Access Azure Key Vault secrets

Microsoft Azure Key Vault stores confidential data, such as passwords, certificates, or cryptographic keys, in the form of secrets. You can access Key Vault secrets from your DevWeb scripts.

Add Azure Key Vault APIs to DevWeb scripts

The DevWeb JavaScript SDK includes API functions you can add to your DevWeb scripts, to enable access to Key Vault secrets when running the scripts.

For details on the Azure API functions, see the Azure section in the JavaScript SDK.

Tip: You can open an example script containing the Azure APIs: <DevWeb root folder>\examples\AzureKeyVault.

To access a Key Vault secret from a DevWeb script:

  1. In the terminal window, run the following command:

    DevWebUtils <ClientSecret>

    Store the output to use in the script.

  2. Insert the stored output into your script:

    let clientSecret = load.unmask("<the_stored_output>");
  3. Insert the getToken function into your script and pass the Key Vault authentication credentials to the function. The function saves an authentication token to a specified parameter:

     let token = load.azure.getToken({   
    	vaultName: <vaultName>,    
    	tokenID: <tokenID>,    
    	clientID: <clientID>,     
    	clientSecret: clientSecret});
  4. Insert the getSecret function into your script, and pass the Key Vault secret details and the saved authentication token to the function. The function accesses the secret value and saves it to a specified parameter:

    let secretValue = load.azure.getSecret({
    	secret: <secretName>,
    	token: token});

Back to top

See also:

  • Azure in the JavaScript SDK