Security News
How Threat Actors are Abusing GitHub’s File Upload Feature to Host Malware
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
By Sarah Gooding - Apr 23, 2024
fastify-secrets-azure
Advanced tools
Readme
Fastify Secrets Azure
Fastify secrets plugin for Azure Key Vault.
Installation
npm install --save fastify-secrets-azure
Usage
Set up Azure Key Vault
In order to be able to read from Azure Key Vault you will need some permissions.
You will also probably manage permissions in different ways in local dev and production environment.
In general you may want to use a different secrets manager on your local machine (i.e. fastify-secrets-env to read secrets from env variables).
To set up a Key Vault to be accessed by fastify-secrets-azure please read the instructions in the official documentation.
This will set up the vault and create an application capable of accessing it.
The information required to connect to Azure Key Vault can be stored in the environment or provided via plugin options, as described below.
Check out the official documentation for information about which environment variables are needed.
Add plugin to your fastify instance
const FastifySecrets = require('fastify-secrets-azure')
fastify.register(FastifySecrets, {
secrets: {
dbPassword: 'secret-name'
},
clientOptions: {
vaultName: 'vault-name'
}
})
secret-name is the name of the secret as created in Azure Key Vault.
Access you secrets
await fastify.ready()
console.log(fastify.secrets.dbPassword) // content of 'secret-name'
Plugin options
secrets[object](required) A map of keys and resource ids for the secrets.fastify-secrets-azurewill decorate the fastify server with asecretsobject where keys will be the same keys of the options and the value will be the content of the secret as fetched from Azure Key VaultclientOptions[object](required) An object containing properties to be provided to the client used to connect to Azure Key Vault. Supports the following keys:vaultName[string](required) The name of the vaultcredentials[object](optional). Credentials for connection. If not provided, the client will use the default ones configured in environment variables:tenantIdDefaults toAZURE_TENANT_IDenvironment variableclientIdDefaults toAZURE_CLIENT_IDenvironment variableclientSecretDefaults toAZURE_CLIENT_SECRETenvironment variable
Contributing
See CONTRIBUTING.md
License
Copyright NearForm Ltd 2021. Licensed under the Apache-2.0 license.
FAQs
Fastify secrets plugin for Azure Key Vault
The npm package fastify-secrets-azure receives a total of 347 weekly downloads. As such, fastify-secrets-azure popularity was classified as not popular.
We found that fastify-secrets-azure demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Last updated on 23 Sep 2022
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
The Dark Side of Open Source
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
By Sarah Gooding - Apr 19, 2024
Research
Security News
npm Package for ReExt React Components Library Exfiltrates Git Credentials
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.
By Sarah Gooding, Socket Research Team - Apr 18, 2024