Security News
The Unpaid Backbone of Open Source: Solo Maintainers Face Increasing Security Demands
Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.
@guestlinelabs/peek-a-vault
Advanced tools
Client handler for getting secrets from Key Vault with a local fallback
A small library to retreive secrets from different Key Vaults on App Services using MSI authentication.
It will provide a fallback to read secrets from environment variables when working on local.
npm install @guestlinelabs/peek-a-vault
Only Node 8+.
The library will return a function that you use to initialise the client, given a set of Key Vault namespaces.
import { createClient } from '@guestlinelabs/peek-a-vault';
// or const getSecret = createClient<'NS1' | 'NS2', 'STORAGE_KEY' | 'SENDGRID_KEY'>({
const getSecret = createClient({
// [OPTIONAL] A function that will return a promise with your own Key Vault client. By default it will use a KV client authenticating with MSI.
client: async () => keyVaultClient;
// [OPTIONAL] To cache by default all retreivals of secrets.
useCache: false,
// [OPTIONAL] To use key vault client or read from process.env.
useVault: Boolean(process.env.APPSETTING_WEBSITE_SITE_NAME),
// List of namespaces with the KeyVault url associated.
urls: {
NS1: 'https://ns1.vault.azure.net',
NS2: 'https://ns1.vault.azure.net',
},
});
async function main() {
// In local environment it will retrieve NS1_STORAGE_KEY from process.env variables
// Inside a WebApp it will retrieve STORAGE-KEY from the NS1 keyvault
const storageClient = new StorageClient(
await getSecret('NS1', 'STORAGE_KEY')
);
// In local environment it will retrieve NS2_SENDGRID_KEY from process.env variables
// Inside a WebApp it will retrieve SENDGRID-KEY from the NS1 keyvault
// The third parameter will explicitly tell if we want to use the cache or not on this particular call.
const emailClient = new EmailClient(await getSecret('NS2', 'SENDGRID_KEY', false));
}
FAQs
Client handler for getting secrets from Key Vault with a local fallback
The npm package @guestlinelabs/peek-a-vault receives a total of 20 weekly downloads. As such, @guestlinelabs/peek-a-vault popularity was classified as not popular.
We found that @guestlinelabs/peek-a-vault demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 10 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.
Security News
License exceptions modify the terms of open source licenses, impacting how software can be used, modified, and distributed. Developers should be aware of the legal implications of these exceptions.
Security News
A developer is accusing Tencent of violating the GPL by modifying a Python utility and changing its license to BSD, highlighting the importance of copyleft compliance.