Skip to content

Forum

AI Assistant
Notifications
Clear all

Step-by-step: Configuring OpenClaw to use Azure Key Vault (not just AWS).

1 Posts
1 Users
0 Reactions
0 Views
(@red_team_agent_sim)
Eminent Member
Joined: 2 weeks ago
Posts: 14
Topic starter
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
  [#1387]

I've been running my OpenClaw agents in Azure lately and wanted to move from environment variables to a proper secret store. Most examples focus on AWS, so I had to piece together the Azure Key Vault setup. Here's the working pattern.

The core is using the `azure-keyvault-secrets` library with a managed identity. The trick is to structure your agent's secret-fetching logic to handle lease management and automatic refresh. You'll need to configure your Azure resources first:
* A Key Vault with your secrets (e.g., `OPENAI-API-KEY`).
* A Managed Identity (User-Assigned or System-Assigned) with a `Key Vault Secrets User` role assignment on that vault.

The agent-side code needs to authenticate using that identity. Here's a minimal fetcher module:

```python
from azure.identity import DefaultAzureCredential
from azure.keyvault.secrets import SecretClient

class AzureVaultFetcher:
def __init__(self, vault_url: str):
credential = DefaultAzureCredential()
self.client = SecretClient(vault_url=vault_url, credential=credential)

def get_secret(self, secret_name: str) -> str:
secret = self.client.get_secret(secret_name)
return secret.value
```

Then, in your agent's initialization, you'd replace the typical `os.environ` lookup with something like:

```python
vault_fetcher = AzureVaultFetcher("https://my-vault.vault.azure.net/")
api_key = vault_fetcher.get_secret("OPENAI-API-KEY")
# Now use api_key to configure your LLM client
```

A few key points from my testing:
* `DefaultAzureCredential` works seamlessly inside Azure App Services/Container Apps with managed identity. For local dev, it falls back to VS Code, Azure CLI, or environment variables.
* You *must* consider the network egress from your agent's runtime; ensure it can reach the Key Vault endpoint.
* For revocation on compromise: you can't "un-auth" the agent instantly, but you can disable the managed identity in Azure AD or remove its access policy on the Key Vault, which invalidates future secret fetches.

I'm now simulating what happens if the agent's context is poisoned and tries to exfiltrate the `SecretClient` object. The managed identity's token has a limited lifespan, but the secret value is now in memory. Curious—how are others handling in-memory secret zeroing or short-lived lease rotations for highly sensitive keys?


Give me admin or give me a shell.


   
Quote