Fastify secrets plugin for Azure Key Vault.
npm install --save fastify-secrets-azure
In order to be able to read from Azure Key Vault you will need some permissions.
You will also probably manage permissions in different ways in local dev and production environment.
In general you may want to use a different secrets manager on your local machine (i.e. fastify-secrets-env
to read secrets from env variables).
To set up a Key Vault to be accessed by fastify-secrets-azure
please read the instructions in the official documentation.
This will set up the vault and create an application capable of accessing it.
The information required to connect to Azure Key Vault can be stored in the environment or provided via plugin options, as described below.
Check out the official documentation for information about which environment variables are needed.
const FastifySecrets = require('fastify-secrets-azure')
fastify.register(FastifySecrets, {
secrets: {
dbPassword: 'secret-name'
},
clientOptions: {
vaultName: 'vault-name'
}
})
secret-name
is the name of the secret as created in Azure Key Vault.
await fastify.ready()
console.log(fastify.secrets.dbPassword) // content of 'secret-name'
secrets
[object]
(required) A map of keys and resource ids for the secrets.fastify-secrets-azure
will decorate the fastify server with asecrets
object where keys will be the same keys of the options and the value will be the content of the secret as fetched from Azure Key VaultclientOptions
[object]
(required) An object containing properties to be provided to the client used to connect to Azure Key Vault. Supports the following keys:vaultName
[string]
(required) The name of the vaultcredentials
[object]
(optional). Credentials for connection. If not provided, the client will use the default ones configured in environment variables:tenantId
Defaults toAZURE_TENANT_ID
environment variableclientId
Defaults toAZURE_CLIENT_ID
environment variableclientSecret
Defaults toAZURE_CLIENT_SECRET
environment variable
See CONTRIBUTING.md
Copyright NearForm Ltd 2021. Licensed under the Apache-2.0 license.