class KeyVault::Client

Client for Azure Key Vault

Allows creation and retrieval of secrets from Azure Key Vault

N.B. Secret names can contain only contain alphanumerics or hyphens. Any 'invalid' characters will be translated into hyphens.

Attributes

api_version[R]

version of the Azure REST API being used

Public Class Methods

new(vault_name, bearer_token, api_version: VAULT_API_VERSION) click to toggle source

Create client for a key vault

Parameters:

vault_name

The name of the key vault

bearer_token

The token obtained from #KeyVault::Auth

api_version

(optional) Version of the azure REST API to use. Defaults to VAULT_API_VERSION

# File lib/key_vault/client.rb, line 25
def initialize(vault_name, bearer_token, api_version: VAULT_API_VERSION)
  @vault_name = vault_name
  @api_version = api_version || VAULT_API_VERSION
  @bearer_token = bearer_token
  @vault_url = Url.new(@vault_name)
end

Public Instance Methods

create_secret(secret_name, secret_value) click to toggle source

Adds a secret to key vault

Parameters:

secret_name

Name of the secret (alphanumeric with hyphens)

secret_value

Value of the secret as a string

# File lib/key_vault/client.rb, line 54
def create_secret(secret_name, secret_value)
  url = @vault_url.get_url(clean(secret_name), nil, @api_version)
  body = @vault_url.get_body(secret_value)
  headers = { 'Content-Type' => 'application/json',
              'Authorization' => @bearer_token }
  RestClient.put(url, body, headers)
end
get_secret(secret_name, secret_version = nil) click to toggle source

Retrieves secret from key vault as a string

Parameters:

secret_name

Name of the secret (alphanumeric with hyphens)

secret_version

(optional) Version of the secret to retrieve. Defaults to latest version

Returns:

A string containing the secret value or nil if not found

# File lib/key_vault/client.rb, line 40
def get_secret(secret_name, secret_version = nil)
  url = @vault_url.get_url(clean(secret_name), secret_version, @api_version)
  headers = { 'Authorization' => @bearer_token }
  response = RestClient.get(url, headers)
  JSON.parse(response)['value']
rescue RestClient::NotFound
  return nil
end

Private Instance Methods

clean(name) click to toggle source

Replaces non alphanumerics with hyphens

# File lib/key_vault/client.rb, line 65
def clean(name)
  name.gsub(/[^a-zA-Z0-9-]/, '-')
end