Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@hmcts/properties-volume
Advanced tools
Azure key-vault flex volume to express properties integration
This module is to incorporate the integration of the Azure key-vault flex volume to node properties.
This module adds the properties volume entries into the configuration object from 'config'
We use the default mount point of /mnt/
volume, which happens exposes the key vault in chart-nodejs.
We use the last folder of the mount point, secrets, to map the properties into the configuration.
Below is an example:
{
"secrets": {
"VAULT": {
"secretOne": "VALUE",
"some-secret-two": "VALUE"
},
"VAULT2": {
"secretOne": "VALUE",
"some-secret-two": "VALUE"
}
}
}
NOTE
The property names are not sanitised and are an exact copy from the file names on volume. This means when using the hmcts/nodejs helm chart the property naming is exactly the same as those in the key vault.
Application property defaults can be added to your application configuration for the config
package using
the same object structure.
e.g To add a default for the property secrets.cmc.staff-email we would add the following to the configuration.
in JSON:
{
"secrets": {
"cmc": {
"staff-email": "DEFAULT_EMAIL"
}
}
}
or in yaml
secrets:
cmc:
staff-email: DEFAULT_EMAIL
If you have the need to add a test or add multiple property volumes in one application you can
override the volume mount point. To do this we can supply a value for the defaulted volume folder in the api
i.e addTo( config, {mountPoint:'some/other/folder/secrets'})
.
The last folder name is used as the prefix for the properties in the configuration
e.g. /mnt/secrets
the properties start with secrets
, /mnt/certs
the properties start with certs
.
If you mount volumes with the same last folder name e.g /mnt/super/secrets
and /mnt/silly/secrets
the properties will be fully merged together into the configuration object under secrets
and the last property
volume that is merged in will override any properties with the same name.
$ yarn add @hmcts/properties-volume
import * as config from 'config'
import * as propertiesVolume from '@hmcts/properties-volume'
propertiesVolume.addTo(config)
config = require('@hmcts/properties-volume').addTo(require('config'))
The properties volume can be supplied with a couple of options via a js like options object. e.g.
const config = require('@hmcts/properties-volume').addTo(require('config'),{mountPoint:'some/properties/mount/point'})
Option | Description | Default |
---|---|---|
mountPoint | the folder where the properties volume exists. | /mnt/secrets/ |
failOnError | Should this module throw an exception if mount does not exist or there is an error reading the properties | false |
FAQs
Azure key-vault flex volume to express properties integration
We found that @hmcts/properties-volume demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.