insites-consulting / azure-key-vault

Allow secrets to be easily fetched from an Azure Key Vault from within a Laravel application
4 stars 10 forks source link

Listing all secrets #10

Open Vinze opened 1 year ago

Vinze commented 1 year ago

First of all, thanks for creating this neat little package!

I'm wondering, would it be possible to list all secrets? (Vault::listSecrets() ?) After listing the secrets we could use the Vault::secret('name') function to retreive the secret. I found an existing package which already contains this function (see: https://github.com/wapacro/az-keyvault-php/blob/master/src/Secret.php#L93) but your package integrates better with Laravel and I find it easier to use.

Would you be willing to add something like this to the package? I tried forking your repo and creating a pull request, but I wasn't able to figure out how to write the required unit tests and install the package on my dev machine.


public function listSecrets(string $nextLink = null)
{
    if ( ! $nextLink) {
        $nextLink = $this->vaultUrl() . "secrets";
    }
    $response = Http::withToken($this->authToken())
        ->accept('application/json')
        ->get(
            $nextLink,
            [
                "api-version" => "7.1"
            ]
        );
    if ($response->successful()) {
        return $response->json();
    } else {
        throw new AzureKeyVaultException(
            $response->json()['error']['message'],
            $response->status()
        );
    }
}
freezscholte commented 1 year ago

This indeed would be a welcome feature!

stephen-isc commented 1 year ago

Sorry it's taken me a while to get to this. I have an initial version of something to do this on the branch feature/secret-list in this repository. There's no tests for it yet, but it seems to work.

This returns a LazyCollection so all the pagination is dealt with inside this package.

I won't be able to do much more on this before the new year, but please let me know what you think.

stephen-isc commented 1 year ago

I should note that there might be some throttling to deal with here, since we can only return 25 results in a page and therefore might reasonably need to make quite a few requests.

See https://learn.microsoft.com/en-us/rest/api/azure/#async-operations-throttling-and-paging for more information on this.

Vinze commented 1 year ago

I'll give that branch a try, thank you!

Regarding the 25 results limit, I'm syncing the secrets with a scheduled task and then it isn´t really a problem if this takes a couple of minutes.

For other use cases it might be helpful to create 2 functions, for example:

  1. Retrieve all secrets in the lazy collection like you already built (which might take a while): Vault::allSecrets()
  2. Retrieve the first 25 results and the nextLink, so someone could create their own pagination (like my example above): Vault::listSecrets($nextLink) ?