node package manager
Easy sharing. Manage teams and permissions with one click. Create a free org »

azure-keyvault

Microsoft Azure SDK for Node.js - Key Vault

This project provides a Node.js package for accessing keys, secrets and certificates on Azure Key Vault. Right now it supports:

  • Node.js version: 6.x.x or higher
  • REST API version: 2016-10-01

Features

  • Manage keys: create, import, update, delete, backup, restore, list and get.
  • Key operations: sign, verify, encrypt, decrypt, wrap, unwrap.
  • Secret operations: set, get, update and list.
  • Certificate operations: create, get, update, import, list, and manage contacts and issuers.

How to Install

npm install azure-keyvault

Detailed Sample

A sample that can be cloned and run can be found here.

How to Use

The following are some examples on how to create and consume secrets, certificates and keys. For the complete sample please visit this sample.

Authentication

 
var KeyVault = require('azure-keyvault');
var AuthenticationContext = require('adal-node').AuthenticationContext;
 
var clientId = "<to-be-filled>";
var clientSecret = "<to-be-filled>";
var vaultUri = "<to-be-filled>";
 
// Authenticator - retrieves the access token 
var authenticator = function (challenge, callback) {
 
  // Create a new authentication context. 
  var context = new AuthenticationContext(challenge.authorization);
  
  // Use the context to acquire an authentication token. 
  return context.acquireTokenWithClientCredentials(challenge.resource, clientId, clientSecret, function (err, tokenResponse) {
    if (err) throw err;
    // Calculate the value to be set in the request's Authorization header and resume the call. 
    var authorizationValue = tokenResponse.tokenType + ' ' + tokenResponse.accessToken;
 
    return callback(null, authorizationValue);
  });
 
};

Create the KeyVaultClient

 
var credentials = new KeyVault.KeyVaultCredentials(authenticator);
var client = new KeyVault.KeyVaultClient(credentials);

Create a key and use it

 
client.createKey(vaultUri, 'mykey', 'RSA', options, function(err, keyBundle) {
 
  // Retrieve the key 
  client.getKey(keyBundle.key.kid, function(getErr, getKeyBundle) {    
    console.log(getKeyBundle);
 
    // Encrypt a plain text 
    client.encrypt(keyBundle.key.kid, 'RSA-OAEP', encryptionContent, function (encryptErr, cipherText) {  
      console.log(cipherText);
    });
 
    // Sign a digest value 
    client.sign(keyBundle.key.kid, 'RS256', digest, function (signErr, signature) {  
      console.log(signature);
    });
 
  });
});

Create a secret and list all secrets

 
client.setSecret(vaultUri, 'mysecret', 'my password', options, function (err, secretBundle) {
  
  // List all secrets 
  var parsedId = KeyVault.parseSecretIdentifier(secretBundle.id);
  client.getSecrets(parsedId.vault, parsedId.name, function (err, result) {
    if (err) throw err;
    
    var loop = function (nextLink) {
      if (nextLink !== null && nextLink !== undefined) {
        client.getSecretsNext(nextLink, function (err, res) {
          console.log(res);
          loop(res.nextLink);
        });
      }
    };
    
    console.log(result);
    loop(result.nextLink);
  });
});

Create a certificate and delete it

 
//Create a certificate 
client.createCertificate(vaultUri, 'mycertificate', options, function (err, certificateOperation) {
  console.log(certificateOperation));
 
  // Poll the certificate status until it is created 
  var interval = setInterval(function getCertStatus() {
        
    var parsedId = KeyVault.parseCertificateOperationIdentifier(certificateOperation.id);
    client.getCertificateOperation(parsedId.vault, parsedId.name, function (err, pendingCertificate) {
      
      if (pendingCertificate.status.toUpperCase() === 'completed'.toUpperCase()) {
        clearInterval(interval);        
        console.log(pendingCertificate);
        
        var parsedCertId = KeyVault.parseCertificateIdentifier(pendingCertificate.target);
        //Delete the created certificate 
        client.deleteCertificate(parsedCertId.vault, parsedCertId.name, function (delErr, deleteResp) {          
          console.log(deleteResp);
        });
      }
    });
  }, intervalTime);
});
 

Related projects