Quickstart: Create an Azure Managed CCF resource using the Azure SDK for Python
Azure Managed CCF (Managed CCF) is a new and highly secure service for deploying confidential applications. For more information on Azure Managed CCF, see About Azure Managed Confidential Consortium Framework.
If you don't have an Azure subscription, create an Azure free account before you begin.
API reference documentation | Library source code | Package (Python Package Index) Management Library
- An Azure subscription - create one for free.
- Python versions supported by the Azure SDK for Python.
- OpenSSL on a computer running Windows or Linux.
- The minimum supported version of the Python package is 2.0.0b3.
This quickstart uses the Azure Identity library, along with Azure CLI or Azure PowerShell, to authenticate user to Azure Services. Developers can also use Visual Studio or Visual Studio Code to authenticate their calls. For more information, see Authenticate the client with Azure Identity client library.
Sign in to Azure using the Azure CLI az login command or the Azure PowerShell Connect-AzAccount cmdlet.
az login
If the CLI or PowerShell can open your default browser, it will do so and load an Azure sign-in page. Otherwise, visit https://aka.ms/devicelogin and enter the authorization code displayed in your terminal.
If prompted, sign in with your account credentials in the browser.
In a terminal or command prompt, create a suitable project folder, and then create and activate a Python virtual environment as described on Use Python virtual environments.
Install the Azure Active Directory identity client library:
pip install azure-identity
Install the Azure confidential ledger management plane client library. The minimum supported version is 2.0.0b3 or later.
pip install azure-mgmt-confidentialledger==2.0.0b3
A resource group is a logical container into which Azure resources are deployed and managed. Use the Azure PowerShell New-AzResourceGroup cmdlet to create a resource group named myResourceGroup in the southcentralus location.
New-AzResourceGroup -Name "myResourceGroup" -Location "SouthCentralUS"
The Azure Managed CCF resource type must be registered in the subscription before creating a resource.
az feature registration create --namespace Microsoft.ConfidentialLedger --name ManagedCCF
az provider register --namespace Microsoft.ConfidentialLedger
Generate a key pair for the member. After the following commands complete, the member's public key is saved in member0_cert.pem
and the private key is saved in member0_privk.pem
.
openssl ecparam -out "member0_privk.pem" -name "secp384r1" -genkey
openssl req -new -key "member0_privk.pem" -x509 -nodes -days 365 -out "member0_cert.pem" -"sha384" -subj=/CN="member0"
The management plane library (azure.mgmt.confidentialledger) allows operations on Managed CCF resources, such as creation and deletion, listing the resources associated with a subscription, and viewing the details of a specific resource. The following piece of code creates and views the properties of a Managed CCF resource.
from azure.identity import DefaultAzureCredential
# Import the Azure Managed CCF management plane library
from azure.mgmt.confidentialledger import ConfidentialLedger
import os
sub_id = "0000000-0000-0000-0000-000000000001"
client = ConfidentialLedger(credential=DefaultAzureCredential(), subscription_id=sub_id)
# ********** Create a Managed CCF app **********
app_properties = {
"location": "southcentralus",
"properties": {
"deploymentType": {
"appSourceUri": "",
"languageRuntime": "JS"
},
"memberIdentityCertificates": [ # Multiple members can be supplied
{
"certificate": "-----BEGIN CERTIFICATE-----\nMIIBvzC...f0ZoeNw==\n-----END CERTIFICATE-----",
"tags": { "owner": "ITAdmin1" }
}
],
"nodeCount": 3 # Maximum allowed value is 9
},
"tags": { "costcenter": "12345" }
}
result = client.managed_ccf.begin_create("myResourceGroup", "confidentialbillingapp", app_properties).result()
# ********** Retrieve the Managed CCF app details **********
confidential_billing_app = client.managed_ccf.get("myResourceGroup", "confidentialbillingapp")
# ********** Delete the Managed CCF app **********
result = client.managed_ccf.begin_delete("myResourceGroup", "confidentialbillingapp").result()
Other Managed CCF articles can build upon this quickstart. If you plan to continue on to work with subsequent quickstarts and tutorials, you might wish to leave these resources in place.
Otherwise, when you're finished with the resources created in this article, use the Azure CLI az group delete command to delete the resource group and all its contained resources.
az group delete --resource-group myResourceGroup
In this quickstart, you created a Managed CCF resource by using the Azure Python SDK for Confidential Ledger. To learn more about Azure Managed CCF and how to integrate it with your applications, continue on to these articles: