Skip to content

Commit 916f90e

Browse files
committed
Merge pull request #132 from cachix/feat/azure-key-vault
2 parents 8c898f0 + dc6d75b commit 916f90e

14 files changed

Lines changed: 1216 additions & 10 deletions

File tree

CHANGELOG.md

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
88
## [Unreleased]
99

1010
### Added
11+
- Azure Key Vault provider (`akv://`). Authenticates via a service principal
12+
(`AZURE_TENANT_ID`/`AZURE_CLIENT_ID`/`AZURE_CLIENT_SECRET`), falling back to
13+
a signed-in Azure CLI / Azure Developer CLI session; managed identity and
14+
AKS workload identity are also available via `?auth=managed_identity` and
15+
`?auth=workload_identity`. Sovereign clouds can be addressed with a full
16+
DNS hostname or an explicit `?suffix=` override. Project/profile/key
17+
combinations that would collide once mapped to Azure's secret-name
18+
charset are rejected rather than silently colliding with another secret.
1119
- The `awssm` provider accepts `kms_key_id` and `tag.NAME=VALUE` query
1220
parameters (e.g. `awssm://prod@us-east-1?kms_key_id=alias/my-key&tag.team=platform`).
1321
Both are applied only when secretspec creates a secret, so accounts that enforce

Cargo.lock

Lines changed: 239 additions & 5 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)