Skip to content

Latest commit

 

History

History
308 lines (210 loc) · 9.64 KB

README.md

File metadata and controls

308 lines (210 loc) · 9.64 KB

Access Azure KeyVault Secrets Through Nodejs Application

Azure Key Vault is a cloud-based service that allows users to securely store and manage sensitive information, such as passwords, keys, and certificates. This allows for a more secure and efficient way to manage and access sensitive information in a cloud environment.

In this article, we will discuss how to access these secrets through a Node.js application. We will cover how to set up an Azure Key Vault, how to authenticate with it, and how to retrieve and use the secrets in your application. By the end of this article, you will have a better understanding of how to use Azure Key Vault to secure and manage your application's sensitive information.

Table of Contents

  1. Create Nodejs server
  2. Create Azure Key Vault
  3. Add secrets to key Vault
  4. Add secrets from CLI
  5. Register app in Azure Active Directory
  6. Add Access Policies to key Vault
  7. Reveal secrets in Nodejs application

1. Create Nodejs server

  1. Create the directory and run npm init -y in the command prompt
  2. Open that directory in VSCode using typing code . in the command prompt
  3. Open vs code terminal and install the following
npm install express --save 
npm install nodemon --save-dev

Nodemon is a tool that automatically restarts a Node.js application when changes are made to the code. This can save developers time and effort by eliminating the need to manually stop and start the application each time a change is made. 4. Create an index.js file and paste the following code

const express = require('express');
const app = express();
const port = 3000;

app.get('/', (req, res) => {
  res.send('Hello World!');
});

app.listen(port, () => {
  console.log(`Example app listening on port ${port}`);
});

Image description

  1. In your terminal (which should be in the project directory), type nodemon index.js and hit the Enter button.

Image description

  1. Open a new tab in postman or any web browser and the address bar, type http://localhost:3000, and hit the Enter button

Image description

Image description

Now the Node server is up and running...

2. Create Azure key vault

  1. Sign in to the Azure portal at https://portal.azure.com

  2. To set up a Key Vault in Azure:

  3. Open the Azure portal and select "Create a resource" from the menu or Home page.

  4. Search for "Key Vault" and select it from the results.

  5. Click on "Create" in the Key Vault section.

  6. In the "Create key vault" section, enter a unique name for the vault (e.g. "nodejsazurekeyvault") A vault's name must be between 3-24 alphanumeric characters. The name must begin with a letter, end with a letter or digit, and not contain consecutive hyphens, select a subscription and create a new resource group.

  7. Pick a location and keep the other options unchanged.

  8. Click on "Create" to finalize the setup.

Image description

3. Add secrets to key Vault

  1. Click secrets in the left panel
  2. Click Generate/Import at top of the page
  3. Add a secret name, and value
  4. Toggle enables to yes
  5. Click Create

Image description

Image description

4. Add secrets from CLI

  1. Install Azure CLI Download
  2. Run these commands in the PowerShell window
az login
az keyvault secret set --vault-name "<your-unique-keyvault-name>" --name "MultilineSecret" --file "secretfile.txt"

Image description

Image description

5. Register the app in Azure Active Directory

  1. Navigate to Azure Active Directory
  2. Click App registrations on the left panel
  3. Click New Registration
  4. Enter the app name and platform to Web
  5. Register

Image description

Image description

  1. Click certificates and secrets
  2. New client's secret
  3. Add a description and set the expiry date
  4. Add
  5. Copy the value and keep it for future

Image description

Image description

6. Add app to key Vault

  1. Navigate to Key Vault
  2. Click Access Policies in the left panel
  3. Create
  4. Select Secret Management from the template dropdown

Image description

  1. Next
  2. Select keyvaultapp

Image description

  1. Next
  2. Create

7. Reveal secrets in Nodejs application

  1. Go to index.js
  2. Open vs code terminal and install the following
npm install @azure/identity
npm install @azure/keyvault-secrets
npm install dotenv
  1. Create a .ENV file and add the following code
KEYVAULT_URI=<"key vault URL">
AZURE_TENANT_ID=<"registered app in azure active directory">
AZURE_CLIENT_ID=<"registered app in azure active directory">
AZURE_CLIENT_SECRET=<"previously copied value">

Image description

Image description

Image description

  1. Add this code to index.js
require("dotenv").config();
const { DefaultAzureCredential } = require("@azure/identity");
const { SecretClient } = require("@azure/keyvault-secrets");
const credential = new DefaultAzureCredential();
const client = new SecretClient(process.env.KEYVAULT_URI, credential);
  1. Create a separate route and add this code (single line secret)
app.get("/secret", (req, res) => {
  client
    .getSecret("testsecret")
    .then((data) => {
      res.send(data.value);
    })
    .catch((error) => {
      console.log(error);
      res.send(error);
    });
});
  1. In your terminal (which should be in the project directory), type nodemon index.js and hit the Enter button.
  2. Open a new tab in postman or any web browser and the address bar, type http://localhost:3000/secret, and hit the Enter button

Image description

Image description

  1. Create a separate route and add this code (multi-line secret)
app.get("/multilinesecret", (req, res) => {
  client
    .getSecret("MultilineSecret")
    .then((data) => {
      const parsedSecret = JSON.parse(data.value);
      res.json(parsedSecret);
    })
    .catch((error) => {
      console.log(error);
      res.send(error);
    });
});
  1. In your terminal (which should be in the project directory), type nodemon index.js and hit the Enter button.

  2. Open a new tab in postman or any web browser and the address bar, type http://localhost:3000/multilinesecret, and hit the Enter button

Image description

Image description

Complete Code

const express = require('express');
const app = express();
const port = 3000;
require('dotenv').config();
app.use(express.json());

const { DefaultAzureCredential } = require('@azure/identity');
const { SecretClient } = require('@azure/keyvault-secrets');

const credential = new DefaultAzureCredential();
const client = new SecretClient(process.env.KEY_VAULT_URI, credential);

app.get('/', (req, res) => {
  res.send('Hello World!');
});

app.get('/secret', async (req, res) => {
  try {
    const secret = await client.getSecret('testsecret');
    res.send(secret.value);
  } catch (error) {
    console.log(error);
    res.send(error);
  }
});

app.get('/multilinesecret', async (req, res) => {
  try {
    const secret = await client.getSecret('MultilineSecret');
    const parsedSecret = JSON.parse(secret.value);
    res.json(parsedSecret);
  } catch (error) {
    console.log(error);
    res.send(error);
  }
});

app.post('/secret', async (req, res) => {
  try {
    const { secretName, secretValue } = req.body;

    if (!secretName || !secretValue) {
      res.status(400).send('Please provide a secret name and value');
    }

    await client.setSecret(secretName, secretValue);
    res.send('Secret created');
  } catch (error) {
    console.log(error);
    res.send(error);
  }
});

app.listen(port, () => {
  console.log(`Example app listening on port ${port}`);
});

Source Code

GitHub

Thank you.