Keyvault Class
Manages secrets stored in the Azure Key Vault associated with an Azure Machine Learning workspace.
Each Azure Machine Learning workspace has an associated Azure Key Vault. The Keyvault class is a simplified wrapper of the Azure Key Vault that allows you to manage secrets in the key vault including setting, retrieving, deleting, and listing secrets. Use the Keyvault class to pass secrets to remote runs securely without exposing sensitive information in cleartext.
For more information, see Using secrets in training runs.
Class Keyvault constructor.
- Inheritance
-
builtins.objectKeyvault
Constructor
Keyvault(workspace)Parameters
Remarks
In submitted runs on local and remote compute, you can use the get_secret method of the Run instance to get the secret value from Key Vault. To get multiple secrets, use the get_secrets method of the Run instance.
These Run methods gives you a simple shortcut because the Run instance is aware of its Workspace and Keyvault, and can directly obtain the secret without the need to instantiate the Workspace and Keyvault within the remote run.
The following example shows how to access the default key vault associated with a workspace and set a secret.
import uuid
local_secret = os.environ.get("LOCAL_SECRET", default = str(uuid.uuid4())) # Use random UUID as a substitute for real secret.
keyvault = ws.get_default_keyvault()
keyvault.set_secret(name="secret-name", value = local_secret)
Full sample is available from https://github.com/Azure/MachineLearningNotebooks/blob/master/how-to-use-azureml/manage-azureml-service/authentication-in-azureml/authentication-in-azureml.ipynb
Methods
| delete_secret |
Delete the secret with the specified name. |
| delete_secrets |
Delete a list of secrets from the Azure Key Vault associated with the workspace. |
| get_secret |
Return the secret value for a given secret name. |
| get_secret_content_type |
Return the secret's content type for a given secret name. |
| get_secrets |
Return the secret values for a given list of secret names. |
| list_secrets |
Return the list of secret names from the Azure Key Vault associated with the workspace. This method does not return the secret values. |
| set_secret |
Add a secret to the Azure Key Vault associated with the workspace. |
| set_secrets |
Add the dictionary of secrets to the Azure Key Vault associated with the workspace. |
delete_secret
Delete the secret with the specified name.
delete_secret(name)Parameters
Return type
delete_secrets
Delete a list of secrets from the Azure Key Vault associated with the workspace.
delete_secrets(secrets)Parameters
- secrets
Return type
get_secret
Return the secret value for a given secret name.
get_secret(name)Parameters
Returns
The secret value for a specified secret name.
Return type
get_secret_content_type
Return the secret's content type for a given secret name.
get_secret_content_type(name)Parameters
Returns
The secret content type for a specified secret name.
Return type
get_secrets
Return the secret values for a given list of secret names.
get_secrets(secrets)Parameters
Returns
A dictionary of found and not found secrets.
Return type
list_secrets
Return the list of secret names from the Azure Key Vault associated with the workspace.
This method does not return the secret values.
list_secrets()Returns
A list of dictionary of secret names with format {name : "secretName"}
Return type
set_secret
Add a secret to the Azure Key Vault associated with the workspace.
set_secret(name, value, content_type=KeyVaultContentType.not_provided)Parameters
- value
- <xref:azureml.core.azureml._restclient.models.KeyVaultContentType>
The value of the secret to add.
- value
The content type of the secret to add.
- content_type
Return type
set_secrets
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for