keyvault-configuration-resolver - npm Package Compare versions

Comparing version 0.9.6 to 0.9.7

lib/index.js

@@ -118,12 +118,35 @@ //
   if (!client) {
-    if (!options.clientId) {
-      throw new Error('Must provide an Azure Active Directory "clientId" value to the key vault resolver.');
+    let clientId = null;
+    let clientSecret = null;
+    let getClientCredentials = options.getClientCredentials;
+    if (!getClientCredentials) {
+      if (!options.clientId) {
+        throw new Error('Must provide an Azure Active Directory "clientId" value to the key vault resolver.');
+      }
+      if (!options.clientSecret) {
+        throw new Error('Must provide an Azure Active Directory "clientSecret" value to the key vault resolver.');
+      }
+      clientId = options.clientId;
+      clientSecret = options.clientSecret;
     }
-    if (!options.clientSecret) {
-      throw new Error('Must provide an Azure Active Directory "clientSecret" value to the key vault resolver.');
-    }
-    const clientId = options.clientId;
-    const clientSecret = options.clientSecret;
+
     const authenticator = (challenge, authCallback) => {
       const context = new adalNode.AuthenticationContext(challenge.authorization);
+
+      // Support optional delayed secret resolution
+      if (getClientCredentials && (!clientId || !clientSecret)) {
+        try {
+          const ret = getClientCredentials();
+          if (ret) {
+            clientId = ret.clientId;
+            clientSecret = ret.clientSecret;
+          }
+        } catch (getClientCredentialsError) {
+          return authCallback(getClientCredentialsError);
+        }
+        if (!clientId || !clientSecret) {
+          return authCallback(new Error('After calling getClientCredentials, "clientId" and/or "clientSecret" remained unset. These values are required to authenticate with the vault.'));
+        }
+      }
+
       return context.acquireTokenWithClientCredentials(challenge.resource, clientId, clientSecret, (tokenAcquisitionError, tokenResponse) => {
@@ -130,0 +153,0 @@ if (tokenAcquisitionError) {

package.json

 {
   "name": "keyvault-configuration-resolver",
-  "version": "0.9.6",
+  "version": "0.9.7",
   "description": "Resolves custom keyvault:// URI values within an object graph using Azure KeyVault for Node.js",
@@ -5,0 +5,0 @@ "main": "lib/index.js",

README.md

@@ -121,2 +121,4 @@ # Azure KeyVault configuration secrets resolver
 
+Alternatively, you can pass in a function called `getClientCredentials` that will be called when they are needed. `clientId` and `clientSecret` values are expected at this time.
+
 ### With an existing KeyVault credentials instance
@@ -123,0 +125,0 @@

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

14430

increased by7.61%

Lines of code

174

increased by12.99%

Number of lines in readme file

157

increased by1.29%

Number of medium supply chain risk alerts

0

decreased by-100%

No dependency changes