52 lines
1.1 KiB
Go
52 lines
1.1 KiB
Go
package secret
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
|
|
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
|
|
"github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets"
|
|
)
|
|
|
|
type azureKeyVaultProvider struct {
|
|
options *providerOptions
|
|
vaultURL string
|
|
client *azsecrets.Client
|
|
}
|
|
|
|
func AzureKeyVault(tenant, name string, opts ...Option) (Provider, error) {
|
|
var options = newProviderOptions(opts...)
|
|
|
|
p := &azureKeyVaultProvider{
|
|
options: options,
|
|
vaultURL: fmt.Sprintf("https://%s.vault.azure.net", name),
|
|
}
|
|
|
|
creds, err := azidentity.NewDefaultAzureCredential(nil)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if p.client, err = azsecrets.NewClient(p.vaultURL, creds, nil); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return p, nil
|
|
}
|
|
|
|
func (p *azureKeyVaultProvider) GetSecret(key string) (value []byte, err error) {
|
|
ctx := context.Background()
|
|
if p.options.timeout > 0 {
|
|
var cancel func()
|
|
ctx, cancel = context.WithTimeout(ctx, p.options.timeout)
|
|
defer cancel()
|
|
}
|
|
|
|
var secret azsecrets.GetSecretResponse
|
|
if secret, err = p.client.GetSecret(ctx, key, "", nil); err != nil {
|
|
return
|
|
}
|
|
|
|
return []byte(*secret.Value), nil
|
|
}
|