in src/keyvault/AzureKeyVaultKeyValueAdapter.ts [27:64]
async processKeyValue(setting: ConfigurationSetting): Promise<[string, unknown]> {
// TODO: cache results to save requests.
if (!this.#keyVaultOptions) {
throw new ArgumentError("Failed to process the Key Vault reference because Key Vault options are not configured.");
}
let secretName, vaultUrl, sourceId, version;
try {
const { name: parsedName, vaultUrl: parsedVaultUrl, sourceId: parsedSourceId, version: parsedVersion } = parseKeyVaultSecretIdentifier(
parseSecretReference(setting).value.secretId
);
secretName = parsedName;
vaultUrl = parsedVaultUrl;
sourceId = parsedSourceId;
version = parsedVersion;
} catch (error) {
throw new KeyVaultReferenceError(buildKeyVaultReferenceErrorMessage("Invalid Key Vault reference.", setting), { cause: error });
}
try {
// precedence: secret clients > credential > secret resolver
const client = this.#getSecretClient(new URL(vaultUrl));
if (client) {
const secret = await client.getSecret(secretName, { version });
return [setting.key, secret.value];
}
if (this.#keyVaultOptions.secretResolver) {
return [setting.key, await this.#keyVaultOptions.secretResolver(new URL(sourceId))];
}
} catch (error) {
if (isRestError(error) || error instanceof AuthenticationError) {
throw new KeyVaultReferenceError(buildKeyVaultReferenceErrorMessage("Failed to resolve Key Vault reference.", setting, sourceId), { cause: error });
}
throw error;
}
// When code reaches here, it means that the key vault reference cannot be resolved in all possible ways.
throw new ArgumentError("Failed to process the key vault reference. No key vault secret client, credential or secret resolver callback is available to resolve the secret.");
}