[Feature] [Config] Add Azure Key Vault ConfigShade support

seatunnel-core/seatunnel-core-starter/pom.xml

@@ -20,6 +20,7 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
+
     <parent>
         <groupId>org.apache.seatunnel</groupId>
         <artifactId>seatunnel-core</artifactId>
@@ -31,7 +32,6 @@
     <name>SeaTunnel : Core : Core Starter</name>
 
     <dependencies>
-
         <dependency>
             <groupId>org.apache.seatunnel</groupId>
             <artifactId>seatunnel-api</artifactId>
@@ -67,5 +67,16 @@
             <scope>test</scope>
         </dependency>
 
+        <dependency>
+            <groupId>com.azure</groupId>
+            <artifactId>azure-security-keyvault-secrets</artifactId>
+            <version>4.8.0</version>
+        </dependency>
+
+        <dependency>
+            <groupId>com.azure</groupId>
+            <artifactId>azure-identity</artifactId>
+            <version>1.13.0</version>
+        </dependency>
     </dependencies>
 </project>

seatunnel-core/seatunnel-core-starter/src/main/java/org/apache/seatunnel/core/starter/utils/AzureKeyVaultConfigShade.java

@@ -0,0 +1,62 @@
+package org.apache.seatunnel.core.starter.utils;
+
+import org.apache.seatunnel.api.configuration.ConfigShade;
+
+import com.azure.identity.DefaultAzureCredentialBuilder;
+import com.azure.security.keyvault.secrets.SecretClient;
+import com.azure.security.keyvault.secrets.SecretClientBuilder;
+
+import java.util.Map;
+
+public class AzureKeyVaultConfigShade implements ConfigShade {
+
+    private static final String IDENTIFIER = "azure-kv";
+
+    private SecretClient secretClient;
+
+    @Override
+    public void open(Map<String, Object> props) {
+        Object vaultUrl = props.get("vault.url");
+
+        if (vaultUrl == null || vaultUrl.toString().trim().isEmpty()) {
+            throw new IllegalArgumentException("Missing vault.url");
+        }
+
+        this.secretClient =
+                new SecretClientBuilder()
+                        .vaultUrl(vaultUrl.toString())
+                        .credential(new DefaultAzureCredentialBuilder().build())
+                        .buildClient();
+    }
+
+    @Override
+    public String getIdentifier() {
+        return IDENTIFIER;
+    }
+
+    @Override
+    public String encrypt(String content) {
+        return content;
+    }
+
+    @Override
+    public String decrypt(String content) {
+        if (content == null) {
+            return null;
+        }
+
+        if (content.startsWith("${keyvault:azure:") && content.endsWith("}")) {
+            String secretName = content.replace("${keyvault:azure:", "").replace("}", "");
+
+            int slashIndex = secretName.lastIndexOf("/");
+
+            if (slashIndex >= 0) {
+                secretName = secretName.substring(slashIndex + 1);
+            }
+
+            return secretClient.getSecret(secretName).getValue();
+        }
+
+        return content;
+    }
+}

seatunnel-core/seatunnel-core-starter/src/main/resources/META-INF/services/org.apache.seatunnel.api.configuration.ConfigShade

@@ -13,4 +13,5 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-org.apache.seatunnel.core.starter.utils.ConfigShadeUtils$Base64ConfigShade
+org.apache.seatunnel.core.starter.utils.ConfigShadeUtils$Base64ConfigShade
+org.apache.seatunnel.core.starter.utils.AzureKeyVaultConfigShade