> ## Documentation Index
> Fetch the complete documentation index at: https://docs.orbitra.atomo.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# client

# `orbitra.commons.secrets.client`

Secrets management via Azure User Key Vaults.

## Functions

### `get_secrets_client`

```python theme={null}
get_secrets_client(key_vault: str | None = None, environment: str = 'prod', credential: Optional[TokenCredential] = None) -> OrbitraSecretsClient
```

Build a OrbitraSecretsClient for the resolved vault.

The credential is obtained using the CLI app scope so that the existing login
session is reused without prompting. OrbitraSecretsClient handles the Key Vault
scope internally with a SecretsClient instance when it needs to acquire an actual
access token.

**Args:**

* `key_vault`: Explicit vault name; falls back to client settings.
* `environment`: Target environment (e.g. "prod", "dev"). Defaults to "prod".
* `credential`: Optional Azure credential; if None,

**Returns:**

* A handler class containing an authenticated Azure Key Vault secrets client.

**Raises:**

* `ValueError`: If no vault name can be resolved from params or settings.

## Classes

### `OrbitraSecretsClient`

Handler class for Azure Key Vault secrets operations, using authenticated SecretClient internally.

**Methods:**

#### `delete_secret`

```python theme={null}
delete_secret(self, name: str) -> None
```

Delete a secret from an Azure User Key Vault.

Initiates soft-delete and waits for the operation to complete.

**Args:**

* `name`: The secret name.

**Raises:**

* `KeyError`: If the secret does not exist.
* `PermissionError`: If the caller lacks Key Vault delete access.

#### `get_secret`

```python theme={null}
get_secret(self, name: str) -> SecretStr | None
```

Retrieve a secret value from an Azure User Key Vault.

**Args:**

* `name`: The secret name.

**Returns:**

* SecretStr | None: The secret value, or None if the secret has no value.

**Raises:**

* `KeyError`: If the secret does not exist.
* `PermissionError`: If the caller lacks Key Vault access.

#### `list_secrets`

```python theme={null}
list_secrets(self) -> list[str]
```

List all secret names in an Azure User Key Vault.

**Returns:**

* list\[str]: Sorted list of secret names.

**Raises:**

* `PermissionError`: If the caller lacks Key Vault list access.

#### `write_secret`

```python theme={null}
write_secret(self, name: str, value: SecretStr) -> None
```

Create or update a secret in an Azure User Key Vault.

**Args:**

* `name`: The secret name.
* `value`: The secret value to store.

**Raises:**

* `PermissionError`: If the caller lacks Key Vault write access.