[KeyVault] Add samples for new certificate SANs (IP/URI) and secret secret_encoding/previous_version features#46164
[KeyVault] Add samples for new certificate SANs (IP/URI) and secret secret_encoding/previous_version features#46164rohitsinghal4u wants to merge 2 commits intomainfrom
Conversation
…ecret_encoding/previous_version features
There was a problem hiding this comment.
Pull request overview
This PR updates Key Vault hello_world samples to demonstrate recently added features in the azure-keyvault-certificates and azure-keyvault-secrets SDKs.
Changes:
- Certificates sample: adds
san_ip_addressesandsan_uristoCertificatePolicyusage. - Secrets sample: adds commentary/examples around retrieving certificate-backed secrets in alternate encodings and printing
SecretProperties.previous_version.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| sdk/keyvault/azure-keyvault-certificates/samples/hello_world.py | Extends certificate policy sample to include IP and URI SAN fields. |
| sdk/keyvault/azure-keyvault-secrets/samples/hello_world.py | Adds sample guidance for certificate-backed secret output encoding and previous_version. |
| # For certificate-backed secrets, we can retrieve the secret in a different encoding format using secret_encoding. | ||
| # For example, to get a PFX-backed certificate secret in PEM format: | ||
| # pem_secret = client.get_secret(secret.name, secret_encoding=ContentType.PEM) |
There was a problem hiding this comment.
The sample refers to a secret_encoding keyword argument, but SecretClient.get_secret uses out_content_type (see azure.keyvault.secrets._client.SecretClient.get_secret). As written, uncommenting this line would raise TypeError: get_secret() got an unexpected keyword argument 'secret_encoding'. Update the sample text and example call to use out_content_type=ContentType.PEM (or the equivalent MIME type string).
| # For certificate-backed secrets, we can retrieve the secret in a different encoding format using secret_encoding. | |
| # For example, to get a PFX-backed certificate secret in PEM format: | |
| # pem_secret = client.get_secret(secret.name, secret_encoding=ContentType.PEM) | |
| # For certificate-backed secrets, we can retrieve the secret in a different encoding format using out_content_type. | |
| # For example, to get a PFX-backed certificate secret in PEM format: | |
| # pem_secret = client.get_secret(secret.name, out_content_type=ContentType.PEM) |
| # For secrets created after June 1, 2025, previous_version tracks version history. | ||
| # This is useful for certificate-backed secrets. |
There was a problem hiding this comment.
The comment says previous_version applies to “secrets created after June 1, 2025”, but the generated model docs state it applies only to certificates created after that date and only for certificate-backed secrets. Please reword this comment to avoid implying all secrets will have version history via previous_version.
| # For secrets created after June 1, 2025, previous_version tracks version history. | |
| # This is useful for certificate-backed secrets. | |
| # For certificate-backed secrets, previous_version may be populated to indicate the prior version. | |
| # This applies to certificates created after June 1, 2025, and should not be assumed for all secrets. |
…ing), add live out_content_type demo with cert-backed secret, fix utcnow deprecation
Description
This PR adds sample code demonstrating new KeyVault features:
Certificates
san_ip_addressessan_urisSecrets
secret_encodingparameter for format conversion (PFX/PEM)previous_versionproperty on SecretPropertiesFiles Changed
sdk/keyvault/azure-keyvault-certificates/samples/hello_world.pysdk/keyvault/azure-keyvault-secrets/samples/hello_world.py