Blog Post

Python: How to use secrets stored in azure key vault in your Pulumi project

,

Software Engineers are excited to create Infrastructures just like DevOps Engineers. However, other IaC tools like Terraform and CloudFormation, relies on domain-specific Languages (DSLs) or JSON/YAML templates to create infrastructures. These IaC tools requires Software Engineers to learn these DSL’s before they can create infrastructures. Pulumi to the rescue.

What is Pulumi ? Pulumi is an Infrastructure as a Code (IaC) tool that allows developers to define and manage infrastructure using familiar programming languages. Developers can still use their existing Programming language to create infrastructures unlike Terraform and CloudFormation which requires Developers to learn new syntax. Pulumi allows you to write infrastructure code in your favorite programming language such as TypeScript, JavaScript, Python, Go and C#.

In this article you will learn how to use your secrets stored in Azure key Vault in your Pulumi project. You will be creating a Virtual Machine (VM) using Python as a programming language; you will need to store the username and password as a secret in Azure Key Vault which will be used for authentication.

What is Azure? Azure is Microsoft’s cloud computing platform that provides a broad range of services to help businesses build, develop, deploy and manage applications by utilizing Microsoft’s global network of data centers.

What is Azure key Vault ? Azure key Vault is a cloud service provided by Microsoft Azure designed to securely stores and manage sensitive information such as secrets, encryption keys and certificates. This allows you to protect your data by providing centeralized management, fine-grained access control, automated key rotation and seamless integration with other Azure services.

Below is a step-by-step guide on how to Dockerize an application in Rust and deploy this application to AWS ECR.

Below is a step-by-step guide on how to use your secrets stored (username and password) in Azure key vault while creating a Virtual Machine (VM) using python as a programming language.

Step 1: Install Pulumi

Firstly, you should ensure you have Pulumi installed in your development environment. Pulumi can be installed in Linux, macOS or Windows.

The command below can be used to install Pulumi

#How to install Pulumi on Linux
curl -fsSL https://get.pulumi.com | sh

#How to install Pulumi using Brew on macOS
brew install pulumi/tap/pulumi
#How to install Pulumi on Windows
Download and run the Pulumi installer on this link https://www.pulumi.com/docs/install/

Step 2: Set Up Your Environment

Secondly, you need to setup your environment and install the python dependencies. Kindly follow this steps below in setting up your environment.

  • Create an Account: Sign up for a Pulumi account here to store your stack state.
  • Install Dependencies: Install python and pip on your workstation. Since we are using Python for creating infrastructure. However, if you are using other programming language, you can use this method to install the software.

Step 3: Create a New Pulumi Project

Initialize a new Pulumi project by running:

pulumi new

You will get a prompt after running the command, Pulumi will prompt you to select a template based on the cloud provider and language of your choice. For example

  • GCP Go: This will be gcp-go
  • Azure Python: This will be azure-python
  • AWS TypeScript: This will be aws-typescript

Step 4: Create a New Pulumi Project

After the project is created, you can now define your infrastructure using Python Programming language.

Create a new file called _main_.py

Conclusion

I hope you find this process of receiving and onsuming secrets from Azure Key Vault in your Pulumi Project useful and interesting. Check out the completed code on GitHub

Original post (opens in new tab)

Rate

You rated this post out of 5. Change rating

Share

Share

Rate

You rated this post out of 5. Change rating