Skip to content

feat: add Azure Key Vault provider support with GitHub workflow inputs #90

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Copilot wants to merge 18 commits into
base: main
Choose a base branch
from
Draft

feat: add Azure Key Vault provider support with GitHub workflow inputs #90

Copilot wants to merge 18 commits into from

Conversation

Copy link

Copilot AI commented Nov 14, 2025
edited
Loading

Pull Request

What does this PR do?

Adds Azure Key Vault as a cloud provider alongside AWS SSM, maintaining backward compatibility with AWS as the default. This implementation was built from scratch with a clean architecture and has been merged with the latest main branch changes.

Core Changes:

  • New --provider CLI flag (defaults to aws)
  • AzureKeyVaultSecretProvider implementing ISecretProvider interface following the same dependency injection pattern as AWS
  • Secret name normalization for Azure Key Vault naming constraints (alphanumeric + hyphens only)
  • Environment-based configuration via AZURE_KEY_VAULT_URL
  • GitHub workflow inputs added for manual workflow dispatch with map_file, env_file, and provider options
  • Merged with main branch including GitHub Action support, pnpm migration, and latest dependency updates

GitHub Workflow Enhancements:
Added workflow_dispatch inputs to .github/workflows/tests.yml:

  • map_file: Path to the JSON file with environment variable mapping (default: param-map.json)
  • env_file: Path to the .env file to be generated or imported (default: .env)
  • provider: Cloud provider choice dropdown (aws/azure, default: aws)

Implementation:

# AWS (default, unchanged behavior)
envilder --push --key=DB_PASSWORD --value=12345 --ssm-path=/my-app/db/password

# AWS (explicit)
envilder --provider=aws --push --key=DB_PASSWORD --value=12345 --ssm-path=/my-app/db/password

# Azure
export AZURE_KEY_VAULT_URL=https://my-vault.vault.azure.net
envilder --provider=azure --push --key=DB_PASSWORD --value=12345 --ssm-path=/my-app/db/password

Secret paths like /my-app/db/password are automatically normalized to my-app-db-password for Azure compatibility.

Architecture Consistency:
Both providers follow the same dependency injection pattern for consistency:

  • AwsSsmSecretProvider(ssm: SSM) - Accepts pre-constructed SSM client
  • AzureKeyVaultSecretProvider(client: SecretClient) - Accepts pre-constructed SecretClient

This provides better testability, more flexibility for credential configuration, and consistent architecture across providers.

Main Branch Integration:

  • Successfully merged latest changes from main branch
  • Resolved conflicts in package.json (added Azure dependencies to latest versions)
  • Removed package-lock.json (migrated to pnpm)
  • Preserved Azure provider functionality and error handling
  • Integrated with new GitHub Action implementation from main
  • Updated to use pnpm for package management
  • All new documentation and workflows from main included

Related issues

Implements requested feature for Azure Key Vault support.

Type of change

  • Feature
  • Bugfix
  • Refactor
  • Documentation
  • Other

Checklist

  • Tests added/updated (if needed)
  • Docs updated (if needed)
  • Lint/format pass

Notes for reviewer

  • Zero breaking changes - existing AWS commands work unchanged
  • Provider selection via dependency injection in Startup.configureInfrastructure()
  • Azure provider accepts SecretClient directly (matching AWS SSM pattern) for consistency and better testability
  • Error handling improved to show meaningful messages when provider initialization fails (e.g., missing AZURE_KEY_VAULT_URL)
  • Implementation was completely redone from scratch for a clean architecture
  • GitHub workflow now supports provider selection for manual workflow runs with dropdown choices
  • Successfully merged with main branch including GitHub Action support and pnpm migration
  • All conflicts carefully resolved to preserve both Azure functionality and main branch improvements
  • All commits follow conventional commit format (type: description) as per git conventions
Original prompt

Add Azure key vault

Command example

envilder --provider=azure --push --key=DB_PASSWORD --value=12345 --ssm-path=/my-app/db/password

to not add breaking changes
by default --provider=aws

Use same integration test approach followed by aws
Create same tests but for azure and apply/follow same conventions

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Nov 14, 2025
edited
Loading

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

Copilot AI changed the title [WIP] Add Azure Key Vault integration with tests Add Azure Key Vault provider support Nov 14, 2025
Copilot AI requested a review from macalbert November 14, 2025 23:57
Copilot AI changed the title Add Azure Key Vault provider support feat: add Azure Key Vault provider support Nov 15, 2025
@macalbert macalbert marked this pull request as ready for review November 15, 2025 10:01
@macalbert macalbert marked this pull request as draft November 15, 2025 10:01
@macalbert
chore(tsconfig): Update module and resolution settings to Node16
caa65cd
@macalbert
docs: Update README and add Azure Key Vault setup guide
a847299 
- Enhance README to include Azure Key Vault support alongside AWS.
- Create detailed Azure Key Vault setup guide for Envilder.
@macalbert macalbert mentioned this pull request Nov 16, 2025
Merged
5 tasks
Repository owner deleted a comment from Copilot AI Nov 16, 2025
Copilot AI changed the title feat: add Azure Key Vault provider support feat: add Azure Key Vault provider support with GitHub workflow inputs Nov 16, 2025

This comment was marked as outdated.

Sign in to view
Repository owner deleted a comment from Copilot AI Nov 17, 2025
Repository owner deleted a comment from Copilot AI Nov 17, 2025
Repository owner deleted a comment from Copilot AI Nov 17, 2025
Repository owner deleted a comment from Copilot AI Nov 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@macalbert macalbert Awaiting requested review from macalbert

Assignees

@macalbert macalbert

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@macalbert