envilder
Version:
A CLI and GitHub Action that securely centralizes your environment variables from AWS SSM or Azure Key Vault as a single source of truth
24 lines • 1.45 kB
JavaScript
import { DefaultAzureCredential } from '@azure/identity';
import { SecretClient } from '@azure/keyvault-secrets';
import { DependencyMissingError } from '../../domain/errors/DomainErrors.js';
import { AzureKeyVaultSecretProvider } from './AzureKeyVaultSecretProvider.js';
import { DEFAULT_VAULT_HOSTS, validateAzureVaultUrl, } from './AzureVaultUrlValidator.js';
export { DEFAULT_VAULT_HOSTS } from './AzureVaultUrlValidator.js';
export function createAzureSecretProvider(config, options) {
var _a, _b;
const { vaultUrl } = config;
if (!vaultUrl) {
throw new DependencyMissingError('vaultUrl is required when using Azure provider.' +
' Set it in $config.vaultUrl in your map file' +
' or via --vault-url flag.');
}
const allowedVaultHosts = (_a = options === null || options === void 0 ? void 0 : options.allowedVaultHosts) !== null && _a !== void 0 ? _a : DEFAULT_VAULT_HOSTS;
const disableChallengeResourceVerification = (_b = options === null || options === void 0 ? void 0 : options.disableChallengeResourceVerification) !== null && _b !== void 0 ? _b : false;
validateAzureVaultUrl(vaultUrl, allowedVaultHosts);
const credential = new DefaultAzureCredential();
const client = new SecretClient(vaultUrl, credential, {
disableChallengeResourceVerification,
});
return new AzureKeyVaultSecretProvider(client);
}
//# sourceMappingURL=AzureSecretProviderFactory.js.map