import jsonfrom azure.common.credentials import ServicePrincipalCredentialsfro

1. import json
2. from azure.common.credentials import ServicePrincipalCredentials
3. from azure.mgmt.keyvault import KeyVaultManagementClient
4. from azure.mgmt.resource.resources import ResourceManagementClient
5. from haikunator import Haikunator
6.  
7. REGION = 'eastus'
8. GROUP_NAME = 'azure-group-name'
9. KV_NAME = 'vault-name'
10. OBJECT_ID = '00000000-0000-0000-0000-000000000000'
11.  
12. subscription_id = os.environ['AZURE_SUBSCRIPTION_ID']
13.  
14. credentials = ServicePrincipalCredentials(
15. client_id=os.environ['AZURE_CLIENT_ID'],
16. secret=os.environ['AZURE_CLIENT_SECRET'],
17. tenant=os.environ['AZURE_TENANT_ID']
18. )
19. kv_client = KeyVaultManagementClient(credentials, subscription_id)
20. resource_client = ResourceManagementClient(credentials, subscription_id)
21.  
22. # You MIGHT need to add KeyVault as a valid provider for these credentials
23. # If so, this operation has to be done only once for each credentials
24. resource_client.providers.register('Microsoft.KeyVault')
25.  
26. # Create Resource group
27. resource_group_params = {'location': REGION}
28. print_item(resource_client.resource_groups.create_or_update(
29. GROUP_NAME, resource_group_params))
30.  
31. # Create a vault
32. print('\nCreate a vault')
33. vault = kv_client.vaults.create_or_update(
34. GROUP_NAME,
35. KV_NAME,
36. {
37. 'location': REGION,
38. 'properties': {
39. 'sku': {
40. 'name': 'standard'
41. },
42. 'tenant_id': os.environ['AZURE_TENANT_ID'],
43. 'access_policies': [{
44. 'tenant_id': os.environ['AZURE_TENANT_ID'],
45. 'object_id': OBJECT_ID,
46. 'permissions': {
47. 'keys': ['all'],
48. 'secrets': ['all']
49. }
50. }]
51. }
52. }
53. )