npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@calvear/azure-key-vault

v4.1.0

Published

Wrapper for @azure/keyvault-secrets for ease secrets handler in JSON files.

Downloads

100

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

calvearcalvear

Keywords

azurekey-vaultsecretstypescript

Readme

Azure Key Vault

Node library for handle Azure Key Vault, abstracts secrets management by project, environment and group when vault is shared. Also, this library handles nested JSON structures.

How To Use 💡

Should be initialized with AzureKeyVault in two ways as:

import { AzureKeyVault } from '@calvear/azure-key-vault';

// initializes azure key vault with default credentials
// azure cli, environment variables, etc.
// see https://www.npmjs.com/package/@azure/identity

// execute `az login` if you're using az cli
const keyVault = new AzureKeyVault(
	'https://my-key-vault.vault.azure.net',
	{
		project: 'my-project',
		group: 'web',
		env: 'dev',
	}
);
import { AzureKeyVault } from '@calvear/azure-key-vault';

// initializes azure key vault with SPN credentials
const keyVault = new AzureKeyVault(
	'https://my-key-vault.vault.azure.net',
	{
		project: 'my-project',
		group: 'web',
		env: 'dev',
	},
	{
		clientId: 'f176a774-239e-4cd3-8551-88fd9fb9b441',
		clientSecret: 'WyBwkmcL8rGQe9B2fvRLDrqDuannE4Ku',
		tenantId: '9dba8525-be64-4d10-b124-e6f1644ae513',
	}
);

and used as below:

import { AzureKeyVault } from '@calvear/azure-key-vault';

// initialized here ...

async function main() {
	await keyVault.setAll({
		SECRET1: 'my secret 1',
		SECRET2: 'my secret 2',
		otherConfig: {
			SECRET3: 'my secret 3',
		},
	});

	const mySecret2 = await keyVault.getInfo('SECRET2');
	console.log(mySecret2);
	// name is 'my-project-dev-web-secret2' and value 'my secret 2'

	const mySecret3 = await keyVault.getInfo('otherConfig:SECRET3');
	console.log(mySecret3);
	// name is 'my-project-dev-web-otherConfig--secret3' and value 'my secret 3'

	const mySecrets = await keyVault.getFor({
		SECRET1: null,
		SECRET2: 'default value',
		otherConfig: {
			SECRET3: null,
		},
		SECRET4: 'def for secret 4',
	});
	console.log(mySecrets);
	// prints { SECRET1: 'my secret 1, SECRET2: 'my secret 2', otherConfig: { SECRET3: 'my secret 3' }, SECRET4: 'def for secret 3' }
}

main();

You can initialize key vault with environment variables as:

import { AzureKeyVault } from '@calvear/azure-key-vault';

...
process.env.AZURE_KEY_VAULT_URI = 'https://my-key-vault.vault.azure.net';
process.env.AZURE_CLIENT_ID = 'f176a774-239e-4cd3-8551-88fd9fb9b441';
process.env.AZURE_CLIENT_SECRET = 'WyBwkmcL8rGQe9B2fvRLDrqDuannE4Ku';
process.env.AZURE_TENANT_ID = '9dba8525-be64-4d10-b124-e6f1644ae513';
...

// initializes azure key vault
const keyVault = new AzureKeyVault({
	project: 'my-project',
	group: 'web',
	env: 'dev'
});

...

Logging

You can change log level using AZURE_LOG_LEVEL environment variable:

process.env.AZURE_LOG_LEVEL = 'info';
	> levels: 'verbose', 'info', 'warning', 'error'

Functions

Library has functions for manage key vault secrets.

[i] You can use ':' for nested path, (i.e. car:props:name) [i] You can prefix your key with '&' for project shared secret, (i.e. car:props:$name)

  • get: returns secret value.

| Parameters | Description | | ------------ | ------------------------------------- | | key | (string) secret key | | serialized | (boolean) whether value is serialized |

const value = await keyVault.get('my-secret');
  • getInfo: returns secret info.

| Parameters | Description | | ---------- | ------------------- | | key | (string) secret key |

const info = await keyVault.getInfo('my-secret');
  • set: inserts or updates secret value.

| Parameters | Description | | ---------- | ------------------- | | key | (string) secret key | | value | (string) secret key |

const info = await keyVault.set('my-secret', 'my secret value');
  • delete: deletes a secret.

| Parameters | Description | | ---------- | ------------------- | | key | (string) secret key |

const deletionInfo = await keyVault.delete('my-secret');
  • purge: purges a deleted secret.

| Parameters | Description | | ---------- | ------------------- | | key | (string) secret key |

const info = await keyVault.purge('my-secret');
  • restore: restores a deleted secret.

| Parameters | Description | | ---------- | ------------------- | | key | (string) secret key |

const restoredInfo = await keyVault.restore('my-secret');
  • getAll: gets all secrets for the project, env and group.
const listOfSecrets = await keyVault.getAll();
  • getFor: (faster than getAll) gets all secrets for the project, env and group defined in input object. In order to get array correctly deserialized, use [] as default value instead of null or undefined.

| Parameters | Description | | ------------ | -------------------------------------------------------------------------------- | | secrets | (any) object with secrets (key, value) | | [override] | (boolean) (default: false) whether secrets with default value should be override |

let secrets = {
	'$global-var': null,
	'my-secret': null,
	'my-secret-2': 'default value',
	'my-secret-group1': {
		'my-secret-3': null,
	},
	// in case of array type variable, default must be
	// an array (or empty array) for correct deserialize
	'my-array-secret': [],
};

const listOfSecrets = await keyVault.getFor(secrets);
  • setAll: insert or updates a set of secrets.

| Parameters | Description | | ---------- | -------------------------------------- | | secrets | (any) object with secrets (key, value) |

let secrets = {
	'$global-var': 'my shared secret',
	'my-secret': 'my secret',
	'my-secret-2': 'my secret 2',
	'my-secret-group1': {
		'my-secret-3': 'my secret 3',
	},
	'my-array-secret': ['a', 'b', 'c'],
};

const listOfProperties = await keyVault.setAll(secrets);
  • deleteAll: deletes every secrets for the project group.

| Parameters | Description | | ------------ | ---------------------- | | skipGlobal | skips global variables |

const info = await keyVault.deleteAll();
  • purgeAll: purges every deleted secrets for the project group.

| Parameters | Description | | ------------ | ---------------------- | | skipGlobal | skips global variables |

const info = await keyVault.purgeAll();
  • restoreAll: restores every deleted secrets for the project group.

| Parameters | Description | | ------------ | ---------------------- | | skipGlobal | skips global variables |

const info = await keyVault.restoreAll();

Commands

Library has node commands for use with npm. Every commands needs credentials arguments for connect to key vault.

| Parameters | Description | | ------------ | ------------------------------------------------------------------------------ | | --project | (string) project name | | --group | (string) secrets group | | --env | (string) environment | | --uri | (string) key vault uri (i.e. https://my-key-vault.vault.azure.net) | | --spn | (string) service principal name id (i.e. f176a774-239e-4cd3-8551-88fd9fb9b441) | | --password | (string) spn secret password (i.e. WyBwkmcL8rGQe9B2fvRLDrqDuannE4Ku) | | --tenant | (string) tenant id (i.e. 9dba8525-be64-4d10-b124-e6f1644ae513) |

You should define your npm script command in package.json as:

// package.json
{
	...,
	"scripts": {
		...,
		"akv": "akv --project=my-project --group=web --tenant=9dba8525-be64-4d10-b124-e6f1644ae513",
		...
	},
	...
}
  • getFor: writes a file with secrets as JSON, using a JSON file as secrets structure definition.

| Parameters | Description | | ---------- | ---------------------------------------------------------------------------- | | --file | (string) relative uri (from cmd root) for JSON file for structure definition | | --output | (string) relative uri for result secrets JSON file |

foo@bar:~$ npm run akv getFor -- \
	--env=dev \
	--uri=https://my-key-vault.vault.azure.net \
	--spn=f176a774-239e-4cd3-8551-88fd9fb9b441 \
	--password=WyBwkmcL8rGQe9B2fvRLDrqDuannE4Ku \
	--file=secrets-structure-definition.json \
	--output=my-secrets.json \
	--override
  • getAll: writes all secrets (for project, group and env) in a JSON file.

| Parameters | Description | | ---------- | -------------------------------------------------- | | --output | (string) relative uri for result secrets JSON file |

foo@bar:~$ npm run akv getAll -- \
	--env=dev \
	--uri=https://my-key-vault.vault.azure.net \
	--spn=f176a774-239e-4cd3-8551-88fd9fb9b441 \
	--password=WyBwkmcL8rGQe9B2fvRLDrqDuannE4Ku \
	--output=my-secrets.json \
	--override
  • publish: creates or updates secrets (for project, group and env) in key vault from a JSON file.

| Parameters | Description | | ---------- | ---------------------------------------------------------------- | | --file | (string) relative uri (from cmd root) for JSON file with secrets |

foo@bar:~$ npm run akv publish -- \
	--env=dev \
	--uri=https://my-key-vault.vault.azure.net \
	--spn=f176a774-239e-4cd3-8551-88fd9fb9b441 \
	--password=WyBwkmcL8rGQe9B2fvRLDrqDuannE4Ku \
	--file=my-secrets.json

  • clear: deletes all secrets (for project, group and env) in key vault.

  • restore: restores all deleted secrets (for project, group and env) in key vault.

Linting 🧿

Project uses ESLint, for code formatting and code styling normalizing.

  • eslint: JavaScript and React linter with Airbnb React base config and some other additions.

For correct interpretation of linters, is recommended to use Visual Studio Code as IDE and install the plugins in .vscode folder at 'extensions.json', as well as use the config provided in 'settings.json'

Changelog 📄

For last changes see CHANGELOG.md file for details.

Built with 🛠️

License 📄

This project is licensed under the MIT License - see LICENSE.md file for details.

⌨ by Alvear Candia, Cristopher Alejandro