script to test azure key vault permissions when working with Atlas BY…

checkKeyVaultPermissions-azure/README.md

@@ -0,0 +1,35 @@
+# Azure Key Vault Permission Test
+
+## Prerequisites
+- Install azure-keyvault-keys and azure-identity using pip:
+```
+pip install azure-keyvault-keys azure-identity
+```
+
+## Usage
+Optional:
+Setup virtual enviornment using the following commands;
+```
+python3 -m venv ./key
+source key/bin/activate
+```
+1. Run azure_keyvault_testing_v0.2.py
+2. Provide values for TenantID, ClientID, Client Secret, Vault URL and Key Name at prompt.
+3. If the permissions are setup correctly, output should look like the one below;
+```
+Enter TenantID: 9e4546-f5665-465-b565-9656546546
+Enter ClientID: 0565656-a454-4546-a546-9565656565
+Enter Client Secret(HIDDEN): 
+Enter Vault URL: https://vaultname.vault.azure.net/
+Enter Key Name: keyname                                 
+Encrypting string b'This is my string'
+-------
+Encrypted String Object: <azure.keyvault.keys.crypto._models.EncryptResult object at 0x10c2599a0>
+Encrypted String Algo: RSA-OAEP-256
+Encrypted String ciphertext:
+b'DL\xc7\xd5\r\abe9[\xda\xc6\xd3Jw\ab7\x1cs\xc5\x90\n\x9c\xec\x8en^\x13\xc7\xc2,\x91\x00\xe9\xeb\x1croz\xed[\x0c\x1cF\xa8l\x1dV%\x05CM\xa6[v\xa20D\qae\xee\x16\x8eGE\xc4\x9e9\x82L\xd6S\x91\xcf+\xd9\xf2\xe6T\xef-\xfa\xcb\xd1\x95\xd7+\x05\x0f;\xfa\xfa=\x86\x91\xd6\x0d\od34\xf38\x8d\x16\xae\xdc:\xe3\x82\xff\xe0fg}%e\xf1\xb6\xc1Z\xfc\x02\xa9\x9fD\xa8-\xdfH\x04w\xb7\xed\x8e[n\xcd \xaa\x06\xc4\xd9#j\x8aC\n\x87\n\xfaB\x14\oa2M\xff\xfa\\\xbe\xee\xe6\ab3\xd1\x98\x81\x89\xb48\xd4\xf8\x13\xf7rn/V\x14s\x04WjX\xad\x85\x8f?N\x04\xbbky\xe1}\xd8\xd0i\xfd\x1b\x01"Q\x88\x92c\xad\xd0Xa\xd1\xec\xa3<P\x0e\xc8`\xdbL\xc6\x95\xce:\x0e k\xbb\x8fLe\x94 \xa8`\xa9h\x99\xc1\xc2\x9bb\xcc\x164\x7f\xb1\xe7\xd6\x15\xd7"C\xe2(uK\xb8\x83\x18\x85W\xbde'
+-------
+Decrypting string from ciphertext:
+b'DL\xc7\xd5\r\abe9[\xda\xc6\xd3Jw\ab7\x1cs\xc5\x90\n\x9c\xec\x8en^\x13\xc7\xc2,\x91\x00\xe9\xeb\x1croz\xed[\x0c\x1cF\xa8l\x1dV%\x05CM\xa6[v\xa20D\qae\xee\x16\x8eGE\xc4\x9e9\x82L\xd6S\x91\xcf+\xd9\xf2\xe6T\xef-\xfa\xcb\xd1\x95\xd7+\x05\x0f;\xfa\xfa=\x86\x91\xd6\x0d\od34\xf38\x8d\x16\xae\xdc:\xe3\x82\xff\xe0fg}%e\xf1\xb6\xc1Z\xfc\x02\xa9\x9fD\xa8-\xdfH\x04w\xb7\xed\x8e[n\xcd \xaa\x06\xc4\xd9#j\x8aC\n\x87\n\xfaB\x14\oa2M\xff\xfa\\\xbe\xee\xe6\ab3\xd1\x98\x81\x89\xb48\xd4\xf8\x13\xf7rn/V\x14s\x04WjX\xad\x85\x8f?N\x04\xbbky\xe1}\xd8\xd0i\xfd\x1b\x01"Q\x88\x92c\xad\xd0Xa\xd1\xec\xa3<P\x0e\xc8`\xdbL\xc6\x95\xce:\x0e k\xbb\x8fLe\x94 \xa8`\xa9h\x99\xc1\xc2\x9bb\xcc\x164\x7f\xb1\xe7\xd6\x15\xd7"C\xe2(uK\xb8\x83\x18\x85W\xbde'
+Decrypted_string: b'This is my string'
+```

checkKeyVaultPermissions-azure/azure_keyvault_testing_v0.2.py

@@ -0,0 +1,58 @@
+#Run the following command before running this script
+#pip install azure-keyvault-keys azure-identity
+
+import os
+import getpass
+from azure.identity import ClientSecretCredential
+from azure.keyvault.keys import KeyClient
+from azure.keyvault.keys.crypto import CryptographyClient, EncryptionAlgorithm
+
+TENANT_ID=input("Enter TenantID: ")
+CLIENT_ID=input("Enter ClientID: ")
+CLIENT_SECRET=getpass.getpass(prompt='Enter Client Secret(HIDDEN): ')
+VAULT_URL=input("Enter Vault URL: ")
+KEY_NAME=input("Enter Key Name: ")
+
+credential = ClientSecretCredential(
+    tenant_id=TENANT_ID,
+    client_id=CLIENT_ID,
+    client_secret=CLIENT_SECRET,
+)
+
+try:
+    key_client = KeyClient(
+        vault_url=VAULT_URL,
+        credential=credential
+    )
+except Exception as e:
+    raise e
+
+
+arbitrary_string_as_bytes = b'This is my string'
+
+try:
+    key = key_client.get_key(name=KEY_NAME)
+except Exception as e:
+    raise e
+
+crypto_client = CryptographyClient(key, credential=credential)
+
+print(f"Encrypting string {arbitrary_string_as_bytes}")
+encrypted_string = crypto_client.encrypt(
+    EncryptionAlgorithm.rsa_oaep_256,
+    arbitrary_string_as_bytes
+)
+
+print('-------')
+print(f"Encrypted String Object: {encrypted_string}")
+print(f"Encrypted String Algo: {encrypted_string.algorithm}")
+print(f"Encrypted String ciphertext:\n{encrypted_string.ciphertext}")
+print('-------')
+print(f"Decrypting string from ciphertext:\n{encrypted_string.ciphertext}")
+
+decrypted_string = crypto_client.decrypt(
+    encrypted_string.algorithm,
+    encrypted_string.ciphertext
+)
+
+print(f"Decrypted_string: {decrypted_string.plaintext}")