Issue: Incompatibility with Private Endpoints due to Data Plane API Usage #402
Description
In the current version of the SDK, specifically in the file client.go, the Key Vault secrets management operations are performed using the Data Plane API. This approach is problematic in scenarios where Azure Key Vault is configured with private endpoints, as it does not correctly handle requests routed through private endpoints.
Summary of the Problem:
The SDK's implementation for managing Key Vault secrets is based on the Data Plane API.
This method may not function correctly in environments where Key Vault is accessed via private endpoints, as it doesn't fully integrate with the expected routing and access control in such setups.
Proposed Solution: To address this issue and ensure compatibility with private endpoints, it is recommended to update the SDK to use the Azure Key Vault Management API instead of the Data Plane API. The Management API is designed to handle resource management tasks and should work correctly with private endpoint configurations.
Details:
The Data Plane API is used for interacting with Key Vault secrets directly (e.g., retrieving secrets), but this approach does not support private endpoint scenarios effectively.
The Management API provides a more appropriate solution for managing Key Vault resources in a private endpoint setup.
References:
Azure Key Vault Management API Documentation: Azure Key Vault Management API
Example of Management API usage: Management API Example
Impact: Using the Data Plane API in private endpoint scenarios could result in connectivity issues and lack of access to Key Vault secrets, leading to failures in applications relying on this SDK for Key Vault operations.
Request: Please consider updating the SDK to support the Azure Key Vault Management API to ensure proper functionality in private endpoint scenarios.