@datacules/agent-identity-store-azure 0.9.0 → 0.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +58 -0
  2. package/package.json +1 -1
package/README.md ADDED
@@ -0,0 +1,58 @@
1
+ <p align="center">
2
+ <img src="../../../assets/logo.svg" alt="Agent Identity — by Datacules LLC" width="360"/>
3
+ </p>
4
+
5
+ # `@datacules/agent-identity-store-azure`
6
+
7
+ Azure Key Vault + Azure Table Storage credential store for the agent-identity framework. Drop-in replacement for `MemoryCredentialStore`.
8
+
9
+ ## Install
10
+
11
+ ```bash
12
+ npm install @datacules/agent-identity-store-azure
13
+ ```
14
+
15
+ Requires `@azure/keyvault-secrets` and `@azure/data-tables` as peer dependencies.
16
+
17
+ ## Usage
18
+
19
+ ```typescript
20
+ import { AzureKeyVaultCredentialStore } from '@datacules/agent-identity-store-azure';
21
+ import { createRouterFromStore } from '@datacules/agent-identity';
22
+
23
+ const store = new AzureKeyVaultCredentialStore({
24
+ keyVaultUrl: 'https://my-vault.vault.azure.net',
25
+ tablesEndpoint: 'https://myaccount.table.core.windows.net',
26
+ // Credentials resolved from DefaultAzureCredential (Managed Identity, env vars, CLI)
27
+ });
28
+
29
+ const router = createRouterFromStore(store, rules, logger);
30
+ const resolved = await router.resolveAsync(ctx);
31
+ ```
32
+
33
+ ## What it does
34
+
35
+ - **`findByRef(ref)`** — calls `getSecret(ref)` on Azure Key Vault.
36
+ - **`reserve(ref, migrationId, ttlSeconds)`** — inserts a row in Azure Table Storage to lock the credential for one migration run.
37
+ - **`release(ref, migrationId)`** — deletes the Table Storage row.
38
+ - **`listActive()` / `listByKind()`** — lists secrets from Key Vault with the `agent-identity` tag.
39
+
40
+ ## Authentication
41
+
42
+ Uses `DefaultAzureCredential` from `@azure/identity`, which supports Managed Identity, Workload Identity, environment variables, and Azure CLI in order. No client secret needed when running in Azure.
43
+
44
+ ```bash
45
+ # Local dev with Azure CLI
46
+ az login
47
+ ```
48
+
49
+ ## Required RBAC roles
50
+
51
+ | Resource | Role |
52
+ |----------|------|
53
+ | Key Vault | `Key Vault Secrets User` (read) |
54
+ | Table Storage | `Storage Table Data Contributor` |
55
+
56
+ ---
57
+
58
+ Part of the [agent-identity monorepo](https://github.com/hvrcharon1/agent-identity) by [Datacules LLC](https://datacules.com).
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@datacules/agent-identity-store-azure",
3
- "version": "0.9.0",
3
+ "version": "0.11.0",
4
4
  "private": false,
5
5
  "description": "Azure Key Vault + Table Storage credential store for @datacules/agent-identity",
6
6
  "main": "./dist/cjs/index.js",