Requesting secrets from Azure KeyVault in bulk using python

0
votes

Our application stores a lot of secrets in Azure KeyValut (dozens of secrets). Upon initiating the application we need to load all secrets into memory. Currently, we fetch secrets one by one. It works but takes an awful amount of time. I was wondering if there is a way to get many secrets at once or, maybe, batch multiple requests into a single HTTP request. azure.keyvault.secrets.SecretClient doesn't seem to provide any methods to achieve this.

There is a REST API method https://docs.microsoft.com/en-us/rest/api/keyvault/getsecrets/getsecrets#secretlistresult but it only enumerates secrets without giving me their values.

Any advice is appreciated.

1
pythonazure-keyvault
where do you deploy your application ? App services, kubernetes, vms ?Thomas

1 Answers

2
votes

Unfortunately, it's not possible to list the values of secrets in a single request.

We use list_properties_of_secrets to list the properties of all of the secrets in the client's vault in Python.

List items don’t include secret values. Use get_secret() to get a secret’s value.

secret = secret_client.get_secret("secret-name")

If your project that setting many secrets will take "hours", you might instead consider bundling multiple secrets (in some format like JSON, or whatever works for your application) together. Enumerating all of them to find a single one by a prefix, for example, will take a while and is still subject to service limitations. Refer to here.