Microsoft has an example in C# for encrypting azure blob using the key in azure-key-vault https://learn.microsoft.com/en-us/azure/storage/blobs/storage-encrypt-decrypt-blobs-key-vault?WT.mc_id=Portal-Microsoft_Azure_Support&tabs=dotnet11#prerequisites
I am looking to do the same in Python I tried to follow the code given in this page https://github.com/Azure/azure-storage-python/blob/master/samples/blob/encryption_usage.py This page is not using the azure key
It is giving an error when I try to use azure key in that example
class KeyWrapper:
def __init__(self, kid):
self.kek = self.get_azure_vault_key()
self.backend = default_backend()
self.kid = 'local:' + kid
def get_azure_vault_key(self):
credential = DefaultAzureCredential()
key_client = KeyClient(vault_url="https://xyz.vault.azure.net/", credential=credential)
keyvaultObj = key_client.get_key("my-key")
actualKey = keyvaultObj.key.n
return actualKey
def saveEncryptedCSVtoAzureBlob(CSVData, accountName, accountKey):
blobName = 'myBlob'
blobService = BlockBlobService(account_name=accountName, account_key=accountKey)
kek = KeyWrapper('local:key1')
blobService.key_encryption_key = kek
blobService.create_blob_from_text(containerName, blobName, CSVData)
This example gives the following error ValueError: The wrapping key must be a valid AES key length
"Encrypting Azure blob storage with azure key vault" functionality is not available as of today
The Storage Python library does not appear to support integration with Azure Key Vault yet. This support will be added in the future, and hence why there are no examples published for it at this time.
This functionality is only available for C#/.NET