Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,142 questions
Cannot Access Azure Key Vault from Python script via 'os.environ["VAULT_URL]" - Key Error: "VAULT_URL"
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 53%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAG%3C/text%3E%3C/svg%3E)
Aidan Goldie
0
Reputation points
I am having trouble accessing my Azure Key vault from my python script (debugging before deployment), the script cannot find the environment variable "VAULT_URL" even though I have set this in my environment variables on my Function App on Azure Portal.
All I need to do is retrieve secrets and use them later in the script, I am using this code as a direct copy/paste from this link to test Key vault connection and if it will work POST DEPLOYMENT https://github.com/Azure/azure-sdk-for-python/blob/main/sdk/keyvault/azure-keyvault-secrets/samples/hello_world.py#L37 :
app = func.FunctionApp()
the error it gives me is as follows
and here are my environment variables I want to access to be able to access my Key Vault both locally and after deployment
The error seems to surround the environment variable "VAULT_URL"
I have tried this code to retrieve secrets:
keyVaultName = "<keyVaultName>"
KVUri = f"https://{keyVaultName}.vault.azure.net"
credential = DefaultAzureCredential()
client = SecretClient(vault_url=KVUri, credential=credential)
#Salesforce Auth
username = client.get_secret("username").value
password = client.get_secret("password").value
security_token = client.get_secret("security-token").value
domain = client.get_secret("domain").value
#SharePoint Auth
sharepoint_username = client.get_secret("sharepoint-username").value
sharepoint_password = client.get_secret("sharepoint-password").value
sharepoint_clientID = client.get_secret("sharepoint-clientID").value
sharepoint_clientSecret = client.get_secret("sharepoint-clientSecret").value
sharepoint_tenantID = client.get_secret("sharepoint-tenantID").value
keyVaultName =
Which worked locally, but when running remotely (after deployment), could not access the key vault, giving a 403 error, I have a managed instance which is assigned the role of Key Vault Administrator on my Key Vault but this did not work and so I decided it might have been something with my code that wasn't connecting to the key vault AFTER deployment
{count} votes
-
James Hamil 22,186 Reputation points Microsoft Employee2024-05-09T18:27:00.6433333+00:00 Hi @Aidan Goldie Have you tried printing out the environment variables to see if "VAULT_URL" is actually set? You can do this by adding the following line of code to your script:
import os print(os.environ)This will print out all the environment variables that are currently set. If "VAULT_URL" is not listed, then it means that it has not been set correctly.
If you have confirmed that "VAULT_URL" is set correctly, then you can access it in your script using the following code:
import os vault_url = os.environ["VAULT_URL"]This will retrieve the value of "VAULT_URL" from the environment variables and store it in the variable "vault_url".
Please let me know and I can help you further.
Best,
James
Sign in to comment