Skip to content

Commit

Permalink
feat(secrets): POC reads value using azure libs
Browse files Browse the repository at this point in the history
  • Loading branch information
@thekaveman
thekaveman committed Jan 26, 2024
1 parent 23346cf commit 788d522
Showing 1 changed file with 22 additions and 0 deletions.
22 changes: 22 additions & 0 deletions benefits/secrets.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
import sys

from azure.identity import DefaultAzureCredential
from azure.keyvault.secrets import SecretClient


if __name__ == "__main__":
args = sys.argv[1:]
if len(args) < 2:
print("Provide the Key Vault URL and the name of the secret to read")
exit(1)

vault_url = args[0]
secret_name = args[1]

credential = DefaultAzureCredential()
client = SecretClient(vault_url=vault_url, credential=credential)
secret = client.get_secret(secret_name)

print(f"Reading {secret_name} from {vault_url}")

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information High

This expression logs
sensitive data (secret)
as clear text.
print(f"Value: {secret.value}")
exit(0)

0 comments on commit 788d522

Please sign in to comment.