From 51f626f896dcd723fdde971906926fc160fe462b Mon Sep 17 00:00:00 2001 From: HarshCasper Date: Thu, 9 Apr 2026 13:34:48 +0530 Subject: [PATCH 1/4] add Azure Key Vault service doc Co-authored-by: Paolo Salvatori Made-with: Cursor --- src/content/docs/azure/services/key-vault.mdx | 127 +++++++++++++++++- 1 file changed, 126 insertions(+), 1 deletion(-) diff --git a/src/content/docs/azure/services/key-vault.mdx b/src/content/docs/azure/services/key-vault.mdx index 689e534b..efc07b9d 100644 --- a/src/content/docs/azure/services/key-vault.mdx +++ b/src/content/docs/azure/services/key-vault.mdx @@ -1,11 +1,136 @@ --- title: "Key Vault" -description: API coverage for Microsoft.KeyVault in LocalStack for Azure. +description: Get started with Azure Key Vault on LocalStack template: doc --- import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; +## Introduction + +Azure Key Vault is a managed service for securely storing and accessing secrets, keys, and certificates. +It helps centralize sensitive configuration and credentials for your applications and services. +Key Vault also supports secure key management and certificate lifecycle operations. For more information, see [About Azure Key Vault](https://learn.microsoft.com/en-us/azure/key-vault/general/overview). + +LocalStack for Azure provides a local environment for building and testing applications that make use of Azure Key Vault. +The supported APIs are available on our [API Coverage section](#api-coverage), which provides information on the extent of Key Vault's integration with LocalStack. + +## Getting started + +This guide is designed for users new to Key Vault and assumes basic knowledge of the Azure CLI and our `azlocal` wrapper script. + +Start your LocalStack container using your preferred method. +Then start CLI interception: + +```bash +azlocal start_interception +``` + +### Create a resource group + +Create a resource group that will contain your Key Vault resources: + +```bash +az group create \ + --name rg-keyvault-demo \ + --location westeurope +``` + +```bash title="Output" +{ + "name": "rg-keyvault-demo", + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-keyvault-demo", + "location": "westeurope", + "properties": { + "provisioningState": "Succeeded" + } +} +``` + +### Create a Key Vault + +Create a Key Vault in your resource group: + +```bash +az keyvault create \ + --name kv-demo-localstack \ + --resource-group rg-keyvault-demo \ + --location westeurope +``` + +```bash title="Output" +{ + "name": "kv-demo-localstack", + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-keyvault-demo/providers/Microsoft.KeyVault/vaults/kv-demo-localstack", + "location": "westeurope", + "properties": { + "provisioningState": "Succeeded", + "vaultUri": "https://kv-demo-localstack.localhost.localstack.cloud:4566" + } + ... +} +``` + +### Add and read a secret + +Create a secret in the vault: + +```bash +az keyvault secret set \ + --vault-name kv-demo-localstack \ + --name app-secret \ + --value "super-secret-value" +``` + +```bash title="Output" +{ + "name": "app-secret", + "id": "https://kv-demo-localstack.localhost.localstack.cloud:4566/secrets/app-secret/d8a709f96aee4bea901bd8825f28a281", + "attributes": { + "enabled": true + }, + "value": "super-secret-value" + ... +} +``` + +Read the secret value: + +```bash +az keyvault secret show \ + --vault-name kv-demo-localstack \ + --name app-secret +``` + +```bash title="Output" +{ + "name": "app-secret", + "id": "https://kv-demo-localstack.localhost.localstack.cloud:4566/secrets/app-secret/d8a709f96aee4bea901bd8825f28a281", + "attributes": { + "enabled": true + }, + "value": "super-secret-value" + ... +} +``` + +List all secrets in the vault: + +```bash +az keyvault secret list \ + --vault-name kv-demo-localstack +``` + +```bash title="Output" +[ + { + "name": "app-secret", + "id": "https://kv-demo-localstack.localhost.localstack.cloud:4566/secrets/app-secret" + ... + } +] +``` + ## API Coverage From 264cb31addec7d3900755774d34bf1b9f3683e25 Mon Sep 17 00:00:00 2001 From: HarshCasper Date: Thu, 9 Apr 2026 13:41:44 +0530 Subject: [PATCH 2/4] add limitations --- src/content/docs/azure/services/key-vault.mdx | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/content/docs/azure/services/key-vault.mdx b/src/content/docs/azure/services/key-vault.mdx index efc07b9d..4b4ad854 100644 --- a/src/content/docs/azure/services/key-vault.mdx +++ b/src/content/docs/azure/services/key-vault.mdx @@ -131,6 +131,10 @@ az keyvault secret list \ ] ``` +## Limitations + +Key Vault keys, HSM-related operations, and getting a real certificate from an official CA are not supported. + ## API Coverage From 8002b2c1aff3d02cb4cc75e2cccb715e50ba5bc9 Mon Sep 17 00:00:00 2001 From: HarshCasper Date: Thu, 9 Apr 2026 13:42:54 +0530 Subject: [PATCH 3/4] final fixes --- src/content/docs/azure/services/key-vault.mdx | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/src/content/docs/azure/services/key-vault.mdx b/src/content/docs/azure/services/key-vault.mdx index 4b4ad854..6e96a529 100644 --- a/src/content/docs/azure/services/key-vault.mdx +++ b/src/content/docs/azure/services/key-vault.mdx @@ -19,13 +19,21 @@ The supported APIs are available on our [API Coverage section](#api-coverage), w This guide is designed for users new to Key Vault and assumes basic knowledge of the Azure CLI and our `azlocal` wrapper script. -Start your LocalStack container using your preferred method. -Then start CLI interception: +Launch LocalStack using your preferred method. For more information, see [Introduction to LocalStack for Azure](/azure/getting-started/). Once the container is running, enable Azure CLI interception by running: ```bash -azlocal start_interception +azlocal start-interception ``` +This command points the `az` CLI away from the public Azure management REST API and toward the LocalStack for Azure emulator API. +To revert this configuration, run: + +```bash +azlocal stop-interception +``` + +This reconfigures the `az` CLI to send commands to the official Azure management REST API. + ### Create a resource group Create a resource group that will contain your Key Vault resources: From a6ca530814fb5ef312e0de1daebe702c9eb98d9b Mon Sep 17 00:00:00 2001 From: HarshCasper Date: Thu, 9 Apr 2026 13:44:19 +0530 Subject: [PATCH 4/4] add samples --- src/content/docs/azure/services/key-vault.mdx | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/content/docs/azure/services/key-vault.mdx b/src/content/docs/azure/services/key-vault.mdx index 6e96a529..9e2f9072 100644 --- a/src/content/docs/azure/services/key-vault.mdx +++ b/src/content/docs/azure/services/key-vault.mdx @@ -143,6 +143,12 @@ az keyvault secret list \ Key Vault keys, HSM-related operations, and getting a real certificate from an official CA are not supported. +## Samples + +The following sample demonstrates how to use Key Vault with LocalStack for Azure: + +- [Azure Web App with Azure SQL Database and Azure Key Vault](https://github.com/localstack/localstack-azure-samples/tree/main/samples/web-app-sql-database/python) + ## API Coverage