Skip to content

Add support for skipping Azure KeyVault Uri Verification#1981

Open
PleaseStopAsking wants to merge 2 commits into
getsops:mainfrom
PleaseStopAsking:azkv-skip-uri-check
Open

Add support for skipping Azure KeyVault Uri Verification#1981
PleaseStopAsking wants to merge 2 commits into
getsops:mainfrom
PleaseStopAsking:azkv-skip-uri-check

Conversation

@PleaseStopAsking

@PleaseStopAsking PleaseStopAsking commented Oct 22, 2025

Copy link
Copy Markdown

This PR (attempt 2) introduces support for skipping the Azure Key Vault Uri Verification that was introduced in azure-sdk-for-go/sdk/security/keyvault/azkeys@v1.0.0 which sops integrated with v3.8.0. This change introduced issues for those who use Key Vaults that are located behind proxies that leverage CNAMES.

Original MS Blog: https://devblogs.microsoft.com/azure-sdk/guidance-for-applications-using-the-key-vault-libraries/

Previous PR: #1980

Signed-off-by: Michael Hatcher <mhatcher@esri.com>
@PleaseStopAsking PleaseStopAsking marked this pull request as ready for review October 22, 2025 12:41
@felixfontein felixfontein requested a review from a team October 29, 2025 19:49
@PleaseStopAsking

Copy link
Copy Markdown
Author

@felixfontein Is there anything I can do to get this moved along as its a major roadblock for me at the moment. Thanks!

@PleaseStopAsking

Copy link
Copy Markdown
Author

bump for review or clarification if this is not going to be considered.

@PleaseStopAsking

Copy link
Copy Markdown
Author

@hiddeco @felixfontein Would love any sort of feedback on this functionality making it into a release because as it stands, azure key vaults behind a CNAME based proxy are completely unusable.

@felixfontein

Copy link
Copy Markdown
Contributor

I have zero experience with AZKV and can't say much about this, but the way this PR implements a solution looks very wrong to me. If instead passing things through the keyservice it would use environment variables as the other cloud-based keyservices I think it would be a lot cleaner. Others from @getsops/maintainers might be able to give better comments.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants