Tcl
Tcl
Azure Key Vault - List Matching Secrets
See more Secrets Examples
List secrets in the Azure Key Vault matching one or more wildcarded names for app, service, domain, and username.Note: This example requires Chilkat v10.1.0 or later.
Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
# The bootstrap secret will contain the following information:
# Azure Tenant ID
# Azure Client ID
# Azure Client Secret
# See following examples for setting up a bootstrap secret in memory,
# or in the local manager (Windows Credentials Manager or Apple Keychain)
# Setup Bootstrap Secret in Local Manager
# Setup Bootstrap Secret in Memory
set bootstrap [new_CkSecrets]
# Set the location of the bootstrap secret.
# Can be "local_manager" or "memory", depending on how you setup the bootstrap secret.
# ---------------------------------------------------------------------------------------------
# If your operating system is NOT Windows or MacOS/iOS, then change "local_manager" to "memory"
# You can also, if desired, use "memory" on Windows and MacOS/iOS if your bootstrap secret was previously setup in memory.
# ---------------------------------------------------------------------------------------------
CkSecrets_put_Location $bootstrap "local_manager"
# Specify the bootstrap secret to be used.
set bsId [new_CkJsonObject]
CkJsonObject_UpdateString $bsId "appName" "azure_bs"
CkJsonObject_UpdateString $bsId "service" "Example"
CkJsonObject_UpdateString $bsId "username" "Joe"
# ----------------------------------------------------
set secrets [new_CkSecrets]
# Setup for the Azure Key Vault
CkSecrets_put_Location $secrets "azure_key_vault"
set success [CkSecrets_SetBootstrapSecret $secrets $bsId $bootstrap]
if {$success == 0} then {
puts [CkSecrets_lastErrorText $secrets]
delete_CkSecrets $bootstrap
delete_CkJsonObject $bsId
delete_CkSecrets $secrets
exit
}
# Set wildcarded or exact values for appName, service, domain, and username.
# Omit any members where anything is allowed to match, or alternatively specify "*" to match anything.
set jsonMatch [new_CkJsonObject]
CkJsonObject_UpdateString $jsonMatch "appName" "Test*"
# The following lines can be omitted. Not specifying anything for service, domain, or username is the same as "*".
CkJsonObject_UpdateString $jsonMatch "service" "*"
CkJsonObject_UpdateString $jsonMatch "domain" "*"
CkJsonObject_UpdateString $jsonMatch "username" "*"
# For Azure Key Vault, we also need to specify the name of the vault containing the secrets to be listed.
# Replace "kvChilkat" with the name of your key vault.
CkJsonObject_UpdateString $jsonMatch "vaultName" "kvChilkat"
set results [new_CkJsonObject]
CkJsonObject_put_EmitCompact $results 0
set success [CkSecrets_ListSecrets $secrets $jsonMatch $results]
if {$success == 0} then {
puts [CkSecrets_lastErrorText $secrets]
delete_CkSecrets $bootstrap
delete_CkJsonObject $bsId
delete_CkSecrets $secrets
delete_CkJsonObject $jsonMatch
delete_CkJsonObject $results
exit
}
puts [CkJsonObject_emit $results]
# Sample output:
# {
# "secrets": [
# {
# "appName": "Test",
# "service": "Something",
# "domain": "Xyz",
# "username": "Abc",
# "azure_id": "https://kvchilkat.vault.azure.net/secrets/Test-Something-Xyz-Abc"
# },
# {
# "appName": "Test2",
# "service": "Custom",
# "domain": "Ocean",
# "username": "Starfish",
# "azure_id": "https://kvchilkat.vault.azure.net/secrets/Test2-Custom-Ocean-Starfish"
# }
# ]
# }
# ---------------------------------------------------------------------------------------
# Here's sample code for parsing the JSON list of secrets.
set i 0
set numSecrets [CkJsonObject_SizeOfArray $results "secrets"]
while {$i < $numSecrets} {
CkJsonObject_put_I $results $i
# Note: appName and domain are optional and may not exist in any given secret.
set appName [CkJsonObject_stringOf $results "secrets[i].appName"]
set service [CkJsonObject_stringOf $results "secrets[i].service"]
set domain [CkJsonObject_stringOf $results "secrets[i].domain"]
set username [CkJsonObject_stringOf $results "secrets[i].username"]
# Informational field for the raw Azure secret name.
set azure_id [CkJsonObject_stringOf $results "secrets[i].azure_id"]
set i [expr $i + 1]
}
delete_CkSecrets $bootstrap
delete_CkJsonObject $bsId
delete_CkSecrets $secrets
delete_CkJsonObject $jsonMatch
delete_CkJsonObject $results