Sep 25 2022 04:49 PM
For access to the Defender API we are using jupyter lab and an "on premises" Ubuntu server, I have the following credentials we use in our notebooks like this.
tenantId = # Paste your tenant ID here
appId = # Paste your own app ID here
appSecret = # Paste your own app secret here
We have a tight budget but I do have access to Azure Key Vault and want to start using it for our notebooks and automated tasks that interact with the Defender API. I'm assuming something like this...
tenantId = # Paste your own tenant ID here
appId = # Paste your own app ID hereDDDD
appSecret = STORE THIS IN AZURE KEY VAULT and retrieve with getsecrets.
I'm trying to understand the best, most professional, way to access the Azure Key Vault?
I can't use 'az login' for automated task scripts? What's the best way to do this? Do I get our Azure Administrator to create a Azure SPN for me, specifically for access to the Azure Key Vault, assign that SPN to the Access Policy of the Key Vault?
And then I use created SPNs clientId, clientSecret, and tenantId to access the key vault and grab the secret like this?
credentials = ServicePrincipalCredentials(
client_id = '',
secret = '',
tenant = '',
resource = "https://vault.azure.net"
token = credentials.token
return token['token_type'], token['access_token']
client = KeyVaultClient(KeyVaultAuthentication(auth_callback))
secret_bundle = client.get_secret("https://vault_url", "secret_id", "")
print(secret_bundle.value)
I'd appreciate any suggestions that could clarify this for me, thanks!!
Sep 27 2022 07:06 AM