{"id":"1055f558-8ee8-43a9-b6be-bb6d01687603","shortId":"jZLPnY","kind":"skill","title":"azure-keyvault-py","tagline":"Azure Key Vault SDK for Python. Use for secrets, keys, and certificates management with secure storage.","description":"# Azure Key Vault SDK for Python\n\nSecure storage and management for secrets, cryptographic keys, and certificates.\n\n## Installation\n\n```bash\n# Secrets\npip install azure-keyvault-secrets azure-identity\n\n# Keys (cryptographic operations)\npip install azure-keyvault-keys azure-identity\n\n# Certificates\npip install azure-keyvault-certificates azure-identity\n\n# All\npip install azure-keyvault-secrets azure-keyvault-keys azure-keyvault-certificates azure-identity\n```\n\n## Environment Variables\n\n```bash\nAZURE_KEYVAULT_URL=https://.vault.azure.net/\n```\n\n## Secrets\n\n### SecretClient Setup\n\n```python\nfrom azure.identity import DefaultAzureCredential\nfrom azure.keyvault.secrets import SecretClient\n\ncredential = DefaultAzureCredential()\nvault_url = \"https://.vault.azure.net/\"\n\nclient = SecretClient(vault_url=vault_url, credential=credential)\n```\n\n### Secret Operations\n\n```python\n# Set secret\nsecret = client.set_secret(\"database-password\", \"super-secret-value\")\nprint(f\"Created: {secret.name}, version: {secret.properties.version}\")\n\n# Get secret\nsecret = client.get_secret(\"database-password\")\nprint(f\"Value: {secret.value}\")\n\n# Get specific version\nsecret = client.get_secret(\"database-password\", version=\"abc123\")\n\n# List secrets (names only, not values)\nfor secret_properties in client.list_properties_of_secrets():\n print(f\"Secret: {secret_properties.name}\")\n\n# List versions\nfor version in client.list_properties_of_secret_versions(\"database-password\"):\n print(f\"Version: {version.version}, Created: {version.created_on}\")\n\n# Delete secret (soft delete)\npoller = client.begin_delete_secret(\"database-password\")\ndeleted_secret = poller.result()\n\n# Purge (permanent delete, if soft-delete enabled)\nclient.purge_deleted_secret(\"database-password\")\n\n# Recover deleted secret\nclient.begin_recover_deleted_secret(\"database-password\").result()\n```\n\n## Keys\n\n### KeyClient Setup\n\n```python\nfrom azure.identity import DefaultAzureCredential\nfrom azure.keyvault.keys import KeyClient\n\ncredential = DefaultAzureCredential()\nvault_url = \"https://.vault.azure.net/\"\n\nclient = KeyClient(vault_url=vault_url, credential=credential)\n```\n\n### Key Operations\n\n```python\nfrom azure.keyvault.keys import KeyType\n\n# Create RSA key\nrsa_key = client.create_rsa_key(\"rsa-key\", size=2048)\n\n# Create EC key\nec_key = client.create_ec_key(\"ec-key\", curve=\"P-256\")\n\n# Get key\nkey = client.get_key(\"rsa-key\")\nprint(f\"Key type: {key.key_type}\")\n\n# List keys\nfor key_properties in client.list_properties_of_keys():\n print(f\"Key: {key_properties.name}\")\n\n# Delete key\npoller = client.begin_delete_key(\"rsa-key\")\ndeleted_key = poller.result()\n```\n\n### Cryptographic Operations\n\n```python\nfrom azure.keyvault.keys.crypto import CryptographyClient, EncryptionAlgorithm\n\n# Get crypto client for a specific key\ncrypto_client = CryptographyClient(key, credential=credential)\n# Or from key ID\ncrypto_client = CryptographyClient(\n \"https://.vault.azure.net/keys//\",\n credential=credential\n)\n\n# Encrypt\nplaintext = b\"Hello, Key Vault!\"\nresult = crypto_client.encrypt(EncryptionAlgorithm.rsa_oaep, plaintext)\nciphertext = result.ciphertext\n\n# Decrypt\nresult = crypto_client.decrypt(EncryptionAlgorithm.rsa_oaep, ciphertext)\ndecrypted = result.plaintext\n\n# Sign\nfrom azure.keyvault.keys.crypto import SignatureAlgorithm\nimport hashlib\n\ndigest = hashlib.sha256(b\"data to sign\").digest()\nresult = crypto_client.sign(SignatureAlgorithm.rs256, digest)\nsignature = result.signature\n\n# Verify\nresult = crypto_client.verify(SignatureAlgorithm.rs256, digest, signature)\nprint(f\"Valid: {result.is_valid}\")\n```\n\n## Certificates\n\n### CertificateClient Setup\n\n```python\nfrom azure.identity import DefaultAzureCredential\nfrom azure.keyvault.certificates import CertificateClient, CertificatePolicy\n\ncredential = DefaultAzureCredential()\nvault_url = \"https://.vault.azure.net/\"\n\nclient = CertificateClient(vault_url=vault_url, credential=credential)\n```\n\n### Certificate Operations\n\n```python\n# Create self-signed certificate\npolicy = CertificatePolicy.get_default()\npoller = client.begin_create_certificate(\"my-cert\", policy=policy)\ncertificate = poller.result()\n\n# Get certificate\ncertificate = client.get_certificate(\"my-cert\")\nprint(f\"Thumbprint: {certificate.properties.x509_thumbprint.hex()}\")\n\n# Get certificate with private key (as secret)\nfrom azure.keyvault.secrets import SecretClient\nsecret_client = SecretClient(vault_url=vault_url, credential=credential)\ncert_secret = secret_client.get_secret(\"my-cert\")\n# cert_secret.value contains PEM or PKCS12\n\n# List certificates\nfor cert in client.list_properties_of_certificates():\n print(f\"Certificate: {cert.name}\")\n\n# Delete certificate\npoller = client.begin_delete_certificate(\"my-cert\")\ndeleted = poller.result()\n```\n\n## Client Types Table\n\n| Client | Package | Purpose |\n|--------|---------|---------|\n| `SecretClient` | `azure-keyvault-secrets` | Store/retrieve secrets |\n| `KeyClient` | `azure-keyvault-keys` | Manage cryptographic keys |\n| `CryptographyClient` | `azure-keyvault-keys` | Encrypt/decrypt/sign/verify |\n| `CertificateClient` | `azure-keyvault-certificates` | Manage certificates |\n\n## Async Clients\n\n```python\nfrom azure.identity.aio import DefaultAzureCredential\nfrom azure.keyvault.secrets.aio import SecretClient\n\nasync def get_secret():\n credential = DefaultAzureCredential()\n client = SecretClient(vault_url=vault_url, credential=credential)\n \n async with client:\n secret = await client.get_secret(\"my-secret\")\n print(secret.value)\n\nimport asyncio\nasyncio.run(get_secret())\n```\n\n## Error Handling\n\n```python\nfrom azure.core.exceptions import ResourceNotFoundError, HttpResponseError\n\ntry:\n secret = client.get_secret(\"nonexistent\")\nexcept ResourceNotFoundError:\n print(\"Secret not found\")\nexcept HttpResponseError as e:\n if e.status_code == 403:\n print(\"Access denied - check RBAC permissions\")\n raise\n```\n\n## Best Practices\n\n1. **Use DefaultAzureCredential** for authentication\n2. **Use managed identity** in Azure-hosted applications\n3. **Enable soft-delete** for recovery (enabled by default)\n4. **Use RBAC** over access policies for fine-grained control\n5. **Rotate secrets** regularly using versioning\n6. **Use Key Vault references** in App Service/Functions config\n7. **Cache secrets** appropriately to reduce API calls\n8. **Use async clients** for high-throughput scenarios\n\n## When to Use\nThis skill is applicable to execute the workflow or actions described in the overview.\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.","tags":["azure","keyvault","antigravity","awesome","skills","sickn33","agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding","ai-workflows"],"capabilities":["skill","source-sickn33","skill-azure-keyvault-py","topic-agent-skills","topic-agentic-skills","topic-ai-agent-skills","topic-ai-agents","topic-ai-coding","topic-ai-workflows","topic-antigravity","topic-antigravity-skills","topic-claude-code","topic-claude-code-skills","topic-codex-cli","topic-codex-skills"],"categories":["antigravity-awesome-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/sickn33/antigravity-awesome-skills/azure-keyvault-py","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add sickn33/antigravity-awesome-skills","source_repo":"https://github.com/sickn33/antigravity-awesome-skills","install_from":"skills.sh"}},"qualityScore":"0.700","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 34928 github stars · SKILL.md body (6,867 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-04-24T18:50:31.270Z","embedding":null,"createdAt":"2026-04-18T21:32:35.778Z","updatedAt":"2026-04-24T18:50:31.270Z","lastSeenAt":"2026-04-24T18:50:31.270Z","tsv":"'-256':300 '/keys/':371 '1':654 '2':659 '2048':286 '3':668 '4':678 '403':644 '5':689 '6':695 '7':704 '8':712 'abc123':164 'access':646,682 'action':733 'api':710 'app':701 'applic':667,727 'appropri':707 'ask':771 'async':576,587,601,714 'asyncio':614 'asyncio.run':615 'authent':658 'await':605 'azur':2,5,21,43,47,55,59,65,69,75,79,83,87,92,550,557,565,571,665 'azure-host':664 'azure-ident':46,58,68,86 'azure-keyvault-certif':64,82,570 'azure-keyvault-key':54,78,556,564 'azure-keyvault-pi':1 'azure-keyvault-secret':42,74,549 'azure.core.exceptions':622 'azure.identity':101,247,431 'azure.identity.aio':580 'azure.keyvault.certificates':435 'azure.keyvault.keys':251,271 'azure.keyvault.keys.crypto':345,397 'azure.keyvault.secrets':105,494 'azure.keyvault.secrets.aio':584 'b':376,404 'bash':38,91 'best':652 'boundari':779 'cach':705 'call':711 'cert':469,481,506,512,521,539 'cert.name':530 'cert_secret.value':513 'certif':16,36,61,67,85,426,452,459,466,472,475,476,478,487,519,526,529,532,536,573,575 'certificate.properties.x509_thumbprint.hex':485 'certificatecli':427,437,445,569 'certificatepolici':438 'certificatepolicy.get':461 'check':648 'ciphertext':385,392 'clarif':773 'clear':746 'client':113,259,351,357,367,444,498,542,545,577,593,603,715 'client.begin':208,234,332,464,534 'client.create':279,292 'client.get':145,158,304,477,606,628 'client.list':175,188,321,523 'client.purge':225 'client.set':127 'code':643 'config':703 'contain':514 'control':688 'creat':138,200,274,287,455,465 'credenti':108,119,120,254,265,266,360,361,372,373,439,450,451,504,505,591,599,600 'criteria':782 'crypto':350,356,366 'crypto_client.decrypt':389 'crypto_client.encrypt':381 'crypto_client.sign':410 'crypto_client.verify':417 'cryptograph':33,50,341,561 'cryptographycli':347,358,368,563 'curv':298 'data':405 'databas':130,148,161,194,212,229,239 'database-password':129,147,160,193,211,228,238 'decrypt':387,393 'def':588 'default':462,677 'defaultazurecredenti':103,109,249,255,433,440,582,592,656 'delet':203,206,209,214,219,223,226,232,236,329,333,338,531,535,540,672 'deni':647 'describ':734,750 'digest':402,408,412,419 'e':640 'e.status':642 'ec':288,290,293,296 'ec-key':295 'enabl':224,669,675 'encrypt':374 'encrypt/decrypt/sign/verify':568 'encryptionalgorithm':348 'encryptionalgorithm.rsa':382,390 'environ':89,762 'environment-specif':761 'error':618 'except':631,637 'execut':729 'expert':767 'f':137,151,180,197,310,326,422,483,528 'fine':686 'fine-grain':685 'found':636 'get':142,154,301,349,474,486,589,616 'grain':687 'handl':619 'hashlib':401 'hashlib.sha256':403 'hello':377 'high':718 'high-throughput':717 'host':666 'httpresponseerror':625,638 'id':365 'ident':48,60,70,88,662 'import':102,106,248,252,272,346,398,400,432,436,495,581,585,613,623 'input':776 'instal':37,41,53,63,73 'key':6,14,22,34,49,57,81,242,267,276,278,281,284,289,291,294,297,302,303,305,308,311,316,318,324,327,330,334,337,339,355,359,364,378,490,559,562,567,697 'key.key':313 'key_properties.name':328 'keyclient':243,253,260,555 'keytyp':273 'keyvault':3,44,56,66,76,80,84,93,551,558,566,572 'limit':738 'list':165,183,315,518 'manag':17,30,560,574,661 'match':747 'miss':784 'my-cert':467,479,510,537 'my-secret':608 'name':167 'nonexist':630 'oaep':383,391 'oper':51,122,268,342,453 'output':756 'overview':737 'p':299 'packag':546 'password':131,149,162,195,213,230,240 'pem':515 'perman':218 'permiss':650,777 'pip':40,52,62,72 'pkcs12':517 'plaintext':375,384 'polici':460,470,471,683 'poller':207,331,463,533 'poller.result':216,340,473,541 'practic':653 'print':136,150,179,196,309,325,421,482,527,611,633,645 'privat':489 'properti':173,176,189,319,322,524 'purg':217 'purpos':547 'py':4 'python':10,26,99,123,245,269,343,429,454,578,620 'rais':651 'rbac':649,680 'recov':231,235 'recoveri':674 'reduc':709 'refer':699 'regular':692 'requir':775 'resourcenotfounderror':624,632 'result':241,380,388,409,416 'result.ciphertext':386 'result.is':424 'result.plaintext':394 'result.signature':414 'review':768 'rotat':690 'rsa':275,277,280,283,307,336 'rsa-key':282,306,335 'safeti':778 'scenario':720 'scope':749 'sdk':8,24 'secret':13,32,39,45,77,96,121,125,126,128,134,143,144,146,157,159,166,172,178,181,191,204,210,215,227,233,237,492,497,507,509,552,554,590,604,607,610,617,627,629,634,691,706 'secret.name':139 'secret.properties.version':141 'secret.value':153,612 'secret_client.get':508 'secret_properties.name':182 'secretcli':97,107,114,496,499,548,586,594 'secur':19,27 'self':457 'self-sign':456 'service/functions':702 'set':124 'setup':98,244,428 'sign':395,407,458 'signatur':413,420 'signaturealgorithm':399 'signaturealgorithm.rs256':411,418 'size':285 'skill':725,741 'skill-azure-keyvault-py' 'soft':205,222,671 'soft-delet':221,670 'source-sickn33' 'specif':155,354,763 'stop':769 'storag':20,28 'store/retrieve':553 'substitut':759 'success':781 'super':133 'super-secret-valu':132 'tabl':544 'task':745 'test':765 'throughput':719 'thumbprint':484 'topic-agent-skills' 'topic-agentic-skills' 'topic-ai-agent-skills' 'topic-ai-agents' 'topic-ai-coding' 'topic-ai-workflows' 'topic-antigravity' 'topic-antigravity-skills' 'topic-claude-code' 'topic-claude-code-skills' 'topic-codex-cli' 'topic-codex-skills' 'treat':754 'tri':626 'type':312,314,543 'url':94,111,116,118,257,262,264,442,447,449,501,503,596,598 'use':11,655,660,679,693,696,713,723,739 'valid':423,425,764 'valu':135,152,170 'variabl':90 'vault':7,23,110,115,117,256,261,263,379,441,446,448,500,502,595,597,698 'vault.azure.net':95,112,258,370,443 'vault.azure.net/keys/':369 'verifi':415 'version':140,156,163,184,186,192,198,694 'version.created':201 'version.version':199 'workflow':731","prices":[{"id":"01876bce-24af-4737-9912-848393136ae7","listingId":"1055f558-8ee8-43a9-b6be-bb6d01687603","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"sickn33","category":"antigravity-awesome-skills","install_from":"skills.sh"},"createdAt":"2026-04-18T21:32:35.778Z"}],"sources":[{"listingId":"1055f558-8ee8-43a9-b6be-bb6d01687603","source":"github","sourceId":"sickn33/antigravity-awesome-skills/azure-keyvault-py","sourceUrl":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/azure-keyvault-py","isPrimary":false,"firstSeenAt":"2026-04-18T21:32:35.778Z","lastSeenAt":"2026-04-24T18:50:31.270Z"}],"details":{"listingId":"1055f558-8ee8-43a9-b6be-bb6d01687603","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"sickn33","slug":"azure-keyvault-py","github":{"repo":"sickn33/antigravity-awesome-skills","stars":34928,"topics":["agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding","ai-workflows","antigravity","antigravity-skills","claude-code","claude-code-skills","codex-cli","codex-skills","cursor","cursor-skills","developer-tools","gemini-cli","gemini-skills","kiro","mcp","skill-library"],"license":"mit","html_url":"https://github.com/sickn33/antigravity-awesome-skills","pushed_at":"2026-04-24T06:41:17Z","description":"Installable GitHub library of 1,400+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections.","skill_md_sha":"37885e3952e97b227fcf497d2777b72a1ad16eb1","skill_md_path":"skills/azure-keyvault-py/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/azure-keyvault-py"},"layout":"multi","source":"github","category":"antigravity-awesome-skills","frontmatter":{"name":"azure-keyvault-py","description":"Azure Key Vault SDK for Python. Use for secrets, keys, and certificates management with secure storage."},"skills_sh_url":"https://skills.sh/sickn33/antigravity-awesome-skills/azure-keyvault-py"},"updatedAt":"2026-04-24T18:50:31.270Z"}}