Giter Site home page Giter Site logo

azure-sdk-for-js-keyvault-secrets-get-nodejs-managedid's Introduction

page_type languages products description urlFragment
sample
javascript
nodejs
azure-key-vault
azure-app-service
How to set and get secrets from Azure Key Vault with Azure Managed Identities and Node.js.
get-set-keyvault-secrets-managed-id-nodejs

How to set and get secrets from Azure Key Vault with Azure Managed Identities and Node.js

SDK Versions

In this sample, you will find the following folders:

We strongly recommend using the latest packages in your projects. For more samples using the latest Key vault packages, see

Introduction

This sample will show how a Web App gets a secret at runtime from Azure Key Vault using a developer account during development, and using Azure Managed Identities when deployed to Azure, without any code changes between local development environment and Azure. As a result, you don't have to explicitly handle a service principal credential to authenticate to Azure AD to get a token to call Key Vault. You also don't have to worry about renewing the service principal credential either, since Azure Managed Identities takes care of that.

Prerequisites

To run and deploy this sample, you need the following:

  • Node.js
  • Git
  • An Azure subscription to create a Key Vault and other services, such as App Service, used in this sample.
  • An App registration to authenticate.

If you don't have an Azure subscription or App registration, create a free account or App registration before you begin.

Step 1: Create an Azure Key Vault and add a secret

Step 2: Grant yourself Secret Management access to the Key Vault

From the Azure Portal, go to the Key Vault's access policies, and grant yourself Secret Management access to the Key Vault. This will allow you to run the application on your local development machine.

  • On your Key Vault Settings pages, Select Access policies.
  • Click on Add Access Policy.
  • Set Configure from template (optional) to Secret Management.
  • Click on Select Principal, add your App registration.
  • Click on Add.
  • Click on Save to save the Access Policies.

Local dev installation

  1. Clone the repository.

    git clone https://github.com/Azure-Samples/azure-sdk-for-js-keyvault-secrets-get-nodejs-managedid.git

  2. Run the following command to install dependencies for "SDK version 3" and "SDK version 4":

    • SDK version 4
    cd v4
npm install
    • SDK version 3
    cd v3
npm install

  3. Set up the following environment variables or replace these variables in the index.js file.

    Linux

    export KEY_VAULT_URL = "<YourKeyVaultUrl>"
export SECRET_NAME = "<YourSecretName>"
export SECRET_VERSION = "<YourSecretVersion>"
export AZURE_TENANT_ID = "<YourTenantId>"
export AZURE_CLIENT_ID = "<YourClientId>"
export AZURE_CLIENT_SECRET = "<YourClientSecret>"

    Windows

    setx KEY_VAULT_URL "<YourKeyVaultUrl>"
setx SECRET_NAME "<YourSecretName>"
setx SECRET_VERSION "<YourSecretVersion>"
setx AZURE_TENANT_ID "<YourTenantId>"
setx AZURE_CLIENT_ID "<YourClientId>"
setx AZURE_CLIENT_SECRET "<YourClientSecret>"

  4. Run the sample.

    node index.js

Deploy this sample to Azure

  1. Create a Node.js Web App in Azure.

  2. Set environment variables in the Settings > Configuration > Application Settings of your Web App. You can also change the value of the variables from null in the index.js file.

  3. This repository is ready to be deployed using local git. Read this tutorial to get more information on how to push using local git through portal.

Troubleshooting

Common issues across environments:

  • Access denied

The principal used does not have access to the Key Vault. The principal used in show on the web page. Grant that user (in case of developer context) or application Get secret access to the Key Vault.

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.

When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.

azure-sdk-for-js-keyvault-secrets-get-nodejs-managedid's People

Contributors

microsoftopensource avatar msftgits avatar ramya-rao-a avatar rloutlaw avatar tzhanl avatar v-hearya avatar williexu avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

harimani83 lhtan-dev lcsfy miroslavvojtus anandanthony timmyreilly paulsancer jerrypei1997 tzhanl ramya-rao-a ashutoshkrm vijaykpin benjaminas2018 monisha17068

azure-sdk-for-js-keyvault-secrets-get-nodejs-managedid's Issues

Confusion in Documentation

Please provide us with the following information:

This issue is for a: (mark with an x)

- [ ] bug report -> please search issues before submitting
- [ ] feature request
- [X] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Hello,

I am currently trying to integrate a KeyVault to a Node App using your code as a basis and have run into a snag.  There is a bit of confusion on where and how I access the Tenant Id, Client Id, and Client Secret.  

Where do I find these more specifically? I got to the TenantId by going into my Active Directory and found it under Properties.  However, this is referred to as Directory ID (confusing but I was able to recover).   What are you referring to when you write about ClientId and ClientSecret?  Is this the Node apps client and secret, or is this my user clientId and clientSecret?  How do I access these?  

As an aside, I am running my Node App locally through VS Code.

Help!

Thank you,

Mike

> ---------------------------------------------------------------
> Thanks! We'll be in touch soon.

Error: ECONNREFUSED on deploying the NodeJs App on a VM

Minimal steps to reproduce

Follow all steps from the README file BUT replace App Service with a VM (create one for this purpose) and enable the VM for MSI and add an access policy that grants the VM access to Get Secrets.

Any log messages given by the failure

Yes, after completing all mentioned steps, i got error on browsing root "/"
Error:
{"errno":"ECONNREFUSED","code":"ECONNREFUSED","syscall":"connect","address":"127.0.0.1","port":50342}

OS and Version?

Ubuntu 16.04

NodeJs Versions

v10.14.2

Please help me resolve this ASAP. I am using msRestAzure.loginWithVmMSI(). My server.js is attached.
server.js.zip

Thanks,
Pramod

Got 401 after deploying on Azure App Service

Minimal steps to reproduce

Follow all steps from the README file

Any log messages given by the failure

Yes, after completing all mentioned steps, i below json output on browsing apps root "/"
Output:
{
"statusCode": 401,
"request": {
"rawResponse": false,
"queryString": {},
"url": "https://yozan.vault.azure.net/secrets/secret/?api-version=2016-10-01",
"method": "GET",
"headers": {
"Content-Type": "application/json; charset=utf-8",
"x-ms-client-request-id": "bf93613f-4e73-4794-ae9e-676d3429420d",
"accept-language": "en-US",
"user-agent": "Node/v10.14.1 (ia32-Windows_NT-10.0.14393) ms-rest/2.3.0 ms-rest-azure/2.5.2 azure-keyvault/3.0.0-preview Azure-SDK-For-Node"
},
"body": null
},
"response": {
"body": "",
"headers": {
"cache-control": "no-cache",
"pragma": "no-cache",
"expires": "-1",
"server": "Microsoft-IIS/10.0",
"www-authenticate": "Bearer authorization="https://login.windows.net/e5aa43c7-d783-4a78-9a79-616d713556c2\", resource="https://vault.azure.net\"",
"x-ms-keyvault-region": "centralindia",
"x-ms-request-id": "799e79f6-d0e2-4394-9441-6484f05fb4aa",
"x-ms-keyvault-service-version": "1.1.0.859",
"x-ms-keyvault-network-info": "addr=52.172.204.196;act_addr_fam=InterNetwork;",
"x-aspnet-version": "4.0.30319",
"x-powered-by": "ASP.NET",
"strict-transport-security": "max-age=31536000;includeSubDomains",
"x-content-type-options": "nosniff",
"date": "Wed, 26 Dec 2018 16:17:41 GMT",
"connection": "close",
"content-length": "0"
},
"statusCode": 401
}
}

OS and Version?

Ubuntu 16.04

NodeJs Versions

v10.14.2

Please help me resolve this ASAP.

Thanks,
Pramod

[Action Needed] This repo is inactive

This GitHub repository has been identified as a candidate for archival

This repository has had no activity in more than [x amount of time]. Long periods of inactivity present security and code hygiene risks. Archiving will not prevent users from viewing or forking the code. A banner will appear on the repository alerting users that the repository is archived.

Please see https://aka.ms/sunsetting-faq to learn more about this process.

Action

✍️

❗**If this repository is still actively maintained, please simply close this issue. Closing an issue on a repository is considered activity and the repository will not be archived.🔒

If you take no action, this repository is still inactive 30 days from today it will be automatically archived..

Need more help? 🖐️

Documentation correct but index.js needs updating

The documentation is correct, however the source code for index.js needs updating.
loginWithAppServiceMSI function needs resource option passed in for the key vault.

i.e.

function getKeyVaultCredentials(){
  if (process.env.APPSETTING_WEBSITE_SITE_NAME){
    return msRestAzure.loginWithAppServiceMSI({resource: 'https://vault.azure.net'});
  } else {
    return msRestAzure.loginWithServicePrincipalSecret(clientId, secret, domain);
  }
}

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.