private static ISecretInjector GetSecretInjector(IDictionary<string, string> arguments) { ISecretReader secretReader; var vaultName = arguments.GetOrDefault<string>(Arguments.VaultName); if (string.IsNullOrEmpty(vaultName)) { secretReader = new EmptySecretReader(); } else { var clientId = arguments.GetOrThrow<string>(Arguments.ClientId); var certificateThumbprint = arguments.GetOrThrow<string>(Arguments.CertificateThumbprint); var storeName = arguments.GetOrDefault(Arguments.StoreName, StoreName.My); var storeLocation = arguments.GetOrDefault(Arguments.StoreLocation, StoreLocation.LocalMachine); var shouldValidateCert = arguments.GetOrDefault(Arguments.ValidateCertificate, false); var keyVaultConfig = new KeyVaultConfiguration(vaultName, clientId, certificateThumbprint, storeName, storeLocation, shouldValidateCert); secretReader = new CachingSecretReader(new KeyVaultReader(keyVaultConfig), arguments.GetOrDefault(Arguments.RefreshIntervalSec, CachingSecretReader.DefaultRefreshIntervalSec)); } return new SecretInjector(secretReader); }
public ISecretReader CreateSecretReader(IGalleryConfigurationService configurationService) { if (configurationService == null) { throw new ArgumentNullException(nameof(configurationService)); } ISecretReader secretReader; var vaultName = configurationService.ReadSetting( string.Format(CultureInfo.InvariantCulture, "{0}{1}", KeyVaultConfigurationPrefix, VaultNameConfigurationKey)).Result; if (!string.IsNullOrEmpty(vaultName)) { var clientId = configurationService.ReadSetting( string.Format(CultureInfo.InvariantCulture, "{0}{1}", KeyVaultConfigurationPrefix, ClientIdConfigurationKey)).Result; var certificateThumbprint = configurationService.ReadSetting( string.Format(CultureInfo.InvariantCulture, "{0}{1}", KeyVaultConfigurationPrefix, CertificateThumbprintConfigurationKey)).Result; var keyVaultConfiguration = new KeyVaultConfiguration(vaultName, clientId, certificateThumbprint, validateCertificate: true); secretReader = new KeyVaultReader(keyVaultConfiguration); } else { secretReader = new EmptySecretReader(); } return new CachingSecretReader(secretReader, _diagnosticsService); }
public ISecretReader CreateSecretReader() { if (string.IsNullOrEmpty(_vaultName)) { return(new EmptySecretReader()); } var certificate = CertificateUtility.FindCertificateByThumbprint( !string.IsNullOrEmpty(_storeName) ? (StoreName)Enum.Parse(typeof(StoreName), _storeName) : StoreName.My, !string.IsNullOrEmpty(_storeLocation) ? (StoreLocation)Enum.Parse(typeof(StoreLocation), _storeLocation) : StoreLocation.LocalMachine, _certificateThumbprint, _validateCertificate); var keyVaultConfiguration = new KeyVaultConfiguration( _vaultName, _clientId, certificate, _sendX5c); return(new KeyVaultReader(keyVaultConfiguration)); }
public ISecretReader CreateSecretReader(IDictionary <string, string> settings) { if (JobConfigurationManager.TryGetArgument(settings, JobArgumentNames.VaultName) == null) { return(new EmptySecretReader()); } var storeName = JobConfigurationManager.TryGetArgument(settings, JobArgumentNames.StoreName); var storeLocation = JobConfigurationManager.TryGetArgument(settings, JobArgumentNames.StoreLocation); var certificate = CertificateUtility.FindCertificateByThumbprint( storeName != null ? (StoreName)Enum.Parse(typeof(StoreName), storeName) : StoreName.My, storeLocation != null ? (StoreLocation)Enum.Parse(typeof(StoreLocation), storeLocation) : StoreLocation.LocalMachine, JobConfigurationManager.GetArgument(settings, JobArgumentNames.CertificateThumbprint), JobConfigurationManager.TryGetBoolArgument(settings, JobArgumentNames.ValidateCertificate, defaultValue: true)); var keyVaultConfiguration = new KeyVaultConfiguration( JobConfigurationManager.GetArgument(settings, JobArgumentNames.VaultName), JobConfigurationManager.GetArgument(settings, JobArgumentNames.ClientId), certificate); var refreshIntervalSec = JobConfigurationManager.TryGetIntArgument(settings, JobArgumentNames.RefreshIntervalSec) ?? CachingSecretReader.DefaultRefreshIntervalSec; return(new CachingSecretReader(new KeyVaultReader(keyVaultConfiguration), refreshIntervalSec)); }
public ISecretReader CreateSecretReader(IGalleryConfigurationService configurationService) { if (configurationService == null) { throw new ArgumentNullException(nameof(configurationService)); } ISecretReader secretReader; var vaultName = configurationService.ReadSetting( string.Format(CultureInfo.InvariantCulture, "{0}{1}", KeyVaultConfigurationPrefix, VaultNameConfigurationKey)).Result; if (!string.IsNullOrEmpty(vaultName)) { var clientId = configurationService.ReadSetting( string.Format(CultureInfo.InvariantCulture, "{0}{1}", KeyVaultConfigurationPrefix, ClientIdConfigurationKey)).Result; var certificateThumbprint = configurationService.ReadSetting( string.Format(CultureInfo.InvariantCulture, "{0}{1}", KeyVaultConfigurationPrefix, CertificateThumbprintConfigurationKey)).Result; var keyVaultConfiguration = new KeyVaultConfiguration(vaultName, clientId, certificateThumbprint, validateCertificate: true); secretReader = new KeyVaultReader(keyVaultConfiguration); } else { secretReader = new EmptySecretReader(); } return(new CachingSecretReader(secretReader, _diagnosticsService)); }
public ISecretReader CreateSecretReader() { ISecretReader secretReader; var vaultName = _configurationService.ReadRawSetting(ResolveKeyVaultSettingName(VaultNameConfigurationKey)); if (!string.IsNullOrEmpty(vaultName)) { var clientId = _configurationService.ReadRawSetting(ResolveKeyVaultSettingName(ClientIdConfigurationKey)); var certificateThumbprint = _configurationService.ReadRawSetting(ResolveKeyVaultSettingName(CertificateThumbprintConfigurationKey)); var storeName = GetOptionalKeyVaultEnumSettingValue(CertificateStoreName, StoreName.My); var storeLocation = GetOptionalKeyVaultEnumSettingValue(CertificateStoreLocation, StoreLocation.LocalMachine); var certificate = CertificateUtility.FindCertificateByThumbprint(storeName, storeLocation, certificateThumbprint, validationRequired: true); var keyVaultConfiguration = new KeyVaultConfiguration(vaultName, clientId, certificate); secretReader = new KeyVaultReader(keyVaultConfiguration); } else { secretReader = new EmptySecretReader(); } return(new CachingSecretReader(secretReader)); }
public async Task UpdateExistingConfigurationTest() { this.Initialize(); var keyVaultConfiguration = new KeyVaultConfiguration() { ADApplicationClientId = "1", ADApplicationSecret = "Secret", VaultName = "test", AzureKeyVaultUrl = @"https://test.vault.azure.net/" }; IKeyVaultConfigurationRepository repository = new KeyVaultConfigurationRepository(); var isInserted = await repository.InsertOrUpdate(keyVaultConfiguration); Assert.IsTrue(isInserted); Assert.IsTrue(repository.All.Count() == 1); keyVaultConfiguration.ADApplicationSecret = "Updated Secret"; await repository.InsertOrUpdate(keyVaultConfiguration); IKeyVaultConfigurationRepository newRepository = new KeyVaultConfigurationRepository(); Assert.IsTrue(newRepository.All.Count() == 1); Assert.IsTrue(newRepository.All.First().ADApplicationSecret == "Updated Secret"); }
public ISecretReader CreateSecretReader() { ISecretReader secretReader; var vaultName = _configurationService.ReadRawSetting(ResolveKeyVaultSettingName(VaultNameConfigurationKey)); if (!string.IsNullOrEmpty(vaultName)) { var useManagedIdentity = GetOptionalKeyVaultBoolSettingValue(UseManagedIdentityConfigurationKey, defaultValue: false); KeyVaultConfiguration keyVaultConfiguration; if (useManagedIdentity) { keyVaultConfiguration = new KeyVaultConfiguration(vaultName); } else { var clientId = _configurationService.ReadRawSetting(ResolveKeyVaultSettingName(ClientIdConfigurationKey)); var certificateThumbprint = _configurationService.ReadRawSetting(ResolveKeyVaultSettingName(CertificateThumbprintConfigurationKey)); var storeName = GetOptionalKeyVaultEnumSettingValue(CertificateStoreName, StoreName.My); var storeLocation = GetOptionalKeyVaultEnumSettingValue(CertificateStoreLocation, StoreLocation.LocalMachine); var certificate = CertificateUtility.FindCertificateByThumbprint(storeName, storeLocation, certificateThumbprint, validationRequired: true); keyVaultConfiguration = new KeyVaultConfiguration(vaultName, clientId, certificate); } secretReader = new KeyVaultReader(keyVaultConfiguration); } else { secretReader = new EmptySecretReader(); } return(new CachingSecretReader(secretReader, refreshIntervalSec: SecretCachingRefreshInterval)); }
public static IFhirServerBuilder AddKeyVaultSecretStore(this IFhirServerBuilder fhirServerBuilder, IConfiguration configuration) { EnsureArg.IsNotNull(fhirServerBuilder, nameof(fhirServerBuilder)); EnsureArg.IsNotNull(configuration, nameof(configuration)); // Get the KeyVault endpoint mentioned in the config. It is not necessary the KeyVault config // section is present (depending on how we choose to implement ISecretStore). But even if it is // not present, GetSection will return an empty IConfigurationSection. And we will end up creating // an InMemoryKeyVaultSecretStore in that scenario also. var keyVaultConfig = new KeyVaultConfiguration(); configuration.GetSection(KeyVaultConfigurationName).Bind(keyVaultConfig); if (string.IsNullOrWhiteSpace(keyVaultConfig.Endpoint)) { fhirServerBuilder.Services.Add <InMemorySecretStore>() .Singleton() .AsService <ISecretStore>(); } else { fhirServerBuilder.Services.Add <KeyVaultSecretStore>((sp) => { var tokenProvider = new AzureServiceTokenProvider(); var kvClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(tokenProvider.KeyVaultTokenCallback)); return(new KeyVaultSecretStore(kvClient, new Uri(keyVaultConfig.Endpoint))); }) .Singleton() .AsService <ISecretStore>(); } return(fhirServerBuilder); }
private static ISecretInjector GetSecretInjector(IDictionary <string, string> arguments) { ISecretReader secretReader; var vaultName = arguments.GetOrDefault <string>(Arguments.VaultName); if (string.IsNullOrEmpty(vaultName)) { secretReader = new EmptySecretReader(); } else { var clientId = arguments.GetOrThrow <string>(Arguments.ClientId); var certificateThumbprint = arguments.GetOrThrow <string>(Arguments.CertificateThumbprint); var storeName = arguments.GetOrDefault(Arguments.StoreName, StoreName.My); var storeLocation = arguments.GetOrDefault(Arguments.StoreLocation, StoreLocation.LocalMachine); var shouldValidateCert = arguments.GetOrDefault(Arguments.ValidateCertificate, true); var keyVaultCertificate = CertificateUtility.FindCertificateByThumbprint(storeName, storeLocation, certificateThumbprint, shouldValidateCert); var keyVaultConfig = new KeyVaultConfiguration(vaultName, clientId, keyVaultCertificate); secretReader = new CachingSecretReader(new KeyVaultReader(keyVaultConfig), arguments.GetOrDefault(Arguments.RefreshIntervalSec, CachingSecretReader.DefaultRefreshIntervalSec)); } return(new SecretInjector(secretReader)); }
private void Initialize(KeyVaultConfiguration keyVaultConfiguration) { this.keyVaultConfiguration = keyVaultConfiguration; this.KeyVaultUrl = keyVaultConfiguration.AzureKeyVaultUrl; this.ADApplicationId = keyVaultConfiguration.ADApplicationClientId; this.ADApplicationSecret = keyVaultConfiguration.ADApplicationSecret; this.SetupValidationRules(); }
public KeyVaultService(ILogger <KeyVaultService> logger, IOptions <KeyVaultConfiguration> keyVaultConfiguration, IOptions <AADApplicationConfiguration> applicationConfiguration) { this.logger = logger; this.keyVaultConfiguration = keyVaultConfiguration.Value; this.applicationConfiguration = applicationConfiguration.Value; }
public static IServiceCollection AddAzureInfrastructure(this IServiceCollection services, IConfiguration configuration) { var keyVaultConfig = new KeyVaultConfiguration(); configuration.Bind(ConfigurationPrefixes.KeyVault, keyVaultConfig); return(services .AddSingleton(keyVaultConfig) .AddAzureServices()); }
public TestRunner(string connectionString, KeyVaultConfiguration keyVaultConfig) { KeyVaultConfig = keyVaultConfig ?? throw new ArgumentNullException(nameof(keyVaultConfig)); if (string.IsNullOrEmpty(connectionString)) { throw new ArgumentException("Value cannot be null or empty", nameof(connectionString)); } ConnectionString = new AzureSqlConnectionStringBuilder(connectionString); SecretInjector = new SecretInjector(new KeyVaultReader(KeyVaultConfig)); }
/// <summary> /// Instantiates ProxyConnectionInfo with certificate authentication using a certificate retrieved from keyvault /// </summary> /// <param name="endpoint">Proxy Endpoint</param> /// <param name="config">Configuration root for initialization</param> /// <param name="vaultName">Key vault name</param> public ProxyConnectionInfo( string endpoint, KeyVaultConfiguration config, string vaultName ) : this( endpoint, AuthenticationType.CertificateFromKeyVault ) { Vault = new AzureSecretVault(config); CertIdentifier = ThrowIf.NullOrWhiteSpace(vaultName, nameof(vaultName)); }
public void Constructor_ValidUri_Succeeds() { // Arrange var expectedVaultUri = new Uri($"https://{Guid.NewGuid():N}.vault.azure.net/"); // Act var keyVaultConfiguration = new KeyVaultConfiguration(expectedVaultUri); // Assert Assert.NotNull(keyVaultConfiguration); Assert.Equal(expectedVaultUri, keyVaultConfiguration.VaultUri); }
public void Constructor_ValidRawUri_Succeeds() { // Arrange string vaultUri = $"https://{Guid.NewGuid().ToString("N").Substring(0, 24)}.vault.azure.net/"; var expectedVaultUri = new Uri(vaultUri); // Act var keyVaultConfiguration = new KeyVaultConfiguration(vaultUri); // Assert Assert.NotNull(keyVaultConfiguration); Assert.Equal(expectedVaultUri, keyVaultConfiguration.VaultUri); }
public VersionHealthCheck(ILogger <VersionHealthCheck> logger, IOptionsSnapshot <ApplicationOptions> settings) { _applicationVersionNumber = Assembly.GetEntryAssembly()?.GetName().Version?.ToString(); _applicationBuildDate = GetAssemblyLastModifiedDate(); _environment = Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT"); _clusterName = Environment.GetEnvironmentVariable("CLUSTER_NAME"); _systemsManagerReload = Environment.GetEnvironmentVariable("SYSTEMS_MANAGER_RELOAD"); _dnsHostName = Dns.GetHostName(); _osNameAndVersion = System.Runtime.InteropServices.RuntimeInformation.OSDescription; _keyVaultConfiguration = settings?.Value?.KeyVaultConfiguration != null ? settings?.Value?.KeyVaultConfiguration : new KeyVaultConfiguration(); _elasticUrl = settings?.Value.Logging.ElasticSearchConfiguration.ElasticUrl; _elasticEnabled = settings.Value.Logging.ElasticSearchConfiguration.ElasticEnabled; _logger = logger; }
public KeyVaultAccountViewModel(KeyVaultConfiguration keyVaultConfiguration, IKeyRepository keyRepository) { if (keyVaultConfiguration == null) { throw new ArgumentNullException("keyVaultConfiguration"); } this.keyVaultConfiguration = keyVaultConfiguration; this.keyRepository = keyRepository; this.ManageVaultKeysViewModel = new ManageVaultKeysViewModel(keyVaultConfiguration.VaultName, keyRepository, new KeyVaultKeyRepository(keyVaultConfiguration)); this.ManageLocalKeysViewModel = new ManageLocalKeysViewModel(keyVaultConfiguration.VaultName, keyRepository); this.ManageLocalKeysViewModel.KeysModified += this.HandleKeysModified; this.ManageVaultKeysViewModel.KeysModified += this.HandleKeysModified; this.KeyCryptographicOperationsViewModel = new KeyCryptographicOperationsViewModel(new KeyOperations(keyVaultConfiguration)); }
private ISecretProvider CreateSecretProvider() { var keyVaultEndpoint = Configuration["KeyVaultUri"]; #if RELEASE var vaultAuthentication = new ManagedServiceIdentityAuthentication(); #elif DEBUG var clientId = Configuration["KEYVAULT_AUTH_ID"]; var clientSecret = Configuration["KEYVAULT_AUTH_SECRET"]; var vaultAuthentication = new ServicePrincipalAuthentication(clientId, clientSecret); #endif var vaultConfiguration = new KeyVaultConfiguration(keyVaultEndpoint); var keyVaultSecretProvider = new Arcus.Security.Providers.AzureKeyVault.KeyVaultSecretProvider(vaultAuthentication, vaultConfiguration); return(keyVaultSecretProvider); }
public ISecretReader CreateSecretReader() { if (string.IsNullOrEmpty(_vaultName)) { return new EmptySecretReader(); } var keyVaultConfiguration = new KeyVaultConfiguration( _vaultName, _clientId, _certificateThumbprint, !string.IsNullOrEmpty(_storeName) ? (StoreName)Enum.Parse(typeof(StoreName), _storeName) : StoreName.My, !string.IsNullOrEmpty(_storeLocation) ? (StoreLocation)Enum.Parse(typeof(StoreLocation), _storeLocation) : StoreLocation.LocalMachine, _validateCertificate); return new KeyVaultReader(keyVaultConfiguration); }
public ISecretReader CreateSecretReader() { ISecretReader secretReader; // Is KeyVault configured? if (!_configurationDictionary.TryGetValue(VaultNameKey, out var vaultName) || string.IsNullOrEmpty(vaultName)) { secretReader = new EmptySecretReader(); } else { KeyVaultConfiguration keyVaultConfiguration; if (_configurationDictionary.TryGetValue(UseManagedIdentityKey, out var useManagedIdentityStr) && bool.TryParse(useManagedIdentityStr, out var useManagedIdentity) && useManagedIdentity) { keyVaultConfiguration = new KeyVaultConfiguration(vaultName); } else { var clientId = _configurationDictionary[ClientIdKey]; var certificateThumbprint = _configurationDictionary[CertificateThumbprintKey]; var storeLocation = _configurationDictionary[StoreLocationKey]; var storeName = _configurationDictionary[StoreNameKey]; var validateCertificate = _configurationDictionary[ValidateCertificateKey]; var certificate = CertificateUtility.FindCertificateByThumbprint( (StoreName)Enum.Parse(typeof(StoreName), storeName), (StoreLocation)Enum.Parse(typeof(StoreLocation), storeLocation), certificateThumbprint, bool.Parse(validateCertificate)); keyVaultConfiguration = new KeyVaultConfiguration(vaultName, clientId, certificate); } if (!_configurationDictionary.TryGetValue(CacheRefreshIntervalKey, out var cacheRefresh) || !int.TryParse(cacheRefresh, out int refreshIntervalSec)) { refreshIntervalSec = CachingSecretReader.DefaultRefreshIntervalSec; } secretReader = new KeyVaultReader(keyVaultConfiguration); secretReader = new CachingSecretReader(secretReader, refreshIntervalSec); } return(secretReader); }
public async Task <int> ExecuteAsync() { if (!Help.HasValue()) { var count = IntValue(Count, defaultValue: 1); var durationInSeconds = IntValue(DurationInSeconds, defaultValue: 60); var intervalInSeconds = IntValue(IntervalInSeconds, defaultValue: 15); if (count > 1 && SpawnClients.HasValue()) { return(await SpawnTestClients(count, durationInSeconds, intervalInSeconds)); } var persist = PersistConnections.HasValue(); var useAdalOnly = UseAdalOnly.HasValue(); if (KeyVaultName.HasValue() && KeyVaultClientId.HasValue() && KeyVaultCertificateThumbprint.HasValue()) { using (var kvCertificate = GetKeyVaultCertificate(KeyVaultCertificateThumbprint.Value())) { var keyVaultConfig = new KeyVaultConfiguration( KeyVaultName.Value(), KeyVaultClientId.Value(), kvCertificate); var runner = new TestRunner( ConnectionString.Value(), keyVaultConfig); return(await runner.TestConnectionsAsync( count, durationInSeconds, intervalInSeconds, persist, useAdalOnly)); } } } ShowHelp(); return(1); }
private static KeyVaultConfiguration GetKeyVaultConfiguration(IHostingEnvironment env) { //KeyVault configuration can be found in appsettings or environment variables //We won't need to do things this way once .NET Core 2.1 comes out; it will have //chained config as per https://github.com/aspnet/Configuration/issues/630 var config = new ConfigurationBuilder(); var keyVaultConfig = new KeyVaultConfiguration(); var rootConfig = config .SetBasePath(env.ContentRootPath) .AddJsonFile("appsettings.json", optional: false, reloadOnChange: true) .AddJsonFile($"appsettings.{env.EnvironmentName}.json", optional: true, reloadOnChange: true) .AddEnvironmentVariables() .Build(); return(rootConfig.GetSection("KeyVault").Get <KeyVaultConfiguration>()); }
public async Task RotateServiceBusSecrets_WithValidArguments_RotatesPrimarySecondaryAlternatively() { // Arrange var config = TestConfig.Create(); KeyRotationConfig keyRotationConfig = config.GetKeyRotationConfig(); _logger.LogInformation("Using Service Principal [ClientID: '{ClientId}']", keyRotationConfig.ServicePrincipal.ClientId); const ServiceBusEntityType entity = ServiceBusEntityType.Topic; var keyVaultAuthentication = new ServicePrincipalAuthentication( keyRotationConfig.ServicePrincipal.ClientId, keyRotationConfig.ServicePrincipal.ClientSecret); var keyVaultConfiguration = new KeyVaultConfiguration(keyRotationConfig.KeyVault.VaultUri); var secretProvider = new KeyVaultSecretProvider(keyVaultAuthentication, keyVaultConfiguration); AzureServiceBusClient azureServiceBusClient = CreateAzureServiceBusClient(keyRotationConfig, secretProvider, entity); var rotation = new AzureServiceBusKeyRotation(azureServiceBusClient, keyVaultAuthentication, keyVaultConfiguration, _logger); var client = new ServiceBusConfiguration(keyRotationConfig, _logger); AccessKeys keysBefore1stRotation = await client.GetConnectionStringKeysForTopicAsync(); // Act await rotation.RotateServiceBusSecretAsync(keyRotationConfig.KeyVault.SecretName); // Assert string secondaryConnectionString = await secretProvider.GetRawSecretAsync(keyRotationConfig.KeyVault.SecretName); AccessKeys keysAfter1stRotation = await client.GetConnectionStringKeysForTopicAsync(); Assert.True(secondaryConnectionString == keysAfter1stRotation.SecondaryConnectionString, "Secondary connection string should be set in Azure Key Vault after first rotation"); Assert.NotEqual(keysBefore1stRotation.PrimaryConnectionString, keysAfter1stRotation.PrimaryConnectionString); Assert.NotEqual(keysBefore1stRotation.SecondaryConnectionString, keysAfter1stRotation.SecondaryConnectionString); await rotation.RotateServiceBusSecretAsync(keyRotationConfig.KeyVault.SecretName); string primaryConnectionString = await secretProvider.GetRawSecretAsync(keyRotationConfig.KeyVault.SecretName); AccessKeys keysAfter2ndRotation = await client.GetConnectionStringKeysForTopicAsync(); Assert.True(primaryConnectionString == keysAfter2ndRotation.PrimaryConnectionString, "Primary connection string should be set in Azure Key Vault after second rotation"); Assert.NotEqual(keysAfter1stRotation.PrimaryConnectionString, keysAfter2ndRotation.PrimaryConnectionString); Assert.NotEqual(keysAfter2ndRotation.SecondaryConnectionString, keysAfter1stRotation.SecondaryConnectionString); }
public GitHubConfig(IConfigurationRoot config, ILoggerFactory loggerFactory) { var section = config.GetSection(TokenConfigKey); _token = section.Value; if (String.IsNullOrEmpty(_token)) { var clientId = ThrowIf.NullOrWhiteSpace(config[ConfigurationClientIdKey], nameof(ConfigurationClientIdKey)); var clientSecret = ThrowIf.NullOrWhiteSpace(config[ConfigurationClientSecretKey], nameof(ConfigurationClientSecretKey)); var vaultName = ThrowIf.NullOrWhiteSpace(config[ConfigurationVaultNameKey], nameof(ConfigurationVaultNameKey)); var tokenName = ThrowIf.NullOrWhiteSpace(config[ConfigurationGithubTokenNameKey], nameof(ConfigurationGithubTokenNameKey)); var keyVaultConfig = new KeyVaultConfiguration(clientId, clientSecret, vaultName); var keyVault = new AzureSecretVault(keyVaultConfig); _token = keyVault.Get(tokenName).Result; } ThrowIf.NullOrWhiteSpace(_token, TokenConfigKey); RepositoryName = ThrowIf.NullOrWhiteSpace(config[RepositoryNameConfigKey], nameof(RepositoryNameConfigKey)); RepositoryOwner = ThrowIf.NullOrWhiteSpace(config[RepositoryOwnerConfigKey], nameof(RepositoryOwnerConfigKey)); _logger = loggerFactory.CreateLogger <GitHubConfig>(); }
public ISecretReader CreateSecretReader() { ISecretReader secretReader; var vaultName = _configurationService.ReadRawSetting(ResolveKeyVaultSettingName(VaultNameConfigurationKey)); if (!string.IsNullOrEmpty(vaultName)) { var clientId = _configurationService.ReadRawSetting(ResolveKeyVaultSettingName(ClientIdConfigurationKey)); var certificateThumbprint = _configurationService.ReadRawSetting(ResolveKeyVaultSettingName(CertificateThumbprintConfigurationKey)); var certificate = CertificateUtility.FindCertificateByThumbprint(StoreName.My, StoreLocation.LocalMachine, certificateThumbprint, true); var keyVaultConfiguration = new KeyVaultConfiguration(vaultName, clientId, certificate); secretReader = new KeyVaultReader(keyVaultConfiguration); } else { secretReader = new EmptySecretReader(); } return(new CachingSecretReader(secretReader, _diagnosticsService)); }
public static IServiceCollection AddProxyWithCertFromKeyVault( this IServiceCollection services, string endpoint, KeyVaultConfiguration config, string certName ) => services.AddProxy(new ProxyConnectionInfo(endpoint, config, certName));
private static TokenCredential GetKeyClientTokenCredential(KeyVaultConfiguration config) => new Identity.ClientSecretCredential( config.ActiveDirectoryTenantId, config.ActiveDirectoryApplicationId, config.ActiveDirectoryApplicationSecret);
private static Security.KeyVault.Keys.KeyClient GetKeyClient(KeyVaultConfiguration config) => new Security.KeyVault.Keys.KeyClient( new Uri(config.VaultEndpoint), GetKeyClientTokenCredential(config));
/// <summary> /// /// </summary> /// <param name="settings"></param> /// <param name="vault"></param> /// <param name="logger"></param> public ValuesController(IOptionsSnapshot <SmtpConfiguration> settings, IOptionsSnapshot <KeyVaultConfiguration> vault, ILogger <ValuesController> logger) { _smtpConfiguration = settings.Value; _keyVaultConfiguration = vault.Value; _logger = logger; }
public AddKeyVaultAccountViewModel(IKeyVaultConfigurationRepository keyVaultConfigurationRepository, KeyVaultConfiguration keyVaultConfiguration) { this.keyVaultConfigurationRepository = keyVaultConfigurationRepository; this.vaultUrlMatcher = new Regex(KeyVaultUrlFormat, RegexOptions.Compiled); this.AddKeyVaultAccountCommand = new RelayCommand(this.AddKeyVaultAccount, this.CanAddKeyVaultCommand); this.Initialize(keyVaultConfiguration); }
public KeyVaultSecretRepositoryMSIAuth(KeyVaultConfiguration configuration, ILogger logger) { _configuration = configuration; _logger = logger; }