{"id":15291416,"url":"https://github.com/azure/azurekeyvault","last_synced_at":"2025-10-20T03:31:50.828Z","repository":{"id":35022221,"uuid":"187983539","full_name":"Azure/AzureKeyVault","owner":"Azure","description":"R interface to Azure Key Vault","archived":false,"fork":false,"pushed_at":"2023-03-28T16:44:40.000Z","size":271,"stargazers_count":14,"open_issues_count":10,"forks_count":7,"subscribers_count":19,"default_branch":"master","last_synced_at":"2024-10-07T12:39:32.967Z","etag":null,"topics":["azure","azure-key-vault","azure-sdk-r","r","security"],"latest_commit_sha":null,"homepage":null,"language":"R","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Azure.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2019-05-22T07:13:03.000Z","updated_at":"2024-08-15T11:28:54.000Z","dependencies_parsed_at":"2024-02-19T18:24:39.413Z","dependency_job_id":null,"html_url":"https://github.com/Azure/AzureKeyVault","commit_stats":{"total_commits":190,"total_committers":3,"mean_commits":"63.333333333333336","dds":"0.021052631578947323","last_synced_commit":"6d3a027205b61d6f98e4159c569302a7d3d97352"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Azure%2FAzureKeyVault","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Azure%2FAzureKeyVault/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Azure%2FAzureKeyVault/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Azure%2FAzureKeyVault/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Azure","download_url":"https://codeload.github.com/Azure/AzureKeyVault/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":219869293,"owners_count":16555578,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["azure","azure-key-vault","azure-sdk-r","r","security"],"created_at":"2024-09-30T16:12:22.863Z","updated_at":"2025-10-20T03:31:50.816Z","avatar_url":"https://github.com/Azure.png","language":"R","funding_links":[],"categories":[],"sub_categories":[],"readme":"# AzureKeyVault \u003cimg src=\"man/figures/logo.png\" align=\"right\" width=150 /\u003e\n\n[![CRAN](https://www.r-pkg.org/badges/version/AzureKeyVault)](https://cran.r-project.org/package=AzureKeyVault)\n![Downloads](https://cranlogs.r-pkg.org/badges/AzureKeyVault)\n![R-CMD-check](https://github.com/Azure/AzureKeyVault/workflows/R-CMD-check/badge.svg)\n\n[Azure Key Vault](https://azure.microsoft.com/products/key-vault/) enables Microsoft Azure applications and users to store and use several types of secret/key data:\n\n- Cryptographic keys: Supports multiple key types and algorithms, and enables the use of Hardware Security Modules (HSM) for high value keys.\n- Secrets: Provides secure storage of secrets, such as passwords and database connection strings.\n- Certificates: Supports certificates, which are built on top of keys and secrets and add an automated renewal feature.\n- Azure Storage: Can manage keys of an Azure Storage account for you. Internally, Key Vault can list (sync) keys with an Azure Storage Account, and regenerate (rotate) the keys periodically.\n\nAzureKeyVault is an R package for working with the Key Vault service. It provides both a client interface, to access the contents of the vault, and a Resource Manager interface for administering the Key Vault itself.\n\nThe primary repo for this package is at https://github.com/Azure/AzureKeyVault; please submit issues and PRs there. It is also mirrored at the Cloudyr org at https://github.com/cloudyr/AzureKeyVault. You can install the development version of the package from GitHub:\n\n```r\ndevtools::install_github(\"Azure/AzureKeyVault\")\n```\n\n## Resource Manager interface\n\nAzureKeyVault extends the [AzureRMR](https://github.com/Azure/AzureRMR) package to handle key vaults. In addition to creating and deleting vaults, it provides methods to manage access policies for user and service principals.\n\n```r\n# create a key vault\nrg \u003c- AzureRMR::get_azure_login()$\n    get_subscription(\"sub_id\")$\n    get_resource_group(\"rgname\")\nkv \u003c- rg$create_key_vault(\"mykeyvault\")\n\n# list current principals (by default includes logged-in user)\nkv$list_principals()\n\n# get details for a service principal\nsvc \u003c- AzureGraph::get_graph_login()$\n    get_service_principal(\"app_id\")\n\n# give the service principal read-only access to vault keys and secrets\nkv$add_principal(svc,\n    key_permissions=c(\"get\", \"list\", \"backup\"),\n    secret_permissions=c(\"get\", \"list\", \"backup\"),\n    certificate_permissions=NULL,\n    storage_permissions=NULL)\n```\n\n## Client interface\n\nThe client interface is R6-based. To instantiate a new client object, call the `key_vault` function. This object includes sub-objects for interacting with keys, secrets, certificates and managed storage accounts.\n\n```r\nvault \u003c- key_vault(\"https://mykeyvault.vault.azure.net\")\n\n# can also be done from the ARM resource object\nvault \u003c- kv$get_endpoint()\n\n\n# create a new secret\nvault$secrets$create(\"newsecret\", \"hidden text\")\nsecret \u003c- vault$secrets$get(\"newsecret\")\n\n# printing the value won't display it; this is to help guard against shoulder-surfing\nsecret$value\n#\u003e \u003chidden\u003e\n\n\n# create a new RSA key with 4096-bit key size\nvault$keys$create(\"newkey\", type=\"RSA\", rsa_key_size=4096)\n\n# encrypting and decrypting\nkey \u003c- vault$keys$get(\"newkey\")\nplaintext \u003c- \"super secret\"\nciphertext \u003c- key$encrypt(plaintext)\ndecrypted_text \u003c- key$decrypt(ciphertext, as_raw=FALSE)\nplaintext == decrypted_text\n#\u003e [1] TRUE\n\n\n# create a new self-signed certificate (will also create an associated key and secret)\ncert \u003c- vault$certificates$create(\"newcert\",\n    subject=\"CN=mydomain.com\",\n    x509=cert_x509_properties(dns_names=\"mydomain.com\"))\n\n# import a certificate from a PFX file\nvault$certificates$import(\"importedcert\", \"mycert.pfx\")\n\n# OAuth authentication using a cert in Key Vault (requires AzureAuth \u003e= 1.0.2)\nAzureAuth::get_azure_token(\"resource_url\", \"mytenant\", \"app_id\", certificate=cert)\n\n# export the certificate as a PEM file\n# (you should only export a cert if absolutely necessary)\ncert$export(\"newcert.pem\")\n\n\n# add a managed storage account\nstorage_res \u003c- rg$get_resource(type=\"Microsoft.Storage/storageAccounts\", name=\"mystorage\")\nstor \u003c- vault$storage$add(\"mystorage\", storage_res, \"key1\")\n\n# Creating a new SAS definition\nsasdef \u003c- \"sv=2015-04-05\u0026ss=bqtf\u0026srt=sco\u0026sp=r\"\nstor$create_sas_definition(\"newsas\", sasdef, validity_period=\"P30D\")\n```\n\n---\n\u003cp align=\"center\"\u003e\u003ca href=\"https://github.com/Azure/AzureR\"\u003e\u003cimg src=\"https://github.com/Azure/AzureR/raw/master/images/logo2.png\" width=800 /\u003e\u003c/a\u003e\u003c/p\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fazure%2Fazurekeyvault","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fazure%2Fazurekeyvault","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fazure%2Fazurekeyvault/lists"}