adding azure key vault documentation to secrets

Netflix · May 16, 2024 · 50b86a3 · 50b86a3
1 parent 38be0fc
commit 50b86a3
Showing 1 changed file with 46 additions and 1 deletion.
diff --git a/docs/scaling/secrets.md b/docs/scaling/secrets.md
@@ -17,7 +17,7 @@ Also, take a look at [the API docs for `@secrets`](/api/step-decorators/secrets)
 
 :::info
 
-Currently, `@secrets` supports only AWS Secrets Manager. Contact us on
+Currently, `@secrets` supports only AWS Secrets Manager and Azure Key Vault. Contact us on
 [Metaflow support Slack](http://chat.metaflow.org) if you are interested in
 using another secrets manager.
 
@@ -183,3 +183,48 @@ AWS Secrets Manager console) as a source:
 @secrets(sources=['arn:aws:secretsmanager:us-west-2:001234556000:secret:some-secret'])
 ```
 
+### Accessing secrets in Azure
+
+Azure Key Vault is an account specific service, managed via Azure
+Resource Manager. Currently, only `Secret` object types are supported. You can specify 
+secrets in the `sources` list or dictionary object as shown below. 
+
+:::info
+
+If accessing secrets in Azure Key Vault, must set the environment variable
+METAFLOW_DEFAULT_SECRETS_BACKEND_TYPE to az-key-vault
+
+:::
+
+The following formats of secrets are supported. 
+
+Fully qualified Key Vault Id:
+
+```python
+@secrets(sources=['https://az-key-vault.vault.azure.net/secrets/secretkey/2260d88aca504269999c5f9413c3abcd'])
+```
+
+Key Vault Id without version:
+
+```python
+@secrets(sources=['https://az-key-vault.vault.azure.net/secrets/secretkey'])
+```
+
+Key Vault Object Name with version:
+
+```python
+@secrets(sources=['secretkey/2260d88aca504269999c5f9413c3abcd'])
+```
+
+Key Vault Object Name:
+
+```python
+@secrets(sources=['secretkey'])
+```
+
+:::info
+
+If the vault URL is not specified in the source, must set the environment variable 
+METAFLOW_AZURE_KEY_VAULT_PREFIX https://az-key-vault.vault.azure.net/
+
+:::