@eqxjs/azure-manage-identity
Version:
For get Azure keyvault secret
19 lines • 1.16 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.decryptData = decryptData;
const keyvault_keys_1 = require("@azure/keyvault-keys");
const confidential_mgnt_1 = require("../confidential.mgnt");
const secret_get_1 = require("../secret/secret.get");
const base64url_1 = require("base64url");
const node_buffer_1 = require("node:buffer");
async function decryptData(keyURL, keyName, payloadBase64, ivSecretName) {
const credential = new confidential_mgnt_1.MyClientAssertionCredential();
const keysClient = new keyvault_keys_1.KeyClient(keyURL, credential);
const vaultKey = await keysClient.getKey(keyName);
const secret = await (0, secret_get_1.getSecret)(keyURL, ivSecretName);
const cryptographyClient = new keyvault_keys_1.CryptographyClient(vaultKey, credential);
const payload = base64url_1.default.decode(payloadBase64);
let result = await cryptographyClient.decrypt({ algorithm: "A256CBC", ciphertext: node_buffer_1.Buffer.from(payload), iv: (secret.value) ? node_buffer_1.Buffer.from(secret.value) : undefined });
return result.result.toString();
}
//# sourceMappingURL=key.decrypt.js.map