azure

module
v1.0.0-beta.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 23, 2022 License: Apache-2.0

README

Azure Plugins for Porter

This is a set of Azure plugins for Porter.

Build Status

Install

The plugin is distributed as a single binary, azure. The following snippet will clone this repository, build the binary and install it to ~/.porter/plugins/.

go get get.porter.sh/plugin/azure/cmd/azure
cd $(go env GOPATH)/src/get.porter.sh/plugin/azure
make build install

After installing the plugin, you must modify your porter configuration file and select which plugin you want to use.

Secrets

Secrets plugins allow Porter to inject secrets into credential or parameter sets. It also stores sensitive data referenced/generated during Porter execution.

For example, if your team has a shared key vault with a database password, you can use the keyvault plugin to inject it as a credential or parameter when you install a bundle.

Key Vault

The azure.keyvault plugin resolves credentials or parameters against secrets in Azure Key Vault. It's also used to store any sensitive data referenced during Porter execution.

  1. Open, or create, ~/.porter/config.toml

  2. Add the following lines to activate the Azure keyvault secrets plugin:

    default-secrets = "mysecrets"
    
    [[secrets]]
    name = "mysecrets"
    plugin = "azure.keyvault"
    
    [secrets.config]
    vault = "myvault"
    
  3. Create a key vault and set the vault name in the config with name of the vault.

Authentication

Authentication to Azure can use any of the following methods. Whichever mechanism is used, the principal that is used to access key vault needs to be granted at least Get and List secret permissions on the vault. However, if you authenticate using the Azure CLI and are logged in with the account that created the key vault in the portal then you will already have this permission.

  1. Azure CLI. - By default if the machine you are using is already logged in with the Azure CLI then the same security context will be used for the azure.keyvault plugin without any additional configuration.

  2. Use a service principal (azure portal ) and an application secret (azure portal or azure cli). - Use the service principal details to set the environment variables AZURE_TENANT_ID and AZURE_CLIENT_ID. Then set the environment variable AZURE_CLIENT_SECRETusing the application secret .

  3. Use a service principal (azure portal) and a certificate (azure portal or azure cli). - Use the service principal details to set the environment variables AZURE_TENANT_ID and AZURE_CLIENT_ID. Then using the certificate file path and password set the environment variables AZURE_CERTIFICATE_PATH and AZURE_CERTIFICATE_PASSWORD.

  4. Username and Password - Log in with user name and password. Set the environment variables AZURE_USERNAME and AZURE_PASSWORD. This doesn't work with Microsoft accounts or accounts that have two-factor authentication enabled.

Directories

Path Synopsis
cmd
pkg

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL