public static void AddCustomDataProtection(this IServiceCollection services, IConfiguration configuration, string discriminator)
{
var connectionString = new AzureKeyVaultConnectionStringBuilder(configuration.GetConnectionString("AzureKeyVault"));
services.AddDataProtection(options => options.ApplicationDiscriminator = discriminator)
.PersistKeysToRedis(RedisConnectionMultiplexer.Connect(configuration.GetConnectionString("Redis")), "DataProtection-Keys")
.ProtectKeysWithAzureKeyVault(
$"https://{connectionString.Name}.vault.azure.net/keys/dataprotection/",
connectionString.ClientId,
connectionString.ClientSecret);
}
public static IHealthChecksBuilder AddCustomAzureKeyVault(this IHealthChecksBuilder builder, IConfiguration configuration)
{
var connectionString = new AzureKeyVaultConnectionStringBuilder(configuration.GetAzureKeyVaultConnectionString());
return(builder.AddAzureKeyVault(
options =>
{
options.UseKeyVaultUrl($"https://{connectionString.Name}.vault.azure.net");
options.UseClientSecrets(connectionString.ClientId, connectionString.ClientSecret);
}));
}
public static IWebHostBuilder UseCustomAzureKeyVault(this IWebHostBuilder hostBuilder)
{
return(hostBuilder.ConfigureAppConfiguration(
(context, builder) =>
{
context.Configuration = builder.Build();
var connectionString = new AzureKeyVaultConnectionStringBuilder(context.Configuration.GetConnectionString("AzureKeyVault"));
builder.AddAzureKeyVault($"https://{connectionString.Name}.vault.azure.net", connectionString.ClientId, connectionString.ClientSecret);
}));
}
