Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
var http = require('http');
const KeyVault = require('azure-keyvault');
const msRestAzure = require('ms-rest-azure');
var server = http.createServer(function(request, response) {
response.writeHead(200, {"Content-Type": "text/plain"});
});
// The ms-rest-azure library allows us to login with MSI by providing the resource name. In this case the resource is Key Vault.
// For public regions the resource name is Key Vault
msRestAzure.loginWithAppServiceMSI({resource: 'https://vault.azure.net'}).then( (credentials) => {
const keyVaultClient = new KeyVault.KeyVaultClient(credentials);
var vaultUri = "https://" + "" + ".vault.azure.net/";
// We're setting the Secret value here and retrieving the secret value
keyVaultClient.setSecret(vaultUri, 'my-secret', 'test-secret-value', {})
.then( (kvSecretBundle, httpReq, httpResponse) => {
console.log("Secret id: '" + kvSecretBundle.id + "'.");
return keyVaultClient.getSecret(kvSecretBundle.id, {});
})
.then( (bundle) => {
console.log("Successfully retrieved 'test-secret'");
console.log(bundle);
})
.catch( (err) => {
console.log(err);
* Licensed under the MIT License. See License.txt in the project root for
* license information.
*/
'use strict';
var http = require('http');
const KeyVault = require('azure-keyvault');
const msRestAzure = require('ms-rest-azure');
var server = http.createServer(function(request, response) {
response.writeHead(200, {"Content-Type": "text/plain"});
});
// The ms-rest-azure library allows us to login with MSI by providing the resource name. In this case the resource is Key Vault.
// For public regions the resource name is Key Vault
msRestAzure.loginWithAppServiceMSI({resource: 'https://vault.azure.net'}).then( (credentials) => {
const keyVaultClient = new KeyVault.KeyVaultClient(credentials);
var vaultUri = "https://" + "" + ".vault.azure.net/";
// We're setting the Secret value here and retrieving the secret value
keyVaultClient.setSecret(vaultUri, 'my-secret', 'test-secret-value', {})
.then( (kvSecretBundle, httpReq, httpResponse) => {
console.log("Secret id: '" + kvSecretBundle.id + "'.");
return keyVaultClient.getSecret(kvSecretBundle.id, {});
})
.then( (bundle) => {
console.log("Successfully retrieved 'test-secret'");
console.log(bundle);
})
.catch( (err) => {
console.log(err);
getMSICredentials () {
return msRestAzure.loginWithAppServiceMSI({resource: 'https://management.azure.com'});
// return msRestAzure.interactiveLogin({resource: 'https://management.azure.com'});
}
storeChallengeInKeyVault(challenge, secretData, callback) {
assert.strictEqual(typeof challenge, 'object');
assert.strictEqual(typeof secretData, 'string');
assert.strictEqual(typeof callback, 'function');
//replace illegal chars for secret name in kv
let secretName = challenge.token.replace(/([^a-z0-9-]+)/gi, '');
msRestAzure.loginWithAppServiceMSI({resource: 'https://vault.azure.net'}).then(credentials => {
const keyVaultClient = new KeyVault.KeyVaultClient(credentials);
keyVaultClient.setSecret(this.keyVaultUri, secretName, secretData, {})
.then(kvSecretBundle => {
this.logMsg("KeyVaultSecret id: '" + kvSecretBundle.id + "'.");
callback(null, challenge);
})
.catch(err => {
callback('error storing keyvault secret ' + err)
});
})
.catch(err => {
callback('error logging in via MSI ' + err)
});
}
module.exports = function (context, req) {
if(context && context.bindingData && context.bindingData.code && process.env.KEYVAULT_NAME) {
//replace illegal chars for secret name in kv
let secretName = context.bindingData.code.replace(/([^a-z0-9-]+)/gi, '');
context.log(`Checking for ACME challenge response at '${secretName}'...`);
msRestAzure.loginWithAppServiceMSI({resource: 'https://vault.azure.net'}).then(credentials => {
const keyVaultClient = new KeyVault.KeyVaultClient(credentials);
const vaultUri = `https://${process.env.KEYVAULT_NAME}.vault.azure.net/`;
keyVaultClient.getSecret(vaultUri, secretName, "").then(secretData => {
context.log(`ACME challenge response file '${secretName}' read successfully.`);
context.log(secretData.value);
context.res = {
status: 200,
headers: { "Content-Type": "text/plain" },
body: secretData.value
};
context.done();
}).catch(err => {
context.log.error(err);