Azure SDK for JavaScript

Introduction to Azure Key Vault

The Azure Key Vault client library for JavaScript enables you to securely store and manage secrets, keys, and certificates. This documentation provides guidance on how to use the SDK to interact with Azure Key Vault from your Node.js and browser applications.

Azure Key Vault is a cloud service for securely storing and accessing secrets. A secret is any information that you want to tightly control access to, such as API keys, passwords, certificates, or connection strings. You can also use Key Vault to store and manage cryptographic keys and TLS/SSL certificates.

Installation

Install the Azure Key Vault client library using npm or yarn:

npm install @azure/keyvault-secrets --save
npm install @azure/identity --save

Or with yarn:

yarn add @azure/keyvault-secrets
yarn add @azure/identity

Authentication

Authentication with Azure Key Vault is typically handled using the @azure/identity library. This library provides various credential types for authenticating to Azure services, such as:

• DefaultAzureCredential: Attempts to authenticate using a combination of environment variables, managed identity, and other methods.
• EnvironmentCredential: Authenticates using environment variables (e.g., AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET).
• ManagedIdentityCredential: For authenticating from an Azure VM or App Service.

Here's an example using DefaultAzureCredential:

import { DefaultAzureCredential } from "@azure/identity";
import { SecretClient } from "@azure/keyvault-secrets";

const keyVaultName = "YOUR_KEY_VAULT_NAME"; // Replace with your Key Vault name
const kvUri = `https://${keyVaultName}.vault.azure.net`;

const credential = new DefaultAzureCredential();
const client = new SecretClient(kvUri, credential);
                    

Basic Usage: Secrets Management

The SecretClient provides methods to manage secrets in your Azure Key Vault.

Creating a Secret

Use the setSecret method to create or update a secret.

async function createSecretExample() {
    const secretName = "mySecretName";
    const secretValue = "mySecretValue";

    try {
        const result = await client.setSecret(secretName, secretValue);
        console.log("Secret created or updated:", result);
    } catch (error) {
        console.error("Error creating secret:", error);
    }
}
                    

Getting a Secret

Use the getSecret method to retrieve a secret's value.

async function getSecretExample() {
    const secretName = "mySecretName";

    try {
        const result = await client.getSecret(secretName);
        console.log("Secret value:", result.value);
    } catch (error) {
        console.error("Error getting secret:", error);
    }
}
                    

Deleting a Secret

Use the beginDeleteSecret method to delete a secret. This initiates a long-running operation.

async function deleteSecretExample() {
    const secretName = "mySecretName";

    try {
        const poller = await client.beginDeleteSecret(secretName);
        const result = await poller.pollUntilDone();
        console.log("Secret deleted:", result);
    } catch (error) {
        console.error("Error deleting secret:", error);
    }
}
                    

Key Management

The Azure Key Vault SDK also supports managing cryptographic keys. You can create, import, and retrieve keys using the KeyClient.

To use key management features, install the appropriate package:

npm install @azure/keyvault-keys --save

And import the KeyClient:

import { KeyClient } from "@azure/keyvault-keys";
// ... use the same credential and kvUri
const keyClient = new KeyClient(kvUri, credential);
                    

Refer to the specific Key Management API documentation for detailed usage.

Certificate Management

Manage your TLS/SSL certificates with the CertificateClient. This includes importing, creating, and retrieving certificates.

Install the certificate package:

npm install @azure/keyvault-certificates --save

And import the CertificateClient:

import { CertificateClient } from "@azure/keyvault-certificates";
// ... use the same credential and kvUri
const certificateClient = new CertificateClient(kvUri, credential);
                    

Explore the Certificate Management API documentation for more information.

Advanced Features

The Azure Key Vault SDK supports various advanced features, including:

• Version management for secrets, keys, and certificates.
• Setting and retrieving tags for managed objects.
• Handling access policies and RBAC for Key Vault.
• Using Key Vault in browser-based applications with appropriate authentication flows (e.g., using InteractiveBrowserCredential).
• Error handling and retries.

Full Examples and Tutorials

For comprehensive examples, code snippets, and tutorials, please visit the official Azure SDK for JavaScript repository on GitHub:

View Key Vault Examples on GitHub