Azure Plugins for Porter
This is a set of Azure plugins for Porter.
Install
The plugin is distributed as a single binary, azure
. The following snippet will clone this repository, build the binary
and install it to ~/.porter/plugins/.
go get get.porter.sh/plugin/azure/cmd/azure
cd $(go env GOPATH)/src/get.porter.sh/plugin/azure
make build install
After installing the plugin, you must modify your porter configuration file and select which plugin you want to use.
Secrets
Secrets plugins allow Porter to inject secrets into credential or parameter sets. It also stores sensitive data referenced/generated during Porter execution.
For example, if your team has a shared key vault with a database password, you
can use the keyvault plugin to inject it as a credential or parameter when you install a bundle.
Key Vault
The azure.keyvault
plugin resolves credentials or parameters against secrets in Azure Key Vault. It's also used to store any sensitive data referenced during Porter execution.
-
Open, or create, ~/.porter/config.toml
-
Add the following lines to activate the Azure keyvault secrets plugin:
default-secrets = "mysecrets"
[[secrets]]
name = "mysecrets"
plugin = "azure.keyvault"
[secrets.config]
vault = "myvault"
-
Create a key vault and set the vault name in the config with name of the vault.
Authentication
Authentication to Azure can use any of the following methods. Whichever mechanism is used, the principal that is used to access key vault needs to be granted at least Get and List secret permissions on the vault. However, if you authenticate using the Azure CLI and are logged in with the account that created the key vault in the portal then you will already have this permission.
-
Azure CLI. - By default if the machine you are using is already logged in with the Azure CLI then the same security context will be used for the azure.keyvault
plugin without any additional configuration.
-
Use a service principal (azure portal ) and an application secret (azure portal or azure cli). - Use the service principal details to set the environment variables AZURE_TENANT_ID
and AZURE_CLIENT_ID
. Then set the environment variable AZURE_CLIENT_SECRET
using the application secret .
-
Use a service principal (azure portal) and a certificate (azure portal or azure cli). - Use the service principal details to set the environment variables AZURE_TENANT_ID
and AZURE_CLIENT_ID
. Then using the certificate file path and password set the environment variables AZURE_CERTIFICATE_PATH
and AZURE_CERTIFICATE_PASSWORD
.
-
Username and Password - Log in with user name and password. Set the environment variables AZURE_USERNAME
and AZURE_PASSWORD
. This doesn't work with Microsoft accounts or accounts that have two-factor authentication enabled.