2

I'm trying to pull data from Azure KeyVault with Node. I installed azure-keyvault with npm and read some of the guides that Microsoft released (e.g. https://www.npmjs.com/package/azure-keyvault) but I can't get data to output. Just for testing purposes I'd like to do something like View contents of Secret in Azure KeyVault with node.

var KeyVault = require('azure-keyvault');
var util = require('util');
var Crypto = require('crypto');
var AuthenticationContext = require('adal-node').AuthenticationContext;

var clientId = 'xxx';
var clientSecret = 'xxx';
var vaultUri = 'xxx';

I can't find an API with a list of commands that I can do with the keyvault var, how do I pull data from keyvault?

Edit: so I have var KeyVault = require('azure-keyvault');

and the KeyVault variable can be used as an object with methods listed in here: http://azure.github.io/azure-sdk-for-node/azure-keyvault/latest/?

Arun Vinoth-Precog Tech - MVP
  • 22,364
  • 14
  • 59
  • 168
user3364161
  • 365
  • 5
  • 21

3 Answers3

2

Here is the 'azure-keyvault' library docs: http://azure.github.io/azure-sdk-for-node/azure-keyvault/latest/

I can't find an API with a list of commands that I can do with the keyvault var

you use the "keyvault var" to create a keyvault client. in the link above, see the side menu for a list of all commands.

how do I pull data from keyvault?

For example, you can use the KeyVaultClient.getSecrets function: http://azure.github.io/azure-sdk-for-node/azure-keyvault/latest/KeyVaultClient.html#getSecrets

itaysk
  • 5,852
  • 2
  • 33
  • 40
  • Wow the formatting on that was awful, I'm going to edit the original post – user3364161 Aug 15 '17 at 20:31
  • Is that a question? That looks right, but then you'll have to authenticate and create the KeyVaultClient. Here is a complete example: https://github.com/Azure/azure-sdk-for-node/blob/master/lib/services/keyVault/sample.js – itaysk Aug 15 '17 at 20:34
  • I have the clientID and the vaultURI, but I don't know what the clientSecret is – user3364161 Aug 15 '17 at 20:35
  • You need to register your app with AAD, then you get the AppID and secret. see here: https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal – itaysk Aug 16 '17 at 07:32
  • I read through that document but I can't find anything about the clientSecret. I know the application ID is clientID; is object ID the clientSecret? – user3364161 Aug 16 '17 at 13:20
  • appId is Application ID in the article. clientSecret is Key in the article – itaysk Aug 16 '17 at 15:10
1

The package azure-keyvault has been deprecated in favor of the new packages to deal with Keyvault keys, secrets and certificates separately. For your scenario, you can use the new @azure/keyvault-secrets package.

The readme at for @azure/keyvault-secrets has a variety of code snippets you can refer to. You can refer to the entire sample set for secrets too.

Ramya Rao
  • 111
  • 5
0

To read secrets from azure key vault you can use npm library read-azure-secrets, in which you will need to pass client ID, client secret, and vault URI. It will return all secrets from your key vault. Example -

const secretClient = require('read-azure-secrets');

async function loadKeyVaultValues() {

    let applicationID = '';
    let applicationSecret = '';
    let vaultURL = 'https://<your-key-vault-name>.vault.azure.net/';
    let secrets = await secretClient.getSecrets(applicationID, applicationSecret, vaultURL);

    secrets.forEach(secret => {
        console.log(secret);
    });

}

loadKeyVaultValues();
Rahul Patil
  • 493
  • 5
  • 14