atlefren · December 3, 2018 11:49
diff --git a/get_secret.py b/get_secret.py
 import sys
 import os
 from msrest.exceptions import ClientRequestError
 from azure.keyvault import KeyVaultClient, KeyVaultAuthentication
 from azure.common.credentials import ServicePrincipalCredentials


 def get_kv_client(client_id, client_secret, tenant):

    credentials = None

    def auth_callback(server, resource, scope):
        credentials = ServicePrincipalCredentials(
            client_id = client_id,
            secret = client_secret,
            tenant = tenant,
            resource = "https://vault.azure.net"
        )
        token = credentials.token
        return token['token_type'], token['access_token']

    client = KeyVaultClient(KeyVaultAuthentication(auth_callback))
    return client


 def get_secret(client, vault_id, secret_id):

    url = 'https://%s.vault.azure.net/' % vault_id

    try:
        version = max(client.get_secret_versions(url, secret_id), key=lambda x:x.attributes.updated)

        version_id = version.id.split('/')[-1]

        secret_bundle = client.get_secret(url, secret_id, version_id)
        return secret_bundle.value
    except ClientRequestError:
        return None


 if __name__ == '__main__':

    vault_id = sys.argv[1]
    secret_name = sys.argv[2]
    client_id = os.environ.get('CLIENT_ID', None)
    client_secret = os.environ.get('CLIENT_SECRET', None)
    tenant = os.environ.get('TENANT', None)

    kv_client = get_kv_client(client_id, client_secret, tenant)
    print('secret: %s' % get_secret(kv_client, vault_id, secret_name))
	import sys
	import os
	from msrest.exceptions import ClientRequestError
	from azure.keyvault import KeyVaultClient, KeyVaultAuthentication
	from azure.common.credentials import ServicePrincipalCredentials


	def get_kv_client(client_id, client_secret, tenant):

	credentials = None

	def auth_callback(server, resource, scope):
	credentials = ServicePrincipalCredentials(
	client_id = client_id,
	secret = client_secret,
	tenant = tenant,
	resource = "https://vault.azure.net"
	)
	token = credentials.token
	return token['token_type'], token['access_token']

	client = KeyVaultClient(KeyVaultAuthentication(auth_callback))
	return client


	def get_secret(client, vault_id, secret_id):

	url = 'https://%s.vault.azure.net/' % vault_id

	try:
	version = max(client.get_secret_versions(url, secret_id), key=lambda x:x.attributes.updated)

	version_id = version.id.split('/')[-1]

	secret_bundle = client.get_secret(url, secret_id, version_id)
	return secret_bundle.value
	except ClientRequestError:
	return None


	if __name__ == '__main__':

	vault_id = sys.argv[1]
	secret_name = sys.argv[2]
	client_id = os.environ.get('CLIENT_ID', None)
	client_secret = os.environ.get('CLIENT_SECRET', None)
	tenant = os.environ.get('TENANT', None)

	kv_client = get_kv_client(client_id, client_secret, tenant)
	print('secret: %s' % get_secret(kv_client, vault_id, secret_name))