Minimal Python code to read secrets from Azure Key Vaults

keyvault_get_secret.py

# dependencies: azure-common, azure-keyvault

from azure.common.credentials import ServicePrincipalCredentials
from azure.keyvault import KeyVaultAuthentication, KeyVaultClient

def get_secret(secret_name, key_vault_uri, client_id, secret, tenant):
    """Get a secret from Key Vault.
    """
    credentials = ServicePrincipalCredentials(
        client_id=client_id, secret=secret, tenant=tenant)
    client = KeyVaultClient(credentials)

    try:
        secret_bundle = client.get_secret(key_vault_uri, secret_name, "")
        secret_value = secret_bundle.value
    except:
        secret_value = ""

    return secret_value