akv-cli 0.10.1

The Azure Key Vault CLI (unofficial) can read secrets from Key Vault, securely pass secrets to other commands or inject them into configuration files, encrypt and decrypt secrets, and managed keys and secrets in Key Vault.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182

# Contribution Guide

Open issues and submitting pull requests are welcome!
If you'd like to contribute code to this project, you can follow along with this guide to get started.

## Development environment

There are two good ways of getting started:

### Dev container

You can open this repository in either [GitHub Codespaces] or locally in a [Dev container].
All the prerequisite software required to contribute code in this project will be preinstalled.

### Local development

You can also work in this codebase locally. You'll need the following prerequisites:

* [Rust]
* [Node.js] 22 or later (for spell checking with cspell)
* (Recommended) [Visual Studio Code]
* (Recommended) [Azure Developer CLI]
* (Recommended) [PowerShell]
* (Recommended) [Pester]

When you open VSCode, you should be prompted to install additional, recommended extensions,
including rust-analyzer, the LLDB debugger, and more.

After cloning the repository, install Node.js dependencies:

```bash
npm install
```

## Building

To build the workspace, in the root of the repository just run:

```bash
cargo build
```

## Testing

To run unit tests:

```bash
cargo test
```

Integration and manual tests require a Key Vault. To provision a vault with the [Azure Developer CLI], run:

```bash
# Environment name 'dev' recommended.
azd up
```

This will provision a vault and a few secrets for testing commands e.g.:

```bash
cargo run -- secret list
cargo run -- read --name secret-1
```

If you provision a vault using `azd`, a `.env` file is created under `.azure/dev/.env` by default,
which this project will read automatically.

To provision secret variables for demonstration, source an appropriate setup script under the `examples/` directory:

### Bash

In bash - or almost any popular shell on linux or macOS:

```bash
# The script is not executable and requires sourcing.
. ./examples/setup.sh
```

### PowerShell

In PowerShell:

```powershell
# You can also invoke the script from within powershell.
. ./examples/setup.ps1
```

### Manual testing

To manually test the CLI, install [Pester] in [PowerShell] and run:

```powershell
azd up # If you haven't already

Invoke-Pester tests/test.ps1
```

## Linting

### Spell Checking

To check spelling:

```bash
npm run spell-check
```

To automatically fix spelling issues where possible:

```bash
npm run spell-check:fix
```

The spell checker uses cspell with configuration in `.cspell.json`. Add custom words to the `words` array in that file.

### Markdown Linting

To lint markdown files:

```bash
npm run markdown-lint
```

To automatically fix markdown issues where possible:

```bash
npm run markdown-lint:fix
```

The markdown linter uses markdownlint-cli2 with configuration in `.markdownlint-cli2.yaml`.

## Examples

### Blobs

The `blobs` example is a simple demo application to list and read blobs. You need to create an app registration for RBAC initially, however:

```bash
az ad sp create-for-rbac -n akv-demo
```

Note the `appId` and `password` fields. You'll want to pass the `appId` when provisioning resources the first time:

```bash
AZURE_CLIENT_ID='{appId}' azd up
```

Once provisioning is complete and because the debug builds of `akv` will automatically read the `azd` environment care of [`dotazure`][dotazure],
you can create client secret and retain the secret reference for `azd`:

```bash
cargo run -- secret create client-secret='{password}'
azd env set AZURE_CLIENT_SECRET '{ID from previous command}'
```

Now you can run the `blobs` example within the `akv run` command:

```bash
cargo run -- run -- cargo run --example blobs
```

## Troubleshooting

To help troubleshoot issues, you can trace information to the terminal:

```bash
RUST_LOG=info,akv=debug cargo run -- secret list
```

The [`RUST_LOG`][RUST_LOG] environment variable here sets the default tracing level to `info`
but `debug` for all `akv` traces.

[Azure Developer CLI]: https://learn.microsoft.com/azure/developer/azure-developer-cli/install-azd
[Dev container]: https://code.visualstudio.com/docs/devcontainers/create-dev-container
[dotazure]: https://github.com/heaths/dotazure-rs
[GitHub Codespaces]: https://github.com/features/codespaces
[Node.js]: https://nodejs.org
[Pester]: https://pester.dev/docs/introduction/installation
[PowerShell]: https://learn.microsoft.com/powershell/scripting/install/install-powershell
[Rust]: https://www.rust-lang.org
[RUST_LOG]: https://docs.rs/env_logger/latest/env_logger/#enabling-logging
[Visual Studio Code]: https://code.visualstudio.com