The Azure Code Samples are currently available in English

Manage key vaults with Ruby

Dernière mise à jour : 21/09/2016
Modifier sur GitHub

This sample demonstrates how to manage key vaults in Azure using the Ruby SDK.

On this page

Run this sample

  1. If you don't already have it, install Ruby and the Ruby DevKit.

  2. If you don't have bundler, install it.

    gem install bundler
  3. Clone the repository.

    git clone
  4. Install the dependencies using bundle.

    cd key-vault-ruby-manage-vaults
    bundle install
  5. Create an Azure service principal either through Azure CLI, PowerShell or the portal.

  6. Set the following environment variables using the information from the service principle that you created.

    export AZURE_TENANT_ID={your tenant id}
    export AZURE_CLIENT_ID={your client id}
    export AZURE_CLIENT_SECRET={your client secret}
    export AZURE_SUBSCRIPTION_ID={your subscription id}

    [AZURE.NOTE] On Windows, use set instead of export.

  7. Run the sample.

    bundle exec ruby example.rb

What is example.rb doing?

This sample starts by setting up ResourceManagementClient and KeyVaultManagementClient objects using your subscription and credentials.

# Create the Resource Manager Client with an Application (service principal) token provider
subscription_id = ENV['AZURE_SUBSCRIPTION_ID'] || '11111111-1111-1111-1111-111111111111' # your Azure Subscription Id
provider =
credentials =

# resource client
resource_client =
resource_client.subscription_id = subscription_id

# key vault client
keyvault_client =
keyvault_client.subscription_id = subscription_id

It registers the subscription for the "Microsoft.Media" namespace and creates a resource group and a storage account where the media services will be managed.

# Register subscription for 'Microsoft.Media' namespace
provider = resource_client.providers.register('Microsoft.Media')

# Create a resource group
resource_group_params = do |rg|
    rg.location = REGION

resource_group = resource_client.resource_groups.create_or_update(RESOURCE_GROUP_NAME, resource_group_params)

There are a couple of supporting functions (print_item and print_properties) that print a resource group and it's properties. With that set up, the sample lists all resource groups for your subscription, it performs these operations.

Create a key vault

vault_param =
vault_param.location = REGION = do |vault_prop|
    vault_prop.tenant_id = ENV['AZURE_TENANT_ID']
    vault_prop.sku = do |s| = 'A' = Azure::ARM::KeyVault::Models::SkuName::Standard

    access_policy_entry = do |policy_entry|
        policy_entry.tenant_id = ENV['AZURE_TENANT_ID']
        policy_entry.object_id = ENV['AZURE_TENANT_ID']
        permission = do |perm|
            perm.keys = ['all']
            perm.secrets = ['all']

        policy_entry.permissions = permission
    vault_prop.access_policies = [access_policy_entry]

vault = keyvault_client.vaults.create_or_update(RESOURCE_GROUP_NAME, VAULT_NAME, vault_param)

List key vaults

This code lists the first 5 key vaults.

vaults = keyvault_client.vaults.list(5)

Delete a key vault

keyvault_client.vaults.delete(RESOURCE_GROUP_NAME, VAULT_NAME)