Azure Secrets Manager

How to store secrets in Azure
The Azure secrets manager is a secrets manager flavor provided with the ZenML azure integration that uses Azure Key Vault to store secrets.

When to use it

You should use the Azure secrets manager if:
  • a component of your stack requires a secret for authentication, or you want to use secrets inside your steps.
  • you're already using Azure, especially if your orchestrator is running in Azure. If you're using a different cloud provider, take a look at the other secrets manager flavors.

How to deploy it

  • Go to the Azure portal.
  • In the search bar, enter key vaults and open up the corresponding service.
  • Click on + Create in the top left.
  • Fill in all values and create the key vault.

How to use it

To use the Azure secrets manager, we need:
  • The ZenML azure integration installed. If you haven't done so, run
    zenml integration install azure
  • The Azure CLI installed and authenticated.
  • The name of the key vault to use. You can find a list of your key vaults by going to theAzure portal and searching for key vaults. If you don't have any key vault yet, follow the
  • deployment guide to create one.
We can then register the secrets manager and use it in our active stack:
zenml secrets-manager register <NAME> \
--flavor=azure \
# Add the secrets manager to the active stack
zenml stack update -x <NAME>
You can use secret scoping with the Azure Secrets Manager to emulate multiple Secrets Manager namespaces on top of a single Azure key vault.
A concrete example of using the Azure secrets manager can be found here.
For more information and a full list of configurable attributes of the Azure secrets manager, check out the API Docs.