private void UpdateCacheExpirationTimeForSecret(string key, CachedKeyVaultSecret cachedSecret, bool success) { if (!_keyVaultOptions.SecretRefreshIntervals.TryGetValue(key, out TimeSpan cacheExpirationTime)) { if (_keyVaultOptions.DefaultSecretRefreshInterval.HasValue) { cacheExpirationTime = _keyVaultOptions.DefaultSecretRefreshInterval.Value; } } if (cacheExpirationTime > TimeSpan.Zero) { if (success) { cachedSecret.RefreshAttempts = 0; cachedSecret.RefreshAt = DateTimeOffset.UtcNow.Add(cacheExpirationTime); } else { if (cachedSecret.RefreshAttempts < int.MaxValue) { cachedSecret.RefreshAttempts++; } cachedSecret.RefreshAt = DateTimeOffset.UtcNow.Add(cacheExpirationTime.CalculateBackoffTime(cachedSecret.RefreshAttempts)); } } }
public async Task <string> GetSecretValue(Uri secretUri, string key, CancellationToken cancellationToken) { string secretName = secretUri?.Segments?.ElementAtOrDefault(2)?.TrimEnd('/'); string secretVersion = secretUri?.Segments?.ElementAtOrDefault(3)?.TrimEnd('/'); string secretValue = null; if (_cachedKeyVaultSecrets.TryGetValue(key, out CachedKeyVaultSecret cachedSecret) && (!cachedSecret.RefreshAt.HasValue || DateTimeOffset.UtcNow < cachedSecret.RefreshAt.Value)) { return(cachedSecret.SecretValue); } SecretClient client = GetSecretClient(secretUri); if (client == null && _keyVaultOptions.SecretResolver == null) { throw new UnauthorizedAccessException("No key vault credential or secret resolver callback configured, and no matching secret client could be found."); } bool success = false; try { if (client != null) { KeyVaultSecret secret = await client.GetSecretAsync(secretName, secretVersion, cancellationToken).ConfigureAwait(false); secretValue = secret.Value; } else if (_keyVaultOptions.SecretResolver != null) { secretValue = await _keyVaultOptions.SecretResolver(secretUri).ConfigureAwait(false); } cachedSecret = new CachedKeyVaultSecret(secretValue); success = true; } finally { SetSecretInCache(key, cachedSecret, success); } return(secretValue); }
private void SetSecretInCache(string key, CachedKeyVaultSecret cachedSecret, bool success = true) { if (cachedSecret == null) { cachedSecret = new CachedKeyVaultSecret(); } UpdateCacheExpirationTimeForSecret(key, cachedSecret, success); _cachedKeyVaultSecrets[key] = cachedSecret; if (key == _nextRefreshKey) { UpdateNextRefreshableSecretFromCache(); } else if ((cachedSecret.RefreshAt.HasValue && _nextRefreshTime.HasValue && cachedSecret.RefreshAt.Value < _nextRefreshTime.Value) || (cachedSecret.RefreshAt.HasValue && !_nextRefreshTime.HasValue)) { _nextRefreshKey = key; _nextRefreshTime = cachedSecret.RefreshAt.Value; } }