Security News
The Unpaid Backbone of Open Source: Solo Maintainers Face Increasing Security Demands
Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.
By Sarah Gooding - Sep 20, 2024
@guestlinelabs/peek-a-vault
Advanced tools
@guestlinelabs/peek-a-vault
Client handler for getting secrets from Key Vault with a local fallback
- 1.0.1
- latest
- npm
peek-a-vault
A small library to retreive secrets from different Key Vaults on App Services using MSI authentication.
It will provide a fallback to read secrets from environment variables when working on local.
Installation
npm install @guestlinelabs/peek-a-vault
Support
Only Node 8+.
Example
The library will return a function that you use to initialise the client, given a set of Key Vault namespaces.
import { createClient } from '@guestlinelabs/peek-a-vault';
// or const getSecret = createClient<'NS1' | 'NS2', 'STORAGE_KEY' | 'SENDGRID_KEY'>({
const getSecret = createClient({
// [OPTIONAL] A function that will return a promise with your own Key Vault client. By default it will use a KV client authenticating with MSI.
client: async () => keyVaultClient;
// [OPTIONAL] To cache by default all retreivals of secrets.
useCache: false,
// [OPTIONAL] To use key vault client or read from process.env.
useVault: Boolean(process.env.APPSETTING_WEBSITE_SITE_NAME),
// List of namespaces with the KeyVault url associated.
urls: {
NS1: 'https://ns1.vault.azure.net',
NS2: 'https://ns1.vault.azure.net',
},
});
async function main() {
// In local environment it will retrieve NS1_STORAGE_KEY from process.env variables
// Inside a WebApp it will retrieve STORAGE-KEY from the NS1 keyvault
const storageClient = new StorageClient(
await getSecret('NS1', 'STORAGE_KEY')
);
// In local environment it will retrieve NS2_SENDGRID_KEY from process.env variables
// Inside a WebApp it will retrieve SENDGRID-KEY from the NS1 keyvault
// The third parameter will explicitly tell if we want to use the cache or not on this particular call.
const emailClient = new EmailClient(await getSecret('NS2', 'SENDGRID_KEY', false));
}
FAQs
Client handler for getting secrets from Key Vault with a local fallback
The npm package @guestlinelabs/peek-a-vault receives a total of 20 weekly downloads. As such, @guestlinelabs/peek-a-vault popularity was classified as not popular.
We found that @guestlinelabs/peek-a-vault demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 10 open source maintainers collaborating on the project.
Package last updated on 24 Apr 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Understanding License Exceptions: What Developers Need to Know
License exceptions modify the terms of open source licenses, impacting how software can be used, modified, and distributed. Developers should be aware of the legal implications of these exceptions.
By Sarah Gooding - Sep 20, 2024
Security News
Developer Accuses Tencent of Copyright Violation After Python Utility’s License Changed from GPLv3 to BSD
A developer is accusing Tencent of violating the GPL by modifying a Python utility and changing its license to BSD, highlighting the importance of copyleft compliance.
By Sarah Gooding - Sep 18, 2024