Update keyvault/azkeys Azure SDK to v0.9.0

Signed-off-by: Hidde Beydals <[email protected]>
fluxcd · Nov 9, 2022 · d10a45b · d10a45b
1 parent 4a391bd
commit d10a45b
Show file tree

Hide file tree

Showing 6 changed files with 66 additions and 54 deletions.
diff --git a/go.mod b/go.mod
@@ -8,9 +8,9 @@ require (
  cloud.google.com/go/kms v1.4.0
  filippo.io/age v1.0.0
  github.com/AdaLogics/go-fuzz-headers v0.0.0-20221007124625-37f5449ff7df
- github.com/Azure/azure-sdk-for-go/sdk/azcore v0.22.0
- github.com/Azure/azure-sdk-for-go/sdk/azidentity v0.13.2
- github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.4.0
+ github.com/Azure/azure-sdk-for-go/sdk/azcore v1.2.0
+ github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.0
+ github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.9.0
  github.com/aws/aws-sdk-go v1.44.120
  github.com/aws/aws-sdk-go-v2 v1.16.16
  github.com/aws/aws-sdk-go-v2/config v1.17.8
@@ -79,8 +79,8 @@ require (
  cloud.google.com/go/compute v1.10.0 // indirect
  cloud.google.com/go/iam v0.3.0 // indirect
  github.com/Azure/azure-sdk-for-go v63.3.0+incompatible // indirect
- github.com/Azure/azure-sdk-for-go/sdk/internal v0.9.1 // indirect
- github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.2.1 // indirect
+ github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 // indirect
+ github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.0 // indirect
  github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
  github.com/Azure/go-autorest v14.2.0+incompatible // indirect
  github.com/Azure/go-autorest/autorest v0.11.27 // indirect
@@ -92,7 +92,7 @@ require (
  github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect
  github.com/Azure/go-autorest/logger v0.2.1 // indirect
  github.com/Azure/go-autorest/tracing v0.6.0 // indirect
- github.com/AzureAD/microsoft-authentication-library-for-go v0.4.0 // indirect
+ github.com/AzureAD/microsoft-authentication-library-for-go v0.7.0 // indirect
  github.com/MakeNowJust/heredoc v0.0.0-20170808103936-bb23615498cd // indirect
  github.com/Microsoft/go-winio v0.5.2 // indirect
  github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 // indirect
@@ -132,8 +132,7 @@ require (
  github.com/go-openapi/jsonreference v0.19.5 // indirect
  github.com/go-openapi/swag v0.19.14 // indirect
  github.com/gogo/protobuf v1.3.2 // indirect
- github.com/golang-jwt/jwt v3.2.1+incompatible // indirect
- github.com/golang-jwt/jwt/v4 v4.3.0 // indirect
+ github.com/golang-jwt/jwt/v4 v4.4.2 // indirect
  github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
  github.com/golang/protobuf v1.5.2 // indirect
  github.com/golang/snappy v0.0.4 // indirect
@@ -213,7 +212,7 @@ require (
  go.uber.org/atomic v1.9.0 // indirect
  go.uber.org/multierr v1.6.0 // indirect
  go.uber.org/zap v1.23.0 // indirect
- golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 // indirect
+ golang.org/x/crypto v0.0.0-20220511200225-c6db032c6c88 // indirect
  golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783 // indirect
  golang.org/x/sys v0.1.0 // indirect
  golang.org/x/term v0.1.0 // indirect

diff --git a/go.sum b/go.sum
@@ -69,21 +69,16 @@ github.com/AdaLogics/go-fuzz-headers v0.0.0-20221007124625-37f5449ff7df h1:kDJd/
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20221007124625-37f5449ff7df/go.mod h1:i9fr2JpcEcY/IHEvzCM3qXUZYOQHgR89dt4es1CgMhc=
 github.com/Azure/azure-sdk-for-go v63.3.0+incompatible h1:INepVujzUrmArRZjDLHbtER+FkvCoEwyRCXGqOlmDII=
 github.com/Azure/azure-sdk-for-go v63.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v0.20.0/go.mod h1:ZPW/Z0kLCTdDZaDbYTetxc9Cxl/2lNqxYHYNOF2bti0=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v0.21.0/go.mod h1:fBF9PQNqB8scdgpZ3ufzaLntG0AG7C1WjPMsiFOmfHM=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v0.22.0 h1:zBJcBJwte0x6PcPK7XaWDMvK2o2ZM2f1sMaqNNavQ5g=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v0.22.0/go.mod h1:fBF9PQNqB8scdgpZ3ufzaLntG0AG7C1WjPMsiFOmfHM=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v0.13.0/go.mod h1:TmXReXZ9yPp5D5TBRMTAtyz+UyOl15Py4hL5E5p6igQ=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v0.13.2 h1:mM/yraAumqMMIYev6zX0oxHqX6hreUs5wXf76W47r38=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v0.13.2/go.mod h1:+nVKciyKD2J9TyVcEQ82Bo9b+3F92PiQfHrIE/zqLqM=
-github.com/Azure/azure-sdk-for-go/sdk/internal v0.8.1/go.mod h1:KLF4gFr6DcKFZwSuH8w8yEK6DpFl3LP5rhdvAb7Yz5I=
-github.com/Azure/azure-sdk-for-go/sdk/internal v0.8.3/go.mod h1:KLF4gFr6DcKFZwSuH8w8yEK6DpFl3LP5rhdvAb7Yz5I=
-github.com/Azure/azure-sdk-for-go/sdk/internal v0.9.1 h1:sLZ/Y+P/5RRtsXWylBjB5lkgixYfm0MQPiwrSX//JSo=
-github.com/Azure/azure-sdk-for-go/sdk/internal v0.9.1/go.mod h1:KLF4gFr6DcKFZwSuH8w8yEK6DpFl3LP5rhdvAb7Yz5I=
-github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.4.0 h1:t10+CFWGK92HGTQaYZyXchiVetuEWfND3abV8inz6n8=
-github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.4.0/go.mod h1:LxYa4KH5ni+OMT8DJBAP6FVYg3YFW3ACTJluqpnTDBg=
-github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.2.1 h1:lirjIOHv5RrmDbZXw9lUz/fY68uU05qR4uIef58WMvQ=
-github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.2.1/go.mod h1:j1J9XXIo/eXD7YSrr73sYZTEY/AQ0+/Q6Aa96z1e2j8=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.2.0 h1:sVW/AFBTGyJxDaMYlq0ct3jUXTtj12tQ6zE2GZUgVQw=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.2.0/go.mod h1:uGG2W01BaETf0Ozp+QxxKJdMBNRWPdstHG0Fmdwn1/U=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.0 h1:t/W5MYAuQy81cvM8VUNfRLzhtKpXhVUAN7Cd7KVbTyc=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.0/go.mod h1:NBanQUfSWiWn3QEpWDTCU0IjBECKOYvl2R8xdRtMtiM=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 h1:jp0dGvZ7ZK0mgqnTSClMxa5xuRL7NZgHameVYF6BurY=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0/go.mod h1:eWRD7oawr1Mu1sLCawqVc0CUiF43ia3qQMxLscsKQ9w=
+github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.9.0 h1:TOFrNxfjslms5nLLIMjW7N0+zSALX4KiGsptmpb16AA=
+github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.9.0/go.mod h1:EAyXOW1F6BTJPiK2pDvmnvxOHPxoTYWoqBeIlql+QhI=
+github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.0 h1:Lg6BW0VPmCwcMlvOviL3ruHFO+H9tZNqscK0AeuFjGM=
+github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.0/go.mod h1:9V2j0jn9jDEkCkv8w/bKTNppX/d0FVA1ud77xCIP4KA=
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8=
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
@@ -113,8 +108,8 @@ github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+Z
 github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
 github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo=
 github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
-github.com/AzureAD/microsoft-authentication-library-for-go v0.4.0 h1:WVsrXCnHlDDX8ls+tootqRE87/hL9S/g4ewig9RsD/c=
-github.com/AzureAD/microsoft-authentication-library-for-go v0.4.0/go.mod h1:Vt9sXTKwMyGcOxSmLDMnGPgqsUg7m8pe215qMLrDXw4=
+github.com/AzureAD/microsoft-authentication-library-for-go v0.7.0 h1:VgSJlZH5u0k2qxSpqyghcFQKmvYckj46uymKK5XzkBM=
+github.com/AzureAD/microsoft-authentication-library-for-go v0.7.0/go.mod h1:BDJ5qMFKx9DugEg3+uQSDCdbYPr5s9vBTrL9P8TpqOU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
@@ -245,7 +240,6 @@ github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8
 github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=
 github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
 github.com/dnaeon/go-vcr v1.1.0 h1:ReYa/UBrRyQdant9B4fNHGoCNKw6qh6P0fsdGmZpR7c=
-github.com/dnaeon/go-vcr v1.1.0/go.mod h1:M7tiix8f0r6mKKJ3Yq/kqU1OYf3MnfmBWVbPx/yU9ko=
 github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
 github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
@@ -354,12 +348,10 @@ github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7a
 github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/golang-jwt/jwt v3.2.1+incompatible h1:73Z+4BJcrTC+KczS6WvTPvRGOp1WmfEP4Q1lOd9Z/+c=
-github.com/golang-jwt/jwt v3.2.1+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
 github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
 github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
-github.com/golang-jwt/jwt/v4 v4.3.0 h1:kHL1vqdqWNfATmA0FNMdmZNMyZI1U6O31X4rlIPoBog=
-github.com/golang-jwt/jwt/v4 v4.3.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
+github.com/golang-jwt/jwt/v4 v4.4.2 h1:rcc4lwaZgFMCZ5jxF9ABolDcIHdBytAFgqFPbSJQAYs=
+github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -651,10 +643,8 @@ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lN
 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/modocache/gover v0.0.0-20171022184752-b58185e213c5/go.mod h1:caMODM3PzxT8aQXRPkAt8xlV/e7d7w8GM5g0fa5F0D8=
 github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0=
 github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4=
-github.com/montanaflynn/stats v0.6.6/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow=
 github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ=
 github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
@@ -942,7 +932,6 @@ golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/
 golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
@@ -954,7 +943,6 @@ golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLd
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20210610132358-84b48f89b13b/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=

diff --git a/internal/sops/azkv/config.go b/internal/sops/azkv/config.go
@@ -10,6 +10,7 @@ import (
  "fmt"
 
  "github.com/Azure/azure-sdk-for-go/sdk/azcore"
+ "github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud"
  "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
  "sigs.k8s.io/yaml"
 )
@@ -68,7 +69,9 @@ func TokenFromAADConfig(c AADConfig) (_ *Token, err error) {
  if c.TenantID != "" && c.ClientID != "" {
  if c.ClientSecret != "" {
  if token, err = azidentity.NewClientSecretCredential(c.TenantID, c.ClientID, c.ClientSecret, &azidentity.ClientSecretCredentialOptions{
- AuthorityHost: c.GetAuthorityHost(),
+ ClientOptions: azcore.ClientOptions{
+ Cloud: c.GetCloudConfig(),
+ },
  }); err != nil {
  return
  }
@@ -81,7 +84,9 @@ func TokenFromAADConfig(c AADConfig) (_ *Token, err error) {
  }
  if token, err = azidentity.NewClientCertificateCredential(c.TenantID, c.ClientID, certs, pk, &azidentity.ClientCertificateCredentialOptions{
  SendCertificateChain: c.ClientCertificateSendChain,
- AuthorityHost: c.GetAuthorityHost(),
+ ClientOptions: azcore.ClientOptions{
+ Cloud: c.GetCloudConfig(),
+ },
  }); err != nil {
  return nil, err
  }
@@ -92,7 +97,9 @@ func TokenFromAADConfig(c AADConfig) (_ *Token, err error) {
  switch {
  case c.Tenant != "" && c.AppID != "" && c.Password != "":
  if token, err = azidentity.NewClientSecretCredential(c.Tenant, c.AppID, c.Password, &azidentity.ClientSecretCredentialOptions{
- AuthorityHost: c.GetAuthorityHost(),
+ ClientOptions: azcore.ClientOptions{
+ Cloud: c.GetCloudConfig(),
+ },
  }); err != nil {
  return
  }
@@ -110,11 +117,14 @@ func TokenFromAADConfig(c AADConfig) (_ *Token, err error) {
  }
 }
 
-// GetAuthorityHost returns the AuthorityHost, or the Azure Public Cloud
-// default.
-func (s AADConfig) GetAuthorityHost() azidentity.AuthorityHost {
+// GetCloudConfig returns a cloud.Configuration with the AuthorityHost, or the
+// Azure Public Cloud default.
+func (s AADConfig) GetCloudConfig() cloud.Configuration {
  if s.AuthorityHost != "" {
- return azidentity.AuthorityHost(s.AuthorityHost)
+ return cloud.Configuration{
+ ActiveDirectoryAuthorityHost: s.AuthorityHost,
+ Services: map[cloud.ServiceName]cloud.ServiceConfiguration{},
+ }
  }
- return azidentity.AzurePublicCloud
+ return cloud.AzurePublic
 }
diff --git a/internal/sops/azkv/config_test.go b/internal/sops/azkv/config_test.go
@@ -16,6 +16,7 @@ import (
  "testing"
 
  "github.com/Azure/azure-sdk-for-go/sdk/azcore"
+ "github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud"
  "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
  . "github.com/onsi/gomega"
 )
@@ -161,11 +162,14 @@ func TestTokenFromAADConfig(t *testing.T) {
  }
 }
 
-func TestAADConfig_GetAuthorityHost(t *testing.T) {
+func TestAADConfig_GetCloudConfig(t *testing.T) {
  g := NewWithT(t)
 
- g.Expect((AADConfig{}).GetAuthorityHost()).To(Equal(azidentity.AzurePublicCloud))
- g.Expect((AADConfig{AuthorityHost: "https://example.com"}).GetAuthorityHost()).To(Equal(azidentity.AuthorityHost("https://example.com")))
+ g.Expect((AADConfig{}).GetCloudConfig()).To(Equal(cloud.AzurePublic))
+ g.Expect((AADConfig{AuthorityHost: "https://example.com"}).GetCloudConfig()).To(Equal(cloud.Configuration{
+ ActiveDirectoryAuthorityHost: "https://example.com",
+ Services: map[cloud.ServiceName]cloud.ServiceConfiguration{},
+ }))
 }
 
 func validTLS(t *testing.T) []byte {

diff --git a/internal/sops/azkv/keysource.go b/internal/sops/azkv/keysource.go
@@ -17,7 +17,8 @@ import (
  "unicode/utf16"
 
  "github.com/Azure/azure-sdk-for-go/sdk/azcore"
- "github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys/crypto"
+ "github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
+ "github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys"
  "github.com/dimchansky/utfbom"
 )
 
@@ -73,11 +74,14 @@ func (t Token) ApplyToMasterKey(key *MasterKey) {
 // Encrypt takes a SOPS data key, encrypts it with Azure Key Vault, and stores
 // the result in the EncryptedKey field.
 func (key *MasterKey) Encrypt(dataKey []byte) error {
- c, err := crypto.NewClient(key.ToString(), key.token, nil)
+ c, err := azkeys.NewClient(key.VaultURL, key.token, nil)
  if err != nil {
  return fmt.Errorf("failed to construct Azure Key Vault crypto client to encrypt data: %w", err)
  }
- resp, err := c.Encrypt(context.Background(), crypto.EncryptionAlgorithmRSAOAEP256, dataKey, nil)
+ resp, err := c.Encrypt(context.Background(), key.Name, key.Version, azkeys.KeyOperationsParameters{
+ Algorithm: to.Ptr(azkeys.JSONWebKeyEncryptionAlgorithmRSAOAEP256),
+ Value: dataKey,
+ }, nil)
  if err != nil {
  return fmt.Errorf("failed to encrypt sops data key with Azure Key Vault key '%s': %w", key.ToString(), err)
  }
@@ -111,7 +115,7 @@ func (key *MasterKey) EncryptIfNeeded(dataKey []byte) error {
 // Decrypt decrypts the EncryptedKey field with Azure Key Vault and returns
 // the result.
 func (key *MasterKey) Decrypt() ([]byte, error) {
- c, err := crypto.NewClient(key.ToString(), key.token, nil)
+ c, err := azkeys.NewClient(key.VaultURL, key.token, nil)
  if err != nil {
  return nil, fmt.Errorf("failed to construct Azure Key Vault crypto client to decrypt data: %w", err)
  }
@@ -122,7 +126,10 @@ func (key *MasterKey) Decrypt() ([]byte, error) {
  if err != nil {
  return nil, fmt.Errorf("failed to base64 decode Azure Key Vault encrypted key: %w", err)
  }
- resp, err := c.Decrypt(context.Background(), crypto.EncryptionAlgorithmRSAOAEP256, rawEncryptedKey, nil)
+ resp, err := c.Decrypt(context.Background(), key.Name, key.Version, azkeys.KeyOperationsParameters{
+ Algorithm: to.Ptr(azkeys.JSONWebKeyEncryptionAlgorithmRSAOAEP256),
+ Value: rawEncryptedKey,
+ }, nil)
  if err != nil {
  return nil, fmt.Errorf("failed to decrypt sops data key with Azure Key Vault key '%s': %w", key.ToString(), err)
  }

diff --git a/internal/sops/azkv/keysource_integration_test.go b/internal/sops/azkv/keysource_integration_test.go
@@ -16,7 +16,8 @@ import (
  "testing"
  "time"
 
- "github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys/crypto"
+ "github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
+ "github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys"
  . "github.com/onsi/gomega"
  "go.mozilla.org/sops/v3/azkv"
 )
@@ -55,9 +56,12 @@ func TestMasterKey_Decrypt(t *testing.T) {
  token.ApplyToMasterKey(key)
 
  dataKey := []byte("this is super secret data")
- c, err := crypto.NewClient(key.ToString(), key.token, nil)
+ c, err := azkeys.NewClient(key.VaultURL, key.token, nil)
  g.Expect(err).ToNot(HaveOccurred())
- resp, err := c.Encrypt(context.Background(), crypto.EncryptionAlgorithmRSAOAEP256, dataKey, nil)
+ resp, err := c.Encrypt(context.Background(), key.Name, key.Version, azkeys.KeyOperationsParameters{
+ Algorithm: to.Ptr(azkeys.JSONWebKeyEncryptionAlgorithmRSAOAEP256),
+ Value: dataKey,
+ }, nil)
  g.Expect(err).ToNot(HaveOccurred())
  key.EncryptedKey = base64.RawURLEncoding.EncodeToString(resp.Result)
  g.Expect(key.EncryptedKey).ToNot(BeEmpty())