msticpy.auth.secret_settings module

Settings provider for secrets.

class msticpy.auth.secret_settings.SecretsClient(tenant_id: str | None = None, use_keyring: bool = False, auth_methods: List[str] | None = None, credential: Any | None = None, **kwargs)

Bases: object

Secrets client - manages Key Vault and keyring secrets.

Initialize SecretsClient instance.

Parameters:
  • tenant_id (str, optional) – TenantID, by default None

  • use_keyring (bool, optional) – If True use keyring to cache secrets, by default False

  • auth_methods (List[str]) – The authentication methods to use for Key Vault auth Possible values are: - “env” - to get authentication details from environment variables - “cli” - to use Azure CLI authentication details - “msi” - to user Managed Service Identity details - “interactive” - to prompt for interactive login - “vscode” - to use VSCode credentials - “powershell” - to use PowerShell credentials - “interactive” - to prompt for interactive login - “cache” - to use shared token cache credentials - “devicecode” - to use device code with web login - “clientsecret” - to use client id/secret login.

  • credential (Optional[AzureCredential]) – Azure credential

  • client_id (Optional[str]) – Required if auth_methods is [“clientsecret”]

  • client_secret (Optional[str]) – Required if auth_methods is [“clientsecret”]

Raises:

MsticpyKeyVaultConfigError – Missing or invalid configuration settings or failure to authenticate to Key Vault with the chosen credential type.

Notes

Requires KeyVault settings to be defined in msticpyconfig.yaml

clear_keyring_secrets()

Clear any cached secrets from keyring.

static format_kv_name(setting_path)

Return normalized name for use as a KeyVault secret name.

get_secret_accessor(setting_path: str) Callable[[], Any]

Return accessor function for a secret.

Parameters:

setting_path (str) – The msticpy configuration path (dot-separated)

Returns:

Accessor function for the secret value.

Return type:

Callable[[None], Any]

static read_secret(secret_object: Any) Any

Return the secret value.

Parameters:

secret_object (Any) – If it is a func, call and return the return value of that func. Otherwise just return the object.

Returns:

The secret value

Return type:

Any

refresh_keyring()

Reload keyring values from Key Vault.