@swamp/azure-kv
v2026.04.22.2
Read and write secrets stored in Azure Key Vault.
Authentication
Uses DefaultAzureCredential — no credentials in config. Provide
credentials via one of:
- Environment variables:
AZURE_CLIENT_ID,AZURE_TENANT_ID,AZURE_CLIENT_SECRET - Azure CLI:
az login - Managed Identity attached to the VM or container
Usage
swamp vault create @swamp/azure-kv my-azure-kv \
--config '{"vault_url": "https://my-vault.vault.azure.net"}' --json
swamp vault get my-azure-kv my-secret --json
swamp vault put my-azure-kv my-secret "s3cr3t" --json
swamp vault list-keys my-azure-kv --jsonSecret Key Format
Secret keys map to Azure Key Vault secret names. Slashes and underscores are
converted to hyphens (Azure only allows alphanumeric characters and hyphens).
Use secret_prefix to namespace secrets when sharing a vault across multiple
swamp instances.
Repository
https://github.com/systeminit/swamp-extensions
Labels
Contents
Quality score
Verified by SwampHow well-documented and verifiable this extension is.
Grade A
- Has README or module doc2/2earned
- README has a code example1/1earned
- README is substantive1/1earned
- Most symbols documented1/1earned
- No slow types1/1earned
- Has description1/1earned
- At least one platform tag (or universal)1/1earned
- Two or more platform tags (or universal)1/1earned
- License declared1/1earned
- Verified public repository2/2earned
Install
$ swamp extension pull @swamp/azure-kvAzure Key Vault vault provider. Uses DefaultAzureCredential for authentication.
Config Fields
| Field | Type | Description |
|---|---|---|
| vault_url | string | Full URL of the Azure Key Vault e.g. https://my-vault.vault.azure.net |
| secret_prefix? | string | Optional prefix to namespace secrets within the vault e.g. swamp- to scope all reads and writes |
Read and write secrets stored in Azure Key Vault. ## Authentication Uses `DefaultAzureCredential` — no credentials in config. Provide credentials via one of: - Environment variables: `AZURE_CLIENT_ID`, `AZURE_TENANT_ID`, `AZURE_CLIENT_SECRET` - Azure CLI: `az login` - Managed Identity attached to the VM or container ## Usage ```bash swamp vault create @swamp/azure-kv my-azure-kv \ --config '{"vault_url": "https://my-vault.vault.azure.net"}' --json swamp vault get my-azure-kv my-secret --json swamp vault put my-azure-kv my-secret "s3cr3t" --json swamp vault list-keys my-azure-kv --json ``` ## Secret Key Format Secret keys map to Azure Key Vault secret names. Slashes and underscores are converted to hyphens (Azure only allows alphanumeric characters and hyphens). Use `secret_prefix` to namespace secrets when sharing a vault across multiple swamp instances.
Read and write secrets stored in Azure Key Vault. ## Authentication Uses `DefaultAzureCredential` — no credentials in config. Provide credentials via one of: - Environment variables: `AZURE_CLIENT_ID`, `AZURE_TENANT_ID`, `AZURE_CLIENT_SECRET` - Azure CLI: `az login` - Managed Identity attached to the VM or container ## Usage ```bash swamp vault create @swamp/azure-kv my-azure-kv \ --config '{"vault_url": "https://my-vault.vault.azure.net"}' --json swamp vault get my-azure-kv my-secret --json swamp vault put my-azure-kv my-secret "s3cr3t" --json swamp vault list-keys my-azure-kv --json ``` ## Secret Key Format Secret keys map to Azure Key Vault secret names. Slashes and underscores are converted to hyphens (Azure only allows alphanumeric characters and hyphens). Use `secret_prefix` to namespace secrets when sharing a vault across multiple swamp instances.
Azure Key Vault vault provider