Cannot Access Azure Key Vault from Python script via 'os.environ["VAULT_URL]" - Key Error: "VAULT_URL"

Aidan Goldie 0 Reputation points
2024-05-09T15:45:41.14+00:00

I am having trouble accessing my Azure Key vault from my python script (debugging before deployment), the script cannot find the environment variable "VAULT_URL" even though I have set this in my environment variables on my Function App on Azure Portal.

All I need to do is retrieve secrets and use them later in the script, I am using this code as a direct copy/paste from this link to test Key vault connection and if it will work POST DEPLOYMENT https://github.com/Azure/azure-sdk-for-python/blob/main/sdk/keyvault/azure-keyvault-secrets/samples/hello_world.py#L37 :

app = func.FunctionApp()

the error it gives me is as follows

User's image

and here are my environment variables I want to access to be able to access my Key Vault both locally and after deployment

User's image

The error seems to surround the environment variable "VAULT_URL"

I have tried this code to retrieve secrets:

keyVaultName = "<keyVaultName>"
        KVUri = f"https://{keyVaultName}.vault.azure.net"

        credential = DefaultAzureCredential()
        client = SecretClient(vault_url=KVUri, credential=credential)

        #Salesforce Auth
        username = client.get_secret("username").value
        password = client.get_secret("password").value
        security_token = client.get_secret("security-token").value
        domain = client.get_secret("domain").value
        #SharePoint Auth
        sharepoint_username = client.get_secret("sharepoint-username").value
        sharepoint_password = client.get_secret("sharepoint-password").value
        sharepoint_clientID = client.get_secret("sharepoint-clientID").value
        sharepoint_clientSecret = client.get_secret("sharepoint-clientSecret").value
        sharepoint_tenantID = client.get_secret("sharepoint-tenantID").value
keyVaultName = 

Which worked locally, but when running remotely (after deployment), could not access the key vault, giving a 403 error, I have a managed instance which is assigned the role of Key Vault Administrator on my Key Vault but this did not work and so I decided it might have been something with my code that wasn't connecting to the key vault AFTER deployment

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,329 questions
Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
5,192 questions
{count} votes

1 answer

Sort by: Most helpful
  1. James Hamil 26,026 Reputation points Microsoft Employee
    2024-05-09T18:27:00.6433333+00:00

    Hi @Aidan Goldie Have you tried printing out the environment variables to see if "VAULT_URL" is actually set? You can do this by adding the following line of code to your script:

    import os 
    print(os.environ)
    

    This will print out all the environment variables that are currently set. If "VAULT_URL" is not listed, then it means that it has not been set correctly.

    If you have confirmed that "VAULT_URL" is set correctly, then you can access it in your script using the following code:

    import os 
    vault_url = os.environ["VAULT_URL"]
    

    This will retrieve the value of "VAULT_URL" from the environment variables and store it in the variable "vault_url".

    Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.