{"id":35882867,"url":"https://github.com/jongio/azd-exec","last_synced_at":"2026-02-22T05:07:00.567Z","repository":{"id":331516336,"uuid":"1092260257","full_name":"jongio/azd-exec","owner":"jongio","description":"Azure Developer CLI (azd) extension - Run scripts with azd environment and Azure credentials. Database migrations, setup automation, CI/CD - with Key Vault integration.","archived":false,"fork":false,"pushed_at":"2026-02-15T16:09:46.000Z","size":1735,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-02-15T22:53:16.054Z","etag":null,"topics":["azd","azure"],"latest_commit_sha":null,"homepage":"https://jongio.github.io/azd-exec","language":"Astro","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jongio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-11-08T09:53:34.000Z","updated_at":"2026-02-15T16:09:17.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/jongio/azd-exec","commit_stats":null,"previous_names":["jongio/azd-exec"],"tags_count":47,"template":false,"template_full_name":null,"purl":"pkg:github/jongio/azd-exec","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jongio%2Fazd-exec","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jongio%2Fazd-exec/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jongio%2Fazd-exec/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jongio%2Fazd-exec/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jongio","download_url":"https://codeload.github.com/jongio/azd-exec/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jongio%2Fazd-exec/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29705526,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-22T03:17:42.375Z","status":"ssl_error","status_checked_at":"2026-02-22T03:17:31.622Z","response_time":110,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["azd","azure"],"created_at":"2026-01-08T19:18:03.792Z","updated_at":"2026-02-22T05:07:00.549Z","avatar_url":"https://github.com/jongio.png","language":"Astro","funding_links":[],"categories":[],"sub_categories":[],"readme":"---\ntitle: azd exec\ndescription: Execute any script with full access to your Azure Developer CLI environment variables and Azure credentials\nlastUpdated: 2026-01-09\ntags: [azure, cli, devops, scripts, keyvault]\n---\n\n\u003cdiv align=\"center\"\u003e\n\n# azd exec\n\n### **Execute Scripts with azd Environment Context**\n\nExecute any script with full access to your Azure Developer CLI environment variables and Azure credentials.\n\n[![CI](https://github.com/jongio/azd-exec/actions/workflows/ci.yml/badge.svg)](https://github.com/jongio/azd-exec/actions/workflows/ci.yml)\n[![CodeQL](https://github.com/jongio/azd-exec/actions/workflows/codeql.yml/badge.svg)](https://github.com/jongio/azd-exec/actions/workflows/codeql.yml)\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)\n\n\u003cbr /\u003e\n\n\u003c/div\u003e\n\n---\n\n## ⚑ One-Command Execute\n\nRun any script with your full Azure contextβ€”no manual environment setup.\n\n```bash\nazd exec ./deploy.sh\n```\n\nThat's it. Your script has access to all azd environment variables, Azure credentials, and configuration.\n\n---\n\n## ✨ Features\n\n\u003ctable\u003e\n\u003ctr\u003e\n\u003ctd width=\"50%\"\u003e\n\n### πŸ”§ Multiple Shell Support\nAutomatically detects and runs bash, sh, zsh, PowerShell, pwsh, and cmd scripts based on file extension or shebang.\n\n### 🎯 Script Arguments\nPass arguments to your scripts seamlessly with the `--` separator for clean parameter handling.\n\n### 🌍 Full Azure Context\nAccess all azd environment variables including subscription, tenant, location, and custom variables.\n\n\u003c/td\u003e\n\u003ctd width=\"50%\"\u003e\n\n### πŸ“‚ Working Directory Control\nExecute scripts from any directory with the `--cwd` flag for flexible automation.\n\n### πŸ”„ Interactive Mode\nRun scripts with interactive input support for prompts and user interaction.\n\n### πŸ” Azure Key Vault Integration\nAutomatically resolves Key Vault references in environment variables, securely fetching secrets at runtime.\n\n### βœ… Battle-Tested\nComprehensive security scanning with CodeQL and gosec (0 vulnerabilities). 86%+ test coverage.\n\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/table\u003e\n\n---\n\n## ⚠️ Security Notice\n\n**IMPORTANT**: `azd exec` executes scripts with **full access** to your Azure credentials and environment. Follow these security best practices:\n\n**βœ… Safe Practices**\n- Only run scripts you trust and have reviewed\n- Review script contents before execution (`cat ./script.sh`)\n- Use inline scripts only for simple, trusted operations\n- Use HTTPS for downloads, never HTTP\n- Verify script sources from official Azure documentation or trusted repositories\n\n**❌ Dangerous Practices**\n- Never pipe untrusted scripts: ~~`curl https://random-site.com/script.sh | azd exec -`~~\n- Don't run scripts from unknown sources\n- Avoid storing secrets in environment variables (use Azure Key Vault instead)\n- Don't blindly copy/paste inline commands without understanding them\n\n**What Scripts Can Access:**\n- πŸ”‘ Azure authentication context (subscription, tenant, credentials)\n- 🌍 All environment variables (including secrets)\n- πŸ“‚ Full filesystem access\n- 🌐 Network access\n\n**Inline vs File-based Scripts:**\n- **File scripts**: Can be reviewed before execution with `cat` or editor\n- **Inline scripts**: Execute immediatelyβ€”ensure you understand the command first\n- **Best practice**: Use file scripts for complex operations, inline for simple queries\n\nFor detailed security information, see [Security Documentation](cli/docs/security-review.md) and [Threat Model](cli/docs/threat-model.md).\n\n---\n\n## 🎯 Quick Start\n\n### 1. Install Azure Developer CLI\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cb\u003eWindows\u003c/b\u003e\u003c/summary\u003e\n\n```powershell\nwinget install microsoft.azd\n```\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cb\u003emacOS\u003c/b\u003e\u003c/summary\u003e\n\n```bash\nbrew tap azure/azd \u0026\u0026 brew install azd\n```\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cb\u003eLinux\u003c/b\u003e\u003c/summary\u003e\n\n```bash\ncurl -fsSL https://aka.ms/install-azd.sh | bash\n```\n\u003c/details\u003e\n\n### 2. Install azd-exec\n\n```bash\n# Add the extension registry\nazd extension source add -n jongio -t url -l https://jongio.github.io/azd-extensions/registry.json\n\n# Install the extension\nazd extension install jongio.azd.exec\n\n# Verify installation\nazd exec version\n```\n\n### 3. Run Your Script\n\n```bash\n# Review the script first\ncat ./deploy.sh\n\n# Then execute\nazd exec ./deploy.sh\n```\n\n---\n\n## πŸ“š Usage Examples\n\n### Basic Execution\n\n```bash\n# Execute a script file\nazd exec ./my-script.sh\n\n# Execute an inline command\nazd exec 'echo \"Hello, $AZURE_ENV_NAME\"'\n```\n\nFor complete command reference, see [CLI Reference](cli/docs/cli-reference.md).\n\n### Specify Shell\n\n```bash\nazd exec --shell pwsh ./deploy.ps1\n\n# Inline with specific shell\nazd exec --shell pwsh 'Write-Host $env:AZURE_ENV_NAME'\n```\n\n### Pass Arguments\n\n```bash\nazd exec ./build.sh --verbose --config release\n# azd exec flags go before the script; script args go after it\n# example with cwd flag: azd exec --cwd /path/to/project ./build.sh --verbose\n```\n\n### Set Working Directory\n\n```bash\nazd exec --cwd /path/to/project ./scripts/setup.sh\n\n# Inline with working directory\nazd exec --cwd /tmp 'echo $(pwd)'\n```\n\n### Interactive Mode\n\n```bash\nazd exec --interactive ./interactive-setup.sh\n```\n\n---\n\n## πŸ’‘ Script Examples\n\n\u003ctable\u003e\n\u003ctr\u003e\n\u003ctd width=\"50%\"\u003e\n\n**Bash Script File**\n\n```bash\n#!/bin/bash\n# deploy.sh\n\necho \"Environment: $AZURE_ENV_NAME\"\necho \"Subscription: $AZURE_SUBSCRIPTION_ID\"\necho \"Location: $AZURE_LOCATION\"\n\nazd deploy --all\n```\n\n**Bash Inline**\n\n```bash\nazd exec 'echo \"Deploying to $AZURE_ENV_NAME\"'\nazd exec 'for i in {1..3}; do echo \"Step $i\"; done'\n```\n\n\u003c/td\u003e\n\u003ctd width=\"50%\"\u003e\n\n**PowerShell Script File**\n\n```powershell\n# setup.ps1\n\nWrite-Host \"Environment: $env:AZURE_ENV_NAME\"\nWrite-Host \"Resource Group: $env:AZURE_RESOURCE_GROUP\"\n\n# Your setup logic here\n```\n\n**PowerShell Inline**\n\n```bash\nazd exec --shell pwsh 'Write-Host \"Hello from $env:AZURE_ENV_NAME\"'\nazd exec --shell pwsh 'Get-ChildItem Env: | Where-Object Name -like \"AZURE_*\"'\n```\n\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/table\u003e\n\n**Run script files:**\n```bash\n# First, review the script\ncat ./deploy.sh\n\n# Then execute\nazd exec ./deploy.sh\n```\n\n---\n\n## 🌍 Environment Variables\n\nScripts executed by `azd exec` have access to all azd environment variables:\n\n| Variable | Description |\n|----------|-------------|\n| `AZURE_ENV_NAME` | Current azd environment name |\n| `AZURE_SUBSCRIPTION_ID` | Azure subscription ID |\n| `AZURE_LOCATION` | Azure region/location |\n| `AZURE_RESOURCE_GROUP` | Resource group name |\n| `AZURE_TENANT_ID` | Azure tenant ID |\n| *Custom variables* | All environment variables from your azd environment |\n\n---\n\n## πŸ” Azure Key Vault Integration\n\n`azd exec` automatically resolves Azure Key Vault references in environment variables, allowing you to securely store and access secrets without hardcoding them.\n\n\u003e **Note**: Key Vault resolution is provided by the [azd-core](https://github.com/jongio/azd-core) library, a shared utility for Azure Developer CLI tools.\n\n### Supported Reference Formats\n\n**Format 1: SecretUri**\n```bash\n@Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/my-secret)\n@Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/my-secret/abc123)\n```\n\n**Format 2: VaultName and SecretName**\n```bash\n@Microsoft.KeyVault(VaultName=myvault;SecretName=my-secret)\n@Microsoft.KeyVault(VaultName=myvault;SecretName=my-secret;SecretVersion=abc123)\n```\n\n**Format 3: azd akvs URI**\n```bash\nakvs://c3b3091e-400e-43a7-8ee5-e6e8cefdbebf/myvault/my-secret\nakvs://c3b3091e-400e-43a7-8ee5-e6e8cefdbebf/myvault/my-secret/abc123\n```\n\nNote: `azd` may export environment variables with quotes; `azd exec` trims whitespace and strips a single pair of wrapper quotes before detecting/parsing Key Vault references. The akvs:// format (Format 3) is used internally by azd and includes a subscription/tenant GUID, vault name, secret name, and optional version.\n\n### Usage Example\n\n**1. Store a secret in Azure Key Vault:**\n```bash\naz keyvault secret set --vault-name myvault --name database-password --value \"SuperSecret123!\"\n```\n\n**2. Set environment variable with Key Vault reference:**\n```bash\nazd env set-secret DATABASE_PASSWORD\n```\n\n**3. Use in your script:**\n```bash\n#!/bin/bash\n# deploy.sh\n\necho \"Connecting to database...\"\n# DATABASE_PASSWORD is automatically resolved to the actual secret value\nmysql -u admin -p\"$DATABASE_PASSWORD\" -h myserver.mysql.database.azure.com\n```\n\n**4. Run the script:**\n```bash\nazd exec ./deploy.sh\n```\n\n### How It Works\n\n1. `azd exec` scans environment variables for Key Vault references\n2. Uses Azure DefaultAzureCredential (same authentication as azd)\n3. Fetches secret values from Key Vault before running your script\n4. Passes resolved values to your script securely\n5. If resolution fails, warns but continues with original values\n\n### Authentication\n\nKey Vault resolution uses the same Azure credentials that `azd` uses:\n- Azure CLI (`az login`)\n- Managed Identity (when running on Azure)\n- Environment variables (`AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_TENANT_ID`)\n- Visual Studio / VS Code authentication\n\n### Error Handling\n\nIf Key Vault resolution fails (e.g., secret not found, no access, vault doesn't exist):\n- A warning is displayed to stderr (secret values are never printed)\n- `azd exec` continues resolving other Key Vault references\n- Successfully resolved secrets are substituted with their values\n- Failed references remain unchanged (still `akvs://...` or `@Microsoft.KeyVault(...)`)\n\nTo fail-fast (abort on the first Key Vault resolution error), use:\n\n```bash\nazd exec --stop-on-keyvault-error ./script.sh\n```\n\n### Security Benefits\n\n- βœ… **No secrets in code**: Store references, not actual secrets\n- βœ… **Centralized management**: Update secrets in Key Vault, not in code\n- βœ… **Access control**: Use Azure RBAC to control who can access secrets\n- βœ… **Audit trail**: Key Vault logs all secret access\n- βœ… **Automatic rotation**: Update secrets without changing code\n\n---\n\n## πŸ”§ Development\n\n### Documentation\n\n- [CLI Reference](cli/docs/cli-reference.md) - Complete command and flag reference\n- [Security Review](cli/docs/security-review.md) - Security analysis and best practices\n- [Threat Model](cli/docs/threat-model.md) - Security threat analysis\n\n### Build from Source\n\n```bash\ngit clone https://github.com/jongio/azd-exec.git\ncd azd-exec/cli\nchmod +x build.sh\n./build.sh\n```\n\nBinary created in `cli/bin/exec`.\n\n### Prerequisites\n\n- Go 1.25.5 or later\n- golangci-lint\n- Node.js 20+ (for cspell)\n\n### Commands\n\n```bash\n# Build\ncd cli \u0026\u0026 ./build.sh\n\n# Test - Run all tests (unit, integration, e2e)\npnpm test\n\n# Test - Individual test suites\npnpm test:cli:unit # CLI unit tests only\npnpm test:cli:integration # CLI integration tests only \npnpm test:web # Web e2e tests only\n\n# Lint\ncd cli \u0026\u0026 golangci-lint run\n\n# Spell check\nnpm install -g cspell\ncspell \"**/*.{go,md,yaml,yml}\" --config cspell.json\n\n# Security scan\ngo install github.com/securego/gosec/v2/cmd/gosec@latest\ncd cli \u0026\u0026 gosec ./...\n```\n\nFor detailed testing information, see [TESTING.md](TESTING.md).\n\n---\n\n## πŸš€ CI/CD\n\nGitHub Actions workflows:\n\n- **CI**: Linting, spell checking, tests (Linux/Windows/macOS), security scanning, coverage\n- **CodeQL**: Security analysis on push to main and weekly\n- **Release**: Automated releases with multi-platform binaries\n\n---\n\n## 🀝 Contributing\n\nContributions welcome! See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.\n\n1. Fork the repository\n2. Create feature branch: `git checkout -b feature/amazing-feature`\n3. Commit changes: `git commit -m 'Add amazing feature'`\n4. Push to branch: `git push origin feature/amazing-feature`\n5. Open a Pull Request\n\nEnsure: tests pass, code linted, documentation updated, security scans pass.\n\n---\n\n## πŸ“„ License\n\nMIT License - see [LICENSE](LICENSE) file for details.\n\n---\n\n## πŸ”– Release Notes\n\n**Latest**: [View releases](https://github.com/jongio/azd-exec/releases)\n\n### For Maintainers\n\n**Automated Release (Recommended)**\n\n1. Go to **Actions** β†’ **Release** workflow\n2. Click **Run workflow**\n3. Choose bump type: **patch** (bug fixes), **minor** (features), **major** (breaking changes)\n4. Click **Run workflow**\n\nWorkflow automatically: calculates version, updates files, builds binaries, creates release, updates registry.\n\n**Manual Release (Testing)**\n\n```bash\n# Install tooling\nazd extension install microsoft.azd.extensions\n\n# Build \u0026 package\ncd cli\nexport extension_id=\"jongio.azd.exec\"\nexport extension_version=\"0.1.0\"\nazd x build --all\nazd x pack\n\n# Create release\nazd x release --repo \"jongio/azd-exec\" --version \"0.1.0\" --draft\nazd x publish --registry ../registry.json --version \"0.1.0\"\n```\n\n---\n\n## πŸ“Ž Related Projects\n\n- [Azure Developer CLI](https://github.com/Azure/azure-dev) - Core azd tool\n- [azd-app](https://github.com/jongio/azd-app) - Run Azure apps locally\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n### Need help or have questions?\n\n[**Open an issue on GitHub β†’**](https://github.com/jongio/azd-exec/issues)\n\n\u003cbr /\u003e\n\n**Note**: Legacy invocation `azd script` is supported as an alias to `azd exec` for backwards compatibility.\n\n\u003cbr /\u003e\n\nBuilt with ❀️ for Azure developers\n\n\u003c/div\u003e","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjongio%2Fazd-exec","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjongio%2Fazd-exec","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjongio%2Fazd-exec/lists"}