-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathlegacy.js
67 lines (55 loc) · 2.4 KB
/
legacy.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
import { ClientSecretCredential } from "@azure/identity";
import { SecretClient } from "@azure/keyvault-secrets";
const { AZURE_VAULT_NAME, AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, PRINT_ENV } = process.env;
//comma seperated list of secrets
const SECRETS_LIST = process.env.SECRETS_LIST?.split(',');
const ERROR_PREAMBLE = 'Unable to access Azure Secrets Vault due to: ';
//validate that AZURE_VAULT_NAME, AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET are defined.
if (!AZURE_VAULT_NAME) {
throw new Error(`${ERROR_PREAMBLE} AZURE_VAULT_NAME is required.`);
}
if (!AZURE_TENANT_ID) {
throw new Error(`${ERROR_PREAMBLE} AZURE_TENANT_ID is required.`);
}
if (!AZURE_CLIENT_ID) {
throw new Error(`${ERROR_PREAMBLE} AZURE_CLIENT_ID is required.`);
}
if (!AZURE_CLIENT_SECRET) {
throw new Error(`${ERROR_PREAMBLE} AZURE_CLIENT_SECRET is required.`);
}
// Configure vault URL
const vaultUrl = `https://${AZURE_VAULT_NAME}.vault.azure.net`;
//Set credentials based on Service Registration
const credential = new ClientSecretCredential(
AZURE_TENANT_ID,
AZURE_CLIENT_ID,
AZURE_CLIENT_SECRET,
);
// Create authenticated secret client
const client = new SecretClient(vaultUrl, credential);
let envVars = {};
if (SECRETS_LIST?.length > 0) {
for (const secret_name of SECRETS_LIST) {
try {
let secret = await client.getSecret(secret_name);
//set secret to process.env. Because Azure KV does not support underscores, we put the secret names with dashes. On retrieval we replace dashes with underscore
const secretName = [secret.name.replace(/-/g, '_')];
process.env[secretName] = secret.value;
envVars[secretName] = secret.value;
} catch (error) {
console.warn(error.message);
}
}
} else {
//if there is no predefined list of secrets iterate all secrets in vault
for await (let secretProperties of client.listPropertiesOfSecrets()) {
let secret = await client.getSecret(secretProperties.name);
//set secret to process.env. Because Azure KV does not support underscores, we put the secret names with dashes. On retrieval we replace dashes with underscore
const secretName = [secret.name.replace(/-/g, '_')];
process.env[secretName] = secret.value;
envVars[secretName] = secret.value;
}
}
if (PRINT_ENV) {
console.log(JSON.stringify(envVars));
}