/// <summary>
/// Adds an <see cref="IConfigurationProvider"/> that reads configuration values from the Azure KeyVault.
/// </summary>
/// <param name="configurationBuilder">The <see cref="IConfigurationBuilder"/> to add to.</param>
/// <param name="vault">Azure KeyVault uri.</param>
/// <param name="client">The <see cref="KeyVaultClient"/> to use for retrieving values.</param>
/// <param name="manager">The <see cref="IKeyVaultSecretManager"/> instance used to control secret loading.</param>
/// <returns>The <see cref="IConfigurationBuilder"/>.</returns>
public static IConfigurationBuilder AddAzureKeyVault(
this IConfigurationBuilder configurationBuilder,
string vault,
KeyVaultClient client,
IKeyVaultSecretManager manager)
{
if (configurationBuilder == null)
{
throw new ArgumentNullException(nameof(configurationBuilder));
}
if (client == null)
{
throw new ArgumentNullException(nameof(client));
}
if (vault == null)
{
throw new ArgumentNullException(nameof(vault));
}
if (manager == null)
{
throw new ArgumentNullException(nameof(manager));
}
configurationBuilder.Add(new AzureKeyVaultConfigurationSource()
{
Client = client,
Vault = vault,
Manager = manager
});
return(configurationBuilder);
}
/// <summary>
/// Adds an <see cref="IConfigurationProvider"/> that reads configuration values from the Azure KeyVault.
/// </summary>
/// <param name="configurationBuilder">The <see cref="IConfigurationBuilder"/> to add to.</param>
/// <param name="vaultUri">Azure Key Vault uri.</param>
/// <param name="manager">The <see cref="IKeyVaultSecretManager"/> instance used to control secret loading.</param>
/// <returns>The <see cref="IConfigurationBuilder"/>.</returns>
public static IConfigurationBuilder AddAzureKeyVault(
this IConfigurationBuilder configurationBuilder,
Uri vaultUri,
IKeyVaultSecretManager manager)
{
return(AddAzureKeyVault(configurationBuilder, vaultUri, new DefaultAzureCredential(), manager));
}
public TokenService(IOptionsMonitor <KeyVaultSettings> keyVaultSettings,
IOptionsMonitor <BearerSecurityKey> bearerSecurityKey,
IKeyVaultSecretManager keyVaultSecretManager)
{
_keyVaultSecretManager = keyVaultSecretManager;
_keyVaultSettings = keyVaultSettings.CurrentValue;
_bearerSecurityKey = bearerSecurityKey.CurrentValue;
}
/// <summary>
/// Adds an <see cref="IConfigurationProvider"/> that reads configuration values from the Azure KeyVault.
/// </summary>
/// <param name="configurationBuilder">The <see cref="IConfigurationBuilder"/> to add to.</param>
/// <param name="vault">Azure KeyVault uri.</param>
/// <param name="manager">The <see cref="IKeyVaultSecretManager"/> instance used to control secret loading.</param>
/// <returns>The <see cref="IConfigurationBuilder"/>.</returns>
public static IConfigurationBuilder AddAzureKeyVault(
this IConfigurationBuilder configurationBuilder,
string vault,
IKeyVaultSecretManager manager)
{
return(AddAzureKeyVault(configurationBuilder, new AzureKeyVaultConfigurationOptions(vault)
{
Manager = manager
}));
}
/// <summary>
/// Adds an <see cref="IConfigurationProvider"/> that reads configuration values from the Azure KeyVault.
/// </summary>
/// <param name="configurationBuilder">The <see cref="IConfigurationBuilder"/> to add to.</param>
/// <param name="client">The <see cref="SecretClient"/> to use for retrieving values.</param>
/// <param name="manager">The <see cref="IKeyVaultSecretManager"/> instance used to control secret loading.</param>
/// <returns>The <see cref="IConfigurationBuilder"/>.</returns>
public static IConfigurationBuilder AddAzureKeyVault(
this IConfigurationBuilder configurationBuilder,
SecretClient client,
IKeyVaultSecretManager manager)
{
return(configurationBuilder.Add(new AzureKeyVaultConfigurationSource(new AzureKeyVaultConfigurationOptions()
{
Client = client,
Manager = manager
})));
}
/// <summary>
/// Adds an <see cref="IConfigurationProvider"/> that reads configuration values from the Azure KeyVault.
/// </summary>
/// <param name="configurationBuilder">The <see cref="IConfigurationBuilder"/> to add to.</param>
/// <param name="vaultUri">Azure Key Vault uri.</param>
/// <param name="credential">The credential to to use for authentication.</param>
/// <param name="manager">The <see cref="IKeyVaultSecretManager"/> instance used to control secret loading.</param>
/// <returns>The <see cref="IConfigurationBuilder"/>.</returns>
public static IConfigurationBuilder AddAzureKeyVault(
this IConfigurationBuilder configurationBuilder,
Uri vaultUri,
TokenCredential credential,
IKeyVaultSecretManager manager)
{
return(AddAzureKeyVault(configurationBuilder, new AzureKeyVaultConfigurationOptions(vaultUri, credential)
{
Manager = manager
}));
}
/// <summary>
/// Adds an <see cref="IConfigurationProvider"/> that reads configuration values from the Azure KeyVault.
/// </summary>
/// <param name="configurationBuilder">The <see cref="IConfigurationBuilder"/> to add to.</param>
/// <param name="vault">Azure KeyVault uri.</param>
/// <param name="manager">The <see cref="IKeyVaultSecretManager"/> instance used to control secret loading.</param>
/// <returns>The <see cref="IConfigurationBuilder"/>.</returns>
public static IConfigurationBuilder AddAzureKeyVault(
this IConfigurationBuilder configurationBuilder,
string vault,
IKeyVaultSecretManager manager)
{
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var authenticationCallback = new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback);
var keyVaultClient = new KeyVaultClient(authenticationCallback);
return(AddAzureKeyVault(configurationBuilder, vault, keyVaultClient, manager));
}
/// <summary>
/// Adds an <see cref="IConfigurationProvider"/> that reads configuration values from the Azure KeyVault.
/// </summary>
/// <param name="configurationBuilder">The <see cref="IConfigurationBuilder"/> to add to.</param>
/// <param name="vault">Azure KeyVault uri.</param>
/// <param name="clientId">The application client id.</param>
/// <param name="certificate">The <see cref="X509Certificate2"/> to use for authentication.</param>
/// <param name="manager">The <see cref="IKeyVaultSecretManager"/> instance used to control secret loading.</param>
/// <returns>The <see cref="IConfigurationBuilder"/>.</returns>
public static IConfigurationBuilder AddAzureKeyVault(
this IConfigurationBuilder configurationBuilder,
string vault,
string clientId,
X509Certificate2 certificate,
IKeyVaultSecretManager manager)
{
return(AddAzureKeyVault(configurationBuilder, new AzureKeyVaultConfigurationOptions(vault, clientId, certificate)
{
Manager = manager
}));
}
/// <summary>
/// Creates a new instance of <see cref="AzureKeyVaultConfigurationProvider"/>.
/// </summary>
/// <param name="client">The <see cref="KeyVaultClient"/> to use for retrieving values.</param>
/// <param name="vault">Azure KeyVault uri.</param>
/// <param name="manager">The <see cref="IKeyVaultSecretManager"/> to use in managing values.</param>
/// <param name="reloadInterval">The timespan to wait in between each attempt at polling the Azure KeyVault for changes. Default is null which indicates no reloading.</param>
public AzureKeyVaultConfigurationProvider(IKeyVaultClient client, string vault, IKeyVaultSecretManager manager, TimeSpan?reloadInterval = null)
{
_client = client ?? throw new ArgumentNullException(nameof(client));
_vault = vault ?? throw new ArgumentNullException(nameof(vault));
_manager = manager ?? throw new ArgumentNullException(nameof(manager));
if (reloadInterval != null && reloadInterval.Value <= TimeSpan.Zero)
{
throw new ArgumentOutOfRangeException(nameof(reloadInterval), reloadInterval, nameof(reloadInterval) + " must be positive.");
}
_pollingTask = null;
_cancellationToken = new CancellationTokenSource();
_reloadInterval = reloadInterval;
}
/// <summary>
/// Creates a new instance of <see cref="AzureKeyVaultConfigurationProvider"/>.
/// </summary>
/// <param name="client">The <see cref="KeyVaultClient"/> to use for retrieving values.</param>
/// <param name="vault">Azure KeyVault uri.</param>
/// <param name="manager"></param>
public AzureKeyVaultConfigurationProvider(IKeyVaultClient client, string vault, IKeyVaultSecretManager manager)
{
if (client == null)
{
throw new ArgumentNullException(nameof(client));
}
if (vault == null)
{
throw new ArgumentNullException(nameof(vault));
}
_client = client;
_vault = vault;
_manager = manager;
}
/// <summary>
/// Adds an <see cref="IConfigurationProvider"/> that reads configuration values from the Azure KeyVault.
/// </summary>
/// <param name="configurationBuilder">The <see cref="IConfigurationBuilder"/> to add to.</param>
/// <param name="vault">The Azure KeyVault uri.</param>
/// <param name="clientId">The application client id.</param>
/// <param name="clientSecret">The client secret to use for authentication.</param>
/// <param name="manager">The <see cref="IKeyVaultSecretManager"/> instance used to control secret loading.</param>
/// <returns>The <see cref="IConfigurationBuilder"/>.</returns>
public static IConfigurationBuilder AddAzureKeyVault(
this IConfigurationBuilder configurationBuilder,
string vault,
string clientId,
string clientSecret,
IKeyVaultSecretManager manager)
{
if (clientId == null)
{
throw new ArgumentNullException(nameof(clientId));
}
if (clientSecret == null)
{
throw new ArgumentNullException(nameof(clientSecret));
}
KeyVaultClient.AuthenticationCallback callback =
(authority, resource, scope) => GetTokenFromClientSecret(authority, resource, clientId, clientSecret);
return(configurationBuilder.AddAzureKeyVault(vault, new KeyVaultClient(callback), manager));
}