lukasjarosch · lukasjarosch · Dec 8, 2022 · Dec 8, 2022 · Dec 8, 2022
diff --git a/driver.go b/driver.go
@@ -2,6 +2,7 @@ package skipper
 
 import (
 	"fmt"
+	"io"
 	"strings"
 
 	driver "github.com/lukasjarosch/skipper/internal/secret"
@@ -13,6 +14,11 @@ type SecretDriver interface {
 	Decrypt(encrypted string) (string, error)
 }
 
+type SecretFileEncrypter interface {
+	SecretDriver
+	EncryptFile(source io.Reader, sink io.Writer) error
+}
+
 type ConfigurableSecretDriver interface {
 	SecretDriver
 	Configure(config map[string]interface{}) error

diff --git a/examples/secrets/compiled/azure_keyvault/README.md b/examples/secrets/compiled/azure_keyvault/README.md
@@ -1,2 +1,103 @@
 # Azure KeyVault
+{
+  "alphaNum": "test",
+  "azure": {
+    "common": {
+      "baz": "test",
+      "baz2": "test",
+      "foo": {
+        "bar": "test"
+      },
+      "from_target": "test_CHANGED",
+      "skipper": {
+        "copy": [
+          {
+            "source": "inventory.json",
+            "target": "something_else/foobar.json"
+          }
+        ]
+      },
+      "subscription_id": "INVALID DEFAULT VALUE",
+      "this": {
+        "complex": "object",
+        "is": "a",
+        "which": [
+          "I",
+          "WANT",
+          "TO",
+          "INCLUDE"
+        ]
+      }
+    },
+    "resources": {
+      "location": "westeurope",
+      "resource_group": {
+        "name": "rg-azure_keyvault-terraform-example-westeurope"
+      },
+      "vnet": {
+        "address_space": [
+          "10.1.0.0/16",
+          "10.2.0.0/16"
+        ],
+        "name": "vnet-azure_keyvault-terraform-example",
+        "subnets": {
+          "virtual_machines": {
+            "address_prefixes": [
+              "10.1.1.0/24"
+            ],
+            "name": "virtual_machines"
+          }
+        }
+      }
+    }
+  },
+  "import": {
+    "complex": "object",
+    "is": "a",
+    "which": [
+      "I",
+      "WANT",
+      "TO",
+      "INCLUDE"
+    ]
+  },
+  "secrets": {
+    "rsa": "Hallo Welt, das hab ich ganz alleine verschlüsselt"
+  },
+  "skipper": {
+    "components": [
+      {
+        "input_paths": [
+          "AzureReadme.md",
+          "inventory.json"
+        ],
+        "output_path": ".",
+        "rename": [
+          {
+            "filename": "README.md",
+            "input_path": "AzureReadme.md"
+          }
+        ]
+      }
+    ],
+    "copy": [
+      {
+        "source": "inventory.json",
+        "target": "something/foobar.json"
+      }
+    ],
+    "secrets": {
+      "drivers": {
+        "azurekv": {
+          "ignore_version": true,
+          "key_id": "https://kv-markhub-sandbox-lukas.vault.azure.net/keys/sandbox-lukas-secrets-key/e1dd7010c47247da8b57782cbb8c4668"
+        }
+      }
+    },
+    "use": [
+      "azure.*"
+    ]
+  },
+  "test": "azure_keyvault"
+}
 
diff --git a/examples/secrets/compiled/azure_keyvault/inventory.json b/examples/secrets/compiled/azure_keyvault/inventory.json
@@ -16,7 +16,17 @@
           }
         ]
       },
-      "subscription_id": "INVALID DEFAULT VALUE"
+      "subscription_id": "INVALID DEFAULT VALUE",
+      "this": {
+        "complex": "object",
+        "is": "a",
+        "which": [
+          "I",
+          "WANT",
+          "TO",
+          "INCLUDE"
+        ]
+      }
     },
     "resources": {
       "location": "westeurope",
@@ -40,10 +50,18 @@
       }
     }
   },
+  "import": {
+    "complex": "object",
+    "is": "a",
+    "which": [
+      "I",
+      "WANT",
+      "TO",
+      "INCLUDE"
+    ]
+  },
   "secrets": {
-    "test1": "?{azurekv:targets/azure_keyvault/test1||randomstring:32}",
-    "test2": "?{azurekv:targets/azure_keyvault/test2||randomstring:64}",
-    "test3": "?{azurekv:targets/azure_keyvault/test2}"
+    "rsa": "Hallo Welt, das hab ich ganz alleine verschlüsselt"
   },
   "skipper": {
     "components": [
@@ -71,7 +89,7 @@
       "drivers": {
         "azurekv": {
           "ignore_version": true,
-          "key_id": "https://kv-dev-infra-platform.vault.azure.net/keys/dev-infra-secrets-key/6e0360a098eb4808af5ec1f970d399c0"
+          "key_id": "https://kv-markhub-sandbox-lukas.vault.azure.net/keys/sandbox-lukas-secrets-key/e1dd7010c47247da8b57782cbb8c4668"
         }
       }
     },

diff --git a/examples/secrets/go.mod b/examples/secrets/go.mod
@@ -19,15 +19,24 @@ require (
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver/v3 v3.1.1 // indirect
 	github.com/Masterminds/sprig/v3 v3.2.2 // indirect
+	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d // indirect
+	github.com/goccy/go-json v0.9.7 // indirect
 	github.com/golang-jwt/jwt v3.2.1+incompatible // indirect
 	github.com/google/uuid v1.1.2 // indirect
 	github.com/huandu/xstrings v1.3.1 // indirect
 	github.com/imdario/mergo v0.3.11 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
+	github.com/lestrrat-go/backoff/v2 v2.0.8 // indirect
+	github.com/lestrrat-go/blackmagic v1.0.0 // indirect
+	github.com/lestrrat-go/httpcc v1.0.1 // indirect
+	github.com/lestrrat-go/iter v1.0.1 // indirect
+	github.com/lestrrat-go/jwx v1.2.25 // indirect
+	github.com/lestrrat-go/option v1.0.0 // indirect
 	github.com/mitchellh/copystructure v1.0.0 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.0 // indirect
 	github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
 	github.com/shopspring/decimal v1.2.0 // indirect
 	github.com/spf13/cast v1.3.1 // indirect
 	golang.org/x/crypto v0.0.0-20220511200225-c6db032c6c88 // indirect

diff --git a/examples/secrets/go.sum b/examples/secrets/go.sum
@@ -67,6 +67,9 @@ github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnht
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn47hh8kt6rqSlvmrXFAc=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d h1:1iy2qD6JEhHKKhUOA9IWs7mjco7lnw2qx8FsRI2wirE=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE=
 github.com/dnaeon/go-vcr v1.1.0 h1:ReYa/UBrRyQdant9B4fNHGoCNKw6qh6P0fsdGmZpR7c=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
@@ -77,6 +80,8 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+github.com/goccy/go-json v0.9.7 h1:IcB+Aqpx/iMHu5Yooh7jEzJk1JZ7Pjtmys2ukPr7EeM=
+github.com/goccy/go-json v0.9.7/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/golang-jwt/jwt v3.2.1+incompatible h1:73Z+4BJcrTC+KczS6WvTPvRGOp1WmfEP4Q1lOd9Z/+c=
 github.com/golang-jwt/jwt v3.2.1+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
 github.com/golang-jwt/jwt/v4 v4.2.0 h1:besgBTC8w8HjP6NzQdxwKH9Z5oQMZ24ThTrHp3cZ8eU=
@@ -155,6 +160,18 @@ github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
+github.com/lestrrat-go/backoff/v2 v2.0.8 h1:oNb5E5isby2kiro9AgdHLv5N5tint1AnDVVf2E2un5A=
+github.com/lestrrat-go/backoff/v2 v2.0.8/go.mod h1:rHP/q/r9aT27n24JQLa7JhSQZCKBBOiM/uP402WwN8Y=
+github.com/lestrrat-go/blackmagic v1.0.0 h1:XzdxDbuQTz0RZZEmdU7cnQxUtFUzgCSPq8RCz4BxIi4=
+github.com/lestrrat-go/blackmagic v1.0.0/go.mod h1:TNgH//0vYSs8VXDCfkZLgIrVTTXQELZffUV0tz3MtdQ=
+github.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE=
+github.com/lestrrat-go/httpcc v1.0.1/go.mod h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E=
+github.com/lestrrat-go/iter v1.0.1 h1:q8faalr2dY6o8bV45uwrxq12bRa1ezKrB6oM9FUgN4A=
+github.com/lestrrat-go/iter v1.0.1/go.mod h1:zIdgO1mRKhn8l9vrZJZz9TUMMFbQbLeTsbqPDrJ/OJc=
+github.com/lestrrat-go/jwx v1.2.25 h1:tAx93jN2SdPvFn08fHNAhqFJazn5mBBOB8Zli0g0otA=
+github.com/lestrrat-go/jwx v1.2.25/go.mod h1:zoNuZymNl5lgdcu6P7K6ie2QRll5HVfF4xwxBBK1NxY=
+github.com/lestrrat-go/option v1.0.0 h1:WqAWL8kh8VcSoD6xjSH34/1m8yxluXQbDeKNfvFeEO4=
+github.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
 github.com/mitchellh/copystructure v1.0.0 h1:Laisrj+bAB6b/yJwB5Bt3ITZhGJdqmxquMKeZ+mmkFQ=
 github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
@@ -164,6 +181,7 @@ github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx
 github.com/montanaflynn/stats v0.6.6/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow=
 github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4 h1:Qj1ukM4GlMWXNdMBuXcXfz/Kw9s1qm0CLY32QxuSImI=
 github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4/go.mod h1:N6UoU20jOqggOuDwUaBQpluzLNDqif3kq9z2wpdYEfQ=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
@@ -180,8 +198,10 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
@@ -200,6 +220,7 @@ golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220511200225-c6db032c6c88 h1:Tgea0cVUD0ivh5ADBX4WwuI12DUd2to3nCYe2eayMIw=
 golang.org/x/crypto v0.0.0-20220511200225-c6db032c6c88/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -266,6 +287,7 @@ golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwY
 golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4 h1:HVyaeDAYux4pnY+D/SiwmLOR36ewZ4iGQIIrtnuCjFA=
 golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -320,6 +342,7 @@ golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e h1:fLOSk5Q00efkSvAm+4xcoXD+RRmLmmulPn5I3Y9F2EM=
@@ -331,6 +354,7 @@ golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=

diff --git a/examples/secrets/inventory/secrets/targets/azure_keyvault/rsa b/examples/secrets/inventory/secrets/targets/azure_keyvault/rsa
@@ -0,0 +1,2 @@
+data: NDfoqlxuE9vhOKz9x+lzz95jic0GMwYX+ADgast8kFvi7+Hut/LP42LTQUoAziY+UeW7SsNF1rhUQGoiXOS1zzB4iv2h7CONdvhyW32eXJ6z+glZpz69ebbDupe2Yw4SvdBGWHzX1pPJKyxaXjXdUl2zTt3e9bpI7WG7YYb8FRxoH5pMaJFJY9BAeJBqjlHpB2Pag+sC73Q3iWgXzhzH+EnIGnDtZoEvairddzOVxBJzMe1XIJ6+/QqbhebsaP51u/nljU+BWC8qCRcTcHVCtgi5oUg1dnCOqJvK3J5TraZkkNFTllnR2SEaLcydZlEbrPOqYbo/xU7tSenOGC5BhfbLoKffftZb961h89zJh8iext2sdz6rG6EuY9/OuVuLQx+s2uU3VkcwG5hZO501JRvUpdvFPZYxp033Zt0KvugQVC/vL5s/r34GcrddLBIpugovh9be62IdhFK5AQdop8V+9uGGY51U0sucH9ZlAxRmzjxcOMh/KlSMu2nA583bmG6Mz6WoULOju3Qd3ixndLjoyZnYTDTqoNPDoKqlfa/bz4xhxMBY8XdpwAhFIXMhQlqv8aI87DdpBF8oBhacxRQVfegE/6azMWZ0uGxhzEoTrhA4SEFtb7lKvsVYUPd4TuHYV64bzrhbX24iScQGOT6B+Q4m6+W3YeQiMsuRJ0g
+type: azurekv
diff --git a/examples/secrets/inventory/targets/azure_keyvault.yaml b/examples/secrets/inventory/targets/azure_keyvault.yaml
@@ -18,12 +18,10 @@ target:
       drivers:
         azurekv: 
           ignore_version: true
-          key_id: "https://kv-dev-infra-platform.vault.azure.net/keys/dev-infra-secrets-key/6e0360a098eb4808af5ec1f970d399c0"
+          key_id: "https://kv-markhub-sandbox-lukas.vault.azure.net/keys/sandbox-lukas-secrets-key/e1dd7010c47247da8b57782cbb8c4668"
 
   secrets:
-    test1: ?{azurekv:targets/${target_name}/test1||randomstring:32}
-    test2: ?{azurekv:targets/${target_name}/test2||randomstring:64}
-    test3: ?{azurekv:targets/${target_name}/test2}
+    rsa: ?{azurekv:targets/${target_name}/rsa}
 
   test: ${target_name}
   alphaNum: "%{loweralpha:${azure:common:foo:bar}}"

diff --git a/examples/secrets/main.go b/examples/secrets/main.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"bytes"
 	"log"
 	"path"
 
@@ -27,7 +28,7 @@ func main() {
 	}
 
 	// Process the inventory, given the target name
-	data, err := inventory.Data(target, nil, false)
+	data, err := inventory.Data(target, nil, true)
 	if err != nil {
 		panic(err)
 	}
@@ -53,6 +54,18 @@ func main() {
 		panic(err)
 	}
 
+	driver, err := skipper.SecretDriverFactory("azurekv")
+	if err != nil {
+		log.Fatalf("cannot get secret driver %q: %w", "azurekv", err)
+	}
+
+	source := bytes.NewBuffer([]byte("Hallo Welt, das hab ich ganz alleine verschlüsselt"))
+	sink := bytes.NewBuffer([]byte{})
+	err = driver.(skipper.SecretFileEncrypter).EncryptFile(source, sink)
+	if err != nil {
+		panic(err)
+	}
+
 	// execute templates  ----------------------------------------------------------------------------------
 	err = templater.ExecuteComponents(templateData, skipperConfig.Components, false)
 	if err != nil {

diff --git a/examples/secrets/templates/AzureReadme.md b/examples/secrets/templates/AzureReadme.md
@@ -1,2 +1,3 @@
 # Azure KeyVault
+{{ .Inventory | toPrettyJson }}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		data: NDfoqlxuE9vhOKz9x+lzz95jic0GMwYX+ADgast8kFvi7+Hut/LP42LTQUoAziY+UeW7SsNF1rhUQGoiXOS1zzB4iv2h7CONdvhyW32eXJ6z+glZpz69ebbDupe2Yw4SvdBGWHzX1pPJKyxaXjXdUl2zTt3e9bpI7WG7YYb8FRxoH5pMaJFJY9BAeJBqjlHpB2Pag+sC73Q3iWgXzhzH+EnIGnDtZoEvairddzOVxBJzMe1XIJ6+/QqbhebsaP51u/nljU+BWC8qCRcTcHVCtgi5oUg1dnCOqJvK3J5TraZkkNFTllnR2SEaLcydZlEbrPOqYbo/xU7tSenOGC5BhfbLoKffftZb961h89zJh8iext2sdz6rG6EuY9/OuVuLQx+s2uU3VkcwG5hZO501JRvUpdvFPZYxp033Zt0KvugQVC/vL5s/r34GcrddLBIpugovh9be62IdhFK5AQdop8V+9uGGY51U0sucH9ZlAxRmzjxcOMh/KlSMu2nA583bmG6Mz6WoULOju3Qd3ixndLjoyZnYTDTqoNPDoKqlfa/bz4xhxMBY8XdpwAhFIXMhQlqv8aI87DdpBF8oBhacxRQVfegE/6azMWZ0uGxhzEoTrhA4SEFtb7lKvsVYUPd4TuHYV64bzrhbX24iScQGOT6B+Q4m6+W3YeQiMsuRJ0g
		type: azurekv
Original file line number	Diff line number	Diff line change
		@@ -1,2 +1,3 @@
		# Azure KeyVault
		{{ .Inventory \| toPrettyJson }}