{ "schemaVersion": "1.0", "item": { "slug": "azure-keyvault-py", "name": "Azure Keyvault Py", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/thegovind/azure-keyvault-py", "canonicalUrl": "https://clawhub.ai/thegovind/azure-keyvault-py", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/azure-keyvault-py", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=azure-keyvault-py", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/azure-keyvault-py" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/azure-keyvault-py", "agentPageUrl": "https://openagent3.xyz/skills/azure-keyvault-py/agent", "manifestUrl": "https://openagent3.xyz/skills/azure-keyvault-py/agent.json", "briefUrl": "https://openagent3.xyz/skills/azure-keyvault-py/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Azure Key Vault SDK for Python", "body": "Secure storage and management for secrets, cryptographic keys, and certificates." }, { "title": "Installation", "body": "# Secrets\npip install azure-keyvault-secrets azure-identity\n\n# Keys (cryptographic operations)\npip install azure-keyvault-keys azure-identity\n\n# Certificates\npip install azure-keyvault-certificates azure-identity\n\n# All\npip install azure-keyvault-secrets azure-keyvault-keys azure-keyvault-certificates azure-identity" }, { "title": "Environment Variables", "body": "AZURE_KEYVAULT_URL=https://.vault.azure.net/" }, { "title": "SecretClient Setup", "body": "from azure.identity import DefaultAzureCredential\nfrom azure.keyvault.secrets import SecretClient\n\ncredential = DefaultAzureCredential()\nvault_url = \"https://.vault.azure.net/\"\n\nclient = SecretClient(vault_url=vault_url, credential=credential)" }, { "title": "Secret Operations", "body": "# Set secret\nsecret = client.set_secret(\"database-password\", \"super-secret-value\")\nprint(f\"Created: {secret.name}, version: {secret.properties.version}\")\n\n# Get secret\nsecret = client.get_secret(\"database-password\")\nprint(f\"Value: {secret.value}\")\n\n# Get specific version\nsecret = client.get_secret(\"database-password\", version=\"abc123\")\n\n# List secrets (names only, not values)\nfor secret_properties in client.list_properties_of_secrets():\n print(f\"Secret: {secret_properties.name}\")\n\n# List versions\nfor version in client.list_properties_of_secret_versions(\"database-password\"):\n print(f\"Version: {version.version}, Created: {version.created_on}\")\n\n# Delete secret (soft delete)\npoller = client.begin_delete_secret(\"database-password\")\ndeleted_secret = poller.result()\n\n# Purge (permanent delete, if soft-delete enabled)\nclient.purge_deleted_secret(\"database-password\")\n\n# Recover deleted secret\nclient.begin_recover_deleted_secret(\"database-password\").result()" }, { "title": "KeyClient Setup", "body": "from azure.identity import DefaultAzureCredential\nfrom azure.keyvault.keys import KeyClient\n\ncredential = DefaultAzureCredential()\nvault_url = \"https://.vault.azure.net/\"\n\nclient = KeyClient(vault_url=vault_url, credential=credential)" }, { "title": "Key Operations", "body": "from azure.keyvault.keys import KeyType\n\n# Create RSA key\nrsa_key = client.create_rsa_key(\"rsa-key\", size=2048)\n\n# Create EC key\nec_key = client.create_ec_key(\"ec-key\", curve=\"P-256\")\n\n# Get key\nkey = client.get_key(\"rsa-key\")\nprint(f\"Key type: {key.key_type}\")\n\n# List keys\nfor key_properties in client.list_properties_of_keys():\n print(f\"Key: {key_properties.name}\")\n\n# Delete key\npoller = client.begin_delete_key(\"rsa-key\")\ndeleted_key = poller.result()" }, { "title": "Cryptographic Operations", "body": "from azure.keyvault.keys.crypto import CryptographyClient, EncryptionAlgorithm\n\n# Get crypto client for a specific key\ncrypto_client = CryptographyClient(key, credential=credential)\n# Or from key ID\ncrypto_client = CryptographyClient(\n \"https://.vault.azure.net/keys//\",\n credential=credential\n)\n\n# Encrypt\nplaintext = b\"Hello, Key Vault!\"\nresult = crypto_client.encrypt(EncryptionAlgorithm.rsa_oaep, plaintext)\nciphertext = result.ciphertext\n\n# Decrypt\nresult = crypto_client.decrypt(EncryptionAlgorithm.rsa_oaep, ciphertext)\ndecrypted = result.plaintext\n\n# Sign\nfrom azure.keyvault.keys.crypto import SignatureAlgorithm\nimport hashlib\n\ndigest = hashlib.sha256(b\"data to sign\").digest()\nresult = crypto_client.sign(SignatureAlgorithm.rs256, digest)\nsignature = result.signature\n\n# Verify\nresult = crypto_client.verify(SignatureAlgorithm.rs256, digest, signature)\nprint(f\"Valid: {result.is_valid}\")" }, { "title": "CertificateClient Setup", "body": "from azure.identity import DefaultAzureCredential\nfrom azure.keyvault.certificates import CertificateClient, CertificatePolicy\n\ncredential = DefaultAzureCredential()\nvault_url = \"https://.vault.azure.net/\"\n\nclient = CertificateClient(vault_url=vault_url, credential=credential)" }, { "title": "Certificate Operations", "body": "# Create self-signed certificate\npolicy = CertificatePolicy.get_default()\npoller = client.begin_create_certificate(\"my-cert\", policy=policy)\ncertificate = poller.result()\n\n# Get certificate\ncertificate = client.get_certificate(\"my-cert\")\nprint(f\"Thumbprint: {certificate.properties.x509_thumbprint.hex()}\")\n\n# Get certificate with private key (as secret)\nfrom azure.keyvault.secrets import SecretClient\nsecret_client = SecretClient(vault_url=vault_url, credential=credential)\ncert_secret = secret_client.get_secret(\"my-cert\")\n# cert_secret.value contains PEM or PKCS12\n\n# List certificates\nfor cert in client.list_properties_of_certificates():\n print(f\"Certificate: {cert.name}\")\n\n# Delete certificate\npoller = client.begin_delete_certificate(\"my-cert\")\ndeleted = poller.result()" }, { "title": "Client Types Table", "body": "ClientPackagePurposeSecretClientazure-keyvault-secretsStore/retrieve secretsKeyClientazure-keyvault-keysManage cryptographic keysCryptographyClientazure-keyvault-keysEncrypt/decrypt/sign/verifyCertificateClientazure-keyvault-certificatesManage certificates" }, { "title": "Async Clients", "body": "from azure.identity.aio import DefaultAzureCredential\nfrom azure.keyvault.secrets.aio import SecretClient\n\nasync def get_secret():\n credential = DefaultAzureCredential()\n client = SecretClient(vault_url=vault_url, credential=credential)\n \n async with client:\n secret = await client.get_secret(\"my-secret\")\n print(secret.value)\n\nimport asyncio\nasyncio.run(get_secret())" }, { "title": "Error Handling", "body": "from azure.core.exceptions import ResourceNotFoundError, HttpResponseError\n\ntry:\n secret = client.get_secret(\"nonexistent\")\nexcept ResourceNotFoundError:\n print(\"Secret not found\")\nexcept HttpResponseError as e:\n if e.status_code == 403:\n print(\"Access denied - check RBAC permissions\")\n raise" }, { "title": "Best Practices", "body": "Use DefaultAzureCredential for authentication\nUse managed identity in Azure-hosted applications\nEnable soft-delete for recovery (enabled by default)\nUse RBAC over access policies for fine-grained control\nRotate secrets regularly using versioning\nUse Key Vault references in App Service/Functions config\nCache secrets appropriately to reduce API calls\nUse async clients for high-throughput scenarios" } ], "body": "Azure Key Vault SDK for Python\n\nSecure storage and management for secrets, cryptographic keys, and certificates.\n\nInstallation\n# Secrets\npip install azure-keyvault-secrets azure-identity\n\n# Keys (cryptographic operations)\npip install azure-keyvault-keys azure-identity\n\n# Certificates\npip install azure-keyvault-certificates azure-identity\n\n# All\npip install azure-keyvault-secrets azure-keyvault-keys azure-keyvault-certificates azure-identity\n\nEnvironment Variables\nAZURE_KEYVAULT_URL=https://.vault.azure.net/\n\nSecrets\nSecretClient Setup\nfrom azure.identity import DefaultAzureCredential\nfrom azure.keyvault.secrets import SecretClient\n\ncredential = DefaultAzureCredential()\nvault_url = \"https://.vault.azure.net/\"\n\nclient = SecretClient(vault_url=vault_url, credential=credential)\n\nSecret Operations\n# Set secret\nsecret = client.set_secret(\"database-password\", \"super-secret-value\")\nprint(f\"Created: {secret.name}, version: {secret.properties.version}\")\n\n# Get secret\nsecret = client.get_secret(\"database-password\")\nprint(f\"Value: {secret.value}\")\n\n# Get specific version\nsecret = client.get_secret(\"database-password\", version=\"abc123\")\n\n# List secrets (names only, not values)\nfor secret_properties in client.list_properties_of_secrets():\n print(f\"Secret: {secret_properties.name}\")\n\n# List versions\nfor version in client.list_properties_of_secret_versions(\"database-password\"):\n print(f\"Version: {version.version}, Created: {version.created_on}\")\n\n# Delete secret (soft delete)\npoller = client.begin_delete_secret(\"database-password\")\ndeleted_secret = poller.result()\n\n# Purge (permanent delete, if soft-delete enabled)\nclient.purge_deleted_secret(\"database-password\")\n\n# Recover deleted secret\nclient.begin_recover_deleted_secret(\"database-password\").result()\n\nKeys\nKeyClient Setup\nfrom azure.identity import DefaultAzureCredential\nfrom azure.keyvault.keys import KeyClient\n\ncredential = DefaultAzureCredential()\nvault_url = \"https://.vault.azure.net/\"\n\nclient = KeyClient(vault_url=vault_url, credential=credential)\n\nKey Operations\nfrom azure.keyvault.keys import KeyType\n\n# Create RSA key\nrsa_key = client.create_rsa_key(\"rsa-key\", size=2048)\n\n# Create EC key\nec_key = client.create_ec_key(\"ec-key\", curve=\"P-256\")\n\n# Get key\nkey = client.get_key(\"rsa-key\")\nprint(f\"Key type: {key.key_type}\")\n\n# List keys\nfor key_properties in client.list_properties_of_keys():\n print(f\"Key: {key_properties.name}\")\n\n# Delete key\npoller = client.begin_delete_key(\"rsa-key\")\ndeleted_key = poller.result()\n\nCryptographic Operations\nfrom azure.keyvault.keys.crypto import CryptographyClient, EncryptionAlgorithm\n\n# Get crypto client for a specific key\ncrypto_client = CryptographyClient(key, credential=credential)\n# Or from key ID\ncrypto_client = CryptographyClient(\n \"https://.vault.azure.net/keys//\",\n credential=credential\n)\n\n# Encrypt\nplaintext = b\"Hello, Key Vault!\"\nresult = crypto_client.encrypt(EncryptionAlgorithm.rsa_oaep, plaintext)\nciphertext = result.ciphertext\n\n# Decrypt\nresult = crypto_client.decrypt(EncryptionAlgorithm.rsa_oaep, ciphertext)\ndecrypted = result.plaintext\n\n# Sign\nfrom azure.keyvault.keys.crypto import SignatureAlgorithm\nimport hashlib\n\ndigest = hashlib.sha256(b\"data to sign\").digest()\nresult = crypto_client.sign(SignatureAlgorithm.rs256, digest)\nsignature = result.signature\n\n# Verify\nresult = crypto_client.verify(SignatureAlgorithm.rs256, digest, signature)\nprint(f\"Valid: {result.is_valid}\")\n\nCertificates\nCertificateClient Setup\nfrom azure.identity import DefaultAzureCredential\nfrom azure.keyvault.certificates import CertificateClient, CertificatePolicy\n\ncredential = DefaultAzureCredential()\nvault_url = \"https://.vault.azure.net/\"\n\nclient = CertificateClient(vault_url=vault_url, credential=credential)\n\nCertificate Operations\n# Create self-signed certificate\npolicy = CertificatePolicy.get_default()\npoller = client.begin_create_certificate(\"my-cert\", policy=policy)\ncertificate = poller.result()\n\n# Get certificate\ncertificate = client.get_certificate(\"my-cert\")\nprint(f\"Thumbprint: {certificate.properties.x509_thumbprint.hex()}\")\n\n# Get certificate with private key (as secret)\nfrom azure.keyvault.secrets import SecretClient\nsecret_client = SecretClient(vault_url=vault_url, credential=credential)\ncert_secret = secret_client.get_secret(\"my-cert\")\n# cert_secret.value contains PEM or PKCS12\n\n# List certificates\nfor cert in client.list_properties_of_certificates():\n print(f\"Certificate: {cert.name}\")\n\n# Delete certificate\npoller = client.begin_delete_certificate(\"my-cert\")\ndeleted = poller.result()\n\nClient Types Table\nClient\tPackage\tPurpose\nSecretClient\tazure-keyvault-secrets\tStore/retrieve secrets\nKeyClient\tazure-keyvault-keys\tManage cryptographic keys\nCryptographyClient\tazure-keyvault-keys\tEncrypt/decrypt/sign/verify\nCertificateClient\tazure-keyvault-certificates\tManage certificates\nAsync Clients\nfrom azure.identity.aio import DefaultAzureCredential\nfrom azure.keyvault.secrets.aio import SecretClient\n\nasync def get_secret():\n credential = DefaultAzureCredential()\n client = SecretClient(vault_url=vault_url, credential=credential)\n \n async with client:\n secret = await client.get_secret(\"my-secret\")\n print(secret.value)\n\nimport asyncio\nasyncio.run(get_secret())\n\nError Handling\nfrom azure.core.exceptions import ResourceNotFoundError, HttpResponseError\n\ntry:\n secret = client.get_secret(\"nonexistent\")\nexcept ResourceNotFoundError:\n print(\"Secret not found\")\nexcept HttpResponseError as e:\n if e.status_code == 403:\n print(\"Access denied - check RBAC permissions\")\n raise\n\nBest Practices\nUse DefaultAzureCredential for authentication\nUse managed identity in Azure-hosted applications\nEnable soft-delete for recovery (enabled by default)\nUse RBAC over access policies for fine-grained control\nRotate secrets regularly using versioning\nUse Key Vault references in App Service/Functions config\nCache secrets appropriately to reduce API calls\nUse async clients for high-throughput scenarios" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/thegovind/azure-keyvault-py", "publisherUrl": "https://clawhub.ai/thegovind/azure-keyvault-py", "owner": "thegovind", "version": "0.1.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/azure-keyvault-py", "downloadUrl": "https://openagent3.xyz/downloads/azure-keyvault-py", "agentUrl": "https://openagent3.xyz/skills/azure-keyvault-py/agent", "manifestUrl": "https://openagent3.xyz/skills/azure-keyvault-py/agent.json", "briefUrl": "https://openagent3.xyz/skills/azure-keyvault-py/agent.md" } }