search

hashicorp / vault-plugin-secrets-azure

Vault Azure Secrets plugin
Mozilla Public License 2.0
26 stars 20 forks source link

Azure Secrets Engine Customizations #174

Closed Zlaticanin closed 9 months ago

Zlaticanin commented 9 months ago

Adding two configurable fields sign_in_audience and tags to application registration.

To test:

vault secrets enable azure

vault write azure/config \
    subscription_id=$AZURE_SUBSCRIPTION_ID \
    tenant_id=$AZURE_TENANT_ID \
    client_id=$AZURE_CLIENT_ID \
    client_secret=$AZURE_CLIENT_SECRET

vault write azure/roles/my-role \      
    ttl=1h \
    max_ttl=24h \
    azure_roles=@az_roles.json \
    sign_in_audience=AzureADMyOrg \
    tags="team:engineering","environment:development"

vault read azure/creds/my-role

Use the client_id to search through all app registrations in Azure portal to check that the fields are correctly set.