npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

@kevboutin/azure-middy-keyvault-secrets

v0.2.14

Published

Azure Key Vault Secrets middleware for the azure-middy framework

Downloads

14

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

kevboutinkevboutin

Keywords

azuremiddlewareserverlessframeworkfunctionappfaasfunction

Readme

azure-middy-keyvault-secrets

Azure Key Vault Secrets middleware for the azure-middy framework, the Node.js middleware engine for Azure functions.

Install

To install the this middleware, you can use NPM:

npm install --save @kevboutin/azure-middy-keyvault-secrets

Prerequisites

  • Node.js >= 18
  • An Azure Function App
  • An Azure Key Vault instance
  • Proper Azure credentials configured (using DefaultAzureCredential)

Usage

The middleware provides Azure Key Vault secrets management for your Azure Functions.

JavaScript (CommonJS)

const { app } = require("@azure/functions");
const middy = require("@kevboutin/azure-middy-core");
const {
    keyvaultSecretsMiddleware,
} = require("@kevboutin/azure-middy-keyvault-secrets");

// Your handler
const baseHandler = async (req, context) => {
    // Your business logic here
    // Secrets are available in req.internal
    return {
        body: JSON.stringify({ message: "Success" }),
    };
};

// Wrap handler with middy
const handler = middy(baseHandler).use(
    keyvaultSecretsMiddleware({
        vaultUrl: "https://your-vault.vault.azure.net",
        fetchData: {
            apiKey: "api-key-secret-name",
            dbPassword: "db-password-secret-name",
        },
        cacheKey: "my-secrets",
    }),
);

module.exports = { handler };

app.http("yourFunction", {
    route: "your-route",
    methods: ["GET"],
    authLevel: "anonymous",
    handler: handler,
});

TypeScript

import { app } from "@azure/functions";
import middy from "@kevboutin/azure-middy-core";
import {
    keyvaultSecretsMiddleware,
    KeyVaultSecretsOptions,
} from "@kevboutin/azure-middy-keyvault-secrets";
import type { AzureFunctionRequest } from "@kevboutin/azure-middy-types";

// Your handler
const baseHandler = async (req: AzureFunctionRequest, context: any) => {
    // Access secrets from the request internal object
    const apiKey = req.internal?.["apiKey"];
    const dbPassword = req.internal?.["dbPassword"];

    console.log("Retrieved secrets:", {
        hasApiKey: !!apiKey,
        hasDbPassword: !!dbPassword,
    });

    return {
        body: JSON.stringify({ message: "Success" }),
    };
};

// Configure Key Vault options with TypeScript
const keyVaultOptions: KeyVaultSecretsOptions = {
    vaultUrl: "https://your-vault.vault.azure.net",
    fetchData: {
        apiKey: "api-key-secret-name",
        dbPassword: "db-password-secret-name",
        jwtSecret: "jwt-signing-key",
    },
    cacheKey: "my-secrets",
};

// Wrap handler with middy
const handler = middy(baseHandler).use(
    keyvaultSecretsMiddleware(keyVaultOptions),
);

export { handler };

app.http("yourFunction", {
    route: "your-route",
    methods: ["GET"],
    authLevel: "anonymous",
    handler: handler,
});

TypeScript Support

This package includes full TypeScript support with:

  • Type Definitions: Complete type definitions for all Key Vault interfaces and functions
  • Type Safety: Full type checking for middleware options and request objects
  • IntelliSense: Enhanced IDE support with autocomplete and type hints

Available Types

import {
    KeyVaultSecretsOptions,
    AzureFunctionRequest,
    KeyVaultSecretsMiddleware,
    CachedValues,
    FetchedValues,
} from "@kevboutin/azure-middy-keyvault-secrets";

TypeScript Configuration

To use TypeScript with this package, ensure your tsconfig.json includes:

{
    "compilerOptions": {
        "esModuleInterop": true,
        "moduleResolution": "node"
    }
}

API

keyvaultSecretsMiddleware(opts = {})

Creates a middleware instance with the following options:

  • opts.vaultUrl (required): The URL of your Azure Key Vault (e.g., "https://your-vault.vault.azure.net")
  • opts.fetchData (required): Object mapping of local names to Key Vault secret names
  • opts.cacheKey (optional): Custom cache key for storing secrets (default: "secrets")

Authentication

The middleware uses DefaultAzureCredential from @azure/identity which supports multiple authentication methods:

  1. Environment variables (AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_TENANT_ID)
  2. Managed Identity
  3. Visual Studio Code credentials
  4. Azure CLI credentials
  5. Interactive browser login

For production, we recommend using Managed Identity or service principal credentials.

Caching

The middleware supports caching of secrets to reduce Key Vault API calls:

  • Set cacheExpiry to the number of milliseconds to cache secrets
  • Use cacheKey to specify a custom cache key if needed
  • Cache is automatically invalidated after expiry
  • Set cacheExpiry: 0 to disable caching

Security Considerations

  1. Always use RBAC or Access Policies to limit Key Vault access
  2. Consider enabling Key Vault soft-delete and purge protection
  3. Monitor Key Vault access using Azure Monitor
  4. Regularly rotate secrets
  5. Use Managed Identity when possible

Documentation and examples

For more documentation and examples, refer to the main Azure-middy monorepo on GitHub.

Contributing

Everyone is very welcome to contribute to this repository. Feel free to raise issues or to submit Pull Requests.

License

Licensed under MIT License. Copyright (c) 2024 Kevin Boutin and the Azure-Middy team.