// npm 패키지
@datacules/agent-identity-store-azure
Azure Key Vault + Table Storage credential store for @datacules/agent-identity
버전
13
메인테이너
1
최초 publish
2026-05-27
publisher
hvrcharon1
tarball
19,825 B
AUTO-PUBLISHED·2개 버전 인덱싱됨·최근 publish: 2026-06-04
// exfil path
what is read → where it shipssteals
- ● Azure creds
sends to
(no destination string extracted — payload may be dynamic / obfuscated)
→ view full payload// offending code· @0.11.0· 1 file flagged
- @0.11.0··AUTO-PUBLISHED·publisher: hvrcharon1heuristic 64/100static flags 2llm skippednew-publisher:8dmature-packagepublisher-multi-name-burst:15publisher-version-pump:32reads-azure-credsreads-env-vars
// offending code· 1 file flaggedpatterns: 2
--- package/src/AzureKeyVaultCredentialStore.ts (excerpt) --- /** * Azure Key Vault + Azure Table Storage CredentialStore implementation. * * Key Vault holds each credential as a secret whose name is the credential ref. * The secret value is the JSON-serialised Credential object. * The secret's "content-type" tag carries the status (active | pending | revoked) * so listActive() can skip inactive secrets without fetching their values. * * Table Storage holds migration reservation locks. * Table name: agent-identity-locks * Partition key: "lock" (constant — all locks in one partition for simplicity) * Row key: the credential ref being locked * Columns: migrationId (string), expiresAt (number — Unix epoch seconds) * * Azure setup: * 1. Create an Azure Key Vault and store each Credential as a JSON secret. * Set the secret's ContentType to "active", "pending", or "revoked". * 2. Create a Storage Account and a Table named "agentidentitylocks". * (Table names may not contain hyphens — use "agentidentitylocks".) * 3. Grant the running identity: * Key Vault Secrets User (read secrets) * Key Vault Secrets Officer (only needed for write operations) * Storage Table Data Contributor (read + write locks table) * 4. Set AZURE_KEYVAULT_URL and AZURE_TABLES_ENDPOINT environment variables, * or pass them as constructor options. * DefaultAzureCredential resolves auth automatically from: * - Managed Identity (production) * - AZURE_CLIENT_ID / AZURE_TENANT_ID / AZU
