public async Task <string> SavePolicyAsync(SecretPolicy policy, CancellationToken token) { if (null == policy) { throw new ArgumentNullException(nameof(policy)); } return(await OnSavePolicyAsync(policy, token)); }
/// <summary> /// /// </summary> /// <param name="secret"></param> /// <param name="value"></param> /// <param name="token"></param> /// <returns>Key Vault Secret Version Identifier</returns> protected override async Task <string> OnPersistSecretToVaultAsync(Secret secret, string value, CancellationToken token) { //todo: store new secret value //todo: vary credential providers based on need (MI/Keys/etc) var azureServiceTokenProvider = new AzureServiceTokenProvider(); KeyVaultClient kvClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback)); SecretPolicy effectivePolicy = secret?.Configuration?.Policy; switch (secret.ObjectType) { case "secret": var attributes = new SecretAttributes() { Enabled = true }; if (null != effectivePolicy) { attributes.Expires = DateTime.UtcNow.Add(TimeSpan.FromSeconds(effectivePolicy.RotationIntervalInSec)); } value = await ProcessSecretExpressionAsync(secret, value, kvClient, token); var result = await kvClient.SetSecretAsync($"https://{secret.VaultName}.vault.azure.net", secret.ObjectName, value , secretAttributes : attributes, cancellationToken : token); if (string.Compare(result.SecretIdentifier.Version, secret.Version, true) != 0) //disable previous version... { await kvClient.UpdateSecretAsync(secret.Uri, secretAttributes : new SecretAttributes() { Enabled = false }); } return(result.SecretIdentifier.Version); case "key": break; case "certificate": break; } return(null); }
protected async override Task <string> OnSavePolicyAsync(SecretPolicy policy, CancellationToken token) { Contracts.Policy sp = policy as Contracts.Policy; if (null == sp) { sp = new Contracts.Policy() { RotationIntervalInSec = policy.RotationIntervalInSec, Name = policy.Name, Description = policy.Description, PolicyId = policy.PolicyId }; } if (Guid.Empty == sp.PolicyId) { sp.PolicyId = Guid.NewGuid(); } await SaveObjectAsync(_rootContainer, FormatFileName(StorageFolders.Policy, sp.PolicyId.ToString()), GetObjectJson <Contracts.Policy>(sp), token); return(sp.PolicyId.ToString()); }
protected abstract Task <string> OnSavePolicyAsync(SecretPolicy policy, CancellationToken token);