Add Azure Key Vault support for Atmos Stores #963
Conversation
This comment was marked as outdated.
This comment was marked as outdated.
There was a problem hiding this comment.
Actionable comments posted: 3
🧹 Nitpick comments (4)
pkg/store/azure_keyvault_store.go (3)
83-89: Refine secret name normalization for consistency.Replacing
"--"with"-"may not handle cases with more than two consecutive dashes. Using a regular expression to replace multiple dashes ensures consistent normalization of thesecretName.Apply this diff to enhance the handling:
- secretName = strings.ReplaceAll(secretName, "--", "-") + secretName = regexp.MustCompile("-+").ReplaceAllString(secretName, "-")
162-179: Improve the exponential backoff strategy in retries.The current backoff increases linearly, which might not be optimal for handling transient errors. Implementing an exponential backoff can provide better performance and resource utilization during retries.
Modify the sleep duration to implement exponential backoff:
// Add exponential backoff for retries - time.Sleep(time.Duration(i+1) * time.Second) + sleepDuration := time.Duration(math.Pow(2, float64(i))) * time.Second + time.Sleep(sleepDuration)Don't forget to import the
mathpackage:+ "math"
125-138: Consider adding context with timeout to theSetmethod.Including a context with a timeout, similar to the
Getmethod, can prevent potential hangs and improve responsiveness during secret storage operations.Apply this diff to incorporate context with timeout:
func (s *KeyVaultStore) Set(stack string, component string, key string, value interface{}) error { // Existing code... + ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) + defer cancel() + _, err = s.client.SetSecret(ctx, secretName, params, nil) if err != nil { var respErr *azcore.ResponseError // Error handling...website/docs/core-concepts/projects/configuration/stores.mdx (1)
203-206: Consider these typographical improvements:
- Use typographic quotes (") instead of straight quotes (") for the parameters.
- Use an en dash (–) instead of a hyphen (-) in the range "1-127".
Also applies to: 216-216
🧰 Tools
🪛 LanguageTool
[typographical] ~203-~203: Consider using a typographic opening quote here.
Context: ...ample, with these parameters: - prefix: "myapp" - stack: "prod-us-west" - compone...(EN_QUOTES)
[typographical] ~203-~203: Consider using a typographic close quote here.
Context: ... with these parameters: - prefix: "myapp" - stack: "prod-us-west" - component: "d...(EN_QUOTES)
[typographical] ~204-~204: Consider using a typographic opening quote here.
Context: ... parameters: - prefix: "myapp" - stack: "prod-us-west" - component: "database/pos...(EN_QUOTES)
[typographical] ~204-~204: Consider using a typographic close quote here.
Context: ...- prefix: "myapp" - stack: "prod-us-west" - component: "database/postgres" - key:...(EN_QUOTES)
[typographical] ~205-~205: Consider using a typographic opening quote here.
Context: ...p" - stack: "prod-us-west" - component: "database/postgres" - key: "password" Th...(EN_QUOTES)
[typographical] ~205-~205: Consider using a typographic close quote here.
Context: ...us-west" - component: "database/postgres" - key: "password" The resulting Key Va...(EN_QUOTES)
[typographical] ~206-~206: Consider using typographic quotation marks here.
Context: ...- component: "database/postgres" - key: "password" The resulting Key Vault secret name wo...(EN_QUOTES)
📜 Review details
Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
go.sumis excluded by!**/*.sum
📒 Files selected for processing (5)
go.mod(5 hunks)pkg/store/azure_keyvault_store.go(1 hunks)pkg/store/azure_keyvault_store_test.go(1 hunks)pkg/store/registry.go(1 hunks)website/docs/core-concepts/projects/configuration/stores.mdx(2 hunks)
🧰 Additional context used
🪛 LanguageTool
website/docs/core-concepts/projects/configuration/stores.mdx
[typographical] ~203-~203: Consider using a typographic opening quote here.
Context: ...ample, with these parameters: - prefix: "myapp" - stack: "prod-us-west" - compone...
(EN_QUOTES)
[typographical] ~203-~203: Consider using a typographic close quote here.
Context: ... with these parameters: - prefix: "myapp" - stack: "prod-us-west" - component: "d...
(EN_QUOTES)
[typographical] ~204-~204: Consider using a typographic opening quote here.
Context: ... parameters: - prefix: "myapp" - stack: "prod-us-west" - component: "database/pos...
(EN_QUOTES)
[typographical] ~204-~204: Consider using a typographic close quote here.
Context: ...- prefix: "myapp" - stack: "prod-us-west" - component: "database/postgres" - key:...
(EN_QUOTES)
[typographical] ~205-~205: Consider using a typographic opening quote here.
Context: ...p" - stack: "prod-us-west" - component: "database/postgres" - key: "password" Th...
(EN_QUOTES)
[typographical] ~205-~205: Consider using a typographic close quote here.
Context: ...us-west" - component: "database/postgres" - key: "password" The resulting Key Va...
(EN_QUOTES)
[typographical] ~206-~206: Consider using typographic quotation marks here.
Context: ...- component: "database/postgres" - key: "password" The resulting Key Vault secret name wo...
(EN_QUOTES)
[typographical] ~216-~216: If specifying a range, consider using an en dash instead of a hyphen.
Context: ...dashes - Are case-insensitive - Must be 1-127 characters long The store automaticall...
(HYPHEN_TO_EN)
🪛 GitHub Actions: Dependency Review
go.mod
[error] Incompatible license detected: Package 'github.com/pkg/browser@0.0.0-20240102092130-5ac0b6a4141c' uses BSD-2-Clause license which is not compatible with project requirements
⏰ Context from checks skipped due to timeout of 90000ms (2)
- GitHub Check: Build (windows-latest, windows)
- GitHub Check: Summary
🔇 Additional comments (5)
pkg/store/registry.go (1)
42-53: Integration looks solid.The addition of the Azure Key Vault case in the registry is clear and follows the existing pattern.
website/docs/core-concepts/projects/configuration/stores.mdx (4)
20-21: LGTM! Clear and concise introduction of Azure Key Vault support.The configuration example is well-structured and includes all necessary fields with proper formatting.
Also applies to: 119-131
155-170: Well-documented authentication methods!The authentication documentation clearly outlines all supported methods and provides appropriate recommendations for different environments.
171-193: Excellent examples that demonstrate practical usage!The examples effectively cover both basic secret retrieval and component output storage scenarios.
195-235: Comprehensive documentation of key naming and error handling!The documentation clearly explains the key name construction rules and provides helpful error messages.
🧰 Tools
🪛 LanguageTool
[typographical] ~203-~203: Consider using a typographic opening quote here.
Context: ...ample, with these parameters: - prefix: "myapp" - stack: "prod-us-west" - compone...(EN_QUOTES)
[typographical] ~203-~203: Consider using a typographic close quote here.
Context: ... with these parameters: - prefix: "myapp" - stack: "prod-us-west" - component: "d...(EN_QUOTES)
[typographical] ~204-~204: Consider using a typographic opening quote here.
Context: ... parameters: - prefix: "myapp" - stack: "prod-us-west" - component: "database/pos...(EN_QUOTES)
[typographical] ~204-~204: Consider using a typographic close quote here.
Context: ...- prefix: "myapp" - stack: "prod-us-west" - component: "database/postgres" - key:...(EN_QUOTES)
[typographical] ~205-~205: Consider using a typographic opening quote here.
Context: ...p" - stack: "prod-us-west" - component: "database/postgres" - key: "password" Th...(EN_QUOTES)
[typographical] ~205-~205: Consider using a typographic close quote here.
Context: ...us-west" - component: "database/postgres" - key: "password" The resulting Key Va...(EN_QUOTES)
[typographical] ~206-~206: Consider using typographic quotation marks here.
Context: ...- component: "database/postgres" - key: "password" The resulting Key Vault secret name wo...(EN_QUOTES)
[typographical] ~216-~216: If specifying a range, consider using an en dash instead of a hyphen.
Context: ...dashes - Are case-insensitive - Must be 1-127 characters long The store automaticall...(HYPHEN_TO_EN)
There was a problem hiding this comment.
@jamengual thanks for taking a stab at this!
The pluggable store MUST implement the store interface in order to be used as a store. It looks like you changed the interface that it's implementing here. Could you take a shot at implementing that?
Also, please take a look at one of the other store implementations to see how we mock the calls to the underlying cloud provider in tests so we don't need to have each setup.
There was a problem hiding this comment.
Actionable comments posted: 0
♻️ Duplicate comments (1)
pkg/store/azure_keyvault_store_test.go (1)
112-114:⚠️ Potential issueHandle errors returned by
getKeyfunctionThe
getKeyfunction returns a(string, error), but the error isn't checked in the test. Capturing and asserting the error enhances test robustness.Consider applying this change:
- result := store.getKey(tt.stack, tt.component, tt.key) - assert.Equal(t, tt.expected, result) + result, err := store.getKey(tt.stack, tt.component, tt.key) + assert.NoError(t, err) + assert.Equal(t, tt.expected, result)
🧹 Nitpick comments (3)
pkg/store/azure_keyvault_store.go (3)
77-101: Simplify the replacement of multiple dashes in secret namesIn the
getKeyfunction, replacing multiple consecutive dashes usingstrings.ReplaceAllmight not handle more than two dashes effectively. Consider using a regular expression to replace any sequence of dashes with a single dash.Here's a possible improvement:
- secretName = strings.ReplaceAll(secretName, "--", "-") + re := regexp.MustCompile("-+") + secretName = re.ReplaceAllString(secretName, "-")
149-193: Usedeferto ensure the context is canceled properlyIn the
Getmethod, callingcancel()immediately afterGetSecretmight not cover all execution paths, especially if future modifications are made. Usingdefer cancel()ensures the context is canceled when the function returns.Here's how you might adjust the code:
- ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) + ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) + defer cancel()
114-118: Enhance value type handling inSetmethodCurrently, the
Setmethod only accepts string values. If there's a need to store other types, consider converting them to strings or handling different types appropriately.
📜 Review details
Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (2)
pkg/store/azure_keyvault_store.go(1 hunks)pkg/store/azure_keyvault_store_test.go(1 hunks)
⏰ Context from checks skipped due to timeout of 90000ms (5)
- GitHub Check: Acceptance Tests (macos-latest, macos)
- GitHub Check: Acceptance Tests (windows-latest, windows)
- GitHub Check: Acceptance Tests (ubuntu-latest, linux)
- GitHub Check: [localstack] demo-localstack
- GitHub Check: Summary
🔇 Additional comments (1)
pkg/store/azure_keyvault_store_test.go (1)
122-125: Great job initializing the mock clientIn
TestKeyVaultStore_InputValidation, initializing theclientwith a mock ensures the tests run without nil pointer dereferences.
There was a problem hiding this comment.
Actionable comments posted: 3
🧹 Nitpick comments (4)
pkg/store/azure_keyvault_store.go (2)
23-29: Consider adding validation for stackDelimiter.The
KeyVaultStorestruct looks good, but consider adding validation in the constructor to ensurestackDelimiteris not empty when initialized.
125-146: Add retry mechanism for transient failures.The Get operation should implement a retry mechanism for handling transient failures in Azure Key Vault operations.
+func (s *KeyVaultStore) Get(stack string, component string, key string) (interface{}, error) { + const maxRetries = 3 + var lastErr error + + for i := 0; i < maxRetries; i++ { + value, err := s.tryGet(stack, component, key) + if err == nil { + return value, nil + } + + var respErr *azcore.ResponseError + if errors.As(err, &respErr) && respErr.StatusCode >= 500 { + lastErr = err + time.Sleep(time.Duration(i+1) * time.Second) + continue + } + return nil, err + } + return nil, fmt.Errorf("failed after %d retries: %w", maxRetries, lastErr) +}pkg/store/azure_keyvault_store_test.go (2)
18-21: Return mock response data in SetSecret.The mock
SetSecretmethod should return meaningful response data for better test coverage.func (m *MockKeyVaultClient) SetSecret(ctx context.Context, name string, parameters azsecrets.SetSecretParameters, options *azsecrets.SetSecretOptions) (azsecrets.SetSecretResponse, error) { args := m.Called(ctx, name, parameters) - return azsecrets.SetSecretResponse{}, args.Error(1) + if args.Get(0) == nil { + return azsecrets.SetSecretResponse{}, args.Error(1) + } + return args.Get(0).(azsecrets.SetSecretResponse), args.Error(1) }
66-110: Add test cases for complex stack paths.The
TestKeyVaultStore_getKeyshould include additional test cases for:
- Stack paths with multiple segments
- Component paths with nested structures
- Keys containing special characters
+ { + name: "complex path", + stack: "prod-east", + component: "service/api/v1", + key: "database.credentials", + expected: "prefix-prod-east-service-api-v1-database-credentials", + wantErr: false, + },
📜 Review details
Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (2)
pkg/store/azure_keyvault_store.go(1 hunks)pkg/store/azure_keyvault_store_test.go(1 hunks)
⏰ Context from checks skipped due to timeout of 90000ms (2)
- GitHub Check: Build (windows-latest, windows)
- GitHub Check: Summary
🔇 Additional comments (1)
pkg/store/azure_keyvault_store.go (1)
17-21: LGTM! Well-defined interface for mocking.The
KeyVaultClientinterface is well-designed for testing purposes, making it easy to mock Azure Key Vault operations.
|
💥 This pull request now has conflicts. Could you fix it @jamengual? 🙏 |
|
This PR was closed due to inactivity and merge conflicts. 😭 |
|
💥 This pull request now has conflicts. Could you fix it @jamengual? 🙏 |
|
This PR was closed due to inactivity and merge conflicts. 😭 |
|
💥 This pull request now has conflicts. Could you fix it @jamengual? 🙏 |
There was a problem hiding this comment.
Actionable comments posted: 0
♻️ Duplicate comments (2)
pkg/store/azure_keyvault_store.go (2)
140-140: Add context timeout for Azure operations.Past reviews identified this issue and it was confirmed as a good suggestion by maintainers. The Set operation uses
context.Background()without a timeout, which could cause hanging operations.- _, err = s.client.SetSecret(context.Background(), secretName, params, nil) + ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) + defer cancel() + _, err = s.client.SetSecret(ctx, secretName, params, nil)You'll also need to import the
timepackage.
168-168: Add context timeout for Get operation.Same issue as the Set method - this was identified in past reviews and confirmed as important by maintainers.
- resp, err := s.client.GetSecret(context.Background(), secretName, "", nil) + ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) + defer cancel() + resp, err := s.client.GetSecret(ctx, secretName, "", nil)
🧹 Nitpick comments (4)
pkg/store/azure_keyvault_store.go (4)
21-23: Remove unused regex or integrate it for validation.Static analysis correctly identifies that
azureKeyVaultNameRegexis unused. Either remove this variable or integrate it into the validation logic withinnormalizeSecretNamemethod.-// Azure Key Vault secret names must match the pattern: ^[0-9a-zA-Z-]+$ -// They can only contain alphanumeric characters and hyphens -var azureKeyVaultNameRegex = regexp.MustCompile(`^[0-9a-zA-Z-]+$`)
85-97: Consider creating a constant for the hyphen delimiter.The method works well, but static analysis suggests creating a named constant for the "-" string literal that appears multiple times throughout the file.
+const ( + hyphenDelimiter = "-" + // ... other constants +) func (s *AzureKeyVaultStore) normalizeSecretName(key string) string { // Replace any non-alphanumeric characters with hyphens - normalized := regexp.MustCompile(`[^0-9a-zA-Z-]`).ReplaceAllString(key, "-") + normalized := regexp.MustCompile(`[^0-9a-zA-Z-]`).ReplaceAllString(key, hyphenDelimiter) // Replace multiple consecutive hyphens with a single hyphen - normalized = regexp.MustCompile(`-+`).ReplaceAllString(normalized, "-") + normalized = regexp.MustCompile(`-+`).ReplaceAllString(normalized, hyphenDelimiter) // Remove leading and trailing hyphens - normalized = strings.Trim(normalized, "-") + normalized = strings.Trim(normalized, hyphenDelimiter)
186-192: Clarify error handling in JSON unmarshaling.Static analysis correctly identifies that line 188 produces an error but line 190 returns nil for the error. This loses context about the unmarshaling failure.
If the intention is to silently fall back to string when JSON parsing fails, consider adding a comment to clarify this behavior:
// Try to unmarshal as JSON first, fallback to string if it fails var result interface{} if err := json.Unmarshal([]byte(*resp.Value), &result); err != nil { - // If JSON unmarshaling fails, return as string + // If JSON unmarshaling fails, return raw value as string (this is expected behavior) return *resp.Value, nil }
152-193: Consider refactoring to reduce cyclomatic complexity.The method has a cyclomatic complexity of 11, which exceeds the threshold. While functional, consider extracting error handling or JSON F438 processing into helper methods to improve maintainability.
Example approach:
func (s *AzureKeyVaultStore) Get(stack string, component string, key string) (interface{}, error) { if err := s.validateGetInputs(stack, component, key); err != nil { return nil, err } secretName, err := s.getKey(stack, component, key) if err != nil { return nil, fmt.Errorf(errWrapFormat, ErrGetKey, err) } resp, err := s.getSecretFromAzure(secretName) if err != nil { return nil, err } return s.parseSecretValue(resp.Value), nil }
📜 Review details
Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
go.sumis excluded by!**/*.sum
📒 Files selected for processing (5)
go.mod(5 hunks)pkg/store/azure_keyvault_store.go(1 hunks)pkg/store/azure_keyvault_store_test.go(1 hunks)pkg/store/errors.go(2 hunks)pkg/store/google_secret_manager_store_test.go(1 hunks)
✅ Files skipped from review due to trivial changes (1)
- pkg/store/google_secret_manager_store_test.go
🚧 Files skipped from review as they are similar to previous changes (3)
- pkg/store/errors.go
- go.mod
- pkg/store/azure_keyvault_store_test.go
🧰 Additional context used
📓 Path-based instructions (1)
`pkg/*/*.go`: Organize feature implementations in subdirectories under pkg/ with separate files for each feature.
pkg/*/*.go: Organize feature implementations in subdirectories under pkg/ with separate files for each feature.
pkg/store/azure_keyvault_store.go
🪛 golangci-lint (1.64.8)
pkg/store/azure_keyvault_store.go
[error] 23-23: var azureKeyVaultNameRegex is unused
(unused)
[error] 91-91: add-constant: string literal "-" appears, at least, 4 times, create a named constant for it
(revive)
[error] 152-152: cyclomatic: function (*AzureKeyVaultStore).Get has cyclomatic complexity 11 (> max enabled 10)
(revive)
[error] 190-190: error is not nil (line 188) but it returns nil
(nilerr)
⏰ Context from checks skipped due to timeout of 90000ms (9)
- GitHub Check: Lint (golangci)
- GitHub Check: Analyze (javascript-typescript)
- GitHub Check: Analyze (go)
- GitHub Check: Build (ubuntu-latest, linux)
- GitHub Check: Build (windows-latest, windows)
- GitHub Check: Build (macos-latest, macos)
- GitHub Check: website-deploy-preview
- GitHub Check: Lint (golangci)
- GitHub Check: Analyze (go)
🔇 Additional comments (2)
pkg/store/azure_keyvault_store.go (2)
25-29: Clean interface design.Good focused interface that includes only the methods actually used by the implementation. This makes testing easier and avoids unnecessary complexity.
48-81: Well-structured constructor with proper validation.Good implementation that validates required inputs, handles errors appropriately, and sets sensible defaults. The use of static errors (like
ErrVaultURLRequired) addresses previous feedback about avoiding dynamic error creation.
There was a problem hiding this comment.
Actionable comments posted: 0
♻️ Duplicate comments (2)
pkg/store/azure_keyvault_store.go (2)
141-141: Add context timeout for Azure operations.The Set operation still uses
context.Background()without a timeout, which could cause hanging operations with Azure services.Apply this pattern for better resilience:
+ ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) + defer cancel() - _, err = s.client.SetSecret(context.Background(), secretName, params, nil) + _, err = s.client.SetSecret(ctx, secretName, params, nil)
169-169: Add context timeout for Get operation.Similar to the Set method, this should use a context with timeout to prevent hanging operations.
+ ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) + defer cancel() - resp, err := s.client.GetSecret(context.Background(), secretName, "", nil) + resp, err := s.client.GetSecret(ctx, secretName, "", nil)
🧹 Nitpick comments (1)
pkg/store/azure_keyvault_store.go (1)
170-194: Consider refactoring to reduce cyclomatic complexity.The method exceeds complexity limits due to nested error handling. Consider extracting error processing into a helper method.
+func (s *AzureKeyVaultStore) handleGetSecretError(err error, secretName string) error { + var respErr *azcore.ResponseError + if errors.As(err, &respErr) { + switch respErr.StatusCode { + case statusCodeNotFound: + return fmt.Errorf(errWrapFormatWithID, ErrResourceNotFound, secretName, err) + case statusCodeForbidden: + return fmt.Errorf(errWrapFormatWithID, ErrPermissionDenied, fmt.Sprintf("secret %s", secretName), err) + } + } + return fmt.Errorf(errWrapFormat, ErrAccessSecret, err) +}Note: The static analysis warning about line 191 is a false positive - returning the raw string when JSON unmarshaling fails is the intended fallback behavior.
📜 Review details
Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (3)
pkg/store/azure_keyvault_store.go(1 hunks)pkg/store/registry.go(1 hunks)website/docs/core-concepts/projects/configuration/stores.mdx(2 hunks)
🚧 Files skipped from review as they are similar to previous changes (2)
- pkg/store/registry.go
- website/docs/core-concepts/projects/configuration/stores.mdx
🧰 Additional context used
📓 Path-based instructions (1)
`pkg/*/*.go`: Organize feature implementations in subdirectories under pkg/ with separate files for each feature.
pkg/*/*.go: Organize feature implementations in subdirectories under pkg/ with separate files for each feature.
pkg/store/azure_keyvault_store.go
🪛 golangci-lint (1.64.8)
pkg/store/azure_keyvault_store.go
[error] 153-153: cyclomatic: function (*AzureKeyVaultStore).Get has cyclomatic complexity 11 (> max enabled 10)
(revive)
[error] 191-191: error is not nil (line 189) but it returns nil
(nilerr)
⏰ Context from checks skipped due to timeout of 90000ms (5)
- GitHub Check: Analyze (go)
- GitHub Check: Lint (golangci)
- GitHub Check: website-deploy-preview
- GitHub Check: Build (ubuntu-latest, linux)
- GitHub Check: Build (windows-latest, windows)
🔇 Additional comments (5)
pkg/store/azure_keyvault_store.go (5)
1-14: Package and imports look solid.Clean import organization with all necessary Azure SDK dependencies properly included.
16-30: Constants and interface definition are well-structured.Good addition of status code constants to eliminate magic numbers, and the client interface design enables proper mocking for tests.
32-47: Struct definitions follow good design patterns.The Azure prefix naming and interface compliance check demonstrate solid Go practices. Options struct is properly configured for configuration parsing.
49-82: Constructor implementation is robust.Good use of static errors, proper Azure credential handling, and sensible default value management. The validation and error wrapping follow established patterns.
84-112: Helper methods demonstrate thoughtful design.The secret name normalization handles Azure Key Vault constraints elegantly, and the getKey integration maintains consistency with other store implementations.
This pull request introduces support for Azure Key Vault as a new store type in the project, along with the necessary documentation and tests. The most important changes include updating dependencies, adding the Azure Key Vault store implementation, and updating the documentation to reflect the new store type.
Azure Key Vault Store Implementation:
pkg/store/azure_keyvault_store.go: Added a newKeyVaultStoreimplementation to interact with Azure Key Vault, including methods for setting and getting secrets.pkg/store/azure_keyvault_store_test.go: Added unit tests for theKeyVaultStoreto ensure correct behavior and input validation.pkg/store/registry.go: Updated the store registry to include the newazure-key-vaultstore type and its configuration options.Dependency Updates:
go.mod: Added several Azure SDK dependencies to support the new Azure Key Vault functionality. [1] [2] [3] [4]Documentation Updates:
website/docs/core-concepts/projects/configuration/stores.mdx: Updated the documentation to include details on configuring and using the Azure Key Vault store, including examples and authentication methods. [1] [2]Summary by CodeRabbit