in azureappconfiguration/keyvault.go [42:80]
func (r *keyVaultReferenceResolver) resolveSecret(ctx context.Context, keyVaultReference string) (string, error) {
// vaultUri: "https://{keyVaultName}.vault.azure.net/secrets/{secretName}/{secretVersion}"
uri, err := r.extractKeyVaultURI(keyVaultReference)
if err != nil {
return "", fmt.Errorf("failed to parse Key Vault reference: %w", err)
}
// Parse the URI to get metadata (host, secret name, version)
secretMeta, err := parse(uri)
if err != nil {
return "", fmt.Errorf("invalid Key Vault reference: %w", err)
}
if r.secretResolver != nil {
vaultUri, err := url.Parse(uri)
if err != nil {
return "", fmt.Errorf("invalid Key Vault reference: %w", err)
}
return r.secretResolver.ResolveSecret(ctx, *vaultUri)
}
vaultURL := fmt.Sprintf("https://%s", secretMeta.host)
client, err := r.getSecretClient(vaultURL)
if err != nil {
return "", fmt.Errorf("failed to get Key Vault client: %w", err)
}
response, err := client.GetSecret(ctx, secretMeta.name, secretMeta.version, nil)
if err != nil {
return "", fmt.Errorf("failed to retrieve secret '%s' from Key Vault: %w", secretMeta.name, err)
}
if response.Value == nil {
return "", nil
}
return *response.Value, nil
}