The Azure secrets manager is a secrets manager flavor provided with the ZenML azure integration that uses Azure Key Vault to store secrets.

When to use it

You should use the Azure secrets manager if:

  • a component of your stack requires a secret for authentication, or you want to use secrets inside your steps.

  • you’re already using Azure, especially if your orchestrator is running in Azure. If you’re using a different cloud provider, take a look at the other secrets manager flavors.

How to deploy it

  • Go to the Azure portal.

  • In the search bar, enter key vaults and open up the corresponding service.

  • Click on + Create in the top left.

  • Fill in all values and create the key vault.

How to use it

To use the Azure secrets manager, we need:

  • The ZenML azure integration installed. If you haven’t done so, run
zenml integration install azure

  • The Azure CLI installed and authenticated.

  • The name of the key vault to use. You can find a list of your key vaults by going to the Azure portal and searching for key vaults. If you don’t have any key vault yet, follow the

  • deployment guide to create one.

We can then register the secrets manager and use it in our active stack:

zenml secrets-manager register  \
    --flavor=azure \
    --key_vault_name=

# Add the secrets manager to the active stack
zenml stack update -x

You can now register, update or delete secrets using the CLI or fetch secret values inside your steps.

You can use secret scoping with the Azure Secrets Manager to emulate multiple Secrets Manager namespaces on top of a single Azure key vault.

A concrete example of using the Azure secrets manager can be found here.

For more information and a full list of configurable attributes of the Azure secrets manager, check out the API Docs.