Key Vault Secrets¶

Setup¶

Inside Fabric¶

from fabias.integrations import keyvault

# Only vault_url needed - auth is automatic
keyvault.client(vault_url="https://my-vault.vault.azure.net/")

Standalone¶

from fabias.integrations import keyvault
from fabias import ServicePrincipalAuth

auth = ServicePrincipalAuth(
    tenant_id="your-tenant-id",
    client_id="your-client-id",
    client_secret="your-client-secret"
)

keyvault.client(
    vault_url="https://my-vault.vault.azure.net/",
    auth=auth
)

Getting Secrets¶

from fabias.integrations import keyvault

keyvault.client(vault_url="https://my-vault.vault.azure.net/")

# Get a secret
password = keyvault.get("database-password")
api_key = keyvault.get("external-api-key")

Setting Secrets¶

from fabias.integrations import keyvault

keyvault.client(vault_url="https://my-vault.vault.azure.net/", auth=auth)

# Set a secret
keyvault.set("new-secret", "secret-value")

Note

Setting secrets requires the service principal to have Key Vault Secrets Officer role.

Listing Secrets¶

from fabias.integrations import keyvault

keyvault.client(vault_url="https://my-vault.vault.azure.net/")

for secret in keyvault.list():
    print(secret['id'])

Using Secrets for Authentication¶

A common pattern is loading credentials from Key Vault:

import fabias
from fabias import ServicePrincipalAuth
from fabias.integrations import keyvault

# Inside Fabric, use notebookutils for Key Vault
keyvault.client(vault_url="https://my-vault.vault.azure.net/")

# Build auth from secrets
auth = ServicePrincipalAuth(
    tenant_id="your-tenant-id",
    client_id=keyvault.get("fabric-client-id"),
    client_secret=keyvault.get("fabric-client-secret")
)

# Use for Fabric
fabias.client(auth=auth)

Module Functions¶

Function	Description
`client(vault_url, auth=None)`	Configure the client
`get(key)`	Get a secret value
`set(key, value)`	Set a secret value
`list()`	List all secrets
`vault()`	Get configured vault URL
`reset()`	Clear the configured client