public static SecretStoreBuilder AddAzureKeyVaultProvider(
this SecretStoreBuilder builder,
IKeyVaultAuthentication authentication,
IKeyVaultConfiguration configuration)
{
return(builder.AddProvider(new KeyVaultSecretProvider(authentication, configuration)));
}
/// <summary>
/// Creates an Azure Key Vault Secret provider, connected to a specific Azure Key Vault
/// </summary>
/// <param name="authentication">The requested authentication type for connecting to the Azure Key Vault instance</param>
/// <param name="vaultConfiguration">Configuration related to the Azure Key Vault instance to use</param>
/// <exception cref="ArgumentNullException">The <paramref name="authentication"/> cannot be <c>null</c>.</exception>
/// <exception cref="ArgumentNullException">The <paramref name="vaultConfiguration"/> cannot be <c>null</c>.</exception>
public KeyVaultSecretProvider(IKeyVaultAuthentication authentication, IKeyVaultConfiguration vaultConfiguration)
{
Guard.NotNull(vaultConfiguration, nameof(vaultConfiguration));
Guard.NotNull(authentication, nameof(authentication));
VaultUri = $"{vaultConfiguration.VaultUri.Scheme}://{vaultConfiguration.VaultUri.Host}";
_authentication = authentication;
}
/// <summary>
/// Adds Azure Key Vault as a secret source.
/// </summary>
/// <param name="builder">The builder to create the secret store.</param>
/// <param name="authentication">The requested authentication type for connecting to the Azure Key Vault instance.</param>
/// <param name="configuration">The configuration related to the Azure Key Vault instance to use.</param>
/// <param name="allowCaching">The flag to indicate whether to include caching during secret retrieval in Azure key vault.</param>
public static SecretStoreBuilder AddAzureKeyVault(
this SecretStoreBuilder builder,
IKeyVaultAuthentication authentication,
IKeyVaultConfiguration configuration,
bool allowCaching = false)
{
Guard.NotNull(builder, nameof(builder));
Guard.NotNull(authentication, nameof(authentication));
Guard.NotNull(configuration, nameof(configuration));
return(AddAzureKeyVault(builder, authentication, configuration, allowCaching ? new CacheConfiguration() : null));
}
public KeyVaultSecretProvider(IKeyVaultAuthentication authentication, IKeyVaultConfiguration vaultConfiguration, KeyVaultOptions options, ILogger <KeyVaultSecretProvider> logger)
{
Guard.NotNull(vaultConfiguration, nameof(vaultConfiguration), "Requires a Azure Key Vault configuration to setup the secret provider");
Guard.NotNull(authentication, nameof(authentication), "Requires an Azure Key Vault authentication instance to authenticate with the vault");
VaultUri = $"{vaultConfiguration.VaultUri.Scheme}://{vaultConfiguration.VaultUri.Host}";
_authentication = authentication;
_options = options;
_isUsingAzureSdk = false;
Logger = logger ?? NullLogger <KeyVaultSecretProvider> .Instance;
}
/// <summary>
/// Initializes a new instance of the <see cref="KeyVaultSecretProvider"/> class.
/// </summary>
/// <param name="tokenCredential">The requested authentication type for connecting to the Azure Key Vault instance</param>
/// <param name="vaultConfiguration">Configuration related to the Azure Key Vault instance to use</param>
/// <param name="options">The additional options to configure the provider.</param>
/// <param name="logger">The logger to write diagnostic trace messages during the interaction with the Azure Key Vault.</param>
/// <exception cref="ArgumentNullException">The <paramref name="tokenCredential"/> cannot be <c>null</c>.</exception>
/// <exception cref="ArgumentNullException">The <paramref name="vaultConfiguration"/> cannot be <c>null</c>.</exception>
public KeyVaultSecretProvider(TokenCredential tokenCredential, IKeyVaultConfiguration vaultConfiguration, KeyVaultOptions options, ILogger <KeyVaultSecretProvider> logger)
{
Guard.NotNull(vaultConfiguration, nameof(vaultConfiguration), "Requires a Azure Key Vault configuration to setup the secret provider");
Guard.NotNull(tokenCredential, nameof(tokenCredential), "Requires an Azure Key Vault authentication instance to authenticate with the vault");
VaultUri = $"{vaultConfiguration.VaultUri.Scheme}://{vaultConfiguration.VaultUri.Host}";
_secretClient = new SecretClient(vaultConfiguration.VaultUri, tokenCredential);
_options = options;
_isUsingAzureSdk = true;
Logger = logger ?? NullLogger <KeyVaultSecretProvider> .Instance;
}
public KeyVaultSecretProvider(IKeyVaultAuthentication authentication, IKeyVaultConfiguration vaultConfiguration, KeyVaultOptions options, ILogger <KeyVaultSecretProvider> logger)
{
Guard.NotNull(vaultConfiguration, nameof(vaultConfiguration), "Requires a Azure Key Vault configuration to setup the secret provider");
Guard.NotNull(authentication, nameof(authentication), "Requires an Azure Key Vault authentication instance to authenticate with the vault");
VaultUri = $"{vaultConfiguration.VaultUri.Scheme}://{vaultConfiguration.VaultUri.Host}";
Guard.For <UriFormatException>(
() => !VaultUriRegex.IsMatch(VaultUri),
"Requires the Azure Key Vault host to be in the right format, see https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#objects-identifiers-and-versioning");
_authentication = authentication;
_options = options;
_isUsingAzureSdk = false;
Logger = logger ?? NullLogger <KeyVaultSecretProvider> .Instance;
}
/// <summary>
/// Initializes a new instance of the <see cref="AzureServiceBusKeyRotation"/> class.
/// </summary>
/// <param name="serviceBusClient">The client to interact with the Azure Service Bus.</param>
/// <param name="authentication">The instance to authenticate with the Azure Key Vault.</param>
/// <param name="configuration">The instance containing the necessary configuration to interact with the Azure Key Vault.</param>
/// <param name="logger">The instance to write diagnostic messages during rotation and interaction with the Azure Service Bus and Azure Key Vault.</param>
/// <exception cref="ArgumentNullException">
/// Thrown when the <paramref name="serviceBusClient"/>, <paramref name="authentication"/>, <paramref name="configuration"/>, or <paramref name="logger"/> is <c>null</c>.
/// </exception>
public AzureServiceBusKeyRotation(
AzureServiceBusClient serviceBusClient,
IKeyVaultAuthentication authentication,
IKeyVaultConfiguration configuration,
ILogger logger)
{
Guard.NotNull(serviceBusClient, nameof(serviceBusClient), "Requires an Azure Service Bus client to interact with the Service Bus when rotating the connection string keys");
Guard.NotNull(authentication, nameof(authentication), "Requires an authentication instance to authenticate with the Azure Key Vault resource to set the new connection string keys");
Guard.NotNull(configuration, nameof(configuration), "Requires an KeyVault configuration instance to locate the Key Vault resource on Azure");
Guard.NotNull(logger, nameof(logger), "Requires an logger instance to write diagnostic trace messages when interacting with the Azure Service Bus and Azure Key Vault instances");
_serviceBusClient = serviceBusClient;
_authentication = authentication;
_configuration = configuration;
_logger = logger;
}
/// <summary>
/// Adds Azure Key Vault as a secret source.
/// </summary>
/// <param name="builder">The builder to create the secret store.</param>
/// <param name="authentication">The requested authentication type for connecting to the Azure Key Vault instance.</param>
/// <param name="configuration">The configuration related to the Azure Key Vault instance to use.</param>
/// <param name="cacheConfiguration">The configuration to control how the caching will be done.</param>
public static SecretStoreBuilder AddAzureKeyVault(
this SecretStoreBuilder builder,
IKeyVaultAuthentication authentication,
IKeyVaultConfiguration configuration,
ICacheConfiguration cacheConfiguration)
{
Guard.NotNull(builder, nameof(builder));
Guard.NotNull(authentication, nameof(authentication));
Guard.NotNull(configuration, nameof(configuration));
var keyVaultSecretProvider = new KeyVaultSecretProvider(authentication, configuration);
if (cacheConfiguration != null)
{
var cachedSecretProvider = new CachedSecretProvider(keyVaultSecretProvider, cacheConfiguration);
return(builder.AddProvider(cachedSecretProvider));
}
return(builder.AddProvider(keyVaultSecretProvider));
}
public KeyVaultSecretProvider(IKeyVaultAuthentication authentication, IKeyVaultConfiguration vaultConfiguration)
: this(authentication, vaultConfiguration, new KeyVaultOptions(), NullLogger <KeyVaultSecretProvider> .Instance)
{
}
/// <summary>
/// Initializes a new instance of the <see cref="KeyVaultSecretProvider"/> class.
/// </summary>
/// <param name="tokenCredential">The requested authentication type for connecting to the Azure Key Vault instance</param>
/// <param name="vaultConfiguration">Configuration related to the Azure Key Vault instance to use</param>
/// <exception cref="ArgumentNullException">The <paramref name="tokenCredential"/> cannot be <c>null</c>.</exception>
/// <exception cref="ArgumentNullException">The <paramref name="vaultConfiguration"/> cannot be <c>null</c>.</exception>
public KeyVaultSecretProvider(TokenCredential tokenCredential, IKeyVaultConfiguration vaultConfiguration)
: this(tokenCredential, vaultConfiguration, new KeyVaultOptions(), NullLogger <KeyVaultSecretProvider> .Instance)
{
}
/// <summary>
/// Initializes a new instance of the <see cref="KeyVaultSecretProvider"/> class.
/// </summary>
/// <param name="tokenCredential">The requested authentication type for connecting to the Azure Key Vault instance</param>
/// <param name="vaultConfiguration">Configuration related to the Azure Key Vault instance to use</param>
/// <exception cref="System.ArgumentNullException">The <paramref name="tokenCredential"/> cannot be <c>null</c>.</exception>
/// <exception cref="System.ArgumentNullException">The <paramref name="vaultConfiguration"/> cannot be <c>null</c>.</exception>
public SpyKeyVaultSecretProvider(TokenCredential tokenCredential, IKeyVaultConfiguration vaultConfiguration) : base(tokenCredential, vaultConfiguration)
{
}
#pragma warning disable 618
public KeyVaultSecretProvider(IKeyVaultAuthenticator authenticator, IKeyVaultConfiguration vaultConfiguration)
: this(new CompatibleKeyVaultAuthentication(authenticator), vaultConfiguration)
{
}
