Azure Key Vault Trait
The Azure Key Vault trait can be used to use secrets from Azure Key Vault service
The Azure Key Vault trait is disabled by default.
For more information about how to use secrets from Azure Key Vault component take a look at the components docs: Azure Key Vault component
A sample execution of this trait, would require the following trait options: -t azure-key-vault.enabled=true -t azure-key-vault.tenant-id="tenant-id" -t azure-key-vault.client-id="client-id" -t azure-key-vault.client-secret="client-secret" -t azure-key-vault.vault-name="vault-name"
To enable the automatic context reload on secrets updates you should define the following trait options: -t azure-key-vault.enabled=true -t azure-key-vault.tenant-id="tenant-id" -t azure-key-vault.client-id="client-id" -t azure-key-vault.client-secret="client-secret" -t azure-key-vault.vault-name="vault-name" -t azure-key-vault.context-reload-enabled="true" -t azure-key-vault.refresh-enabled="true" -t azure-key-vault.refresh-period="30000" -t azure-key-vault.secrets="test*" -t azure-key-vault.eventhub-connection-string="connection-string" -t azure-key-vault.blob-account-name="account-name" -t azure-key-vault.blob-container-name="container-name" -t azure-key-vault.blob-access-key="account-name"
This trait is available in the following profiles: Kubernetes, Knative, OpenShift.
Configuration
Trait properties can be specified when running any integration with the CLI:
$ kamel run --trait azure-key-vault.[key]=[value] --trait azure-key-vault.[key2]=[value2] integration.groovy
The following configuration options are available:
Property | Type | Description |
---|---|---|
|
| Can be used to enable or disable a trait. All traits share this common property. |
|
| Enables automatic configuration of the trait. |
|
| The Azure Tenant Id for accessing Key Vault |
|
| The Azure Client Id for accessing Key Vault |
|
| The Azure Client Secret for accessing Key Vault. This could be a plain text or a configmap/secret. The content of the azure key vault client secret is expected to be a text containing a valid Client Secret. Syntax: [configmap|secret]:name[/key], where name represents the resource name, key optionally represents the resource key to be filtered (default key value = azure-key-vault-client-secret). |
|
| The Azure Vault Name for accessing Key Vault |
|
| Define if we want to use the Camel Context Reload feature or not |
|
| Define if we want to use the Refresh Feature for secrets |
|
| If Refresh is enabled, this defines the interval to check the refresh event |
|
| If Refresh is enabled, the regular expression representing the secrets we want to track |
|
| If Refresh is enabled, the connection String to point to the Eventhub service used to track updates |
|
| If Refresh is enabled, the account name for Azure Storage Blob service used to save checkpoint while consuming from Eventhub |
|
| If Refresh is enabled, the access key for Azure Storage Blob service used to save checkpoint while consuming from Eventhub. This could be a plain text or a configmap/secret. The content of the azure key vault blob access key is expected to be a text containing a valid Access Key for Azure Storage Blob. Syntax: [configmap|secret]:name[/key], where name represents the resource name, key optionally represents the resource key to be filtered (default key value = azure-storage-blob-access-key). |
|
| If Refresh is enabled, the container name for Azure Storage Blob service used to save checkpoint while consuming from Eventhub |