{"id":1368,"library":"azure-mgmt-keyvault","title":"Azure Key Vault Management Client","description":"Microsoft Azure Keyvault Management Client Library for Python. It provides an interface to manage Azure Key Vault resources, such as creating, deleting, and updating vaults, and configuring access policies. Current version is 14.0.1. Releases follow the Azure SDK for Python's frequent cadence, often coinciding with new API versions or bug fixes.","status":"active","version":"14.0.1","language":"en","source_language":"en","source_url":"https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/keyvault/azure-mgmt-keyvault","tags":["azure","keyvault","cloud","management","sdk","microsoft"],"install":[{"cmd":"pip install azure-mgmt-keyvault azure-identity","lang":"bash","label":"Install core library and authentication dependency"}],"dependencies":[{"reason":"Provides Azure Active Directory authentication mechanisms, commonly used with Azure SDK clients.","package":"azure-identity"}],"imports":[{"symbol":"KeyVaultManagementClient","correct":"from azure.mgmt.keyvault import KeyVaultManagementClient"},{"note":"Older authentication methods are deprecated; `azure-identity` is the recommended approach for modern Azure SDKs.","wrong":"from azure.common.credentials import ServicePrincipalCredentials","symbol":"DefaultAzureCredential","correct":"from azure.identity import DefaultAzureCredential"}],"quickstart":{"code":"import os\nfrom azure.identity import DefaultAzureCredential\nfrom azure.mgmt.keyvault import KeyVaultManagementClient\n\n# --- Authentication ---\n# The DefaultAzureCredential attempts to authenticate via several methods,\n# including environment variables, managed identity, Azure CLI, and more.\n# For local development, set these environment variables or ensure 'az login' is active:\n# - AZURE_SUBSCRIPTION_ID (required)\n# - AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_TENANT_ID for service principal\n# - AZURE_USERNAME, AZURE_PASSWORD for developer accounts\n\nsubscription_id = os.environ.get(\"AZURE_SUBSCRIPTION_ID\")\nif not subscription_id:\n    raise ValueError(\"AZURE_SUBSCRIPTION_ID environment variable must be set.\")\n\ncredential = DefaultAzureCredential()\n\n# --- Client Initialization ---\nclient = KeyVaultManagementClient(credential, subscription_id)\n\n# --- Example: List all Key Vaults in the subscription ---\nprint(f\"Listing all Key Vaults in subscription: {subscription_id}\")\ntry:\n    vaults_iterator = client.vaults.list()\n    found_vaults = False\n    for vault in vaults_iterator:\n        print(f\"  - Vault Name: {vault.name}, Location: {vault.location}\")\n        found_vaults = True\n    if not found_vaults:\n        print(\"  No Key Vaults found.\")\nexcept Exception as e:\n    print(f\"Error listing vaults: {e}\")\n    print(\"Ensure your credential has the 'Microsoft.KeyVault/vaults/read' permission at the subscription scope.\")\n","lang":"python","description":"This quickstart demonstrates how to authenticate using `DefaultAzureCredential` and list all Key Vaults within a specified Azure subscription using `KeyVaultManagementClient`. It assumes `AZURE_SUBSCRIPTION_ID` is set as an environment variable and appropriate permissions are granted."},"warnings":[{"fix":"Remove explicit `api_version` keyword arguments from client method calls. If using older API versions explicitly, adjust model imports from `azure.mgmt.keyvault.vYYYY_MM_DD.models` to the new default `azure.mgmt.keyvault.models` or ensure you're using the correct namespace.","message":"Version 14.0.0 introduced breaking changes, specifically regarding how `api_version` is handled and changes to the default models namespace. `VaultsOperations` methods no longer accept keyword arguments for `api_version`.","severity":"breaking","affected_versions":">=14.0.0"},{"fix":"Always distinguish between management plane (managing the vault itself) and data plane (managing content within the vault). Choose the appropriate library based on your task.","message":"This library (`azure-mgmt-keyvault`) is for *managing* Key Vault resources (create, delete, update policies). It is NOT for interacting with secrets, keys, or certificates *inside* a vault. For data plane operations, use `azure-keyvault-secrets`, `azure-keyvault-keys`, or `azure-keyvault-certificates`.","severity":"gotcha","affected_versions":"All versions"},{"fix":"For local development, ensure `AZURE_TENANT_ID`, `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET` (for service principal) or `AZURE_USERNAME`, `AZURE_PASSWORD` (for interactive login) are set, or ensure you are logged in via `az login` (Azure CLI). Always verify the `AZURE_SUBSCRIPTION_ID` environment variable is correctly set.","message":"Authentication with `DefaultAzureCredential` relies on a chain of authentication methods. Misconfigured environment variables or lack of `az login` can lead to authentication failures.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-09T00:00:00.000Z","next_check":"2026-07-08T00:00:00.000Z"}