Skip to main content
  • Name: Azure Key Vault
  • Category: Secret manager

Configuration

Configu needs to be authorized to access Azure Key Vault. Configu uses the default azure credentials which by default will read account information specified via environment variables and use it to authenticate. The vaultUrl parameter must always be provided. The examples below will use the following environment variables for authentication: AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_TENANT_ID in conjunction with the required vaultUrl parameter.

Limitations

  • Deleted configs do not immediately remove secrets due to soft deletion. Attempting to upsert to a deleted secret that is not purged will throw an error.

Usage

.configu store declaration

CLI Examples

Upsert Command

Eval and export commands

Common errors and solutions

  1. Authentication failure
    • Solution: Ensure the correct clientId, clientSecret, and tenantId are provided. Verify the service principal’s permissions in the Azure portal.
  2. Vault not found
    • Solution: Ensure the vaultUrl is correct and the key vault exists in your Azure subscription. Verify with:
  3. Access denied
    • Solution: Make sure the service principal has the necessary access policy to manage secrets. Use the following command to grant permissions:
  4. Network connectivity issues
    • Solution: Verify that your network allows access to the vault endpoint. Test the connectivity with:

References