/// <summary>
/// The action performed before sending a message to Service Bus. This method will load the KeyVault key and encrypt messages.
/// </summary>
/// <param name="message">The <see cref="Message"/> to be encrypted.</param>
/// <returns>The encrypted <see cref="Message"/>.</returns>
public override async Task <Message> BeforeMessageSend(Message message)
{
try
{
// Skip encryption if message properties are already set
if (message.UserProperties.ContainsKey(KeyVaultMessageHeaders.InitializationVectorPropertyName) ||
message.UserProperties.ContainsKey(KeyVaultMessageHeaders.KeyNamePropertyName) ||
message.UserProperties.ContainsKey(KeyVaultMessageHeaders.KeyVersionPropertyName))
{
return(message);
}
var secret = await secretManager.GetHashedSecret(secretName, secretVersion);
message.UserProperties.Add(KeyVaultMessageHeaders.InitializationVectorPropertyName, base64InitializationVector);
message.UserProperties.Add(KeyVaultMessageHeaders.KeyNamePropertyName, secretName);
message.UserProperties.Add(KeyVaultMessageHeaders.KeyVersionPropertyName, secretVersion);
message.Body = await KeyVaultPlugin.Encrypt(message.Body, secret, this.initializationVector);
return(message);
}
catch (Exception ex)
{
throw new KeyVaultPluginException(Resources.BeforeMessageSendException, ex);
}
}