Security News
RubyGems.org Adds New Maintainer Role
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
@guestlinelabs/peek-a-vault
Advanced tools
Client handler for getting secrets from Key Vault with a local fallback
A small library to retreive secrets from different Key Vaults on App Services using MSI authentication.
It will provide a fallback to read secrets from environment variables when working on local.
npm install @guestlinelabs/peek-a-vault
Only Node 8+.
The library will return a function that you use to initialise the client, given a set of Key Vault namespaces.
import { createClient } from '@guestlinelabs/peek-a-vault';
// or const getSecret = createClient<'NS1' | 'NS2', 'STORAGE_KEY' | 'SENDGRID_KEY'>({
const getSecret = createClient({
// [OPTIONAL] A function that will return a promise with your own Key Vault client. By default it will use a KV client authenticating with MSI.
client: async () => keyVaultClient;
// [OPTIONAL] To cache by default all retreivals of secrets.
useCache: false,
// [OPTIONAL] To use key vault client or read from process.env.
useVault: Boolean(process.env.APPSETTING_WEBSITE_SITE_NAME),
// List of namespaces with the KeyVault url associated.
urls: {
NS1: 'https://ns1.vault.azure.net',
NS2: 'https://ns1.vault.azure.net',
},
});
async function main() {
// In local environment it will retrieve NS1_STORAGE_KEY from process.env variables
// Inside a WebApp it will retrieve STORAGE-KEY from the NS1 keyvault
const storageClient = new StorageClient(
await getSecret('NS1', 'STORAGE_KEY')
);
// In local environment it will retrieve NS2_SENDGRID_KEY from process.env variables
// Inside a WebApp it will retrieve SENDGRID-KEY from the NS1 keyvault
// The third parameter will explicitly tell if we want to use the cache or not on this particular call.
const emailClient = new EmailClient(await getSecret('NS2', 'SENDGRID_KEY', false));
}
FAQs
Client handler for getting secrets from Key Vault with a local fallback
We found that @guestlinelabs/peek-a-vault demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 10 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.
Security News
Research
Socket's threat research team has detected five malicious npm packages targeting Roblox developers, deploying malware to steal credentials and personal data.