Merge pull request #2930 from Infisical/vmatsiiako-wiki-patch-1

Update onboarding.mdx
Merge pull request #2923 from Infisical/akhilmhdh-patch-azure
2025-07-25 14:07:47 +00:00 · 2025-01-01 18:12:48 -05:00 · 2025-01-01 15:04:50 -08:00 · 2024-12-30 23:19:54 +08:00 · 2024-12-29 19:51:59 +05:30 · 2024-12-29 08:18:52 -05:00
9 changed files with 129 additions and 11 deletions
--- a/backend/src/services/integration-auth/integration-sync-secret.ts
+++ b/backend/src/services/integration-auth/integration-sync-secret.ts
@@ -305,10 +305,16 @@ const syncSecretsAzureAppConfig = async ({
    value: string;
  }

-  const getCompleteAzureAppConfigValues = async (url: string) => {
+  if (!integration.app || !integration.app.endsWith(".azconfig.io"))
+    throw new BadRequestError({
+      message: "Invalid Azure App Configuration URL provided."
+    });
+
+  const getCompleteAzureAppConfigValues = async (baseURL: string, url: string) => {
    let result: AzureAppConfigKeyValue[] = [];
    while (url) {
      const res = await request.get(url, {
+        baseURL,
        headers: {
          Authorization: `Bearer ${accessToken}`
        },
@@ -319,7 +325,7 @@ const syncSecretsAzureAppConfig = async ({
      });

      result = result.concat(res.data.items);
-      url = res.data.nextLink;
+      url = res.data?.["@nextLink"];
    }

    return result;
@@ -327,11 +333,13 @@ const syncSecretsAzureAppConfig = async ({

  const metadata = IntegrationMetadataSchema.parse(integration.metadata);

-  const azureAppConfigValuesUrl = `${integration.app}/kv?api-version=2023-11-01&key=${metadata.secretPrefix}*${
+  const azureAppConfigValuesUrl = `/kv?api-version=2023-11-01&key=${metadata.secretPrefix}*${
    metadata.azureLabel ? `&label=${metadata.azureLabel}` : "&label=%00"
  }`;

-  const azureAppConfigSecrets = (await getCompleteAzureAppConfigValues(azureAppConfigValuesUrl)).reduce(
+  const azureAppConfigSecrets = (
+    await getCompleteAzureAppConfigValues(integration.app, azureAppConfigValuesUrl)
+  ).reduce(
    (accum, entry) => {
      accum[entry.key] = entry.value;

--- a/company/handbook/onboarding.mdx
+++ b/company/handbook/onboarding.mdx
@@ -19,7 +19,7 @@ Every new joiner has an onboarding buddy who should ideally be in the the same t
 1. Join the weekly all-hands meeting. It typically happens on Monday's at 8:30am PT.
 2. Ship something together on day one – even if tiny! It feels great to hit the ground running, with a development environment all ready to go.
 3. Check out the [Areas of Responsibility (AoR) Table](https://docs.google.com/spreadsheets/d/1RnXlGFg83Sgu0dh7ycuydsSobmFfI3A0XkGw7vrVxEI/edit?usp=sharing). This is helpful to know who you can ask about particular areas of Infisical. Feel free to add yourself to the areas you'd be most interesting to dive into.
-4. Read the [Infisical Strategy Doc](https://docs.google.com/document/d/1RaJd3RoS2QpWLFHlgfHaXnHqCCwRt6mCGZkbJ75J_D0/edit?usp=sharing).
+4. Read the [Infisical Strategy Doc](https://docs.google.com/document/d/1uV9IaahYwbZ5OuzDTFdQMSa1P0mpMOnetGB-xqf4G40).
 5. Update your LinkedIn profile with one of [Infisical's official banners](https://drive.google.com/drive/u/0/folders/1oSNWjbpRl9oNYwxM_98IqzKs9fAskrb2) (if you want to). You can also coordinate your social posts in the #marketing Slack channel, so that we can boost it from Infisical's official social media accounts.
 6. Over the first few weeks, feel free to schedule 1:1s with folks on the team to get to know them a bit better.
 7. Change your Slack username in the users channel to `[NAME] (Infisical)`.
--- a/docs/images/integrations/azure-key-vault/integrations-azure-key-vault-tenant-select.png
+++ b/docs/images/integrations/azure-key-vault/integrations-azure-key-vault-tenant-select.png
--- a/docs/integrations/cloud/azure-app-configuration.mdx
+++ b/docs/integrations/cloud/azure-app-configuration.mdx
@@ -29,6 +29,15 @@ description: "How to sync secrets from Infisical to Azure App Configuration"
        ![integrations](../../images/integrations/azure-app-configuration/create-integration-form.png)

        Press create integration to start syncing secrets to Azure App Configuration.
+
+        <Note>
+          The Azure App Configuration integration requires the following permissions to be set on the user / service principal
+          for Infisical to sync secrets to Azure App Configuration: `Read Key-Value`, `Write Key-Value`, `Delete Key-Value`.
+
+          Any role with these permissions would work such as the **App Configuration Data Owner** role. Alternatively, you can use the
+          **App Configuration Data Reader** role for read-only access or **App Configuration Data Contributor** role for read/write access.
+        </Note>
+
      </Step>
      <Step title="Additional Configuration">

@@ -38,7 +47,7 @@ description: "How to sync secrets from Infisical to Azure App Configuration"
          - `{ "uri": "https://my-key-vault.vault.azure.net/secrets/my-secret" }`
          - `https://my-key-vault.vault.azure.net/secrets/my-secret`

-        ### Azure Labels 
+        #### Azure Labels 
          You can sync secrets from Infisical to Azure with custom labels by enabling the `Use Labels` option during setup:

          **When enabled**: Secrets will be pushed to Azure with your specified label
--- a/docs/integrations/cloud/azure-key-vault.mdx
+++ b/docs/integrations/cloud/azure-key-vault.mdx
@@ -17,6 +17,10 @@ description: "How to sync secrets from Infisical to Azure Key Vault"
        ![integrations](../../images/integrations.png)

        Press on the Azure Key Vault tile and grant Infisical access to Azure Key Vault.
+        You can optionally authenticate against a specific tenant by providing the Azure tenant or directory ID.
+
+        ![integrations](/images/integrations/azure-key-vault/integrations-azure-key-vault-tenant-select.png)
+
      </Step>
      <Step title="Start integration">
        Obtain the Vault URI of your key vault in the Overview tab.
--- a/docs/mint.json
+++ b/docs/mint.json
@@ -940,9 +940,6 @@
      ]
    }
  ],
-  "integrations": {
-    "intercom": "hsg644ru"
-  },
  "analytics": {
    "koala": {
      "publicApiKey": "pk_b50d7184e0e39ddd5cdb43cf6abeadd9b97d"
--- a/frontend/src/hooks/api/ca/queries.tsx
+++ b/frontend/src/hooks/api/ca/queries.tsx
@@ -7,7 +7,7 @@ import { TCertificateAuthority } from "./types";

 export const caKeys = {
  getCaById: (caId: string) => [{ caId }, "ca"],
-  getCaCerts: (caId: string) => [{ caId }, "ca-cert"],
+  getCaCerts: (caId: string) => [{ caId }, "ca-certs"],
  getCaCrls: (caId: string) => [{ caId }, "ca-crls"],
  getCaCert: (caId: string) => [{ caId }, "ca-cert"],
  getCaCsr: (caId: string) => [{ caId }, "ca-csr"],
--- a/frontend/src/pages/integrations/azure-key-vault/authorize.tsx
+++ b/frontend/src/pages/integrations/azure-key-vault/authorize.tsx
@@ -0,0 +1,100 @@
+import { Controller, useForm } from "react-hook-form";
+import Head from "next/head";
+import Image from "next/image";
+import Link from "next/link";
+import { useRouter } from "next/router";
+import { faArrowUpRightFromSquare, faBookOpen } from "@fortawesome/free-solid-svg-icons";
+import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
+import { zodResolver } from "@hookform/resolvers/zod";
+import z from "zod";
+
+import { Button, Card, CardTitle, FormControl, Input } from "@app/components/v2";
+
+const schema = z.object({
+  tenantId: z.string().trim().optional()
+});
+
+type FormData = z.infer<typeof schema>;
+
+export default function AzureKeyVaultAuthorizeIntegrationPage() {
+  const router = useRouter();
+  const { state, clientId } = router.query;
+  const { control, handleSubmit } = useForm<FormData>({
+    resolver: zodResolver(schema)
+  });
+
+  const onFormSubmit = async ({ tenantId }: FormData) => {
+    const link = `https://login.microsoftonline.com/${
+      tenantId ?? "common"
+    }/oauth2/v2.0/authorize?client_id=${clientId}&response_type=code&redirect_uri=${
+      window.location.origin
+    }/integrations/azure-key-vault/oauth2/callback&response_mode=query&scope=https://vault.azure.net/.default openid offline_access&state=${state}`;
+
+    window.location.assign(link);
+  };
+
+  return (
+    <div className="flex h-full w-full items-center justify-center">
+      <Head>
+        <title>Authorize Azure Key Vault Integration</title>
+        <link rel="icon" href="/infisical.ico" />
+      </Head>
+      <Card className="mb-12 max-w-lg rounded-md border border-mineshaft-600">
+        <CardTitle
+          className="px-6 text-left text-xl"
+          subTitle="Authenticate with a specific tenant ID or let OAuth handle it automatically."
+        >
+          <div className="flex flex-row items-center">
+            <div className="flex items-center pb-0.5">
+              <Image
+                src="/images/integrations/Microsoft Azure.png"
+                height={30}
+                width={30}
+                alt="Azure logo"
+              />
+            </div>
+            <span className="ml-2.5">Azure Key Vault Integration </span>
+            <Link href="https://infisical.com/docs/integrations/cloud/azure-key-vault" passHref>
+              <a target="_blank" rel="noopener noreferrer">
+                <div className="ml-2 mb-1 inline-block cursor-default rounded-md bg-yellow/20 px-1.5 pb-[0.03rem] pt-[0.04rem] text-sm text-yellow opacity-80 hover:opacity-100">
+                  <FontAwesomeIcon icon={faBookOpen} className="mr-1.5" />
+                  Docs
+                  <FontAwesomeIcon
+                    icon={faArrowUpRightFromSquare}
+                    className="ml-1.5 mb-[0.07rem] text-xxs"
+                  />
+                </div>
+              </a>
+            </Link>
+          </div>
+        </CardTitle>
+        <form onSubmit={handleSubmit(onFormSubmit)} className="px-6 pb-8 text-right">
+          <Controller
+            control={control}
+            name="tenantId"
+            render={({ field, fieldState: { error } }) => (
+              <FormControl
+                label="Tenant ID (optional)"
+                errorText={error?.message}
+                isError={Boolean(error)}
+              >
+                <Input {...field} placeholder="2e39537c-9a01-4bd6-a7b8-c3b88cbb8db9" />
+              </FormControl>
+            )}
+          />
+          <Button
+            colorSchema="primary"
+            variant="outline_bg"
+            className="mt-2 w-min"
+            size="sm"
+            type="submit"
+          >
+            Connect to Azure Key Vault
+          </Button>
+        </form>
+      </Card>
+    </div>
+  );
+}
+
+AzureKeyVaultAuthorizeIntegrationPage.requireAuth = true;
--- a/frontend/src/views/IntegrationsPage/IntegrationPage.utils.tsx
+++ b/frontend/src/views/IntegrationsPage/IntegrationPage.utils.tsx
@@ -69,7 +69,7 @@ export const redirectForProviderAuth = (integrationOption: TCloudIntegration) =>
          createIntegrationMissingEnvVarsNotification(integrationOption.slug);
          return;
        }
-        link = `https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=${integrationOption.clientId}&response_type=code&redirect_uri=${window.location.origin}/integrations/azure-key-vault/oauth2/callback&response_mode=query&scope=https://vault.azure.net/.default openid offline_access&state=${state}`;
+        link = `${window.location.origin}/integrations/azure-key-vault/authorize?clientId=${integrationOption.clientId}&state=${state}`;
        break;
      case "azure-app-configuration":
        if (!integrationOption.clientId) {
Author	SHA1	Message	Date
Maidul Islam	96b8e7fda8	Merge pull request #2930 from Infisical/vmatsiiako-wiki-patch-1	2025-01-01 18:12:48 -05:00
Vlad Matsiiako	93b9108aa3	Update onboarding.mdx	2025-01-01 15:04:50 -08:00
Sheen	99017ea1ae	Merge pull request #2923 from Infisical/akhilmhdh-patch-azure fix: resolved azure app config api not pulling all keys	2024-12-30 23:19:54 +08:00
Akhil Mohan	f32588112e	fix: resolved azure app config api not pulling all keys	2024-12-29 19:51:59 +05:30
Maidul Islam	f9b0b6700a	Merge pull request #2922 from Infisical/feat/authenticate-key-vault-against-specific-tenant feat: auth key vault against specific tenant	2024-12-29 08:18:52 -05:00
Maidul Islam	b45d9398f0	Merge pull request #2920 from Infisical/vmatsiiako-intercom-patch-1	2024-12-27 21:47:36 -05:00
Maidul Islam	1d1140237f	Update azure-app-configuration.mdx	2024-12-27 00:59:49 -05:00
Maidul Islam	937560fd8d	Update azure-app-configuration.mdx	2024-12-27 00:58:48 -05:00
Maidul Islam	5f4b7b9ea7	Merge pull request #2921 from Infisical/patch-azure-label Azure App Config Label patch	2024-12-27 00:40:42 -05:00
Sheen Capadngan	7f6bc3ecfe	misc: added additional note for azure app config	2024-12-26 19:07:45 +08:00
Sheen Capadngan	d8cc000ad1	feat: authenticate key vault against specific tenant	2024-12-26 19:07:16 +08:00
Vlad Matsiiako	50ceedf39f	Remove intercom from docs	2024-12-25 16:40:45 -08:00
BlackMagiq	550096e72b	Merge pull request #2787 from Mhammad-riyaz/riyaz/query Fix Error When Clicking on CA Table Row After Viewing Certificate in Certificate Authorities Tab	2024-12-25 02:05:27 -08:00
mohammad riyaz	242595fceb	changed getCaCerts key from ca-cert -> ca-certs	2024-11-24 21:05:39 +05:30