One of the most huge mistakes that a developer can do It's storing secrets (i.e. database connection string) directly into the source code repository and also forgetting one could be very dangerous.
Ideally, all secrets should be stored and accessible by a secret manager (Azure Key Vault) and stored on repository only reference to right secret. On the other hand, the developer needs to use the secret's values on their configuration files (i.e. appSettings.json), so a fast way for retrieve them from Key Vault should be nice.
To accomplish this operation I have developed a powershell script called Set-ValuesFromKeyVault, which I have included an example of using it below.
Example
We want replace the key vault references into the following json file:
{
"parent-property1": "@Microsoft.KeyVault(SecretUri=https://<<your-keyvault-resource>>.vault.azure.net/secrets/<<your-secret1>>)",
"Values":
{
"nested-property2": "@Microsoft.KeyVault(SecretUri=https://<<your-keyvault-resource>>.vault.azure.net/secrets/<<your-secret2>>)",
"nested-property3": "@Microsoft.KeyVault(SecretUri=https://<<your-keyvault-resource>>.vault.azure.net/secrets/<<your-secret3>>)",
"non-keyvault-binding-property": "<<any-value>>"
}
}
To do that, first establish a connection to an Azure account and than execute the powershell script as reported below:
# connect to azure
Connect-AzAccount
# execute the replace on data.json file
./Set-ValuesFromKeyVault.ps1 -FileName data.json
The result will be a new json file called out.json within the secrets replaced as this:
{
"parent-property1": "<<your-secret1-value>>",
"Values":
{
"nested-property2": "<<your-secret2-value>>",
"nested-property3": "<<your-secret3-value>>",
"non-keyvault-binding-property": "<<any-value>>"
}
}
The script is available on my repository.
Top comments (1)
??