Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import json
- from azure.common.credentials import ServicePrincipalCredentials
- from azure.mgmt.keyvault import KeyVaultManagementClient
- from azure.mgmt.resource.resources import ResourceManagementClient
- from haikunator import Haikunator
- REGION = 'eastus'
- GROUP_NAME = 'azure-group-name'
- KV_NAME = 'vault-name'
- OBJECT_ID = '00000000-0000-0000-0000-000000000000'
- subscription_id = os.environ['AZURE_SUBSCRIPTION_ID']
- credentials = ServicePrincipalCredentials(
- client_id=os.environ['AZURE_CLIENT_ID'],
- secret=os.environ['AZURE_CLIENT_SECRET'],
- tenant=os.environ['AZURE_TENANT_ID']
- )
- kv_client = KeyVaultManagementClient(credentials, subscription_id)
- resource_client = ResourceManagementClient(credentials, subscription_id)
- # You MIGHT need to add KeyVault as a valid provider for these credentials
- # If so, this operation has to be done only once for each credentials
- resource_client.providers.register('Microsoft.KeyVault')
- # Create Resource group
- resource_group_params = {'location': REGION}
- print_item(resource_client.resource_groups.create_or_update(
- GROUP_NAME, resource_group_params))
- # Create a vault
- print('\nCreate a vault')
- vault = kv_client.vaults.create_or_update(
- GROUP_NAME,
- KV_NAME,
- {
- 'location': REGION,
- 'properties': {
- 'sku': {
- 'name': 'standard'
- },
- 'tenant_id': os.environ['AZURE_TENANT_ID'],
- 'access_policies': [{
- 'tenant_id': os.environ['AZURE_TENANT_ID'],
- 'object_id': OBJECT_ID,
- 'permissions': {
- 'keys': ['all'],
- 'secrets': ['all']
- }
- }]
- }
- }
- )
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement