Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.orbitra.atomo.ai/llms.txt

Use this file to discover all available pages before exploring further.

orbitra.commons.secrets.client

Secrets management via Azure User Key Vaults.

Functions

get_secrets_client

get_secrets_client(key_vault: str | None = None, environment: str = 'prod', credential: Optional[TokenCredential] = None) -> OrbitraSecretsClient
Build a OrbitraSecretsClient for the resolved vault. The credential is obtained using the CLI app scope so that the existing login session is reused without prompting. OrbitraSecretsClient handles the Key Vault scope internally with a SecretsClient instance when it needs to acquire an actual access token. Args:
  • key_vault: Explicit vault name; falls back to client settings.
  • environment: Target environment (e.g. “prod”, “dev”). Defaults to “prod”.
  • credential: Optional Azure credential; if None,
Returns:
  • A handler class containing an authenticated Azure Key Vault secrets client.
Raises:
  • ValueError: If no vault name can be resolved from params or settings.

Classes

OrbitraSecretsClient

Handler class for Azure Key Vault secrets operations, using authenticated SecretClient internally. Methods:

delete_secret

delete_secret(self, name: str) -> None
Delete a secret from an Azure User Key Vault. Initiates soft-delete and waits for the operation to complete. Args:
  • name: The secret name.
Raises:
  • KeyError: If the secret does not exist.
  • PermissionError: If the caller lacks Key Vault delete access.

get_secret

get_secret(self, name: str) -> SecretStr | None
Retrieve a secret value from an Azure User Key Vault. Args:
  • name: The secret name.
Returns:
  • SecretStr | None: The secret value, or None if the secret has no value.
Raises:
  • KeyError: If the secret does not exist.
  • PermissionError: If the caller lacks Key Vault access.

list_secrets

list_secrets(self) -> list[str]
List all secret names in an Azure User Key Vault. Returns:
  • list[str]: Sorted list of secret names.
Raises:
  • PermissionError: If the caller lacks Key Vault list access.

write_secret

write_secret(self, name: str, value: SecretStr) -> None
Create or update a secret in an Azure User Key Vault. Args:
  • name: The secret name.
  • value: The secret value to store.
Raises:
  • PermissionError: If the caller lacks Key Vault write access.