{"library":"azure-keyvault-keys","code":"import os\nfrom azure.keyvault.keys import KeyClient\nfrom azure.identity import DefaultAzureCredential\nfrom azure.core.exceptions import ResourceNotFoundError\n\n# Retrieve the Key Vault URI from environment variable\n# Ensure 'KEY_VAULT_NAME' environment variable is set\n# e.g., export KEY_VAULT_NAME=\"your-unique-keyvault-name\"\nkey_vault_name = os.environ.get(\"KEY_VAULT_NAME\", None)\nif not key_vault_name:\n    raise ValueError(\"Please set the KEY_VAULT_NAME environment variable.\")\n\nKV_URI = f\"https://{key_vault_name}.vault.azure.net/\"\n\n# Authenticate with DefaultAzureCredential\n# This credential type is suitable for most scenarios, including local development and production.\n# It attempts to authenticate via environment variables (e.g., AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_TENANT_ID),\n# managed identity, Azure CLI, etc.\ncredential = DefaultAzureCredential()\n\n# Create a KeyClient\nkey_client = KeyClient(vault_url=KV_URI, credential=credential)\n\nkey_name = \"MyTestKeyPython\"\n\ntry:\n    print(f\"Creating an RSA key named '{key_name}'...\")\n    # Create an RSA key with a specified size\n    key = key_client.create_rsa_key(key_name, size=2048)\n    print(f\"Key created: {key.name}, Version: {key.properties.version}\")\n\n    print(f\"Retrieving the key named '{key_name}'...\")\n    retrieved_key = key_client.get_key(key_name)\n    print(f\"Key retrieved: {retrieved_key.name}, Type: {retrieved_key.key_type}\")\n\n    print(f\"Deleting the key named '{key_name}'...\")\n    # begin_delete_key starts a long-running operation, .wait() waits for completion\n    deleted_key = key_client.begin_delete_key(key_name).wait()\n    print(f\"Key deletion initiated: {deleted_key.name} (Recovery ID: {deleted_key.recovery_id})\")\n\nexcept ResourceNotFoundError:\n    print(f\"Key '{key_name}' not found. It might have been deleted or never existed.\")\nexcept Exception as e:\n    print(f\"An error occurred: {e}\")\nfinally:\n    # Always close the credential and client when no longer needed\n    credential.close()\n    key_client.close() # KeyClient is not explicitly closeable, but credential should be.\n    print(\"Credential closed.\")","lang":"python","description":"This quickstart demonstrates how to authenticate to Azure Key Vault using `DefaultAzureCredential`, create an RSA key, retrieve it, and then initiate its deletion. Ensure your environment variables for Azure authentication (e.g., `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_TENANT_ID`) are set or that you are logged in via Azure CLI, and `KEY_VAULT_NAME` is configured to point to your Key Vault instance.","tag":null,"tag_description":null,"last_tested":"2026-04-24","results":[{"runtime":"python:3.10-alpine","exit_code":1},{"runtime":"python:3.10-slim","exit_code":1},{"runtime":"python:3.11-alpine","exit_code":1},{"runtime":"python:3.11-slim","exit_code":1},{"runtime":"python:3.12-alpine","exit_code":1},{"runtime":"python:3.12-slim","exit_code":1},{"runtime":"python:3.13-alpine","exit_code":1},{"runtime":"python:3.13-slim","exit_code":1},{"runtime":"python:3.9-alpine","exit_code":1},{"runtime":"python:3.9-slim","exit_code":1}]}