public ISecretReader CreateSecretReader(IGalleryConfigurationService configurationService) { if (configurationService == null) { throw new ArgumentNullException(nameof(configurationService)); } ISecretReader secretReader; var vaultName = configurationService.ReadSetting( string.Format(CultureInfo.InvariantCulture, "{0}{1}", KeyVaultConfigurationPrefix, VaultNameConfigurationKey)).Result; if (!string.IsNullOrEmpty(vaultName)) { var clientId = configurationService.ReadSetting( string.Format(CultureInfo.InvariantCulture, "{0}{1}", KeyVaultConfigurationPrefix, ClientIdConfigurationKey)).Result; var certificateThumbprint = configurationService.ReadSetting( string.Format(CultureInfo.InvariantCulture, "{0}{1}", KeyVaultConfigurationPrefix, CertificateThumbprintConfigurationKey)).Result; var keyVaultConfiguration = new KeyVaultConfiguration(vaultName, clientId, certificateThumbprint, validateCertificate: true); secretReader = new KeyVaultReader(keyVaultConfiguration); } else { secretReader = new EmptySecretReader(); } return new CachingSecretReader(secretReader, _diagnosticsService); }
public ISecretReader CreateSecretReader() { ISecretReader secretReader; var vaultName = _configurationService.ReadRawSetting(ResolveKeyVaultSettingName(VaultNameConfigurationKey)); if (!string.IsNullOrEmpty(vaultName)) { var clientId = _configurationService.ReadRawSetting(ResolveKeyVaultSettingName(ClientIdConfigurationKey)); var certificateThumbprint = _configurationService.ReadRawSetting(ResolveKeyVaultSettingName(CertificateThumbprintConfigurationKey)); var storeName = GetOptionalKeyVaultEnumSettingValue(CertificateStoreName, StoreName.My); var storeLocation = GetOptionalKeyVaultEnumSettingValue(CertificateStoreLocation, StoreLocation.LocalMachine); var certificate = CertificateUtility.FindCertificateByThumbprint(storeName, storeLocation, certificateThumbprint, validationRequired: true); var keyVaultConfiguration = new KeyVaultConfiguration(vaultName, clientId, certificate); secretReader = new KeyVaultReader(keyVaultConfiguration); } else { secretReader = new EmptySecretReader(); } return(new CachingSecretReader(secretReader)); }
public async Task <ActionResult> About() { var dbUserName = "******"; var dbPassword = "******"; var secrets = await KeyVaultReader.ReadSecrets(new string[] { dbUserName, dbPassword }); var dbUserNameValue = secrets[dbUserName]; var dbPasswordValue = secrets[dbPassword]; ViewBag.Message = $"Credential information"; ViewBag.UserName = $"{dbUserNameValue}"; ViewBag.Password = $"{dbPasswordValue}"; // Modify credential of ConnectionString var connString = ConfigurationManager.ConnectionStrings["DbConnectionString"].ConnectionString; var conn = new SqlConnection(connString); var securePassword = new SecureString(); foreach (char character in dbPasswordValue) { securePassword.AppendChar(character); } securePassword.MakeReadOnly(); conn.Credential = new SqlCredential(dbUserNameValue, securePassword); return(View()); }
public ISecretReader CreateSecretReader(IGalleryConfigurationService configurationService) { if (configurationService == null) { throw new ArgumentNullException(nameof(configurationService)); } ISecretReader secretReader; var vaultName = configurationService.ReadSetting( string.Format(CultureInfo.InvariantCulture, "{0}{1}", KeyVaultConfigurationPrefix, VaultNameConfigurationKey)).Result; if (!string.IsNullOrEmpty(vaultName)) { var clientId = configurationService.ReadSetting( string.Format(CultureInfo.InvariantCulture, "{0}{1}", KeyVaultConfigurationPrefix, ClientIdConfigurationKey)).Result; var certificateThumbprint = configurationService.ReadSetting( string.Format(CultureInfo.InvariantCulture, "{0}{1}", KeyVaultConfigurationPrefix, CertificateThumbprintConfigurationKey)).Result; var keyVaultConfiguration = new KeyVaultConfiguration(vaultName, clientId, certificateThumbprint, validateCertificate: true); secretReader = new KeyVaultReader(keyVaultConfiguration); } else { secretReader = new EmptySecretReader(); } return(new CachingSecretReader(secretReader, _diagnosticsService)); }
public ISecretReader CreateSecretReader(IConfiguration configuration) { if (configuration == null) { throw new ArgumentNullException(nameof(configuration)); } var vaultName = configuration.Get(VaultNameKey); ISecretReader secretReader; // Is key vault configured? if (string.IsNullOrEmpty(vaultName)) { secretReader = new EmptySecretReader(); } else { var clientId = configuration.Get(ClientIdKey); var certificateThumbprint = configuration.Get(CertificateThumbprintKey); // KeyVault is configured, but not all data is provided. Fail. if (string.IsNullOrEmpty(clientId) || string.IsNullOrEmpty(certificateThumbprint)) { throw new ArgumentException("Not all KeyVault configuration provided. " + $"Parameter: {VaultNameKey} Value: {VaultNameKey}, " + $"Parameter: {ClientIdKey} Value: {ClientIdKey}, " + $"Parameter: {CertificateThumbprintKey} Value: {certificateThumbprint}"); } secretReader = new KeyVaultReader(new KeyVaultConfiguration(vaultName, clientId, certificateThumbprint, validateCertificate: true)); } return secretReader; }
public ISecretReader CreateSecretReader() { ISecretReader secretReader; var vaultName = _configurationService.ReadRawSetting(ResolveKeyVaultSettingName(VaultNameConfigurationKey)); if (!string.IsNullOrEmpty(vaultName)) { var useManagedIdentity = GetOptionalKeyVaultBoolSettingValue(UseManagedIdentityConfigurationKey, defaultValue: false); KeyVaultConfiguration keyVaultConfiguration; if (useManagedIdentity) { keyVaultConfiguration = new KeyVaultConfiguration(vaultName); } else { var clientId = _configurationService.ReadRawSetting(ResolveKeyVaultSettingName(ClientIdConfigurationKey)); var certificateThumbprint = _configurationService.ReadRawSetting(ResolveKeyVaultSettingName(CertificateThumbprintConfigurationKey)); var storeName = GetOptionalKeyVaultEnumSettingValue(CertificateStoreName, StoreName.My); var storeLocation = GetOptionalKeyVaultEnumSettingValue(CertificateStoreLocation, StoreLocation.LocalMachine); var certificate = CertificateUtility.FindCertificateByThumbprint(storeName, storeLocation, certificateThumbprint, validationRequired: true); keyVaultConfiguration = new KeyVaultConfiguration(vaultName, clientId, certificate); } secretReader = new KeyVaultReader(keyVaultConfiguration); } else { secretReader = new EmptySecretReader(); } return(new CachingSecretReader(secretReader, refreshIntervalSec: SecretCachingRefreshInterval)); }
public ISecretReader CreateSecretReader(IConfigurationService configurationService) { var vaultName = configurationService.Get(VaultNameKey).Result; ISecretReader secretReader; // Is key vault configured? if (string.IsNullOrEmpty(vaultName)) { secretReader = new EmptySecretReader(); } else { var clientId = configurationService.Get(ClientIdKey).Result; var certificateThumbprint = configurationService.Get(CertificateThumbprintKey).Result; var storeLocation = (StoreLocation)Enum.Parse(typeof(StoreLocation), configurationService.Get(StoreLocationKey).Result); var storeName = (StoreName)Enum.Parse(typeof(StoreName), configurationService.Get(StoreNameKey).Result); var validateCertificate = bool.Parse(configurationService.Get(ValidateCertificateKey).Result); var certificate = CertificateUtility.FindCertificateByThumbprint(storeName, storeLocation, certificateThumbprint, validateCertificate); secretReader = new KeyVaultReader( new KeyVaultConfiguration( vaultName, clientId, certificate)); } return(secretReader); }
public async Task AddReportDataAsync(AbstractReport reportData) { var secret = await KeyVaultReader.FetchSecret( MailConfiguration.KeyVaultName, MailConfiguration.SecretName, MailConfiguration.RetryCount, _logger); reportData.SmtpConfiguration = new SmtpConfiguration() { EnableSSL = true, SmtpHost = MailConfiguration.SmtpHost, UserName = MailConfiguration.MailSenderAddress, Password = secret.Value }; }
public ISecretReader CreateSecretReader() { ISecretReader secretReader; // Is KeyVault configured? if (!_configurationDictionary.TryGetValue(VaultNameKey, out var vaultName) || string.IsNullOrEmpty(vaultName)) { secretReader = new EmptySecretReader(); } else { KeyVaultConfiguration keyVaultConfiguration; if (_configurationDictionary.TryGetValue(UseManagedIdentityKey, out var useManagedIdentityStr) && bool.TryParse(useManagedIdentityStr, out var useManagedIdentity) && useManagedIdentity) { keyVaultConfiguration = new KeyVaultConfiguration(vaultName); } else { var clientId = _configurationDictionary[ClientIdKey]; var certificateThumbprint = _configurationDictionary[CertificateThumbprintKey]; var storeLocation = _configurationDictionary[StoreLocationKey]; var storeName = _configurationDictionary[StoreNameKey]; var validateCertificate = _configurationDictionary[ValidateCertificateKey]; var certificate = CertificateUtility.FindCertificateByThumbprint( (StoreName)Enum.Parse(typeof(StoreName), storeName), (StoreLocation)Enum.Parse(typeof(StoreLocation), storeLocation), certificateThumbprint, bool.Parse(validateCertificate)); keyVaultConfiguration = new KeyVaultConfiguration(vaultName, clientId, certificate); } if (!_configurationDictionary.TryGetValue(CacheRefreshIntervalKey, out var cacheRefresh) || !int.TryParse(cacheRefresh, out int refreshIntervalSec)) { refreshIntervalSec = CachingSecretReader.DefaultRefreshIntervalSec; } secretReader = new KeyVaultReader(keyVaultConfiguration); secretReader = new CachingSecretReader(secretReader, refreshIntervalSec); } return(secretReader); }
private async Task <ISecretReader> CreateSecretReaderAsync() { var config = await new ConfigurationFactory( new EnvironmentSettingsConfigurationProvider(CreateSecretInjector(new EmptySecretReader()))) .Get <BasicSearchConfiguration>(); if (config == null) { throw new ArgumentNullException(nameof(config)); } ISecretReader secretReader; // Is KeyVault configured? if (string.IsNullOrEmpty(config.VaultName)) { secretReader = new EmptySecretReader(); } else { // KeyVault is configured, but not all data is provided. Fail. if (string.IsNullOrEmpty(config.ClientId) || string.IsNullOrEmpty(config.CertificateThumbprint)) { throw new ArgumentException("Not all KeyVault configuration provided. " + $"Parameter: {nameof(BasicSearchConfiguration.VaultName)} Value: {config.VaultName}, " + $"Parameter: {nameof(BasicSearchConfiguration.ClientId)} Value: {config.ClientId}, " + $"Parameter: {nameof(BasicSearchConfiguration.CertificateThumbprint)} Value: {config.CertificateThumbprint}, " + $"Parameter: {nameof(BasicSearchConfiguration.StoreName)} Value: {config.StoreName}, " + $"Parameter: {nameof(BasicSearchConfiguration.StoreLocation)} Value: {config.StoreLocation}, " + $"Parameter: {nameof(BasicSearchConfiguration.ValidateCertificate)} Value: {config.ValidateCertificate}"); } var keyVaultCertificate = CertificateUtility.FindCertificateByThumbprint( config.StoreName, config.StoreLocation, config.CertificateThumbprint, config.ValidateCertificate); secretReader = new KeyVaultReader(new KeyVaultConfiguration(config.VaultName, config.ClientId, keyVaultCertificate)); } return(secretReader); }
public ISecretReader CreateSecretReader() { ISecretReader secretReader; var vaultName = _configurationService.ReadRawSetting(ResolveKeyVaultSettingName(VaultNameConfigurationKey)); if (!string.IsNullOrEmpty(vaultName)) { var clientId = _configurationService.ReadRawSetting(ResolveKeyVaultSettingName(ClientIdConfigurationKey)); var certificateThumbprint = _configurationService.ReadRawSetting(ResolveKeyVaultSettingName(CertificateThumbprintConfigurationKey)); var certificate = CertificateUtility.FindCertificateByThumbprint(StoreName.My, StoreLocation.LocalMachine, certificateThumbprint, true); var keyVaultConfiguration = new KeyVaultConfiguration(vaultName, clientId, certificate); secretReader = new KeyVaultReader(keyVaultConfiguration); } else { secretReader = new EmptySecretReader(); } return(new CachingSecretReader(secretReader, _diagnosticsService)); }
private static async Task <int> ExecuteUploadAsync(string[] args) { if (args.Length < 5) { Console.WriteLine("The first parameter is the command name: 'upload'."); Console.WriteLine("The second parameter must be a directory to non-recursively enumerate for files to upload."); Console.WriteLine("The third parameter must be a wildcard pattern of file names to upload."); Console.WriteLine("The fourth parameter must be a Azure Storage connection string."); Console.WriteLine("The fifth parameter must be a blob storage container to upload the files to."); Console.WriteLine("The optional sixth parameter can be a KeyVault name to inject secrets from. A managed identity will be used."); Console.WriteLine(); Console.WriteLine("After uploading each file to the root of the storage container, the file will be deleted."); Console.WriteLine("The blob name will be the same as the original file name."); return(1); } var directory = args[1]; var pattern = args[2]; var connectionString = args[3]; var containerName = args[4]; if (args.Length >= 6) { var vaultName = args[5]; Console.WriteLine($"Injecting secrets into the connection string from KeyVault '{vaultName}'..."); var keyVaultReader = new KeyVaultReader(new KeyVaultConfiguration(vaultName)); var secretInjector = new SecretInjector(keyVaultReader); connectionString = await secretInjector.InjectAsync(connectionString); } Console.Write($"Searching for '{pattern}' in {directory}..."); var files = Directory.EnumerateFiles(directory, pattern, SearchOption.TopDirectoryOnly).ToList(); Console.WriteLine($" found {files.Count} files to upload."); var account = CloudStorageAccount.Parse(connectionString); var client = account.CreateCloudBlobClient(); var container = client.GetContainerReference(containerName); Console.Write($"Checking the connection to {account.BlobEndpoint.AbsoluteUri}, container '{containerName}'..."); var exists = await container.ExistsAsync(); if (exists) { Console.WriteLine(" the container exists."); } else { Console.WriteLine(" the container does not exist. Halting."); return(1); } Console.WriteLine(); var failures = 0; foreach (var filePath in files) { try { var fileName = Path.GetFileName(filePath); var blob = container.GetBlockBlobReference(fileName); Console.WriteLine($"File src: {filePath}"); Console.WriteLine($"Blob dst: {blob.Uri.AbsoluteUri}"); Console.Write(" Uploading the file to blob storage..."); await blob.UploadFromFileAsync(filePath); Console.WriteLine(" done."); Console.Write(" Deleting the file from the file system..."); File.Delete(filePath); Console.WriteLine(" done."); Console.WriteLine(); } catch (Exception ex) { failures++; Console.WriteLine(" failed. Continuing to the next file."); Console.WriteLine(ex.ToString()); Console.WriteLine(); } } return(failures); }