Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[App Config] Secret reference sample update #18775

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ import {
ConfigurationSetting,
parseSecretReference
} from "@azure/app-configuration";
import { SecretClient } from "@azure/keyvault-secrets";
import { parseKeyVaultSecretIdentifier, SecretClient } from "@azure/keyvault-secrets";
import { DefaultAzureCredential } from "@azure/identity";

// Load the .env file if it exists
Expand All @@ -22,67 +22,103 @@ dotenv.config();

export async function main() {
console.log(`Running secretReference sample`);
const secretReference: ConfigurationSetting<SecretReferenceValue> = {
key: `secret${new Date().getTime()}`,
value: {
secretId: `secret-key${Math.ceil(100 + Math.random() * 900)}`
},
isReadOnly: false,
contentType: secretReferenceContentType
};

const key = `secret${new Date().getTime()}`;

// setup method creates
// - a secret using `@azure/keyvault-secrets`
// - a corresponding secret reference config setting with `@azure/app-configuration`
await setup(key);

console.log(`Get the added secretReference from App Config with key: ${key}`);
// Set the following environment variable or edit the value on the following line.
const connectionString = process.env["APPCONFIG_CONNECTION_STRING"] || "";
const appConfigClient = new AppConfigurationClient(connectionString);
const getResponse = await appConfigClient.getConfigurationSetting({
key
});
// You can use the `isSecretReference` global method to check if the content type is secretReferenceContentType ("application/vnd.microsoft.appconfig.keyvaultref+json;charset=utf-8")

const parsedSecretReference = parseSecretReference(getResponse);

// Get the name and vaultUrl from the secretId
const { name: secretName, vaultUrl } = parseKeyVaultSecretIdentifier(
parsedSecretReference.value.secretId
);

const secretClient = new SecretClient(vaultUrl, new DefaultAzureCredential());
try {
// Read the secret we created
const secret = await secretClient.getSecret(secretName);
console.log(`Get the secret from keyvault key: ${secretName}, value: ${secret.value}`);
} catch (err) {
const error = err as { code: string; statusCode: number };
if (error.code === "SecretNotFound" && error.statusCode === 404) {
throw new Error(
`\n Secret is not found, make sure the secret ${parsedSecretReference.value.secretId} is present in your keyvault account;\n Original error - ${error}`
);
} else {
throw err;
}
}

console.log(`Deleting the secret from keyvault`);
await secretClient.beginDeleteSecret(secretName);

await cleanupSampleValues([key], appConfigClient);
}

async function setup(key: string) {
if (
!process.env["AZURE_TENANT_ID"] ||
!process.env["AZURE_CLIENT_ID"] ||
!process.env["AZURE_CLIENT_SECRET"] ||
!process.env["KEYVAULT_URI"]
!process.env["KEYVAULT_URI"] ||
!process.env["APPCONFIG_CONNECTION_STRING"]
) {
console.log(
`At least one of the AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, and KEYVAULT_URI variables is not present,
`At least one of the AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, APPCONFIG_CONNECTION_STRING and KEYVAULT_URI variables is not present,
please add the missing ones in your environment and rerun the sample.`
);
return;
}

// DefaultAzureCredential expects the following three environment variables:
// - AZURE_TENANT_ID: The tenant ID in Azure Active Directory
// - AZURE_CLIENT_ID: The application (client) ID registered in the AAD tenant
// - AZURE_CLIENT_SECRET: The client secret for the registered application
const credential = new DefaultAzureCredential();
const url = process.env["KEYVAULT_URI"] || "<keyvault-url>";

const secretClient = new SecretClient(url, credential);
const secretClient = new SecretClient(process.env["KEYVAULT_URI"], new DefaultAzureCredential());
const secretName = `secret-${Date.now()}`;
// Create a secret
console.log(
`Create a keyvault secret with key: ${secretReference.value.secretId} and value: "MySecretValue"`
);
await secretClient.setSecret(secretReference.value.secretId, "MySecretValue");
console.log(`Create a keyvault secret with key: ${secretName} and value: "MySecretValue"`);
const secret = await secretClient.setSecret(secretName, "MySecretValue");

if (!secret.properties.id) {
throw new Error("Something went wrong - secret id is undefined");
}

// creates the secret reference config setting
await createConfigSetting(key, secret.properties.id);
}

async function createConfigSetting(key: string, secretId: string) {
// Set the following environment variable or edit the value on the following line.
const connectionString = process.env["APPCONFIG_CONNECTION_STRING"] || "<connection string>";
const appConfigClient = new AppConfigurationClient(connectionString);

await cleanupSampleValues([secretReference.key], appConfigClient);
const secretReference: ConfigurationSetting<SecretReferenceValue> = {
key,
value: { secretId },
isReadOnly: false,
contentType: secretReferenceContentType
};

await cleanupSampleValues([key], appConfigClient);

console.log(
`Add a new secretReference with key: ${secretReference.key} and secretId: ${secretReference.value.secretId}`
`Add a new secretReference with key: ${key} and secretId: ${secretReference.value.secretId}`
);
await appConfigClient.addConfigurationSetting(secretReference);

console.log(`Get the added secretReference from App Config with key: ${secretReference.key}`);
const getResponse = await appConfigClient.getConfigurationSetting({
key: secretReference.key
});

// You can use the `isSecretReference` global method to check if the content type is secretReferenceContentType ("application/vnd.microsoft.appconfig.keyvaultref+json;charset=utf-8")
const parsedSecretReference = parseSecretReference(getResponse);
// Read the secret we created
const secret = await secretClient.getSecret(parsedSecretReference.value.secretId);
console.log(`Get the secret from keyvault key: ${secret.name}, value: ${secret.value}`);

console.log(`Deleting the secret from keyvault`);
await secretClient.beginDeleteSecret(parsedSecretReference.value.secretId);

await cleanupSampleValues([secretReference.key], appConfigClient);
}

async function cleanupSampleValues(keys: string[], client: AppConfigurationClient) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ const {
secretReferenceContentType,
parseSecretReference
} = require("@azure/app-configuration");
const { SecretClient } = require("@azure/keyvault-secrets");
const { parseKeyVaultSecretIdentifier, SecretClient } = require("@azure/keyvault-secrets");
const { DefaultAzureCredential } = require("@azure/identity");

// Load the .env file if it exists
Expand All @@ -18,65 +18,101 @@ dotenv.config();

async function main() {
console.log(`Running secretReference sample`);
const secretReference = {
key: `secret${new Date().getTime()}`,
value: {
secretId: `secret-key${Math.ceil(100 + Math.random() * 900)}`
},
isReadOnly: false,
contentType: secretReferenceContentType
};

const key = `secret${new Date().getTime()}`;

// setup method creates
// - a secret using `@azure/keyvault-secrets`
// - a corresponding secret reference config setting with `@azure/app-configuration`
await setup(key);

console.log(`Get the added secretReference from App Config with key: ${key}`);
// Set the following environment variable or edit the value on the following line.
const connectionString = process.env["APPCONFIG_CONNECTION_STRING"] || "";
const appConfigClient = new AppConfigurationClient(connectionString);
const getResponse = await appConfigClient.getConfigurationSetting({
key
});
// You can use the `isSecretReference` global method to check if the content type is secretReferenceContentType ("application/vnd.microsoft.appconfig.keyvaultref+json;charset=utf-8")

const parsedSecretReference = parseSecretReference(getResponse);

// Get the name and vaultUrl from the secretId
const { name: secretName, vaultUrl } = parseKeyVaultSecretIdentifier(
parsedSecretReference.value.secretId
);

const secretClient = new SecretClient(vaultUrl, new DefaultAzureCredential());
try {
// Read the secret we created
const secret = await secretClient.getSecret(secretName);
console.log(`Get the secret from keyvault key: ${secretName}, value: ${secret.value}`);
} catch (err) {
const error = err;
if (error.code === "SecretNotFound" && error.statusCode === 404) {
throw new Error(
`\n Secret is not found, make sure the secret ${parsedSecretReference.value.secretId} is present in your keyvault account;\n Original error - ${error}`
);
} else {
throw err;
}
}

console.log(`Deleting the secret from keyvault`);
await secretClient.beginDeleteSecret(secretName);

await cleanupSampleValues([key], appConfigClient);
}

async function setup(key) {
if (
!process.env["AZURE_TENANT_ID"] ||
!process.env["AZURE_CLIENT_ID"] ||
!process.env["AZURE_CLIENT_SECRET"] ||
!process.env["KEYVAULT_URI"]
!process.env["KEYVAULT_URI"] ||
!process.env["APPCONFIG_CONNECTION_STRING"]
) {
console.log(`At least one of the AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, and KEYVAULT_URI variables is not present,
console.log(`At least one of the AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, APPCONFIG_CONNECTION_STRING and KEYVAULT_URI variables is not present,
please add the missing ones in your environment and rerun the sample.`);
return;
}

// DefaultAzureCredential expects the following three environment variables:
// - AZURE_TENANT_ID: The tenant ID in Azure Active Directory
// - AZURE_CLIENT_ID: The application (client) ID registered in the AAD tenant
// - AZURE_CLIENT_SECRET: The client secret for the registered application
const credential = new DefaultAzureCredential();
const url = process.env["KEYVAULT_URI"] || "<keyvault-url>";

const secretClient = new SecretClient(url, credential);
const secretClient = new SecretClient(process.env["KEYVAULT_URI"], new DefaultAzureCredential());
const secretName = `secret-${Date.now()}`;
// Create a secret
console.log(
`Create a keyvault secret with key: ${secretReference.value.secretId} and value: "MySecretValue"`
);
await secretClient.setSecret(secretReference.value.secretId, "MySecretValue");
console.log(`Create a keyvault secret with key: ${secretName} and value: "MySecretValue"`);
const secret = await secretClient.setSecret(secretName, "MySecretValue");

if (!secret.properties.id) {
throw new Error("Something went wrong - secret id is undefined");
}

// creates the secret reference config setting
await createConfigSetting(key, secret.properties.id);
}

async function createConfigSetting(key, secretId) {
// Set the following environment variable or edit the value on the following line.
const connectionString = process.env["APPCONFIG_CONNECTION_STRING"] || "<connection string>";
const appConfigClient = new AppConfigurationClient(connectionString);

await cleanupSampleValues([secretReference.key], appConfigClient);
const secretReference = {
key,
value: { secretId },
isReadOnly: false,
contentType: secretReferenceContentType
};

await cleanupSampleValues([key], appConfigClient);

console.log(
`Add a new secretReference with key: ${secretReference.key} and secretId: ${secretReference.value.secretId}`
`Add a new secretReference with key: ${key} and secretId: ${secretReference.value.secretId}`
);
await appConfigClient.addConfigurationSetting(secretReference);

console.log(`Get the added secretReference from App Config with key: ${secretReference.key}`);
const getResponse = await appConfigClient.getConfigurationSetting({
key: secretReference.key
});

// You can use the `isSecretReference` global method to check if the content type is secretReferenceContentType ("application/vnd.microsoft.appconfig.keyvaultref+json;charset=utf-8")
const parsedSecretReference = parseSecretReference(getResponse);
// Read the secret we created
const secret = await secretClient.getSecret(parsedSecretReference.value.secretId);
console.log(`Get the secret from keyvault key: ${secret.name}, value: ${secret.value}`);

console.log(`Deleting the secret from keyvault`);
await secretClient.beginDeleteSecret(parsedSecretReference.value.secretId);

await cleanupSampleValues([secretReference.key], appConfigClient);
}

async function cleanupSampleValues(keys, client) {
Expand Down
Loading