Key Vault
Introduction
Section titled “Introduction”Azure Key Vault is a managed service for securely storing and accessing secrets, keys, and certificates. It helps centralize sensitive configuration and credentials for your applications and services. Key Vault also supports secure key management and certificate lifecycle operations. For more information, see About Azure Key Vault.
LocalStack for Azure provides a local environment for building and testing applications that make use of Azure Key Vault. The supported APIs are available on our API Coverage section, which provides information on the extent of Key Vault’s integration with LocalStack.
Getting started
Section titled “Getting started”This guide is designed for users new to Key Vault and assumes basic knowledge of the Azure CLI and our azlocal wrapper script.
Launch LocalStack using your preferred method. For more information, see Introduction to LocalStack for Azure. Once the container is running, enable Azure CLI interception by running:
azlocal start-interceptionThis command points the az CLI away from the public Azure management REST API and toward the LocalStack for Azure emulator API.
To revert this configuration, run:
azlocal stop-interceptionThis reconfigures the az CLI to send commands to the official Azure management REST API.
Create a resource group
Section titled “Create a resource group”Create a resource group that will contain your Key Vault resources:
az group create \ --name rg-keyvault-demo \ --location westeurope{ "name": "rg-keyvault-demo", "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-keyvault-demo", "location": "westeurope", "properties": { "provisioningState": "Succeeded" }}Create a Key Vault
Section titled “Create a Key Vault”Create a Key Vault in your resource group:
az keyvault create \ --name kv-demo-localstack \ --resource-group rg-keyvault-demo \ --location westeurope{ "name": "kv-demo-localstack", "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-keyvault-demo/providers/Microsoft.KeyVault/vaults/kv-demo-localstack", "location": "westeurope", "properties": { "provisioningState": "Succeeded", "vaultUri": "https://kv-demo-localstack.localhost.localstack.cloud:4566" } ...}Add and read a secret
Section titled “Add and read a secret”Create a secret in the vault:
az keyvault secret set \ --vault-name kv-demo-localstack \ --name app-secret \ --value "super-secret-value"{ "name": "app-secret", "id": "https://kv-demo-localstack.localhost.localstack.cloud:4566/secrets/app-secret/d8a709f96aee4bea901bd8825f28a281", "attributes": { "enabled": true }, "value": "super-secret-value" ...}Read the secret value:
az keyvault secret show \ --vault-name kv-demo-localstack \ --name app-secret{ "name": "app-secret", "id": "https://kv-demo-localstack.localhost.localstack.cloud:4566/secrets/app-secret/d8a709f96aee4bea901bd8825f28a281", "attributes": { "enabled": true }, "value": "super-secret-value" ...}List all secrets in the vault:
az keyvault secret list \ --vault-name kv-demo-localstack[ { "name": "app-secret", "id": "https://kv-demo-localstack.localhost.localstack.cloud:4566/secrets/app-secret" ... }]Limitations
Section titled “Limitations”Key Vault keys, HSM-related operations, and getting a real certificate from an official CA are not supported.
Samples
Section titled “Samples”The following sample demonstrates how to use Key Vault with LocalStack for Azure:
API Coverage
Section titled “API Coverage”| Operation ▲ | Implemented ▼ |
|---|