Skip to content

Support for Azure Gov in the Azure backend #692

Description

@mmichalak-swe

Description
I am trying to use the Azure backend, but I would like to use it with Azure Gov. Per line 43 in azurekeyvault.go, it looks like 'vault.azure.net' is what's added to the key vault name to build the FQDN.

// GetSecrets gets secrets from Azure Key Vault and returns the formatted data
// For Azure Key Vault, `kvpath` is the unique name of your vault
// For Azure use the version here not make really sens as each secret have a different version but let support it
func (a *AzureKeyVault) GetSecrets(kvpath string, version string, _ map[string]string) (map[string]interface{}, error) {
	kvpath = fmt.Sprintf("https://%s.vault.azure.net", kvpath)

Describe the solution you'd like
I would like support to be added for Azure Gov. The FQDN for the key vault would need to be built with 'vault.usgovcloudapi.net'. Perhaps this can be added as a separate backend, or an option for the existing Azure backend. I am not sure if any other changes would need to be made outside of this with the plugin as it stands, or if a simple addition of the Azure Gov uri as an option, would be sufficient.

Describe alternatives you've considered
I considered spoofing 'vault.azure.net' in the plugin container/pod on OpenShift, but haven't tested that fully yet. Other than that, I don't know of a solution outside of forking the existing plugin and modifying it to test this out as a solution.

Additional context
N/A

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions