Skip to content

azure_secret

Azure secret are used to fetch the secret.

clear_cache()

Clears the cache of retrieved secrets. This can be used to force a re-fetch of secrets from the Key Vault.

Example 
clear_cache()
Source code in physical_operations_utils/azure_utils/azure_secret.py 
60
61
62
63
64
65
66
67
68
69
def clear_cache():
    """
    Clears the cache of retrieved secrets. This can be used to force a re-fetch of secrets from the Key Vault.

    Example:
        ```python
        clear_cache()
        ```
    """
    _SECRET_CACHE.clear()

get_secret(secret_name)

Retrieves a secret from an Azure Key Vault. Uses a cache to avoid duplicate calls to the same Key Vault.

This function: 1. Reads the KEY_VAULT_NAME environment variable to determine the Key Vault URL. 2. Authenticates using Azure's DefaultAzureCredential. 3. Retrieves the specified secret from the Key Vault.

Parameters:

Name Type Description Default
secret_name str

The name of the secret to retrieve.

 required

Returns:

Name Type Description
str str

The value of the retrieved secret.

Raises:

Type Description
ValueError

If the KEY_VAULT_NAME environment variable is not set.
ResourceNotFoundError

If the secret does not exist in the Key Vault.
ClientAuthenticationError

If authentication fails.
Example 
secret_value = get_secret("my-secret")
print(secret_value)
Source code in physical_operations_utils/azure_utils/azure_secret.py 
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
def get_secret(secret_name: str) -> str:
    """
    Retrieves a secret from an Azure Key Vault. Uses a cache to avoid duplicate calls to the same Key Vault.

    This function:
    1. Reads the `KEY_VAULT_NAME` environment variable to determine the Key Vault URL.
    2. Authenticates using Azure's `DefaultAzureCredential`.
    3. Retrieves the specified secret from the Key Vault.

    Parameters:
        secret_name (str): The name of the secret to retrieve.

    Returns:
        str: The value of the retrieved secret.

    Raises:
        ValueError: If the `KEY_VAULT_NAME` environment variable is not set.
        azure.core.exceptions.ResourceNotFoundError: If the secret does not exist in the Key Vault.
        azure.core.exceptions.ClientAuthenticationError: If authentication fails.

    Example:
        ```python
        secret_value = get_secret("my-secret")
        print(secret_value)
        ```
    """
    key_vault_name = os.environ.get("KEY_VAULT_NAME")
    if not key_vault_name:
        raise ValueError("KEY_VAULT_NAME environment variable is not set")
    if (
        "key_vault_name" not in _SECRET_CACHE
        or _SECRET_CACHE["key_vault_name"] != key_vault_name
    ):
        _SECRET_CACHE.clear()
        _SECRET_CACHE["key_vault_name"] = key_vault_name
    if secret_name not in _SECRET_CACHE:
        _logger.info(
            f"Authenticating against key vault {key_vault_name} to fetch secret {secret_name}"
        )
        key_vault_url = f"https://{key_vault_name}.vault.azure.net"
        credential = DefaultAzureCredential()
        client = SecretClient(vault_url=key_vault_url, credential=credential)
        client_secret = client.get_secret(secret_name).value
        _SECRET_CACHE[secret_name] = client_secret
    return _SECRET_CACHE[secret_name]