45 lines
1.2 KiB
Go
45 lines
1.2 KiB
Go
package smartconfig
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"strings"
|
|
|
|
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
|
|
"github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets"
|
|
)
|
|
|
|
// AzureKeyVaultResolver retrieves secrets from Azure Key Vault.
|
|
// Usage: ${AZURESM:https://myvault.vault.azure.net:secretname}
|
|
type AzureKeyVaultResolver struct{}
|
|
|
|
// Resolve retrieves the secret value from Azure Key Vault.
|
|
func (r *AzureKeyVaultResolver) Resolve(value string) (string, error) {
|
|
// Expect format: "https://myvault.vault.azure.net:secretname"
|
|
parts := strings.SplitN(value, ":", 2)
|
|
if len(parts) != 2 {
|
|
return "", fmt.Errorf("invalid Azure Key Vault format, expected VAULT_URL:SECRET_NAME")
|
|
}
|
|
|
|
vaultURL := parts[0]
|
|
secretName := parts[1]
|
|
|
|
cred, err := azidentity.NewDefaultAzureCredential(nil)
|
|
if err != nil {
|
|
return "", fmt.Errorf("failed to create Azure credential: %w", err)
|
|
}
|
|
|
|
client, err := azsecrets.NewClient(vaultURL, cred, nil)
|
|
if err != nil {
|
|
return "", fmt.Errorf("failed to create Azure Key Vault client: %w", err)
|
|
}
|
|
|
|
ctx := context.Background()
|
|
resp, err := client.GetSecret(ctx, secretName, "", nil)
|
|
if err != nil {
|
|
return "", fmt.Errorf("failed to get secret %s: %w", secretName, err)
|
|
}
|
|
|
|
return *resp.Value, nil
|
|
}
|