# Testing access to a Key vault secret

This notebook demonstrates how to access a secret stored in Azure Key Vault using the Azure SDK for Python.

Install the Microsoft Entra identity library and Key Vault secrets library:

In [8]:
%pip install azure-identity 
%pip install azure-keyvault-secrets

Note: you may need to restart the kernel to use updated packages.
Collecting azure-keyvault-secrets
  Downloading azure_keyvault_secrets-4.10.0-py3-none-any.whl.metadata (18 kB)
Downloading azure_keyvault_secrets-4.10.0-py3-none-any.whl (125 kB)
Installing collected packages: azure-keyvault-secrets
Successfully installed azure-keyvault-secrets-4.10.0
Note: you may need to restart the kernel to use updated packages.


You will need get the Key Vault URI and the secret name. You can get these values from the Azure portal or using Terraform outputs as shown below:

In [16]:
import os

os.environ["NO_PROXY"] = "*"

# Capture terraform output into a Python variable (string)
keyvault_uri = ! terraform output -raw keyvault_uri
keyvault_uri = keyvault_uri.n

print("keyvault_uri:", keyvault_uri)

keyvault_secret_name = ! terraform output -raw keyvault_secret_name
keyvault_secret_name = keyvault_secret_name.n

print("keyvault_secret_name:", keyvault_secret_name)

keyvault_uri: https://keyvault270-dev.vault.azure.net/
keyvault_secret_name: secret-password


Now you can use the following code to access the secret:

In [17]:
from azure.keyvault.secrets import SecretClient
from azure.identity import DefaultAzureCredential

credential = DefaultAzureCredential()
client = SecretClient(vault_url=keyvault_uri, credential=credential)

print(f"Retrieving your secret {keyvault_secret_name} from {keyvault_uri}...")

retrieved_secret = client.get_secret(keyvault_secret_name)

print(f"Your secret is '{retrieved_secret.value}'.")

Retrieving your secret secret-password from https://keyvault270-dev.vault.azure.net/...
Your secret is '@Aa123456789'.
