Creating Secrets in Bulk from a Text File using Azure Key Vault and Python

Keeping sensitive information like passwords, access keys, and tokens in plain text is not safe. It can expose your system to security breaches and potential hacking attacks. To address this, you can use Azure Key Vault to store and manage these sensitive values securely.

In this article, we will learn how to create secrets in bulk from a text file using Python and the Azure Key Vault Secrets API. We will use a CSV file to store the secret names and values, which can be easily modified and updated.

Step 1: Set up your environment

To get started, you need to have an Azure account and an Azure Key Vault instance created. You also need to have Python 3 installed on your machine. Once you have these prerequisites in place, you can proceed with setting up your environment by installing the required Python libraries:

pip install azure-keyvault-secrets azure-identity

Step 2: Create a CSV file with the secret names and values

Create a CSV file with the secret names and values that you want to add to the Azure Key Vault. Each row of the file should contain two columns: “secret_name” and “secret_value”. Here is an example:

secret_name,secret_value
db_password,Pa$$word123
api_key,1234567890abcdefg

Step 3: Write the Python script to create secrets in bulk

Copy the following Python code into a file called bulk_secrets.py:

import csv
import azure.keyvault.secrets
from azure.identity import ClientSecretCredential

class KeyVaultSecretManager:
    @staticmethod
    def add_secrets_from_csv(tenant_id, client_id, client_secret, vault_url, csv_file_path):
        credential = ClientSecretCredential(
            tenant_id=tenant_id,
            client_id=client_id,
            client_secret=client_secret
        )
        client = azure.keyvault.secrets.SecretClient(
            vault_url=vault_url,
            credential=credential
        )
        with open(csv_file_path, "r") as file:
            secrets_list = list(csv.DictReader(file))
        for secret in secrets_list:
            client.set_secret(secret["secret_name"], secret["secret_value"])

if __name__ == "__main__":
    tenant_id = "your_tenant_id"
    client_id = "your_client_id"
    client_secret = "your_client_secret"
    vault_url = "https://your_vault_name.vault.azure.net"
    csv_file_path = "secrets.csv"

    KeyVaultSecretManager.add_secrets_from_csv(tenant_id, client_id, client_secret, vault_url, csv_file_path)

Make sure to replace the your_tenant_id, your_client_id, your_client_secret, your_vault_name, and secrets.csv placeholders with the appropriate values. You can get the client_id and client_secret from the Azure portal, and the tenant_id and vault_url from the Key Vault instance settings.

Step 4: Run the Python script

Once you have saved the Python script, you can run it using the command:

python bulk_secrets.py

This will read the secrets.csv file, create the secrets in the Azure Key Vault, and store them securely. You can verify this by checking the Azure Key Vault in the Azure portal.

Conclusion

In this post, we have learned how to create secrets in bulk from a text file using Python and the Azure Key Vault Secrets API. We have also seen how to set up the environment, create the CSV file with the secret names and values, write the Python script to create secrets and run the script to store the secrets in the Azure Key Vault.

Using Azure Key Vault to store sensitive information provides an additional layer of security to your system, and bulk creation of secrets from a CSV file can save time and effort. With the help of the Azure Key Vault Secrets API and Python, it is easy to implement and manage these secrets securely.