Azure Secrets Manager
Storing secrets in Azure.
This is an older version of the ZenML documentation. To read and view the latest version please visit this up-to-date URL.
Azure Secrets Manager
The Azure secrets manager is a secrets manager flavor provided with the ZenML azure
integration that uses Azure Key Vault to store secrets.
We are deprecating secrets managers in favor of the centralized ZenML secrets store . Going forward, we recommend using the secrets store instead of secrets managers to configure and store secrets.
If you already use secrets managers to manage your secrets, please use the provided zenml secrets-manager secrets migrate
CLI command to migrate your secrets to the centralized secrets store.
To continue using Azure Key Vault as the service of choice for managing your secrets in the cloud, configure your ZenML server to connect to and use the Azure Key Vault service directly as a back-end for the centralized secrets store and then use zenml secret
CLI commands to manage your secrets instead of zenml secrets-manager secret
CLI commands. You no longer need to register the Azure secrets manager stack component or add it to your active stack.
Alternatively, you may use any of the other secrets store back-ends that the ZenML server supports, such as Google Secret Manager, AWS Secrets Manager, HashiCorp Vault, or even the ZenML SQL database.
When to use it
You should use the Azure secrets manager if:
a component of your stack requires a secret for authentication, or you want to use secrets inside your steps.
you're already using Azure, especially if your orchestrator is running in Azure. If you're using a different cloud provider, take a look at the other secrets manager flavors.
How to deploy it
Go to the Azure portal.
In the search bar, enter
key vaults
and open up the corresponding service.Click on
+ Create
in the top left.Fill in all values and create the key vault.
How to use it
To use the Azure secrets manager, we need:
The ZenML
azure
integration installed. If you haven't done so, runThe Azure CLI installed and authenticated.
The name of the key vault to use. You can find a list of your key vaults by going to the Azure portal and searching for
key vaults
. If you don't have a key vault yet, follow thedeployment guide to create one.
We can then register the secrets manager and use it in our active stack:
You can now register, update or delete secrets using the CLI or fetch secret values inside your steps.
You can use secret scoping with the Azure Secrets Manager to emulate multiple Secrets Manager namespaces on top of a single Azure key vault.
For more information and a full list of configurable attributes of the Azure secrets manager, check out the API Docs .
Last updated