|
1 | 1 | --- |
2 | 2 | title: "Key Vault" |
3 | | -description: API coverage for Microsoft.KeyVault in LocalStack for Azure. |
| 3 | +description: Get started with Azure Key Vault on LocalStack |
4 | 4 | template: doc |
5 | 5 | --- |
6 | 6 |
|
7 | 7 | import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; |
8 | 8 |
|
| 9 | +## Introduction |
| 10 | + |
| 11 | +Azure Key Vault is a managed service for securely storing and accessing secrets, keys, and certificates. |
| 12 | +It helps centralize sensitive configuration and credentials for your applications and services. |
| 13 | +Key Vault also supports secure key management and certificate lifecycle operations. For more information, see [About Azure Key Vault](https://learn.microsoft.com/en-us/azure/key-vault/general/overview). |
| 14 | + |
| 15 | +LocalStack for Azure provides a local environment for building and testing applications that make use of Azure Key Vault. |
| 16 | +The supported APIs are available on our [API Coverage section](#api-coverage), which provides information on the extent of Key Vault's integration with LocalStack. |
| 17 | + |
| 18 | +## Getting started |
| 19 | + |
| 20 | +This guide is designed for users new to Key Vault and assumes basic knowledge of the Azure CLI and our `azlocal` wrapper script. |
| 21 | + |
| 22 | +Launch LocalStack using your preferred method. For more information, see [Introduction to LocalStack for Azure](/azure/getting-started/). Once the container is running, enable Azure CLI interception by running: |
| 23 | + |
| 24 | +```bash |
| 25 | +azlocal start-interception |
| 26 | +``` |
| 27 | + |
| 28 | +This command points the `az` CLI away from the public Azure management REST API and toward the LocalStack for Azure emulator API. |
| 29 | +To revert this configuration, run: |
| 30 | + |
| 31 | +```bash |
| 32 | +azlocal stop-interception |
| 33 | +``` |
| 34 | + |
| 35 | +This reconfigures the `az` CLI to send commands to the official Azure management REST API. |
| 36 | + |
| 37 | +### Create a resource group |
| 38 | + |
| 39 | +Create a resource group that will contain your Key Vault resources: |
| 40 | + |
| 41 | +```bash |
| 42 | +az group create \ |
| 43 | + --name rg-keyvault-demo \ |
| 44 | + --location westeurope |
| 45 | +``` |
| 46 | + |
| 47 | +```bash title="Output" |
| 48 | +{ |
| 49 | + "name": "rg-keyvault-demo", |
| 50 | + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-keyvault-demo", |
| 51 | + "location": "westeurope", |
| 52 | + "properties": { |
| 53 | + "provisioningState": "Succeeded" |
| 54 | + } |
| 55 | +} |
| 56 | +``` |
| 57 | + |
| 58 | +### Create a Key Vault |
| 59 | + |
| 60 | +Create a Key Vault in your resource group: |
| 61 | + |
| 62 | +```bash |
| 63 | +az keyvault create \ |
| 64 | + --name kv-demo-localstack \ |
| 65 | + --resource-group rg-keyvault-demo \ |
| 66 | + --location westeurope |
| 67 | +``` |
| 68 | + |
| 69 | +```bash title="Output" |
| 70 | +{ |
| 71 | + "name": "kv-demo-localstack", |
| 72 | + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-keyvault-demo/providers/Microsoft.KeyVault/vaults/kv-demo-localstack", |
| 73 | + "location": "westeurope", |
| 74 | + "properties": { |
| 75 | + "provisioningState": "Succeeded", |
| 76 | + "vaultUri": "https://kv-demo-localstack.localhost.localstack.cloud:4566" |
| 77 | + } |
| 78 | + ... |
| 79 | +} |
| 80 | +``` |
| 81 | + |
| 82 | +### Add and read a secret |
| 83 | + |
| 84 | +Create a secret in the vault: |
| 85 | + |
| 86 | +```bash |
| 87 | +az keyvault secret set \ |
| 88 | + --vault-name kv-demo-localstack \ |
| 89 | + --name app-secret \ |
| 90 | + --value "super-secret-value" |
| 91 | +``` |
| 92 | + |
| 93 | +```bash title="Output" |
| 94 | +{ |
| 95 | + "name": "app-secret", |
| 96 | + "id": "https://kv-demo-localstack.localhost.localstack.cloud:4566/secrets/app-secret/d8a709f96aee4bea901bd8825f28a281", |
| 97 | + "attributes": { |
| 98 | + "enabled": true |
| 99 | + }, |
| 100 | + "value": "super-secret-value" |
| 101 | + ... |
| 102 | +} |
| 103 | +``` |
| 104 | + |
| 105 | +Read the secret value: |
| 106 | + |
| 107 | +```bash |
| 108 | +az keyvault secret show \ |
| 109 | + --vault-name kv-demo-localstack \ |
| 110 | + --name app-secret |
| 111 | +``` |
| 112 | + |
| 113 | +```bash title="Output" |
| 114 | +{ |
| 115 | + "name": "app-secret", |
| 116 | + "id": "https://kv-demo-localstack.localhost.localstack.cloud:4566/secrets/app-secret/d8a709f96aee4bea901bd8825f28a281", |
| 117 | + "attributes": { |
| 118 | + "enabled": true |
| 119 | + }, |
| 120 | + "value": "super-secret-value" |
| 121 | + ... |
| 122 | +} |
| 123 | +``` |
| 124 | + |
| 125 | +List all secrets in the vault: |
| 126 | + |
| 127 | +```bash |
| 128 | +az keyvault secret list \ |
| 129 | + --vault-name kv-demo-localstack |
| 130 | +``` |
| 131 | + |
| 132 | +```bash title="Output" |
| 133 | +[ |
| 134 | + { |
| 135 | + "name": "app-secret", |
| 136 | + "id": "https://kv-demo-localstack.localhost.localstack.cloud:4566/secrets/app-secret" |
| 137 | + ... |
| 138 | + } |
| 139 | +] |
| 140 | +``` |
| 141 | + |
| 142 | +## Limitations |
| 143 | + |
| 144 | +Key Vault keys, HSM-related operations, and getting a real certificate from an official CA are not supported. |
| 145 | + |
| 146 | +## Samples |
| 147 | + |
| 148 | +The following sample demonstrates how to use Key Vault with LocalStack for Azure: |
| 149 | + |
| 150 | +- [Azure Web App with Azure SQL Database and Azure Key Vault](https://github.com/localstack/localstack-azure-samples/tree/main/samples/web-app-sql-database/python) |
| 151 | + |
9 | 152 | ## API Coverage |
10 | 153 |
|
11 | 154 | <AzureFeatureCoverage service="Microsoft.KeyVault" client:load /> |
0 commit comments