Comments (9)
Take a look at https://www.npmjs.com/package/@azure/keyvault-secrets. Our new libraries support easier authentication including MSI. This would also reduce maintenance costs with the helper classes you've defined. See https://www.npmjs.com/package/@azure/keyvault-secrets#getting-a-secret for a simple example.
from get-keyvault-secrets.
Thanks Aaron. Please feel free to contribute.
from get-keyvault-secrets.
I'm going to start work on this and add tests since our libraries also make it easy to mock the clients.
from get-keyvault-secrets.
I'm going to start work on this and add tests since our libraries also make it easy to mock the clients.
I did some more research on this, and isn’t it possible to just have this work if we login with az login —identity from the Azure Login task. Hopefully the creds would flow through?
It would be great to have tests too.
from get-keyvault-secrets.
That feature work is planned.
from get-keyvault-secrets.
It's also work pointing out that a separate login step really isn't necessary since the clients will authenticate automatically as needed. A custom TokenCredential too read the same format could be added to a ChainedTokenCredential along with DefaultAzureCredential to be back-compat. This is what I was planning in the interim. That TokenCredential could also go in the shared lib.
from get-keyvault-secrets.
@actions-devops how are you running the agent as an MSI? I would like to set up a repro/test environment but haven't been able to figure out how to do this. Or it just to run "az login" using MSI?
from get-keyvault-secrets.
@actions-devops/ @aaronba any inputs here?
from get-keyvault-secrets.
This issue is idle because it has been open for 14 days with no activity.
from get-keyvault-secrets.
Related Issues (12)
- Add Support for Sovereign clouds like AzureUSGovernment HOT 5
- Environment variables created from secrets cannot be hyphenated HOT 11
- Action need to update to deal with CVE vulnerabilities HOT 16
- Receiving Error: Unable to process command '::set-env HOT 9
- Handling dynamic key names HOT 6
- RBAC based access policies on the Key Vault HOT 4
- GA Date HOT 4
- Failure to login AKV using SPN Certificate Credentials. HOT 5
- Invalid regular expression: /*/: Nothing to repeat on self-hosted GithubRunner HOT 1
- Action never fails when trying to access non-existing KV
- Deprecation info HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from get-keyvault-secrets.