msticpy.auth.secret_settings module
Settings provider for secrets.
- class msticpy.auth.secret_settings.SecretsClient(tenant_id: str | None = None, use_keyring: bool = False, auth_methods: List[str] | None = None, credential: Any | None = None, **kwargs)
Bases:
object
Secrets client - manages Key Vault and keyring secrets.
Initialize SecretsClient instance.
- Parameters:
tenant_id (str, optional) – TenantID, by default None
use_keyring (bool, optional) – If True use keyring to cache secrets, by default False
auth_methods (List[str]) – The authentication methods to use for Key Vault auth Possible values are: - “env” - to get authentication details from environment variables - “cli” - to use Azure CLI authentication details - “msi” - to user Managed Service Identity details - “interactive” - to prompt for interactive login - “vscode” - to use VSCode credentials - “powershell” - to use PowerShell credentials - “interactive” - to prompt for interactive login - “cache” - to use shared token cache credentials - “devicecode” - to use device code with web login - “clientsecret” - to use client id/secret login.
credential (Optional[AzureCredential]) – Azure credential
client_id (Optional[str]) – Required if auth_methods is [“clientsecret”]
client_secret (Optional[str]) – Required if auth_methods is [“clientsecret”]
- Raises:
MsticpyKeyVaultConfigError – Missing or invalid configuration settings or failure to authenticate to Key Vault with the chosen credential type.
Notes
Requires KeyVault settings to be defined in msticpyconfig.yaml
- clear_keyring_secrets()
Clear any cached secrets from keyring.
- static format_kv_name(setting_path)
Return normalized name for use as a KeyVault secret name.
- get_secret_accessor(setting_path: str) Callable[[], Any]
Return accessor function for a secret.
- Parameters:
setting_path (str) – The msticpy configuration path (dot-separated)
- Returns:
Accessor function for the secret value.
- Return type:
Callable[[None], Any]
- static read_secret(secret_object: Any) Any
Return the secret value.
- Parameters:
secret_object (Any) – If it is a func, call and return the return value of that func. Otherwise just return the object.
- Returns:
The secret value
- Return type:
Any
- refresh_keyring()
Reload keyring values from Key Vault.