ContextQMD
Back to Chezmoi

Azure Key Vault

assets/chezmoi.io/docs/user-guide/password-managers/azure-key-vault.md

2.70.21.8 KB
Original Source

Azure Key Vault

chezmoi includes support for Azure Key Vault secrets.

A default Azure Key Vault name can be set in ~/.config/chezmoi/chezmoi.$FORMAT with azureKeyVault.defaultVault.

Ensure Azure CLI is installed and log in. The logged in user must have the Key Vault Secrets User RBAC role on the Azure Key Vault resource.

Alternatively, use alternate authentication options.

<!-- example-formats -->
toml
[azureKeyVault]
    defaultVault = "contoso-vault2"
<!-- /example-formats -->

A secret value can be retrieved with the azureKeyVault template function.

Retrieve the secret my-secret-name from the default configured vault.

text
exampleSecret = {{ azureKeyVault "my-secret-name" }}

Retrieve the secret my-secret-name from the vault named contoso-vault2.

text
exampleSecret = {{ azureKeyVault "my-secret-name" "contoso-vault2" }}

It is also possible to define an alias in the configuration file for an additional vault.

<!-- example-formats -->
toml
[data]
    vault42 = "contoso-vault42"
[azureKeyVault]
    defaultVault = "contoso-vault2"
<!-- /example-formats -->

Retrieve the secret my-secret-name from the vault named contoso-vault42 through the alias.

text
exampleSecret = {{ azureKeyVault "my-secret-name" .vault42 }}