Gathering detailed insights and metrics for @calvear/azure-key-vault
Gathering detailed insights and metrics for @calvear/azure-key-vault
Installations
npm install @calvear/azure-key-vaultDeveloper
calvear93
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
~16.0.0 || >=18
Typescript Support
Yes
Node Version
20.6.1
NPM Version
9.6.6
Statistics
1 Stars
79 Commits
2 Watching
3 Branches
2 Contributors
Updated on 18 Feb 2022
Bundle Size
413.87 kB
Minified
104.79 kB
Minified + Gzipped
Languages
TypeScript (93.68%)
JavaScript (6.32%)
Total Downloads
Cumulative downloads
Total Downloads
5,935
Last day
0%
2
Compared to previous day
Last week
-78.4%
8
Compared to previous week
Last month
78.3%
82
Compared to previous month
Last year
-66.8%
608
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
3
Dev Dependencies
20
@types/jest@types/minimist@types/node@typescript-eslint/eslint-plugin@typescript-eslint/parsercopyfileseslinteslint-config-prettiereslint-plugin-eslint-commentseslint-plugin-jesteslint-plugin-jest-formattingeslint-plugin-prettiereslint-plugin-promiseeslint-plugin-sonarjseslint-plugin-unicornjestprettierts-jesttsc-aliastypescript
Versions
Azure Key Vault
Node library for handle Azure Key Vault, abstracts secrets management by project, environment and group when vault is shared. Also, this library handles nested JSON structures.
How To Use 💡
Should be initialized with AzureKeyVault in two ways as:
1import { AzureKeyVault } from '@calvear/azure-key-vault'; 2 3// initializes azure key vault with default credentials 4// azure cli, environment variables, etc. 5// see https://www.npmjs.com/package/@azure/identity 6 7// execute `az login` if you're using az cli 8const keyVault = new AzureKeyVault( 9 'https://my-key-vault.vault.azure.net', 10 { 11 project: 'my-project', 12 group: 'web', 13 env: 'dev', 14 } 15);
1import { AzureKeyVault } from '@calvear/azure-key-vault'; 2 3// initializes azure key vault with SPN credentials 4const keyVault = new AzureKeyVault( 5 'https://my-key-vault.vault.azure.net', 6 { 7 project: 'my-project', 8 group: 'web', 9 env: 'dev', 10 }, 11 { 12 clientId: 'f176a774-239e-4cd3-8551-88fd9fb9b441', 13 clientSecret: 'WyBwkmcL8rGQe9B2fvRLDrqDuannE4Ku', 14 tenantId: '9dba8525-be64-4d10-b124-e6f1644ae513', 15 } 16);
and used as below:
1import { AzureKeyVault } from '@calvear/azure-key-vault'; 2 3// initialized here ... 4 5async function main() { 6 await keyVault.setAll({ 7 SECRET1: 'my secret 1', 8 SECRET2: 'my secret 2', 9 otherConfig: { 10 SECRET3: 'my secret 3', 11 }, 12 }); 13 14 const mySecret2 = await keyVault.getInfo('SECRET2'); 15 console.log(mySecret2); 16 // name is 'my-project-dev-web-secret2' and value 'my secret 2' 17 18 const mySecret3 = await keyVault.getInfo('otherConfig:SECRET3'); 19 console.log(mySecret3); 20 // name is 'my-project-dev-web-otherConfig--secret3' and value 'my secret 3' 21 22 const mySecrets = await keyVault.getFor({ 23 SECRET1: null, 24 SECRET2: 'default value', 25 otherConfig: { 26 SECRET3: null, 27 }, 28 SECRET4: 'def for secret 4', 29 }); 30 console.log(mySecrets); 31 // prints { SECRET1: 'my secret 1, SECRET2: 'my secret 2', otherConfig: { SECRET3: 'my secret 3' }, SECRET4: 'def for secret 3' } 32} 33 34main();
You can initialize key vault with environment variables as:
1import { AzureKeyVault } from '@calvear/azure-key-vault'; 2 3... 4process.env.AZURE_KEY_VAULT_URI = 'https://my-key-vault.vault.azure.net'; 5process.env.AZURE_CLIENT_ID = 'f176a774-239e-4cd3-8551-88fd9fb9b441'; 6process.env.AZURE_CLIENT_SECRET = 'WyBwkmcL8rGQe9B2fvRLDrqDuannE4Ku'; 7process.env.AZURE_TENANT_ID = '9dba8525-be64-4d10-b124-e6f1644ae513'; 8... 9 10// initializes azure key vault 11const keyVault = new AzureKeyVault({ 12 project: 'my-project', 13 group: 'web', 14 env: 'dev' 15}); 16 17...
Logging
You can change log level using AZURE_LOG_LEVEL environment variable:
1process.env.AZURE_LOG_LEVEL = 'info';
> levels: 'verbose', 'info', 'warning', 'error'
Functions
Library has functions for manage key vault secrets.
[i] You can use ':' for nested path, (i.e. car:props:name)
[i] You can prefix your key with '&' for project shared secret, (i.e. car:props:$name)
- get: returns secret value.
| Parameters | Description |
|---|---|
key | (string) secret key |
serialized | (boolean) whether value is serialized |
1const value = await keyVault.get('my-secret');
- getInfo: returns secret info.
| Parameters | Description |
|---|---|
key | (string) secret key |
1const info = await keyVault.getInfo('my-secret');
- set: inserts or updates secret value.
| Parameters | Description |
|---|---|
key | (string) secret key |
value | (string) secret key |
1const info = await keyVault.set('my-secret', 'my secret value');
- delete: deletes a secret.
| Parameters | Description |
|---|---|
key | (string) secret key |
1const deletionInfo = await keyVault.delete('my-secret');
- purge: purges a deleted secret.
| Parameters | Description |
|---|---|
key | (string) secret key |
1const info = await keyVault.purge('my-secret');
- restore: restores a deleted secret.
| Parameters | Description |
|---|---|
key | (string) secret key |
1const restoredInfo = await keyVault.restore('my-secret');
- getAll: gets all secrets for the project, env and group.
1const listOfSecrets = await keyVault.getAll();
- getFor: (faster than getAll) gets all secrets for the project, env and group defined in input object. In order to get array correctly deserialized, use [] as default value instead of null or undefined.
| Parameters | Description |
|---|---|
secrets | (any) object with secrets (key, value) |
[override] | (boolean) (default: false) whether secrets with default value should be override |
1let secrets = { 2 '$global-var': null, 3 'my-secret': null, 4 'my-secret-2': 'default value', 5 'my-secret-group1': { 6 'my-secret-3': null, 7 }, 8 // in case of array type variable, default must be 9 // an array (or empty array) for correct deserialize 10 'my-array-secret': [], 11}; 12 13const listOfSecrets = await keyVault.getFor(secrets);
- setAll: insert or updates a set of secrets.
| Parameters | Description |
|---|---|
secrets | (any) object with secrets (key, value) |
1let secrets = { 2 '$global-var': 'my shared secret', 3 'my-secret': 'my secret', 4 'my-secret-2': 'my secret 2', 5 'my-secret-group1': { 6 'my-secret-3': 'my secret 3', 7 }, 8 'my-array-secret': ['a', 'b', 'c'], 9}; 10 11const listOfProperties = await keyVault.setAll(secrets);
- deleteAll: deletes every secrets for the project group.
| Parameters | Description |
|---|---|
skipGlobal | skips global variables |
1const info = await keyVault.deleteAll();
- purgeAll: purges every deleted secrets for the project group.
| Parameters | Description |
|---|---|
skipGlobal | skips global variables |
1const info = await keyVault.purgeAll();
- restoreAll: restores every deleted secrets for the project group.
| Parameters | Description |
|---|---|
skipGlobal | skips global variables |
1const info = await keyVault.restoreAll();
Commands
Library has node commands for use with npm. Every commands needs credentials arguments for connect to key vault.
| Parameters | Description |
|---|---|
--project | (string) project name |
--group | (string) secrets group |
--env | (string) environment |
--uri | (string) key vault uri (i.e. https://my-key-vault.vault.azure.net) |
--spn | (string) service principal name id (i.e. f176a774-239e-4cd3-8551-88fd9fb9b441) |
--password | (string) spn secret password (i.e. WyBwkmcL8rGQe9B2fvRLDrqDuannE4Ku) |
--tenant | (string) tenant id (i.e. 9dba8525-be64-4d10-b124-e6f1644ae513) |
You should define your npm script command in package.json as:
1// package.json 2{ 3 ..., 4 "scripts": { 5 ..., 6 "akv": "akv --project=my-project --group=web --tenant=9dba8525-be64-4d10-b124-e6f1644ae513", 7 ... 8 }, 9 ... 10}
- getFor: writes a file with secrets as JSON, using a JSON file as secrets structure definition.
| Parameters | Description |
|---|---|
--file | (string) relative uri (from cmd root) for JSON file for structure definition |
--output | (string) relative uri for result secrets JSON file |
1foo@bar:~$ npm run akv getFor -- \ 2 --env=dev \ 3 --uri=https://my-key-vault.vault.azure.net \ 4 --spn=f176a774-239e-4cd3-8551-88fd9fb9b441 \ 5 --password=WyBwkmcL8rGQe9B2fvRLDrqDuannE4Ku \ 6 --file=secrets-structure-definition.json \ 7 --output=my-secrets.json \ 8 --override
- getAll: writes all secrets (for project, group and env) in a JSON file.
| Parameters | Description |
|---|---|
--output | (string) relative uri for result secrets JSON file |
1foo@bar:~$ npm run akv getAll -- \ 2 --env=dev \ 3 --uri=https://my-key-vault.vault.azure.net \ 4 --spn=f176a774-239e-4cd3-8551-88fd9fb9b441 \ 5 --password=WyBwkmcL8rGQe9B2fvRLDrqDuannE4Ku \ 6 --output=my-secrets.json \ 7 --override
- publish: creates or updates secrets (for project, group and env) in key vault from a JSON file.
| Parameters | Description |
|---|---|
--file | (string) relative uri (from cmd root) for JSON file with secrets |
1foo@bar:~$ npm run akv publish -- \ 2 --env=dev \ 3 --uri=https://my-key-vault.vault.azure.net \ 4 --spn=f176a774-239e-4cd3-8551-88fd9fb9b441 \ 5 --password=WyBwkmcL8rGQe9B2fvRLDrqDuannE4Ku \ 6 --file=my-secrets.json
-
clear: deletes all secrets (for project, group and env) in key vault.
-
restore: restores all deleted secrets (for project, group and env) in key vault.
Linting 🧿
Project uses ESLint, for code formatting and code styling normalizing.
- eslint: JavaScript and React linter with Airbnb React base config and some other additions.
For correct interpretation of linters, is recommended to use Visual Studio Code as IDE and install the plugins in .vscode folder at 'extensions.json', as well as use the config provided in 'settings.json'
Changelog 📄
For last changes see CHANGELOG.md file for details.
Built with 🛠️
- @azure/identity - azure identity provider.
- @azure/keyvault-secrets - azure key vault bae handler.
License 📄
This project is licensed under the MIT License - see LICENSE.md file for details.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: MIT License: LICENSE.md:0
Reason
5 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-m5vv-6r4h-3vj9
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no SAST tool detected
Details
- Warn: no pull requests merged into dev branch
Reason
Found 0/30 approved changesets -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Score
2.4
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More