Skip to content

Add support for azure_key_vault KeyManager plugin in spire-server#780

Open
dszakallas wants to merge 1 commit intospiffe:mainfrom
dszakallas:dszakallas/spire-server-keymanager-azure-kv
Open

Add support for azure_key_vault KeyManager plugin in spire-server#780
dszakallas wants to merge 1 commit intospiffe:mainfrom
dszakallas:dszakallas/spire-server-keymanager-azure-kv

Conversation

@dszakallas
Copy link
Copy Markdown

@dszakallas dszakallas commented Mar 30, 2026

Add support for configuring the azure_keyvault KeyManager plugin for the spire server.

Copilot AI review requested due to automatic review settings March 30, 2026 14:10
@dszakallas dszakallas changed the title Add support for azure_keyvault keyManager in spire-server Add support for azure_key_vault KeyManager plugin in spire-server Mar 30, 2026
Copilot AI reviewed Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds Helm chart configuration to enable SPIRE Server’s Azure Key Vault KeyManager plugin (azure_key_vault) via values and rendered server config.

Changes:

  • Add keyManager.azureKeyVault configuration block to values.yaml.
  • Render an azure_key_vault KeyManager plugin stanza in the server config ConfigMap when enabled.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
charts/spire/charts/spire-server/values.yaml Adds Azure Key Vault KeyManager values (enable flag + URI + identifier).
charts/spire/charts/spire-server/templates/configmap.yaml Emits KeyManager: azure_key_vault plugin configuration when enabled.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

charts/spire/charts/spire-server/templates/configmap.yaml
Comment on lines +308 to +309
key_vault_uri: {{ .keyVaultURI }}
key_identifier_value: {{ .keyIdentifierValue }}
Copy link

Copilot AI Mar 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The rendered key_vault_uri and key_identifier_value are not quoted. Most other string plugin_data fields in this template are rendered with | quote, which avoids YAML parsing edge cases (URIs contain :/?) and keeps empty values as explicit strings. Consider quoting these values (and removing the extra space after key_vault_uri:) for consistency and safer rendering.

Suggested change
key_vault_uri: {{ .keyVaultURI }}
key_identifier_value: {{ .keyIdentifierValue }}
key_vault_uri: {{ .keyVaultURI | quote }}
key_identifier_value: {{ .keyIdentifierValue | quote }}

Copilot uses AI. Check for mistakes.
charts/spire/charts/spire-server/values.yaml
azureKeyVault:
## @param keyManager.azureKeyVault.enabled Flag to enable keyManager in Azure Key Vault
enabled: false
## @param keyManager.azureKeyVault.keyVaultURI Specify an URI for Azure Key Vault
Copy link

Copilot AI Mar 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Grammar in the parameter description: "Specify an URI" should be "Specify a URI".

Suggested change
## @param keyManager.azureKeyVault.keyVaultURI Specify an URI for Azure Key Vault
## @param keyManager.azureKeyVault.keyVaultURI Specify a URI for Azure Key Vault

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@marcofranssen marcofranssen Awaiting requested review from marcofranssen marcofranssen is a code owner

@kfox1111 kfox1111 Awaiting requested review from kfox1111 kfox1111 is a code owner

@faisal-memon faisal-memon Awaiting requested review from faisal-memon faisal-memon is a code owner

@mrsabath mrsabath Awaiting requested review from mrsabath mrsabath is a code owner

@edwbuck edwbuck Awaiting requested review from edwbuck edwbuck is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dszakallas