# azure-keyvault-secrets

> Microsoft Corporation Key Vault Secrets Client Library for Python

- **URL**: https://www.freshcrate.ai/projects/azure-keyvault-secrets
- **Author**: pypi
- **Category**: Security
- **Latest version**: `azure-mgmt-computelimit_1.1.0` (2026-06-02)
- **License**: MIT License
- **Source**: https://github.com/Azure/azure-sdk-for-python/tree/main/sdk
- **Homepage**: https://pypi.org/project/azure-keyvault-secrets/
- **Language**: Python
- **GitHub**: 5,526 stars, 3,285 forks
- **Registry**: pypi (`azure-keyvault-secrets`)
- **Tags**: `azure`, `pypi`, `sdk`

## Description

# Azure Key Vault Secrets client library for Python
Azure Key Vault helps solve the following problems:

- Secrets management (this library) -
securely store and control access to tokens, passwords, certificates, API keys,
and other secrets
- Cryptographic key management
([azure-keyvault-keys](https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/keyvault/azure-keyvault-keys)) -
create, store, and control access to the keys used to encrypt your data
- Certificate management
([azure-keyvault-certificates](https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/keyvault/azure-keyvault-certificates)) -
create, manage, and deploy public and private SSL/TLS certificates
- Vault administration ([azure-keyvault-administration](https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/keyvault/azure-keyvault-administration)) - role-based access control (RBAC), and vault-level backup and restore options

[Source code][library_src]
| [Package (PyPI)][pypi_package_secrets]
| [Package (Conda)](https://anaconda.org/microsoft/azure-keyvault/)
| [API reference documentation][reference_docs]
| [Product documentation][azure_keyvault]
| [Samples][secret_samples]

## _Disclaimer_

_Azure SDK Python packages support for Python 2.7 has ended 01 January 2022. For more information and questions, please refer to https://github.com/Azure/azure-sdk-for-python/issues/20691_.
_Python 3.9 or later is required to use this package. For more details, please refer to [Azure SDK for Python version support policy](https://github.com/Azure/azure-sdk-for-python/blob/main/doc/python_version_support_policy.md)._

## Getting started
### Install packages
Install [azure-keyvault-secrets][pypi_package_secrets] and
[azure-identity][azure_identity_pypi] with [pip][pip]:
```Bash
pip install azure-keyvault-secrets azure-identity
```
[azure-identity][azure_identity] is used for Azure Active Directory
authentication as demonstrated below.

### Prerequisites
* An [Azure subscription][azure_sub]
* Python 3.9 or later
* An existing [Azure Key Vault][azure_keyvault]. If you need to create one, you can do so using the Azure CLI by following the steps in [this document][azure_keyvault_cli].

### Authenticate the client
In order to interact with the Azure Key Vault service, you will need an instance of a [SecretClient][secret_client_docs], as well as a **vault url** and a credential object. This document demonstrates using a [DefaultAzureCredential][default_cred_ref], which is appropriate for most scenarios, including local development and production environments. We recommend using a [managed identity][managed_identity] for authentication in production environments.

See [azure-identity][azure_identity] documentation for more information about other methods of authentication and their corresponding credential types.

#### Create a client
After configuring your environment for the [DefaultAzureCredential][default_cred_ref] to use a suitable method of authentication, you can do the following to create a secret client (replacing the value of `VAULT_URL` with your vault's URL):

<!-- SNIPPET:hello_world.create_secret_client -->

```python
VAULT_URL = os.environ["VAULT_URL"]
credential = DefaultAzureCredential()
client = SecretClient(vault_url=VAULT_URL, credential=credential)
```

<!-- END SNIPPET -->

> **NOTE:** For an asynchronous client, import `azure.keyvault.secrets.aio`'s `SecretClient` instead.

## Key concepts
### Secret
A secret consists of a secret value and its associated metadata and management
information. This library handles secret values as strings, but Azure Key Vault
doesn't store them as such. For more information about secrets and how Key
Vault stores and manages them, see the
[Key Vault documentation](https://learn.microsoft.com/azure/key-vault/general/about-keys-secrets-certificates).

[SecretClient][secret_client_docs] can set secret values in the vault, update
secret metadata, and delete secrets, as shown in the
[examples](#examples) below.

## Examples
This section contains code snippets covering common tasks:
* [Set a secret](#set-a-secret)
* [Retrieve a secret](#retrieve-a-secret)
* [Update secret metadata](#update-secret-metadata)
* [Delete a secret](#delete-a-secret)
* [List secrets](#list-secrets)
* [Async API](#async-api)
* [Asynchronously create a secret](#asynchronously-create-a-secret)
* [Asynchronously list secrets](#asynchronously-list-secrets)

### Set a secret
[set_secret](https://aka.ms/azsdk/python/keyvault-secrets/docs#azure.keyvault.secrets.SecretClient.set_secret)
creates new secrets and changes the values of existing secrets. If no secret with the
given name exists, `set_secret` creates a new secret with that name and the
given value. If the given name is in use, `set_secret` creates a new version
of that secret, with the given value.

```python
from azure.identity import DefaultAzureCredential
from azure.keyvault.secrets import SecretClient

credential = DefaultAzureCredential()

secret_client = SecretClient

## Recent releases

| Version | Date | Urgency | Changes |
| --- | --- | --- | --- |
| `azure-mgmt-computelimit_1.1.0` | 2026-06-02 | High | ## 1.1.0 (2026-05-26)  ### Features Added    - Client `ComputeLimitMgmtClient` added operation group `vm_families`   - Added model `FeatureEnableRequest`   - Added model `VmFamily`   - Added model `VmFamilyProperties`   - Operation group `FeaturesOperations` added method `begin_disable`   - Added operation group `VmFamiliesOperations` |
| `azure-appconfiguration-provider_2.5.0` | 2026-05-26 | High | ## 2.5.0 (2026-05-22)  ### Features Added  - Added `refresh_enabled` parameter to the `load` method. Defaults to `True` if `refresh_on` is set. When set to `True` without `refresh_on` keys, all selected key-values are monitored for changes. When set to `False`, calling `refresh` will be a no-op. - Added the ability to monitor all selected key-values for refresh with the `refresh_enabled` kwarg. When this kwarg is set to `True`, and `refresh_on` is not specified, changes to any selected key-value |
| `azure-mgmt-storage_25.0.0` | 2026-05-20 | High | ## 25.0.0 (2026-05-19)  ### Features Added    - Client `StorageManagementClient` added method `send_request`   - Client `StorageManagementClient` added operation group `connectors`   - Client `StorageManagementClient` added operation group `data_shares`   - Enum `AccessTier` added member `SMART`   - Enum `AllowedCopyScope` added member `ALL`   - Enum `TriggerType` added member `MOCK_RUN`   - Model `AzureEntityResource` added property `system_data`   - Model `BlobContainer` added property `system |
| `azure-mgmt-storagesync_1.0.1` | 2026-05-14 | High | ## 1.0.1 (2026-05-14)  ### Other Changes    - Regenerated with latest code generator tool |
| `azure-mgmt-attestation_2.0.0` | 2026-05-08 | High | ## 2.0.0 (2026-05-08)  ### Features Added    - Client `AttestationManagementClient` added parameter `cloud_setting` in method `__init__`   - Client `AttestationManagementClient` added method `send_request`   - Client `AttestationManagementClient` added operation group `private_link_resources`   - Model `AttestationServiceCreationSpecificParams` added property `public_network_access`   - Model `AttestationServiceCreationSpecificParams` added property `tpm_attestation_authentication`   - Model `At |
| `azure-batch_15.1.0` | 2026-05-01 | High | ## 15.1.0 (2026-03-06)  ### Other Changes  - This is the GA release of the features introduced in the 15.0.0 and 15.1.0 beta versions, including LRO support, job-level FIFO scheduling, CMK support on pools, IPv6 support, metadata security protocol support, IP tag support, and confidential VM enhancements.  ### Breaking Changes  - Renamed `BatchNodeUserUpdateOptions` to `BatchNodeUserReplaceOptions`. - Renamed `OutputFileUploadConfig` to `OutputFileUploadConfiguration`.  - Removed Models:   - Rem |
| `azure-postgresql-auth_1.0.2` | 2026-04-29 | High | ## 1.0.2 (2026-04-28)  ### Bugs Fixed  - Removed dependency on `DefaultAzureCredential` in source library - Fixed `get_entra_conninfo_async` and `get_entra_token_async` closing the credential by using it as a context manager  ### Other Changes  - Bumped minimum dependency on `azure-core` to `>=1.31.0` |
| `azure-mgmt-hybridkubernetes_1.2.0` | 2026-04-23 | High | ## 1.2.0 (2026-04-23)  ### Other Changes    - Regenerate SDK code with latest code generator tool |
| `azure-template_0.1.0b6187637` | 2026-04-21 | High | ## 0.1.0b6187637 (2026-04-21)  ### Features Added  - Some feature  ### Breaking Changes  - Some breaking change  ### Bugs Fixed  - Some bug fix  ### Other Changes  - Some other change |
| `4.11.0` | 2026-04-21 | Low | Imported from PyPI (4.11.0) |

## Dependency audit

- **Score**: 98/100
- **Total deps**: 0
- **Resolved**: 0
- **Unresolved**: 0
- **License conflicts**: 0
- **Warnings**: 1
- **Scanned**: 2026-05-25

## Citation

- HTML: https://www.freshcrate.ai/projects/azure-keyvault-secrets
- Markdown: https://www.freshcrate.ai/projects/azure-keyvault-secrets.md
- Dependencies JSON: https://www.freshcrate.ai/api/projects/azure-keyvault-secrets/deps

_Generated by freshcrate.ai. Indexes pypi releases for AI-agent ecosystem packages._