R interface to Azure Key Vault
Перейти к файлу
Hong Ooi c95eb22c6d initial storage testing 2019-04-04 04:26:08 +11:00
R initial storage testing 2019-04-04 04:26:08 +11:00
tests initial storage testing 2019-04-04 04:26:08 +11:00
.Rbuildignore initial commit 2019-03-26 18:06:24 +11:00
.gitignore initial commit 2019-03-26 18:06:24 +11:00
DESCRIPTION initial storage testing 2019-04-04 04:26:08 +11:00
LICENSE initial commit 2019-03-26 18:06:24 +11:00
LICENSE.md initial commit 2019-03-26 18:06:24 +11:00
NAMESPACE add readme, ability to login as user 2019-03-29 21:12:32 +11:00
README.md rework policy code 2019-04-02 13:14:44 +11:00

README.md

AzureKeyVault

R interface to Azure Key Vault, a secure service for managing private keys, secrets and certificates.

You can install the development version of the package from GitHub:

devtools::install_github("cloudyr/AzureKeyVault")

Resource Manager interface

AzureKeyVault extends the AzureRMR package to handle key vaults. In addition to creating and deleting vaults, it provides methods to manage access policies for user and service principals.

# create a key vault
kv <- AzureRMR::get_azure_login()$
    get_subscription("sub_id")$
    get_resource_group("rgname")$
    create_key_vault("mykeyvault")

# list current principals (by default includes logged-in user)
kv$list_principals()

# get details for a service principal
svc <- AzureGraph::get_graph_login()$
    get_service_principal("app_id")

# give the service principal read-only access to vault keys and secrets
kv$add_principal(svc,
    key_permissions=c("get", "list", "backup"),
    secret_permissions=c("get", "list", "backup"),
    certificate_permissions=NULL,
    storage_permissions=NULL)

Client interface

The client interface is R6-based, with methods for keys, secrets and certificates. To access the vault, instantiate a new object of class key_vault.

vault <- key_vault("https://mykeyvault.vault.azure.net")

# can also be done from the ARM resource object
#vault <- kv$get_endpoint()

# create a new secret
vault$secrets$set("newsecret", "secret value")
vault$secrets$show("newsecret")

# create a new RSA key with 4096-bit key size
vault$keys$create("newkey", type="RSA", rsa_key_size=4096)

# create a new self-signed certificate (will also create the associated key and secret)
vault$certificates$create("newcert",
    issuer=list(name="self"),
    secret=list(contentType="application/x-pkcs12"),
    x509=list(subject="CN=mydomain.com", sans=list(dns_names=list("mydomain.com")))
)

cloudyr project logo