Azure Key Vault SDK for Python. Use for secrets, keys, and certificates management with secure storage. Triggers: "key vault", "SecretClient", "KeyClient", "CertificateClient", "secrets", "encryption keys".
数据来源:ClawHub。 在 ClawSkills 查看
选择你使用的 Agent
方法一:命令行安装(推荐)
推荐(无需提前安装 clawhub)
npx clawhub@latest --dir ~/.claude/skills install azure-keyvault-py或使用 clawhub CLI(需提前安装)
clawhub --dir ~/.claude/skills install azure-keyvault-py⚠️ 需要 Node.js 18+,没有 Node?请使用下方方法二直接下载 ZIP。 安装 Node.js →
方法二:手动下载安装(无需 Node)
下载 ZIP,解压后将文件夹放到以下路径,重启 Agent 即可:
安装路径
~/.claude/skills/azure-keyvault-py/💡解压后将文件夹放到上方路径,重启 Agent 即可生效
--- name: azure-keyvault-py description: | Azure Key Vault SDK for Python. Use for secrets, keys, and certificates management with secure storage. Triggers: "key vault", "SecretClient", "KeyClient", "CertificateClient", "secrets", "encryption keys". package: azure-keyvault-secrets, azure-keyvault-keys, azure-keyvault-certificates ---
Secure storage and management for secrets, cryptographic keys, and certificates.
# Secrets
pip install azure-keyvault-secrets azure-identity
# Keys (cryptographic operations)
pip install azure-keyvault-keys azure-identity
# Certificates
pip install azure-keyvault-certificates azure-identity
# All
pip install azure-keyvault-secrets azure-keyvault-keys azure-keyvault-certificates azure-identity
AZURE_KEYVAULT_URL=https://<vault-name>.vault.azure.net/
from azure.identity import DefaultAzureCredential
from azure.keyvault.secrets import SecretClient
credential = DefaultAzureCredential()
vault_url = "https://<vault-name>.vault.azure.net/"
client = SecretClient(vault_url=vault_url, credential=credential)
# Set secret
secret = client.set_secret("database-password", "super-secret-value")
print(f"Created: {secret.name}, version: {secret.properties.version}")
# Get secret
secret = client.get_secret("database-password")
print(f"Value: {secret.value}")
# Get specific version
secret = client.get_secret("database-password", version="abc123")
# List secrets (names only, not values)
for secret_properties in client.list_properties_of_secrets():
print(f"Secret: {secret_properties.name}")
# List versions
for version in client.list_properties_of_secret_versions("database-password"):
print(f"Version: {version.version}, Created: {version.created_on}")
# Delete secret (soft delete)
poller = client.begin_delete_secret("database-password")
deleted_secret = poller.result()
# Purge (permanent delete, if soft-delete enabled)
client.purge_deleted_secret("database-password")
# Recover deleted secret
client.begin_recover_deleted_secret("database-password").result()
from azure.identity import DefaultAzureCredential
from azure.keyvault.keys import KeyClient
credential = DefaultAzureCredential()
vault_url = "https://<vault-name>.vault.azure.net/"
client = KeyClient(vault_url=vault_url, credential=credential)
from azure.keyvault.keys import KeyType
# Create RSA key
rsa_key = client.create_rsa_key("rsa-key", size=2048)
# Create EC key
ec_key = client.create_ec_key("ec-key", curve="P-256")
# Get key
key = client.get_key("rsa-key")
print(f"Key type: {key.key_type}")
# List keys
for key_properties in client.list_properties_of_keys():
print(f"Key: {key_properties.name}")
# Delete key
poller = client.begin_delete_key("rsa-key")
deleted_key = poller.result()
from azure.keyvault.keys.crypto import CryptographyClient, EncryptionAlgorithm
# Get crypto client for a specific key
crypto_client = CryptographyClient(key, credential=credential)
# Or from key ID
crypto_client = CryptographyClient(
"https://<vault>.vault.azure.net/keys/<key-name>/<version>",
credential=credential
)
# Encrypt
plaintext = b"Hello, Key Vault!"
result = crypto_client.encrypt(EncryptionAlgorithm.rsa_oaep, plaintext)
ciphertext = result.ciphertext
# Decrypt
result = crypto_client.decrypt(EncryptionAlgorithm.rsa_oaep, ciphertext)
decrypted = result.plaintext
# Sign
from azure.keyvault.keys.crypto import SignatureAlgorithm
import hashlib
digest = hashlib.sha256(b"data to sign").digest()
result = crypto_client.sign(SignatureAlgorithm.rs256, digest)
signature = result.signature
# Verify
result = crypto_client.verify(SignatureAlgorithm.rs256, digest, signature)
print(f"Valid: {result.is_valid}")
from azure.identity import DefaultAzureCredential
from azure.keyvault.certificates import CertificateClient, CertificatePolicy
credential = DefaultAzureCredential()
vault_url = "https://<vault-name>.vault.azure.net/"
client = CertificateClient(vault_url=vault_url, credential=credential)
# Create self-signed certificate
policy = CertificatePolicy.get_default()
poller = client.begin_create_certificate("my-cert", policy=policy)
certificate = poller.result()
# Get certificate
certificate = client.get_certificate("my-cert")
print(f"Thumbprint: {certificate.properties.x509_thumbprint.hex()}")
# Get certificate with private key (as secret)
from azure.keyvault.secrets import SecretClient
secret_client = SecretClient(vault_url=vault_url, credential=credential)
cert_secret = secret_client.get_secret("my-cert")
# cert_secret.value contains PEM or PKCS12
# List certificates
for cert in client.list_properties_of_certificates():
print(f"Certificate: {cert.name}")
# Delete certificate
poller = client.begin_delete_certificate("my-cert")
deleted = poller.result()
| Client | Package | Purpose | |--------|---------|---------| | SecretClient | azure-keyvault-secrets | Store/retrieve secrets | | KeyClient | azure-keyvault-keys | Manage cryptographic keys | | CryptographyClient | azure-keyvault-keys | Encrypt/decrypt/sign/verify | | CertificateClient | azure-keyvault-certificates | Manage certificates |
from azure.identity.aio import DefaultAzureCredential
from azure.keyvault.secrets.aio import SecretClient
async def get_secret():
credential = DefaultAzureCredential()
client = SecretClient(vault_url=vault_url, credential=credential)
async with client:
secret = await client.get_secret("my-secret")
print(secret.value)
import asyncio
asyncio.run(get_secret())
from azure.core.exceptions import ResourceNotFoundError, HttpResponseError
try:
secret = client.get_secret("nonexistent")
except ResourceNotFoundError:
print("Secret not found")
except HttpResponseError as e:
if e.status_code == 403:
print("Access denied - check RBAC permissions")
raise
安装 Azure Keyvault Py 后,可以对 AI 说这些话来触发它
Help me get started with Azure Keyvault Py
Explains what Azure Keyvault Py does, walks through the setup, and runs a quick demo based on your current project
Use Azure Keyvault Py to azure Key Vault SDK for Python
Invokes Azure Keyvault Py with the right parameters and returns the result directly in the conversation
What can I do with Azure Keyvault Py in my developer & devops workflow?
Lists the top use cases for Azure Keyvault Py, with example commands for each scenario
将技能文件夹放到 ~/.claude/skills/azure-keyvault-py/ 目录(个人级,所有项目可用),或 .claude/skills/azure-keyvault-py/(项目级)。重启 AI 客户端后,用 /azure-keyvault-py 主动调用,或让 AI 根据上下文自动发现并使用。
Azure Keyvault Py 支持 Claude、Cursor、OpenClaw,可与这些 AI 平台无缝集成,扩展其能力。
Azure Keyvault Py 可免费安装使用。请查阅仓库了解许可证信息。
Azure Key Vault SDK for Python. Use for secrets, keys, and certificates management with secure storage. Triggers: "key vault", "SecretClient", "KeyClient", "CertificateClient", "secrets", "encryption keys".
Azure Keyvault Py 属于「Developer & DevOps」分类,该分类的技能帮助 AI 智能体在此领域执行专业任务。
Automate my developer & devops tasks using Azure Keyvault Py
Identifies repetitive steps in your workflow and sets up Azure Keyvault Py to handle them automatically