Vnet/IP ACL sample for Azure Key Vault using the Azure Node SDK

• Code Sample
• 06/21/2022
• 5 contributors

This sample repo demonstrates how to create an Azure Key Vault with access limited to specific IP ranges and Azure Virtual Networks.

How to run this sample

1. If you don't already have it, get node.js.

2. Clone the repo.

   git clone https://github.com/Azure-Samples/key-vault-node-network-acl.git key-vault
   

3. Install the dependencies.

   cd key-vault
   npm install
   

4. Create an Azure service principal, using one of the following:

   • Azure CLI,
   • PowerShell
   • Azure Portal.

   This service principal is to run the sample on your Azure account.

5. Set the following environment variables using the information from the service principal that you created.

   export AZURE_SUBSCRIPTION_ID={your subscription id}
   export AZURE_CLIENT_ID={your client id}
   export AZURE_CLIENT_SECRET={your client secret}
   export AZURE_TENANT_ID={your tenant id as a GUID}
   export AZURE_CLIENT_OID={Object id of the service principal}
   

On Windows, use set instead of export.

6. Observe/update the definition of networkAcls in network_acl_sample.js if you desire. By default, access from all IP addresses is allowed.

7. Run the sample.

   node network_acl_sample.js
   

References and further reading

• Azure SDK for Node.js
• Azure KeyVault Documentation
• Key Vault REST API Reference
• Manage Key Vault using CLI
• Storing and using secrets in Azure