azure_key_vault_client/client/
secret.rs

1use crate::client::identity::BearerAuthExt;
2use crate::client::API_VERSION;
3use crate::types::KeyVaultSecret;
4use crate::{Error, KeyVaultClient};
5
6impl KeyVaultClient {
7    /// Get a specified secret from a given key vault.
8    /// https://docs.microsoft.com/en-us/rest/api/keyvault/get-secret/get-secret
9    pub fn get_secret(
10        &mut self,
11        secret_name: &str,
12        secret_version: Option<&str>,
13    ) -> Result<KeyVaultSecret, Error> {
14        self.refresh_token_access()?;
15
16        let mut path = self.vault_url.clone();
17        let rel = if let Some(secret_version) = secret_version {
18            format!("secrets/{}/{}", secret_name, secret_version)
19        } else {
20            format!("secrets/{}", secret_name)
21        };
22
23        path.set_path(&rel);
24        path.set_query(Some(API_VERSION));
25
26        let key = self
27            .agent
28            .get(path.as_str())
29            .set_auth(&self.bearer_auth())
30            .call()?
31            .into_json::<KeyVaultSecret>()?;
32        Ok(key)
33    }
34
35    /// Sets a secret in a specified key vault.
36    /// https://docs.microsoft.com/en-us/rest/api/keyvault/set-secret/set-secret
37    pub fn set_secret(
38        &mut self,
39        secret_name: &str,
40        secret: KeyVaultSecret,
41    ) -> Result<KeyVaultSecret, Error> {
42        self.refresh_token_access()?;
43
44        let mut path = self.vault_url.clone();
45        path.set_path(&format!("secrets/{}", secret_name));
46        path.set_query(Some(API_VERSION));
47
48        let json = serde_json::to_value(secret)?;
49
50        let key = self
51            .agent
52            .put(path.as_str())
53            .set_auth(&self.bearer_auth())
54            .send_json(json)?
55            .into_json::<KeyVaultSecret>()?;
56        Ok(key)
57    }
58}
59
60#[cfg(test)]
61mod tests {
62
63    use super::*;
64    use crate::client::identity::IdentityConfig;
65    use crate::client::tests::get_env;
66    use crate::types::SecretProperties;
67
68    #[test]
69    fn test_get_secret() {
70        let env = get_env();
71        let config = IdentityConfig::new(env.client_id, env.client_secret, env.tenant_id);
72
73        let mut client = KeyVaultClient::new(&env.vault_url, config).unwrap();
74
75        assert!(client.get_secret(env.secret_name, None).is_ok());
76    }
77
78    #[test]
79    #[ignore = "sets secret"]
80    fn test_set_secret() {
81        let env = get_env();
82        let config = IdentityConfig::new(env.client_id, env.client_secret, env.tenant_id);
83
84        let mut client = KeyVaultClient::new(&env.vault_url, config).unwrap();
85
86        let secret = KeyVaultSecret {
87            properties: SecretProperties::default(),
88            value: "secret message".to_string(),
89        };
90        assert!(client.set_secret(env.secret_name, secret).is_ok());
91    }
92}