msticpy.auth.keyvault_client module

Keyvault client - adapted from Bluehound code.

class msticpy.auth.keyvault_client.BHKeyVaultClient(tenant_id: str | None = None, vault_uri: str | None = None, vault_name: str | None = None, settings: KeyVaultSettings | None = None, **kwargs)

Bases: object

Core KeyVault client.

Initialize the BHKeyVault client.

Parameters:

• tenant_id (str) – The tenant ID of the service

• vault_uri (str, optional) – The full URI of the keyvault, by default None

• vault_name (str, optional) – The name of the keyvault in the public cloud, by default None

• settings (KeyVaultSettings) – An instance of KeyVaultSettings containing KV parameters.

• auth_methods (List[str]) – The authentication methods to use for Key Vault auth Possible values are: - “env” - to get authentication details from environment variables - “cli” - to use Azure CLI authentication details - “msi” - to user Managed Service Identity details - “interactive” - to prompt for interactive login - “vscode” - to use VSCode credentials - “powershell” - to use PowerShell credentials - “interactive” - to prompt for interactive login - “cache” - to use shared token cache credentials - “devicecode” - to use device code with web login - “clientsecret” - to use client id/secret login.

• authn_type (str, optional) – [deprecated - use auth_methods] Authentication mode, by default ‘interactive’ Supported options are: - ‘device’ for device code authentication - ‘interactive’ for interactive browser authentication

• authority (str, optional) – The AAD authority - one of ‘global’, ‘usgov’, ‘de’ or ‘chi’

• authority_uri (str, optional) – The AAD authority URI - overrides authority

• credential (Optional[AzureCredential]) – Azure credential

• client_id (Optional[str]) – Required if auth_methods is [“clientsecret”]

• client_secret (Optional[str]) – Required if auth_methods is [“clientsecret”]

• debug (bool, optional) – [description], by default False

Raises:

KeyVaultMissingVaultException – No Vault name or URI supplied.

Notes

The parameter values can also be obtained from the KeyVault section of msticpyconfig.yaml.

get_secret(secret_name: str) → Any

Retrieve a secret from the Vault.

Parameters:

secret_name (str) – Name of the secret

Returns:

The secret value

Return type:

Any

Raises:

KeyVaultMissingSecretException – Secret not found in the Vault.

property secrets

Return the list of secret names from the vault.

set_secret(secret_name: str, value: Any) → azure.keyvault.secrets.KeyVaultSecret

Set a secret in the Vault.

Parameters:

• secret_name (str) – Name of the secret

• value (Any) – Secret value

Returns:

The secrets bundle for the secret

Return type:

KeyVaultSecret

property vault_name: str

Return the Key Vault name.

class msticpy.auth.keyvault_client.BHKeyVaultMgmtClient(tenant_id: str | None = None, subscription_id: str | None = None, resource_group: str | None = None, azure_region: str | None = None, settings: KeyVaultSettings | None = None, **kwargs)

Bases: object

Core KeyVault Management client.

Initialize BH KeyVault Management Client.

Parameters:

• tenant_id (str, Optional) – Tenant ID

• subscription_id (str, Optional) – Subscription ID

• resource_group (str, Optional) – Resource Group name

• azure_region (str, Optional) – Azure region - needed to create a new vault. By default, None

• settings (KeyVaultSettings) – An instance of KeyVaultSettings containing KV parameters.

• mgmt_uri (str, Optional) – The URI for Azure management endpoints.

Notes

The parameter values can also be obtained from the KeyVault section of msticpyconfig.yaml.

create_vault(vault_name: str) → azure.mgmt.keyvault.models.Vault

Create new or update existing vault.

Parameters:

vault_name (str) – Name of the Vault

Returns:

The Vault object.

Return type:

Vault

get_vault_uri(vault_name: str) → str

Return the URI for a vault name.

Parameters:

vault_name (str) – The Vault name.

Returns:

Vault URI.

Return type:

str

list_vaults() → List[str]

Return a list of vaults for the subscription.

Returns:

Vault names

Return type:

List[str]