public KeyAccessPermissionsDialog(IAzureActiveDirectoryService directoryService, IKeyVaultManagementService managementService, IKeyVault vault) { ChangedUsers = new List <IAzureActiveDirectoryUser>(); DirectoryService = directoryService; _vault = vault; this.InitializeComponent(); this.Loaded += async(sender, args) => { adObjects.ItemsSource = await DirectoryService.GetUsers(_vault.Properties.AccessPolicies.Select(p => p.ObjectId.ToString()).ToArray()); }; adObjects.SelectionChanged += async(sender, args) => { var selectedUser = (IAzureActiveDirectoryUser)args.AddedItems[0]; var vaultMetadata = await managementService.GetKeyVault(vault.Name, new System.Threading.CancellationToken()); var policies = vaultMetadata.Properties.AccessPolicies.ToList(); var selectedPolicy = policies.FirstOrDefault(p => p.ObjectId == selectedUser.ObjectId); this.DataContext = new PermissionSet() { Keys = new KeyAccessPolicy() { AccessPermissionString = selectedPolicy.Permissions.Keys.ToArray() }, Secrets = new SecretAccessPolicy() { AccessPermissionString = selectedPolicy.Permissions.Secrets.ToArray() } }; }; }
public IKeyVaultService GetKeyVaultService(IKeyVault vault, string token = null) { if (token == null) { throw new UnauthorizedAccessException("Token must be specified in live use"); } return(new KeyVaultRestClient(vault, new AuthorizedHttpClient(token))); }
private async void ShowAddSecret(IKeyVault vault) { var dlg = new AddSecretDialog(); var result = await new AddSecretDialog().ShowAsync(); if (result == ContentDialogResult.Primary) { var svc = Factory.GetKeyVaultService(vault, (await Authentication.Instance.GetKeyVaultApiToken(vault.TenantId.ToString("D"))).AsBearer()); await svc.CreateSecret(dlg.SecretName, dlg.SecretText); } }
private async void ShowVaultDeleteConfirmation(IKeyVault vault) { var dialog = new VaultDeleteConfirmationDialog(); var result = await dialog.ShowAsync(); if (result == ContentDialogResult.Primary) { var svc = Factory.GetManagementService(vault.SubscriptionId, vault.ResourceGroup); await svc.DeleteKeyVault(vault); } }
/// <summary> /// Constructor for a key vault based setting cache /// </summary> /// <param name="vault">The key vault to use</param> /// <param name="keyEncoder">An encoder setting names (key vault doesn't support URI encoding for setting names but, for example, if migrating from app.config you could have a . in a setting name</param> /// <param name="cachePolicy">The policy for the cache</param> /// <param name="localConfiguration"></param> public AsyncKeyVaultConfiguration( IKeyVault vault, IKeyVaultConfigurationKeyEncoder keyEncoder, KeyVaultConfigurationCachePolicy cachePolicy, IAsyncConfiguration localConfiguration = null) { _vault = vault; _keyEncoder = keyEncoder; _cachePolicy = cachePolicy; _localConfiguration = localConfiguration; }
private async void ShowAccessPermissions(IKeyVault vault) { var dialog = new KeyAccessPermissionsDialog( Factory.GetAzureActiveDirectoryService(vault.TenantId.ToString("D")), Factory.GetManagementService(vault.SubscriptionId, vault.ResourceGroup), vault); var result = await dialog.ShowAsync(); if (result == ContentDialogResult.Primary) { // todo: save } }
private async void ShowAddKey(IKeyVault vault) { var dlg = new AddKeyDialog(); var result = await new AddKeyDialog().ShowAsync(); if (result == ContentDialogResult.Primary) { var svc = Factory.GetKeyVaultService(vault, (await Authentication.Instance.GetKeyVaultApiToken(vault.TenantId.ToString("D"))).AsBearer()); switch (dlg.Mode) { case AddKeyDialog.AddKeyDialogMode.Create: await svc.CreateKey(dlg.KeyName, dlg.UseHSM, dlg.Enabled, dlg.KeyOps); break; case AddKeyDialog.AddKeyDialogMode.Restore: break; case AddKeyDialog.AddKeyDialogMode.RSAImport: break; } } }
public ApiService(IKeyVault _KeyVault, IRedisCache _RedisCache, ILogger <ApiService> _Logger) { KeyVault = _KeyVault; RedisCache = _RedisCache; Logger = _Logger; }
private static async Task SetSecrets(ApplicationConfiguration configuration, IKeyVault secretStore, IKeyVaultConfigurationKeyEncoder encoder, bool verbose) { try { IApplicationResourceSettingNameProvider nameProvider = new ApplicationResourceSettingNameProvider(); // set the secrets foreach (ApplicationComponent component in configuration.ApplicationComponents) { IComponentIdentity componentIdentity = new ComponentIdentity(component.Fqn); if (!string.IsNullOrWhiteSpace(component.SqlServerConnectionString)) { string key = nameProvider.SqlConnectionString(componentIdentity); await SetValueInSecretStoreIfIsSecret(secretStore, encoder, verbose, configuration, key, component.SqlServerConnectionString); } if (!string.IsNullOrWhiteSpace(component.StorageAccountConnectionString)) { string key = nameProvider.StorageAccountConnectionString(componentIdentity); await SetValueInSecretStoreIfIsSecret(secretStore, encoder, verbose, configuration, key, component.StorageAccountConnectionString); } if (!string.IsNullOrWhiteSpace(component.ServiceBusConnectionString)) { string key = nameProvider.ServiceBusConnectionString(componentIdentity); await SetValueInSecretStoreIfIsSecret(secretStore, encoder, verbose, configuration, key, component.ServiceBusConnectionString); } if (!string.IsNullOrWhiteSpace(component.DbContextType)) { string key = nameProvider.SqlContextType(componentIdentity); await SetValueInSecretStoreIfIsSecret(secretStore, encoder, verbose, configuration, key, component.DbContextType); } if (!string.IsNullOrWhiteSpace(component.DefaultQueueName)) { string key = nameProvider.DefaultQueueName(componentIdentity); await SetValueInSecretStoreIfIsSecret(secretStore, encoder, verbose, configuration, key, component.DefaultQueueName); } if (!string.IsNullOrWhiteSpace(component.DefaultBlobContainerName)) { string key = nameProvider.DefaultBlobContainerName(componentIdentity); await SetValueInSecretStoreIfIsSecret(secretStore, encoder, verbose, configuration, key, component.DefaultBlobContainerName); } if (!string.IsNullOrWhiteSpace(component.DefaultTableName)) { string key = nameProvider.DefaultTableName(componentIdentity); await SetValueInSecretStoreIfIsSecret(secretStore, encoder, verbose, configuration, key, component.DefaultTableName); } if (!string.IsNullOrWhiteSpace(component.DefaultLeaseBlockName)) { string key = nameProvider.DefaultLeaseBlockName(componentIdentity); await SetValueInSecretStoreIfIsSecret(secretStore, encoder, verbose, configuration, key, component.DefaultLeaseBlockName); } if (!string.IsNullOrWhiteSpace(component.DefaultSubscriptionName)) { string key = nameProvider.DefaultSubscriptionName(componentIdentity); await SetValueInSecretStoreIfIsSecret(secretStore, encoder, verbose, configuration, key, component.DefaultSubscriptionName); } if (!string.IsNullOrWhiteSpace(component.DefaultTopicName)) { string key = nameProvider.DefaultTopicName(componentIdentity); await SetValueInSecretStoreIfIsSecret(secretStore, encoder, verbose, configuration, key, component.DefaultTopicName); } if (!string.IsNullOrWhiteSpace(component.DefaultBrokeredMessageQueueName)) { string key = nameProvider.DefaultBrokeredMessageQueueName(componentIdentity); await SetValueInSecretStoreIfIsSecret(secretStore, encoder, verbose, configuration, key, component.DefaultBrokeredMessageQueueName); } foreach (ApplicationComponentSetting setting in component.Settings) { string key = nameProvider.SettingName(componentIdentity, setting.Key); await SetValueInSecretStoreIfIsSecret(secretStore, encoder, verbose, configuration, key, setting.Value); } } } catch (AggregateException aex) { StringBuilder sb = new StringBuilder(); foreach (Exception ex in aex.InnerExceptions) { sb.AppendLine(ex.Message); } throw new ConsoleAppException(sb.ToString(), aex); } }
private static async Task SetValueInSecretStoreIfIsSecret(IKeyVault secretStore, IKeyVaultConfigurationKeyEncoder encoder, bool verbose, ApplicationConfiguration configuration, string key, string value) { if (configuration.Secrets.Contains(value)) { string encodedKey = encoder.Encode(key); await secretStore.SetSecretAsync(encodedKey, value); if (verbose) { Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine("Secret set for key {0}", key); } } }
public async Task DeleteKeyVault(IKeyVault vault) { await Task.Yield(); }
public KeyVaultConfiguration(IKeyVault vault, IKeyVaultConfigurationKeyEncoder keyEncoder, IConfiguration localConfiguration = null) { _vault = vault; _keyEncoder = keyEncoder; _localConfiguration = localConfiguration; }
public MergingKeyVault(IKeyVault primaryVault, IKeyVault secondaryVault) { PrimaryVault = primaryVault; SecondaryVault = secondaryVault; }
public static async ValueTask <string> GetSecretAsync(this IKeyVault keyVault, string key) => (await keyVault.TryGetSecretAsync(key)) ?? throw new KeyNotFoundException();
public static string GetSecret(this IKeyVault keyVault, string key) => keyVault.TryGetSecret(key) ?? throw new KeyNotFoundException();
public static IKeyVault WithRawPrefix(this IKeyVault keyVault, string rawPrefix) => new PrefixScopedKeyVault(keyVault, rawPrefix);
public static IKeyVault GetSection(this IKeyVault keyVault, string prefix, string delimiter = ":") => keyVault.WithRawPrefix(prefix + delimiter);
public PrefixScopedKeyVault(IKeyVault keyVault, string prefix) { KeyVault = keyVault; Prefix = prefix; }
public RedisCache(IKeyVault _KeyVault, ILogger <RedisCache> _Logger) { keyVault = _KeyVault; Logger = _Logger; }
public CryptographyService(IRijndealCryptography cryptography, IKeyVault keyVault) { _keyVault = keyVault; _cryptography = cryptography; }
public KeyVaultViewModel(IKeyVault vault) : base(vault) { }
public SensitiveDataService(IUserRepository userRepository, IKeyVault keyVault) { _userRepository = userRepository; _keyVault = keyVault; }
public async Task DeleteKeyVault(IKeyVault vault) { await _client.DeleteVault(vault.Name); }
public KeyVaultConfigParser(IKeyVault keyVault) { _keyVault = keyVault; }
public HybridEncryption(IKeyVault keyVault) { _keyVault = keyVault; }
public IKeyVaultService GetKeyVaultService(IKeyVault vault, string token = null) { return(new KeyVaultServiceSimulator()); }
public KeyVaultDecorator(IKeyVault vault) { _vault = vault; }
public KeyVaultRestClient(IKeyVault keyVault, HttpClient client) : base(client, "2015-06-01") { _root = keyVault.Uri; }