Microsoft Azure Key Vault support

2025-09-08 11:50:11 +02:00
parent e66907f701
commit ce817cf898
4 changed files with 112 additions and 0 deletions
--- a/azure.go
+++ b/azure.go
@@ -0,0 +1,51 @@
+package secret
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
+	"github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets"
+)
+
+type azureKeyVaultProvider struct {
+	options  *providerOptions
+	vaultURL string
+	client   *azsecrets.Client
+}
+
+func AzureKeyVault(tenant, name string, opts ...Option) (Provider, error) {
+	var options = newProviderOptions(opts...)
+
+	p := &azureKeyVaultProvider{
+		options:  options,
+		vaultURL: fmt.Sprintf("https://%s.vault.azure.net", name),
+	}
+
+	creds, err := azidentity.NewDefaultAzureCredential(nil)
+	if err != nil {
+		return nil, err
+	}
+
+	if p.client, err = azsecrets.NewClient(p.vaultURL, creds, nil); err != nil {
+		return nil, err
+	}
+
+	return p, nil
+}
+
+func (p *azureKeyVaultProvider) GetSecret(key string) (value []byte, err error) {
+	ctx := context.Background()
+	if p.options.timeout > 0 {
+		var cancel func()
+		ctx, cancel = context.WithTimeout(ctx, p.options.timeout)
+		defer cancel()
+	}
+
+	var secret azsecrets.GetSecretResponse
+	if secret, err = p.client.GetSecret(ctx, key, "", nil); err != nil {
+		return
+	}
+
+	return []byte(*secret.Value), nil
+}