Add other Credentials support for Azure store

[sam-ayo]

This PR includes support for using other azure credentials like DefaultAzureCredential instead of using the storage account key which like any key comes with it's security risks

[changeset-bot]

⚠️ No Changeset found

Latest commit: 6692159

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

AzureStore now accepts either an accountKey or a TokenCredential (accountKey made optional); BlobServiceClient is created with the resolved credential. Added @azure/core-auth. Tests updated to cover TokenCredential acceptance and constructor validation. Root package.json only had a trailing newline change.

Changes

Cohort / File(s)	Summary
Azure store package manifest packages/azure-store/package.json	Added dependency @azure/core-auth (^1.9.0) and restored trailing newline.
Azure store implementation packages/azure-store/src/index.ts	Options updated: accountKey -> optional, added credential?: TokenCredential. Validation now requires either accountKey or credential. Resolve credential to provided TokenCredential or to StorageSharedKeyCredential and instantiate BlobServiceClient with that credential.
Azure store tests packages/azure-store/src/test/index.ts	Reorganized tests into a nested describe; added imports (assert, TokenCredential). Added constructor tests: accepts TokenCredential, throws when neither credential nor accountKey provided, and validates missing account/containerName. Moved setup into inner scope; some tests commented out.
Root package manifest package.json	Whitespace-only change: restored trailing newline; no semantic or dependency changes.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately reflects the main change: adding support for other Azure credentials (TokenCredential types) as an alternative to account keys for AzureStore authentication.
Description check	✅ Passed	The description is directly related to the changeset, explaining the motivation for adding credential support as a more secure alternative to storage account keys.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Merge Conflict Detection	✅ Passed	✅ No merge conflicts detected when merging into main

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@package.json`:
- Around line 3-7: The root package.json currently contains the `@tus/azure-store`
package manifest ("name", "version", "description", "main", "exports"); replace
it with the monorepo root manifest by restoring "private": true and
"workspaces": ["packages/*", "test"] and any other root-level fields from prior
commits, and move the package-specific fields ("name": "@tus/azure-store",
"version": "2.0.0", "description", "main", "exports") into the package manifest
for the azure-store package (packages/azure-store package.json). Ensure the root
package.json does not declare a package "name" or version for a single package
and that workspaces are present to restore the monorepo structure.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​azure/​core-auth@​1.7.2 ⏵ 1.10.1	+1		+1

View full report

[Murderlon]

We dont' need this redundant wrapping of describe's

[Murderlon]

Do we really need a new dep just for this type? Would be great if this is not needed.

[sam-ayo]

I agree in general to not need to add a new dependency only to get a type, but I believe it's necessary in this case to show that a user could use other credential authentication to connect to the storage account.

[Murderlon]

If it's one or the other you should make this a discriminated union

[Murderlon]

Taking a step back, it would be great if people can just pass their own credentials thing and we don't need to manually wrap every option. Not sure if that makes sense, haven't looked into it enough.

[sam-ayo]

Taking a step back, it would be great if people can just pass their own credentials thing and we don't need to manually wrap every option. Not sure if that makes sense, haven't looked into it enough.

Could you expatiate on what you mean? Not sure I understand