View Source ExAzureKeyVault.Client (ex_azure_key_vault v2.2.0)

Client for creating or getting Azure Key Vault.

Link to this section Summary

Link to this section Types

@type t() :: %ExAzureKeyVault.Client{
  api_version: String.t(),
  bearer_token: String.t(),
  vault_name: String.t()
}

Link to this section Functions

Link to this function

cert_connect(vault_name \\ nil, tenant_id \\ nil, client_id \\ nil, cert_base64_thumbprint \\ nil, cert_private_key_pem \\ nil)

View Source
@spec cert_connect(
  String.t() | nil,
  String.t() | nil,
  String.t() | nil,
  String.t() | nil,
  String.t() | nil
) :: t() | {:error, any()}

Connects to Azure Key Vault using client assertion.

examples

Examples

When defining environment variables and/or adding to configuration.

$ export AZURE_CLIENT_ID="14e79d90-9abf..."
$ export AZURE_TENANT_ID="14e7a376-9abf..."
$ export AZURE_VAULT_NAME="my-vault"
$ export AZURE_CERT_BASE64_THUMBPRINT="Dss7v2YI3GgCGfl..."
$ export AZURE_CERT_PRIVATE_KEY_PEM="-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEF..."

# Config.exs
config :ex_azure_key_vault,
  azure_client_id: {:system, "AZURE_CLIENT_ID"},
  azure_tenant_id: {:system, "AZURE_TENANT_ID"},
  azure_vault_name: {:system, "AZURE_VAULT_NAME"}
  azure_cert_base64_thumbprint: {:system, "AZURE_CERT_BASE64_THUMBPRINT"},
  azure_cert_private_key_pem: {:system, "AZURE_CERT_PRIVATE_KEY_PEM"}

iex(1)> ExAzureKeyVault.Client.cert_connect()
%ExAzureKeyVault.Client{
  api_version: "7.3",
  bearer_token: "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  vault_name: "my-vault"
}

Passing custom parameters.

iex(1)> ExAzureKeyVault.Client.cert_connect("custom-vault", "14e7a376-9abf...", "14e79d90-9abf...", "Dss7v2YI3GgCGfl...", "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEF...")
%ExAzureKeyVault.Client{
  api_version: "7.3",
  bearer_token: "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  vault_name: "custom-vault"
}
Link to this function

connect(vault_name \\ nil, tenant_id \\ nil, client_id \\ nil, client_secret \\ nil)

View Source
@spec connect(String.t() | nil, String.t() | nil, String.t() | nil, String.t() | nil) ::
  t() | {:error, any()}

Connects to Azure Key Vault.

examples

Examples

When defining environment variables and/or adding to configuration.

$ export AZURE_CLIENT_ID="14e79d90-9abf..."
$ export AZURE_CLIENT_SECRET="14e7a11e-9abf..."
$ export AZURE_TENANT_ID="14e7a376-9abf..."
$ export AZURE_VAULT_NAME="my-vault"

# Config.exs
config :ex_azure_key_vault,
  azure_client_id: {:system, "AZURE_CLIENT_ID"},
  azure_client_secret: {:system, "AZURE_CLIENT_SECRET"},
  azure_tenant_id: {:system, "AZURE_TENANT_ID"},
  azure_vault_name: {:system, "AZURE_VAULT_NAME"}

iex(1)> ExAzureKeyVault.Client.connect()
%ExAzureKeyVault.Client{
  api_version: "7.3",
  bearer_token: "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  vault_name: "my-vault"
}

Passing custom parameters.

iex(1)> ExAzureKeyVault.Client.connect("custom-vault", "14e7a376-9abf...", "14e79d90-9abf...", "14e7a11e-9abf...")
%ExAzureKeyVault.Client{
  api_version: "7.3",
  bearer_token: "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  vault_name: "custom-vault"
}
Link to this function

create_secret(params, secret_name, secret_value)

View Source
@spec create_secret(t(), String.t(), String.t()) :: :ok | {:error, any()}

Creates a new secret.

examples

Examples

iex(1)> ExAzureKeyVault.Client.connect() |> ExAzureKeyVault.Client.create_secret("my-new-secret", "my-new-value")
:ok
Link to this function

delete_secret(params, secret_name)

View Source
@spec delete_secret(t(), String.t()) :: :ok | {:error, any()}

Deletes a secret.

examples

Examples

iex(1)> ExAzureKeyVault.Client.connect() |> ExAzureKeyVault.Client.delete_secret("my-secret")
:ok
Link to this function

get_secret(params, secret_name, secret_version \\ nil)

View Source
@spec get_secret(t(), String.t(), String.t() | nil) ::
  {:ok, String.t()} | {:error, any()}

Returns secret value.

examples

Examples

Ignoring secret version.

iex(1)> ExAzureKeyVault.Client.connect() |> ExAzureKeyVault.Client.get_secret("my-secret")
{:ok, "my-value"}

Passing secret version.

iex(1)> ExAzureKeyVault.Client.connect() |> ExAzureKeyVault.Client.get_secret("my-secret", "03b424a49ac3...")
{:ok, "my-other-value"}
Link to this function

get_secrets(params, max_results \\ nil)

View Source
@spec get_secrets(t(), integer() | nil) :: {:ok, String.t()} | {:error, any()}

Returns list of secrets.

examples

Examples

Passing a maximum number of 2 results in a page.

iex(1)> ExAzureKeyVault.Client.connect() |> ExAzureKeyVault.Client.get_secrets(2)
{:ok,
  %{
    "nextLink" => "https://my-vault.vault.azure.net:443/secrets?api-version=7.3&$skiptoken=eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6...&maxresults=2",
    "value" => [
      %{
        "attributes" => %{
          "created" => 1533704004,
          "enabled" => true,
          "recoveryLevel" => "Purgeable",
          "updated" => 1533704004
        },
        "id" => "https://my-vault.vault.azure.net/secrets/my-secret"
      },
      %{
        "attributes" => %{
          "created" => 1532633078,
          "enabled" => true,
          "recoveryLevel" => "Purgeable",
          "updated" => 1532633078
        },
        "id" => "https://my-vault.vault.azure.net/secrets/another-secret"
      }
    ]
  }}

Ignoring maximum number of results.

iex(1)> ExAzureKeyVault.Client.connect() |> ExAzureKeyVault.Client.get_secrets()
{:ok,
  %{
    "nextLink" => nil,
    "value" => [
      %{
        "attributes" => %{
          "created" => 1533704004,
          "enabled" => true,
          "recoveryLevel" => "Purgeable",
          "updated" => 1533704004
        },
        "id" => "https://my-vault.vault.azure.net/secrets/my-secret"
      },
      %{
        "attributes" => %{
          "created" => 1532633078,
          "enabled" => true,
          "recoveryLevel" => "Purgeable",
          "updated" => 1532633078
        },
        "id" => "https://my-vault.vault.azure.net/secrets/another-secret"
      },
      %{
        "attributes" => %{
          "created" => 1532633078,
          "enabled" => true,
          "recoveryLevel" => "Purgeable",
          "updated" => 1532633078
        },
        "id" => "https://my-vault.vault.azure.net/secrets/test-secret"
      }
    ]
  }}
Link to this function

get_secrets_next(params, next_link)

View Source
@spec get_secrets_next(t(), String.t()) :: {:ok, String.t()} | {:error, any()}

Returns next page of secrets in the pagination.

examples

Examples

iex(1)> client = ExAzureKeyVault.Client.connect()
...
iex(1)> {_, secrets} = client |> ExAzureKeyVault.Client.get_secrets(2)
...
iex(1)> {_, next_secrets} = client |> ExAzureKeyVault.Client.get_secrets_next(secrets["nextLink"])
{:ok,
  %{
    "nextLink" => nil,
    "value" => [
      %{
        "attributes" => %{
          "created" => 1532633078,
          "enabled" => true,
          "recoveryLevel" => "Purgeable",
          "updated" => 1532633078
        },
        "id" => "https://my-vault.vault.azure.net/secrets/test-secret"
      }
    ]
  }}
Link to this function

new(bearer_token, vault_name, api_version \\ nil)

View Source
@spec new(String.t(), String.t(), String.t() | nil) :: t()

Creates %ExAzureKeyVault.Client{} struct with connection information.

examples

Examples

Using default API version.

iex(1)> ExAzureKeyVault.Client.new("Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...", "my-vault")
%ExAzureKeyVault.Client{
  api_version: "7.3",
  bearer_token: "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  vault_name: "my-vault"
}

Passing custom API version.

iex(1)> ExAzureKeyVault.Client.new("Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...", "my-vault", "2015-06-01")
%ExAzureKeyVault.Client{
  api_version: "2015-06-01",
  bearer_token: "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  vault_name: "my-vault"
}