Security News
Fluent Assertions Faces Backlash After Abandoning Open Source Licensing
Fluent Assertions is facing backlash after dropping the Apache license for a commercial model, leaving users blindsided and questioning contributor rights.
@azure/keyvault-keys
Advanced tools
@azure/keyvault-keys is an npm package that provides a client library for managing keys in Azure Key Vault. It allows you to create, import, update, delete, and manage keys, as well as perform cryptographic operations such as encryption, decryption, signing, and verifying.
Create a Key
This feature allows you to create a new key in Azure Key Vault. The code sample demonstrates how to create an RSA key using the KeyClient.
const { DefaultAzureCredential } = require('@azure/identity');
const { KeyClient } = require('@azure/keyvault-keys');
const credential = new DefaultAzureCredential();
const keyClient = new KeyClient('https://<your-key-vault-name>.vault.azure.net', credential);
async function createKey() {
const keyName = 'myKey';
const result = await keyClient.createKey(keyName, 'RSA');
console.log('Key created:', result);
}
createKey();
Get a Key
This feature allows you to retrieve an existing key from Azure Key Vault. The code sample demonstrates how to get a key by its name using the KeyClient.
const { DefaultAzureCredential } = require('@azure/identity');
const { KeyClient } = require('@azure/keyvault-keys');
const credential = new DefaultAzureCredential();
const keyClient = new KeyClient('https://<your-key-vault-name>.vault.azure.net', credential);
async function getKey() {
const keyName = 'myKey';
const result = await keyClient.getKey(keyName);
console.log('Key retrieved:', result);
}
getKey();
Delete a Key
This feature allows you to delete an existing key from Azure Key Vault. The code sample demonstrates how to start the deletion process for a key using the KeyClient.
const { DefaultAzureCredential } = require('@azure/identity');
const { KeyClient } = require('@azure/keyvault-keys');
const credential = new DefaultAzureCredential();
const keyClient = new KeyClient('https://<your-key-vault-name>.vault.azure.net', credential);
async function deleteKey() {
const keyName = 'myKey';
const result = await keyClient.beginDeleteKey(keyName);
console.log('Key deletion started:', result);
}
deleteKey();
Encrypt Data
This feature allows you to encrypt data using a key stored in Azure Key Vault. The code sample demonstrates how to encrypt data using the CryptographyClient.
const { DefaultAzureCredential } = require('@azure/identity');
const { KeyClient, CryptographyClient } = require('@azure/keyvault-keys');
const credential = new DefaultAzureCredential();
const keyClient = new KeyClient('https://<your-key-vault-name>.vault.azure.net', credential);
async function encryptData() {
const keyName = 'myKey';
const key = await keyClient.getKey(keyName);
const cryptoClient = new CryptographyClient(key.id, credential);
const plaintext = Buffer.from('my secret data');
const result = await cryptoClient.encrypt('RSA-OAEP', plaintext);
console.log('Encrypted data:', result.result);
}
encryptData();
Decrypt Data
This feature allows you to decrypt data using a key stored in Azure Key Vault. The code sample demonstrates how to decrypt data using the CryptographyClient.
const { DefaultAzureCredential } = require('@azure/identity');
const { KeyClient, CryptographyClient } = require('@azure/keyvault-keys');
const credential = new DefaultAzureCredential();
const keyClient = new KeyClient('https://<your-key-vault-name>.vault.azure.net', credential);
async function decryptData() {
const keyName = 'myKey';
const key = await keyClient.getKey(keyName);
const cryptoClient = new CryptographyClient(key.id, credential);
const encryptedData = Buffer.from('<your-encrypted-data>', 'base64');
const result = await cryptoClient.decrypt('RSA-OAEP', encryptedData);
console.log('Decrypted data:', result.result.toString());
}
decryptData();
The aws-sdk package provides a comprehensive set of tools for interacting with AWS services, including AWS Key Management Service (KMS). It allows you to create, manage, and use cryptographic keys in AWS. Compared to @azure/keyvault-keys, aws-sdk offers broader functionality across various AWS services but may have a steeper learning curve for those only interested in key management.
The node-jose package is a JavaScript library for JSON Object Signing and Encryption (JOSE) and provides tools for working with cryptographic keys and performing cryptographic operations. While it is not tied to a specific cloud provider, it offers a more general-purpose approach to key management and cryptographic operations compared to @azure/keyvault-keys.
Azure Key Vault is a service that allows you to encrypt authentication keys, storage account keys, data encryption keys, .pfx files, and passwords by using secured keys. If you would like to know more about Azure Key Vault, you may want to review: What is Azure Key Vault?
Azure Key Vault Key management allows you to create and control encryption keys that encrypt your data.
Use the client library for Azure Key Vault Keys in your Node.js application to
Using the cryptography client available in this library you also have access to
Source code | Package (npm) | API Reference Documentation | Product documentation | Samples
Prerequisites: You must have an Azure subscription and a Key Vault resource to use this package. If you are using this package in a Node.js application, then use Node.js 6.x or higher.
To quickly create the needed Key Vault resources in Azure and to receive a connection string for them, you can deploy our sample template by clicking:
Install the Azure Key Vault Key client library using npm
npm install @azure/keyvault-keys
Key Vault clients authenticate using the Azure identity library. Install it as well using npm
npm install @azure/identity
TypeScript users need to have Node type definitions installed:
npm install @types/node
You also need to enable compilerOptions.allowSyntheticDefaultImports
in your tsconfig.json. Note that if you have enabled compilerOptions.esModuleInterop
, allowSyntheticDefaultImports
is enabled by default. See TypeScript's compiler options handbook for more information.
Use the Azure Cloud Shell snippet below to create/get client secret credentials.
Create a service principal and configure its access to Azure resources:
az ad sp create-for-rbac -n <your-application-name> --skip-assignment
Output:
{
"appId": "generated-app-ID",
"displayName": "dummy-app-name",
"name": "http://dummy-app-name",
"password": "random-password",
"tenant": "tenant-ID"
}
Use the above returned credentials information to set AZURE_CLIENT_ID(appId), AZURE_CLIENT_SECRET(password) and AZURE_TENANT_ID(tenant) environment variables. The following example shows a way to do this in Bash:
export AZURE_CLIENT_ID="generated-app-ID"
export AZURE_CLIENT_SECRET="random-password"
export AZURE_TENANT_ID="tenant-ID"
Grant the above mentioned application authorization to perform key operations on the keyvault:
az keyvault set-policy --name <your-key-vault-name> --spn $AZURE_CLIENT_ID --key-permissions backup create decrypt delete encrypt get import list purge recover restore sign unwrapKey update verify wrapKey
--secret-permissions: Accepted values: backup, create, decrypt, delete, encrypt, get, import, list, purge, recover, restore, sign, unwrapKey, update, verify, wrapKey
Use the above mentioned Key Vault name to retrieve details of your Vault which also contains your Key Vault URL:
az keyvault show --name <your-key-vault-name>
The Key Vault service relies on Azure Active Directory to authenticate requests to its APIs. The @azure/identity
package provides a variety of credential types that your application can use to do this. The README for @azure/identity
provides more details and samples to get you started.
Here's a quick example. First, import DefaultAzureCredential
and KeyClient
:
const { DefaultAzureCredential } = require("@azure/identity");
const { KeyClient } = require("@azure/keyvault-keys");
Once these are imported, we can next connect to the Key Vault service. To do this, we'll need to copy some settings from the key vault we are connecting to into our environment variables. Once they are in our environment, we can access them with the following code:
const { DefaultAzureCredential } = require("@azure/identity");
const { KeyClient } = require("@azure/keyvault-keys");
// DefaultAzureCredential expects the following three environment variables:
// * AZURE_TENANT_ID: The tenant ID in Azure Active Directory
// * AZURE_CLIENT_ID: The application (client) ID registered in the AAD tenant
// * AZURE_CLIENT_SECRET: The client secret for the registered application
const credential = new DefaultAzureCredential();
// Build the URL to reach your key vault
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
// Lastly, create our keys client and connect to the service
const client = new KeyClient(url, credential);
The following sections provide code snippets that cover some of the common tasks using Azure Key Vault Keys. The scenarios that are covered here consist of:
createKey
creates a Key to be stored in the Azure Key Vault. If a key with
the same name already exists, then a new version of the key is created.
const { DefaultAzureCredential } = require("@azure/identity");
const { KeyClient } = require("@azure/keyvault-keys");
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const client = new KeyClient(url, credential);
const keyName = "MyKeyName";
async function main() {
const result = await client.createKey(keyName, "RSA");
console.log("result: ", result);
}
main();
The second parameter sent to createKey
is the type of the key. Keys can
either be of either one of the following types:
EC
for a key generated using Elliptic Curve cryptography.EC-HSM
for a key generated with Elliptic Curve cryptography with Hardware Security Modules.RSA
for Rivest, Shamir, and Adelman cryptography.RSA-HSM
for Rivest, Shamir, and Adelman cryptography with Hardware Security Modules.The simplest way to read keys back from the vault is to get a key by name. This will retrieve the most recent version of the key. You can optionally get a different version of the key if you specify it as part of the optional parameters.
getKey
retrieves a key previous stores in the Key Vault.
const { DefaultAzureCredential } = require("@azure/identity");
const { KeyClient } = require("@azure/keyvault-keys");
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const client = new KeyClient(url, credential);
const keyName = "MyKeyName";
async function main() {
const latestKey = await client.getKey(keyName);
console.log(`Latest version of the key ${keyName}: `, latestKey);
const specificKey = await client.getKey(keyName, { version: latestKey.version! });
console.log(`The key ${keyName} at the version ${latestKey.version!}: `, specificKey);
}
main();
The following attributes can also be assigned to any key in a Key Vault:
tags
: Any set of key-values that can be used to search and filter keys.keyOps
: An array of the operations that this key will be able to perform (encrypt
, decrypt
, sign
, verify
, wrapKey
, unwrapKey
).enabled
: A boolean value that determines whether the key value can be read or not.notBefore
: A given date after which the key value can be retrieved.expires
: A given date after which the key value cannot be retrieved.An object with these attributes can be sent as the third parameter of
createKey
, right after the key's name and value, as follows:
const { DefaultAzureCredential } = require("@azure/identity");
const { KeyClient } = require("@azure/keyvault-keys");
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const client = new KeyClient(url, credential);
const keyName = "MyKeyName";
async function main() {
const result = await client.createKey(keyName, "RSA", {
enabled: false
});
console.log("result: ", result);
}
main();
This will create a new version of the same key, which will have the latest provided attributes.
Attributes can also be updated to an existing key version with
updateKeyProperties
, as follows:
const { DefaultAzureCredential } = require("@azure/identity");
const { KeyClient } = require("@azure/keyvault-keys");
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const client = new KeyClient(url, credential);
const keyName = "MyKeyName";
async function main() {
const result = await client.createKey(keyName, "RSA");
await client.updateKeyProperties(keyName, result.properties.version, {
enabled: false
});
}
main();
The beginDeleteKey
method starts the deletion of a key.
This process will happen in the background as soon as the necessary resources
are available.
const { DefaultAzureCredential } = require("@azure/identity");
const { KeyClient } = require("@azure/keyvault-keys");
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const client = new KeyClient(url, credential);
const keyName = "MyKeyName";
async function main() {
const poller = await client.beginDeleteKey(keyName);
await poller.pollUntilDone();
}
main();
If soft-delete is enabled for the Key Vault, this operation will only label the key as a deleted key. A deleted key can't be updated. They can only be either read, recovered or purged.
const { DefaultAzureCredential } = require("@azure/identity");
const { KeyClient } = require("@azure/keyvault-keys");
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const client = new KeyClient(url, credential);
const keyName = "MyKeyName";
async function main() {
const poller = await client.beginDeleteKey(keyName)
// You can use the deleted key immediately:
const deletedKey = poller.getDeletedKey();
// The key is being deleted. Only wait for it if you want to restore it or purge it.
await poller.pollUntilDone();
// You can also get the deleted key this way:
await client.getDeletedKey(keyName);
// Deleted keys can also be recovered or purged:
// recoverDeletedKey also returns a poller, just like beginDeleteKey.
const recoverPoller = await client.beginRecoverDeletedKey(keyName)
const recoverPoller.pollUntilDone();
// And here is how to purge a deleted key
await client.purgeDeletedKey(keyName);
}
main();
Since Keys take some time to get fully deleted, beginDeleteKey
returns a Poller object that keeps track of the underlying Long Running
Operation according to our guidelines:
https://azure.github.io/azure-sdk/typescript_design.html#ts-lro
The received poller will allow you to get the deleted key by calling to poller.getDeletedKey()
.
You can also wait until the deletion finishes, either by running individual service
calls until the key is deleted, or by waiting until the process is done:
const { DefaultAzureCredential } = require("@azure/identity");
const { KeyClient } = require("@azure/keyvault-keys");
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const client = new KeyClient(url, credential);
const keyName = "MyKeyName";
async function main() {
const poller = await client.beginDeleteKey(keyName);
// You can use the deleted key immediately:
let deletedKey = poller.getDeletedKey();
// Or you can wait until the key finishes being deleted:
deletedKey = await poller.pollUntilDone();
console.log(deletedKey);
}
main();
Another way to wait until the key is fully deleted is to do individual calls, as follows:
const { DefaultAzureCredential } = require("@azure/identity");
const { KeyClient } = require("@azure/keyvault-keys");
const { delay } = require("@azure/core-http");
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const client = new KeyClient(url, credential);
const keyName = "MyKeyName";
async function main() {
const poller = await client.beginDeleteKey(keyName);
while (!poller.isDone()) {
await poller.poll();
await delay(5000);
}
console.log(`The key ${keyName} is fully deleted`);
}
main();
Using the KeyClient, you can retrieve and iterate through all of the keys in a Key Vault, as well as through all of the deleted keys and the versions of a specific key. The following API methods are available:
listPropertiesOfKeys
will list all of your non-deleted keys by their names, only
at their latest versions.listDeletedKeys
will list all of your deleted keys by their names,
only at their latest versions.listPropertiesOfKeyVersions
will list all the versions of a key based on a key
name.Which can be used as follows:
const { DefaultAzureCredential } = require("@azure/identity");
const { KeyClient } = require("@azure/keyvault-keys");
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const client = new KeyClient(url, credential);
const keyName = "MyKeyName";
async function main() {
for await (let keyProperties of client.listPropertiesOfKeys()) {
console.log("Key properties: ", keyProperties);
}
for await (let deletedKey of client.listDeletedKeys()) {
console.log("Deleted: ", deletedKey);
}
for await (let versionProperties of client.listPropertiesOfKeyVersions(keyName)) {
console.log("Version properties: ", versionProperties);
}
}
main();
All of these methods will return all of the available results at once. To
retrieve them by pages, add .byPage()
right after invoking the API method you
want to use, as follows:
const { DefaultAzureCredential } = require("@azure/identity");
const { KeyClient } = require("@azure/keyvault-keys");
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const client = new KeyClient(url, credential);
const keyName = "MyKeyName";
async function main() {
for await (let page of client.listPropertiesOfKeys().byPage()) {
for (let keyProperties of page) {
console.log("Key properties: ", keyProperties);
}
}
for await (let page of client.listDeletedKeys().byPage()) {
for (let deletedKey of page) {
console.log("Deleted key: ", deletedKey);
}
}
for await (let page of client.listPropertiesOfKeyVersions(keyName).byPage()) {
for (let versionProperties of page) {
console.log("Version: ", versionProperties);
}
}
}
This library also offers a set of cryptographic utilities available through
CryptographyClient
. Similar to the KeyClient
, CryptographyClient
will
connect to Azure Key Vault with the provided set of credentials. Once
connected, CryptographyClient
can encrypt, decrypt, sign, verify, wrap keys,
and unwrap keys.
We can next connect to the key vault service just as we do with the KeyClient. We'll need to copy some settings from the key vault we are connecting to into our environment variables. Once they are in our environment, we can access them with the following code:
import { DefaultAzureCredential } from "@azure/identity";
import { KeyClient, CryptographyClient } from "@azure/keyvault-keys";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const keysClient = new KeyClient(url, credential);
async function main() {
// Create or retrieve a key from the keyvault
let myKey = await keysClient.createKey("MyKey", "RSA");
// Lastly, create our cryptography client and connect to the service
// This example uses the URL that is part of the key we created (called key ID)
const cryptographyClient = new CryptographyClient(myKey.id, credential);
encrypt
will encrypt a message. The following algorithms are currently supported: "RSA-OAEP", "RSA-OAEP-256", and "RSA1_5".
import { DefaultAzureCredential } from "@azure/identity";
import { KeyClient, CryptographyClient } from "@azure/keyvault-keys";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const keysClient = new KeyClient(url, credential);
async function main() {
let myKey = await keysClient.createKey("MyKey", "RSA");
const cryptographyClient = new CryptographyClient(myKey.id, credential);
const encryptResult = await cryptographyClient.encrypt("RSA1_5", Buffer.from("My Message"));
console.log("encrypt result: ", encryptResult.result);
}
main();
decrypt
will decrypt an encrypted message. The following algorithms are currently supported: "RSA-OAEP", "RSA-OAEP-256", and "RSA1_5".
import { DefaultAzureCredential } from "@azure/identity";
import { KeyClient, CryptographyClient } from "@azure/keyvault-keys";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const keysClient = new KeyClient(url, credential);
async function main() {
let myKey = await keysClient.createKey("MyKey", "RSA");
const cryptographyClient = new CryptographyClient(myKey.id, credential);
const decryptResult = await cryptographyClient.decrypt("RSA1_5", encryptResult.result);
console.log("decrypt result: ", decryptResult.result.toString());
}
main();
sign
will cryptographically sign the digest (hash) of a message with a signature. The following algorithms are currently supported: "PS256", "PS384", "PS512", "RS256", "RS384", "RS512", "ES256","ES256K", "ES384", and "ES512".
import { DefaultAzureCredential } from "@azure/identity";
import { KeyClient, CryptographyClient } from "@azure/keyvault-keys";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const keysClient = new KeyClient(url, credential);
async function main() {
let myKey = await keysClient.createKey("MyKey", "RSA");
const cryptographyClient = new CryptographyClient(myKey.id, credential);
const signatureValue = "MySignature";
let hash = crypto.createHash("sha256");
let digest = hash.update(signatureValue).digest();
console.log("digest: ", digest);
const signResult = await cryptographyClient.sign("RS256", digest);
console.log("sign result: ", signResult.result);
}
main();
signData
will cryptographically sign a message with a signature. The following algorithms are currently supported: "PS256", "PS384", "PS512", "RS256", "RS384", "RS512", "ES256","ES256K", "ES384", and "ES512".
import { DefaultAzureCredential } from "@azure/identity";
import { KeyClient, CryptographyClient } from "@azure/keyvault-keys";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const keysClient = new KeyClient(url, credential);
async function main() {
let myKey = await keysClient.createKey("MyKey", "RSA");
const cryptographyClient = new CryptographyClient(myKey.id, credential);
const signResult = await cryptographyClient.sign("RS256", Buffer.from("My Message"));
console.log("sign result: ", signResult.result);
}
main();
verify
will cryptographically verify that the signed digest was signed with the given signature. The following algorithms are currently supported: "PS256", "PS384", "PS512", "RS256", "RS384", "RS512", "ES256","ES256K", "ES384", and "ES512".
import { DefaultAzureCredential } from "@azure/identity";
import { KeyClient, CryptographyClient } from "@azure/keyvault-keys";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const keysClient = new KeyClient(url, credential);
async function main() {
let myKey = await keysClient.createKey("MyKey", "RSA");
const cryptographyClient = new CryptographyClient(myKey.id, credential);
const signResult = await cryptographyClient.sign("RS256", Buffer.from("My Message"));
console.log("sign result: ", signResult.result);
const verifyResult = await cryptographyClient.verify("RS256", digest, signResult.result);
console.log("verify result: ", verifyResult.result);
}
main();
verifyData
will cryptographically verify that the signed message was signed with the given signature. The following algorithms are currently supported: "PS256", "PS384", "PS512", "RS256", "RS384", "RS512", "ES256","ES256K", "ES384", and "ES512".
import { DefaultAzureCredential } from "@azure/identity";
import { KeyClient, CryptographyClient } from "@azure/keyvault-keys";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const keysClient = new KeyClient(url, credential);
async function main() {
let myKey = await keysClient.createKey("MyKey", "RSA");
const cryptographyClient = new CryptographyClient(myKey.id, credential);
const buffer = Buffer.from("My Message");
const signResult = await cryptographyClient.sign("RS256", buffer);
console.log("sign result: ", signResult.result);
const verifyResult = await cryptographyClient.verifyData("RS256", buffer, signResult.result);
console.log("verify result: ", verifyResult.result);
}
main();
wrapKey
will wrap a key with an encryption layer. The following algorithms are currently supported: "RSA-OAEP", "RSA-OAEP-256", and "RSA1_5".
import { DefaultAzureCredential } from "@azure/identity";
import { KeyClient, CryptographyClient } from "@azure/keyvault-keys";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const keysClient = new KeyClient(url, credential);
async function main() {
let myKey = await keysClient.createKey("MyKey", "RSA");
const cryptographyClient = new CryptographyClient(myKey.id, credential);
const wrapResult = await cryptographyClient.wrapKey("RSA-OAEP", Buffer.from("My Key"));
console.log("wrap result:", wrapResult.result);
}
main();
unwrapKey
will unwrap a wrapped key. The following algorithms are currently supported: "RSA-OAEP", "RSA-OAEP-256", and "RSA1_5".
import { DefaultAzureCredential } from "@azure/identity";
import { KeyClient, CryptographyClient } from "@azure/keyvault-keys";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const keysClient = new KeyClient(url, credential);
async function main() {
let myKey = await keysClient.createKey("MyKey", "RSA");
const cryptographyClient = new CryptographyClient(myKey.id, credential);
const wrapResult = await cryptographyClient.wrapKey("RSA-OAEP", Buffer.from("My Key"));
console.log("wrap result:", wrapResult.result);
const unwrapResult = await cryptographyClient.unwrapKey("RSA-OAEP", wrapResult.result);
console.log("unwrap result: ", unwrapResult.result);
}
main();
You can set the following environment variable to get the debug logs when using this library.
export DEBUG=azure*
Please take a look at the samples directory for detailed examples on how to use this library.
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.
When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
To run our tests, first install the dependencies (with npm install
or rush install
),
then run the unit tests with: npm run unit-test
.
Some of our tests aim to reproduce the behavior of our library against remotely available endpoints. These are executed using previously recorded HTTP request and responses.
You can read more about the tests of this project here.
FAQs
Isomorphic client library for Azure KeyVault's keys.
The npm package @azure/keyvault-keys receives a total of 1,656,122 weekly downloads. As such, @azure/keyvault-keys popularity was classified as popular.
We found that @azure/keyvault-keys demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Fluent Assertions is facing backlash after dropping the Apache license for a commercial model, leaving users blindsided and questioning contributor rights.
Research
Security News
Socket researchers uncover the risks of a malicious Python package targeting Discord developers.
Security News
The UK is proposing a bold ban on ransomware payments by public entities to disrupt cybercrime, protect critical services, and lead global cybersecurity efforts.