Azure Key Vault Trait

The Azure Key Vault trait can be used to use secrets from Azure Key Vault service

The Azure Key Vault trait is disabled by default.

For more information about how to use secrets from Azure Key Vault component take a look at the components docs: Azure Key Vault component

A sample execution of this trait, would require the following trait options: -t azure-key-vault.enabled=true -t azure-key-vault.tenant-id="tenant-id" -t azure-key-vault.client-id="client-id" -t azure-key-vault.client-secret="client-secret" -t azure-key-vault.vault-name="vault-name"

To enable the automatic context reload on secrets updates you should define the following trait options: -t azure-key-vault.enabled=true -t azure-key-vault.tenant-id="tenant-id" -t azure-key-vault.client-id="client-id" -t azure-key-vault.client-secret="client-secret" -t azure-key-vault.vault-name="vault-name" -t azure-key-vault.context-reload-enabled="true" -t azure-key-vault.refresh-enabled="true" -t azure-key-vault.refresh-period="30000" -t azure-key-vault.secrets="test*" -t azure-key-vault.eventhub-connection-string="connection-string" -t azure-key-vault.blob-account-name="account-name" -t azure-key-vault.blob-container-name="container-name" -t azure-key-vault.blob-access-key="account-name" -t azure-key-vault.azure-identity-enabled="true"

This trait is available in the following profiles: Kubernetes, Knative, OpenShift.

Configuration

Trait properties can be specified when running any integration with the CLI:

$ kamel run --trait azure-key-vault.[key]=[value] --trait azure-key-vault.[key2]=[value2] integration.groovy

The following configuration options are available:

Property Type Description

azure-key-vault.enabled

bool

Can be used to enable or disable a trait. All traits share this common property.

azure-key-vault.auto

bool

Enables automatic configuration of the trait.

azure-key-vault.tenant-id

string

The Azure Tenant Id for accessing Key Vault

azure-key-vault.client-id

string

The Azure Client Id for accessing Key Vault

azure-key-vault.client-secret

string

The Azure Client Secret for accessing Key Vault. This could be a plain text or a configmap/secret. The content of the azure key vault client secret is expected to be a text containing a valid Client Secret. Syntax: [configmap|secret]:name[/key], where name represents the resource name, key optionally represents the resource key to be filtered (default key value = azure-key-vault-client-secret).

azure-key-vault.vault-name

string

The Azure Vault Name for accessing Key Vault

azure-key-vault.context-reload-enabled

bool

Define if we want to use the Camel Context Reload feature or not

azure-key-vault.refresh-enabled

bool

Define if we want to use the Refresh Feature for secrets

azure-key-vault.azure-identity-enabled

bool

Whether the Azure Identity Authentication should be used or not

azure-key-vault.refresh-period

string

If Refresh is enabled, this defines the interval to check the refresh event

azure-key-vault.secrets

string

If Refresh is enabled, the regular expression representing the secrets we want to track

azure-key-vault.eventhub-connection-string

string

If Refresh is enabled, the connection String to point to the Eventhub service used to track updates

azure-key-vault.blob-account-name

string

If Refresh is enabled, the account name for Azure Storage Blob service used to save checkpoint while consuming from Eventhub

azure-key-vault.blob-access-key

string

If Refresh is enabled, the access key for Azure Storage Blob service used to save checkpoint while consuming from Eventhub. This could be a plain text or a configmap/secret. The content of the azure key vault blob access key is expected to be a text containing a valid Access Key for Azure Storage Blob. Syntax: [configmap|secret]:name[/key], where name represents the resource name, key optionally represents the resource key to be filtered (default key value = azure-storage-blob-access-key).

azure-key-vault.blob-container-name

string

If Refresh is enabled, the container name for Azure Storage Blob service used to save checkpoint while consuming from Eventhub