msticpy.auth.keyvault_client module
Keyvault client - adapted from Bluehound code.
- class msticpy.auth.keyvault_client.BHKeyVaultClient(tenant_id: str | None = None, vault_uri: str | None = None, vault_name: str | None = None, settings: KeyVaultSettings | None = None, **kwargs)
Bases:
object
Core KeyVault client.
Initialize the BHKeyVault client.
- Parameters:
tenant_id (str) – The tenant ID of the service
vault_uri (str, optional) – The full URI of the keyvault, by default None
vault_name (str, optional) – The name of the keyvault in the public cloud, by default None
settings (KeyVaultSettings) – An instance of KeyVaultSettings containing KV parameters.
auth_methods (List[str]) – The authentication methods to use for Key Vault auth Possible values are: - “env” - to get authentication details from environment variables - “cli” - to use Azure CLI authentication details - “msi” - to user Managed Service Identity details - “interactive” - to prompt for interactive login - “vscode” - to use VSCode credentials - “powershell” - to use PowerShell credentials - “interactive” - to prompt for interactive login - “cache” - to use shared token cache credentials - “devicecode” - to use device code with web login - “clientsecret” - to use client id/secret login.
authn_type (str, optional) – [deprecated - use auth_methods] Authentication mode, by default ‘interactive’ Supported options are: - ‘device’ for device code authentication - ‘interactive’ for interactive browser authentication
authority (str, optional) – The AAD authority - one of ‘global’, ‘usgov’, ‘de’ or ‘chi’
authority_uri (str, optional) – The AAD authority URI - overrides authority
credential (Optional[AzureCredential]) – Azure credential
client_id (Optional[str]) – Required if auth_methods is [“clientsecret”]
client_secret (Optional[str]) – Required if auth_methods is [“clientsecret”]
debug (bool, optional) – [description], by default False
- Raises:
KeyVaultMissingVaultException – No Vault name or URI supplied.
Notes
The parameter values can also be obtained from the KeyVault section of msticpyconfig.yaml.
- get_secret(secret_name: str) Any
Retrieve a secret from the Vault.
- Parameters:
secret_name (str) – Name of the secret
- Returns:
The secret value
- Return type:
Any
- Raises:
KeyVaultMissingSecretException – Secret not found in the Vault.
- property secrets
Return the list of secret names from the vault.
- set_secret(secret_name: str, value: Any) azure.keyvault.secrets.KeyVaultSecret
Set a secret in the Vault.
- Parameters:
secret_name (str) – Name of the secret
value (Any) – Secret value
- Returns:
The secrets bundle for the secret
- Return type:
KeyVaultSecret
- property vault_name: str
Return the Key Vault name.
- class msticpy.auth.keyvault_client.BHKeyVaultMgmtClient(tenant_id: str | None = None, subscription_id: str | None = None, resource_group: str | None = None, azure_region: str | None = None, settings: KeyVaultSettings | None = None, **kwargs)
Bases:
object
Core KeyVault Management client.
Initialize BH KeyVault Management Client.
- Parameters:
tenant_id (str, Optional) – Tenant ID
subscription_id (str, Optional) – Subscription ID
resource_group (str, Optional) – Resource Group name
azure_region (str, Optional) – Azure region - needed to create a new vault. By default, None
settings (KeyVaultSettings) – An instance of KeyVaultSettings containing KV parameters.
mgmt_uri (str, Optional) – The URI for Azure management endpoints.
Notes
The parameter values can also be obtained from the KeyVault section of msticpyconfig.yaml.
- create_vault(vault_name: str) azure.mgmt.keyvault.models.Vault
Create new or update existing vault.
- Parameters:
vault_name (str) – Name of the Vault
- Returns:
The Vault object.
- Return type:
Vault
- get_vault_uri(vault_name: str) str
Return the URI for a vault name.
- Parameters:
vault_name (str) – The Vault name.
- Returns:
Vault URI.
- Return type:
str
- list_vaults() List[str]
Return a list of vaults for the subscription.
- Returns:
Vault names
- Return type:
List[str]