azure-keyvault-secrets-ts

仓库: sickn33/antigravity-awesome-skills
安装量: 52
排名: #14299

安装

npx skills add https://github.com/sickn33/antigravity-awesome-skills --skill azure-keyvault-secrets-ts

Azure Key Vault Secrets SDK for TypeScript Manage secrets with Azure Key Vault. Installation

Secrets SDK

npm install @azure/keyvault-secrets @azure/identity Environment Variables KEY_VAULT_URL = https:// < vault-name

.vault.azure.net

Or

AZURE_KEYVAULT_NAME

< vault-name

Authentication import { DefaultAzureCredential } from "@azure/identity" ; import { SecretClient } from "@azure/keyvault-secrets" ; const credential = new DefaultAzureCredential ( ) ; const vaultUrl = https:// ${ process . env . AZURE_KEYVAULT_NAME } .vault.azure.net ; const keyClient = new KeyClient ( vaultUrl , credential ) ; const secretClient = new SecretClient ( vaultUrl , credential ) ; Secrets Operations Create/Set Secret const secret = await secretClient . setSecret ( "MySecret" , "secret-value" ) ; // With attributes const secretWithAttrs = await secretClient . setSecret ( "MySecret" , "value" , { enabled : true , expiresOn : new Date ( "2025-12-31" ) , contentType : "application/json" , tags : { environment : "production" } } ) ; Get Secret // Get latest version const secret = await secretClient . getSecret ( "MySecret" ) ; console . log ( secret . value ) ; // Get specific version const specificSecret = await secretClient . getSecret ( "MySecret" , { version : secret . properties . version } ) ; List Secrets for await ( const secretProperties of secretClient . listPropertiesOfSecrets ( ) ) { console . log ( secretProperties . name ) ; } // List versions for await ( const version of secretClient . listPropertiesOfSecretVersions ( "MySecret" ) ) { console . log ( version . version ) ; } Delete Secret // Soft delete const deletePoller = await secretClient . beginDeleteSecret ( "MySecret" ) ; await deletePoller . pollUntilDone ( ) ; // Purge (permanent) await secretClient . purgeDeletedSecret ( "MySecret" ) ; // Recover const recoverPoller = await secretClient . beginRecoverDeletedSecret ( "MySecret" ) ; await recoverPoller . pollUntilDone ( ) ; Keys Operations Create Keys // Generic key const key = await keyClient . createKey ( "MyKey" , "RSA" ) ; // RSA key with size const rsaKey = await keyClient . createRsaKey ( "MyRsaKey" , { keySize : 2048 } ) ; // Elliptic Curve key const ecKey = await keyClient . createEcKey ( "MyEcKey" , { curve : "P-256" } ) ; // With attributes const keyWithAttrs = await keyClient . createKey ( "MyKey" , "RSA" , { enabled : true , expiresOn : new Date ( "2025-12-31" ) , tags : { purpose : "encryption" } , keyOps : [ "encrypt" , "decrypt" , "sign" , "verify" ] } ) ; Get Key const key = await keyClient . getKey ( "MyKey" ) ; console . log ( key . name , key . keyType ) ; List Keys for await ( const keyProperties of keyClient . listPropertiesOfKeys ( ) ) { console . log ( keyProperties . name ) ; } Rotate Key // Manual rotation const rotatedKey = await keyClient . rotateKey ( "MyKey" ) ; // Set rotation policy await keyClient . updateKeyRotationPolicy ( "MyKey" , { lifetimeActions : [ { action : "Rotate" , timeBeforeExpiry : "P30D" } ] , expiresIn : "P90D" } ) ; Delete Key const deletePoller = await keyClient . beginDeleteKey ( "MyKey" ) ; await deletePoller . pollUntilDone ( ) ; // Purge await keyClient . purgeDeletedKey ( "MyKey" ) ; Cryptographic Operations Create CryptographyClient import { CryptographyClient } from "@azure/keyvault-keys" ; // From key object const cryptoClient = new CryptographyClient ( key , credential ) ; // From key ID const cryptoClient = new CryptographyClient ( key . id ! , credential ) ; Encrypt/Decrypt // Encrypt const encryptResult = await cryptoClient . encrypt ( { algorithm : "RSA-OAEP" , plaintext : Buffer . from ( "My secret message" ) } ) ; // Decrypt const decryptResult = await cryptoClient . decrypt ( { algorithm : "RSA-OAEP" , ciphertext : encryptResult . result } ) ; console . log ( decryptResult . result . toString ( ) ) ; Sign/Verify import { createHash } from "node:crypto" ; // Create digest const hash = createHash ( "sha256" ) . update ( "My message" ) . digest ( ) ; // Sign const signResult = await cryptoClient . sign ( "RS256" , hash ) ; // Verify const verifyResult = await cryptoClient . verify ( "RS256" , hash , signResult . result ) ; console . log ( "Valid:" , verifyResult . result ) ; Wrap/Unwrap Keys // Wrap a key (encrypt it for storage) const wrapResult = await cryptoClient . wrapKey ( "RSA-OAEP" , Buffer . from ( "key-material" ) ) ; // Unwrap const unwrapResult = await cryptoClient . unwrapKey ( "RSA-OAEP" , wrapResult . result ) ; Backup and Restore // Backup const keyBackup = await keyClient . backupKey ( "MyKey" ) ; const secretBackup = await secretClient . backupSecret ( "MySecret" ) ; // Restore (can restore to different vault) const restoredKey = await keyClient . restoreKeyBackup ( keyBackup ! ) ; const restoredSecret = await secretClient . restoreSecretBackup ( secretBackup ! ) ; Key Types import { KeyClient , KeyVaultKey , KeyProperties , DeletedKey , CryptographyClient , KnownEncryptionAlgorithms , KnownSignatureAlgorithms } from "@azure/keyvault-keys" ; import { SecretClient , KeyVaultSecret , SecretProperties , DeletedSecret } from "@azure/keyvault-secrets" ; Error Handling try { const secret = await secretClient . getSecret ( "NonExistent" ) ; } catch ( error : any ) { if ( error . code === "SecretNotFound" ) { console . log ( "Secret does not exist" ) ; } else { throw error ; } } Best Practices Use DefaultAzureCredential - Works across dev and production Enable soft-delete - Required for production vaults Set expiration dates - On both keys and secrets Use key rotation policies - Automate key rotation Limit key operations - Only grant needed operations (encrypt, sign, etc.) Browser not supported - These SDKs are Node.js only When to Use This skill is applicable to execute the workflow or actions described in the overview.

返回排行榜