :py:obj:`airflow.utils.log.logging_mixin.LoggingMixin`

	Retrieves Airflow Connections or Variables from Azure Key Vault secrets.

	The Azure Key Vault can be configured as a secrets backend in the ``airflow.cfg``:

	.. code-block:: ini

	[secrets]
	backend = airflow.providers.microsoft.azure.secrets.key_vault.AzureKeyVaultBackend
	backend_kwargs = {"connections_prefix": "airflow-connections", "vault_url": "<azure_key_vault_uri>"}

	For example, if the secrets prefix is ``airflow-connections-smtp-default``, this would be accessible
	if you provide ``{"connections_prefix": "airflow-connections"}`` and request conn_id ``smtp-default``.
	And if variables prefix is ``airflow-variables-hello``, this would be accessible
	if you provide ``{"variables_prefix": "airflow-variables"}`` and request variable key ``hello``.

	For client authentication, the ``DefaultAzureCredential`` from the Azure Python SDK is used as
	credential provider, which supports service principal, managed identity and user credentials

	For example, to specify a service principal with secret you can set the environment variables
	``AZURE_TENANT_ID``, ``AZURE_CLIENT_ID`` and ``AZURE_CLIENT_SECRET``.

	.. seealso::
	For more details on client authentication refer to the ``DefaultAzureCredential`` Class reference:
	https://docs.microsoft.com/en-us/python/api/azure-identity/azure.identity.defaultazurecredential?view=azure-python

	:param connections_prefix: Specifies the prefix of the secret to read to get Connections
	If set to None (null), requests for connections will not be sent to Azure Key Vault
	:param variables_prefix: Specifies the prefix of the secret to read to get Variables
	If set to None (null), requests for variables will not be sent to Azure Key Vault
	:param config_prefix: Specifies the prefix of the secret to read to get Variables.
	If set to None (null), requests for configurations will not be sent to Azure Key Vault
	:param vault_url: The URL of an Azure Key Vault to use
	:param sep: separator used to concatenate secret_prefix and secret_id. Default: "-"

	.. py:method:: client(self)

	Create a Azure Key Vault client.


	.. py:method:: get_conn_value(self, conn_id)

	Get a serialized representation of Airflow Connection from an Azure Key Vault secret

	:param conn_id: The Airflow connection id to retrieve


	.. py:method:: get_conn_uri(self, conn_id)

	Return URI representation of Connection conn_id.

	As of Airflow version 2.3.0 this method is deprecated.

	:param conn_id: the connection id
	:return: deserialized Connection


	.. py:method:: get_variable(self, key)

	Get an Airflow Variable from an Azure Key Vault secret.

	:param key: Variable Key
	:return: Variable Value


	.. py:method:: get_config(self, key)

	Get Airflow Configuration

	:param key: Configuration Option Key
	:return: Configuration Option Value


	.. py:method:: build_path(path_prefix, secret_id, sep = '-')
	:staticmethod:

	Given a path_prefix and secret_id, build a valid secret name for the Azure Key Vault Backend.
	Also replaces underscore in the path with dashes to support easy switching between
	environment variables, so ``connection_default`` becomes ``connection-default``.

	:param path_prefix: The path prefix of the secret to retrieve
	:param secret_id: Name of the secret
	:param sep: Separator used to concatenate path_prefix and secret_id