Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.
If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!
Support for Azure Key Vault references in Connector credentials
-
hello,
Is there any plan to support Azure Key Vault references for storing Connector credentials (e.g. GitHub PAT tokens) in ProGet, similar to how Azure Data Factory or other tools allow referencing secrets directly from Key Vault instead of storing them in plain text or in the application database?
Currently, when creating a Connector to GitHub Packages, the token must be entered directly in the UI. We would prefer to store this sensitive token in Azure Key Vault and have ProGet resolve it at runtime, rather than managing it inside ProGet itself.
Is this on the roadmap, or is there a recommended workaround?
-
Hi @alkhleif_2585 ,
There isn't much demand for this kind of feature (I think we've only seen one or two requests for this over very many years) so it's not on our roadmap.
And it's unlikely we will add it to the roadmap considering that it would be quite costly to build, support, and maintain. Especially considering that we'd need to support all of the major "vaults" out there as well.
It doesn't seem to add much value to ProGet as these types of read-only credentials can be very long living (several years) without any security risk, and take just a few minutes to rotate when needed.
That being said, you could probably write a "sync script" pretty easily that continuously updates the connector credentials by connecting to the vault and then updating it via the API.
Cheers,
Steve
