in pkg/plugin/keyvault.go [273:292]
func getVaultURL(vaultName string, managedHSM bool, env *azure.Environment) (vaultURL *string, err error) {
// Key Vault name must be a 3-24 character string
if len(vaultName) < 3 || len(vaultName) > 24 {
return nil, fmt.Errorf("invalid vault name: %q, must be between 3 and 24 chars", vaultName)
}
// See docs for validation spec: https://docs.microsoft.com/en-us/azure/key-vault/about-keys-secrets-and-certificates#objects-identifiers-and-versioning
isValid := regexp.MustCompile(`^[-A-Za-z0-9]+$`).MatchString
if !isValid(vaultName) {
return nil, fmt.Errorf("invalid vault name: %q, must match [-a-zA-Z0-9]{3,24}", vaultName)
}
vaultDNSSuffixValue := getVaultDNSSuffix(managedHSM, env)
if vaultDNSSuffixValue == azure.NotAvailable {
return nil, fmt.Errorf("vault dns suffix not available for cloud: %s", env.Name)
}
vaultURI := fmt.Sprintf("https://%s.%s/", vaultName, vaultDNSSuffixValue)
return &vaultURI, nil
}