public KeyAccessPermissionsDialog(IAzureActiveDirectoryService directoryService, IKeyVaultManagementService managementService, IKeyVault vault)
{
ChangedUsers = new List <IAzureActiveDirectoryUser>();
DirectoryService = directoryService;
_vault = vault;
this.InitializeComponent();
this.Loaded += async(sender, args) =>
{
adObjects.ItemsSource = await DirectoryService.GetUsers(_vault.Properties.AccessPolicies.Select(p => p.ObjectId.ToString()).ToArray());
};
adObjects.SelectionChanged += async(sender, args) =>
{
var selectedUser = (IAzureActiveDirectoryUser)args.AddedItems[0];
var vaultMetadata = await managementService.GetKeyVault(vault.Name, new System.Threading.CancellationToken());
var policies = vaultMetadata.Properties.AccessPolicies.ToList();
var selectedPolicy = policies.FirstOrDefault(p => p.ObjectId == selectedUser.ObjectId);
this.DataContext = new PermissionSet()
{
Keys = new KeyAccessPolicy()
{
AccessPermissionString = selectedPolicy.Permissions.Keys.ToArray()
},
Secrets = new SecretAccessPolicy()
{
AccessPermissionString = selectedPolicy.Permissions.Secrets.ToArray()
}
};
};
}
public IKeyVaultService GetKeyVaultService(IKeyVault vault, string token = null)
{
if (token == null)
{
throw new UnauthorizedAccessException("Token must be specified in live use");
}
return(new KeyVaultRestClient(vault, new AuthorizedHttpClient(token)));
}
private async void ShowAddSecret(IKeyVault vault)
{
var dlg = new AddSecretDialog();
var result = await new AddSecretDialog().ShowAsync();
if (result == ContentDialogResult.Primary)
{
var svc = Factory.GetKeyVaultService(vault, (await Authentication.Instance.GetKeyVaultApiToken(vault.TenantId.ToString("D"))).AsBearer());
await svc.CreateSecret(dlg.SecretName, dlg.SecretText);
}
}
private async void ShowVaultDeleteConfirmation(IKeyVault vault)
{
var dialog = new VaultDeleteConfirmationDialog();
var result = await dialog.ShowAsync();
if (result == ContentDialogResult.Primary)
{
var svc = Factory.GetManagementService(vault.SubscriptionId, vault.ResourceGroup);
await svc.DeleteKeyVault(vault);
}
}
/// <summary>
/// Constructor for a key vault based setting cache
/// </summary>
/// <param name="vault">The key vault to use</param>
/// <param name="keyEncoder">An encoder setting names (key vault doesn't support URI encoding for setting names but, for example, if migrating from app.config you could have a . in a setting name</param>
/// <param name="cachePolicy">The policy for the cache</param>
/// <param name="localConfiguration"></param>
public AsyncKeyVaultConfiguration(
IKeyVault vault,
IKeyVaultConfigurationKeyEncoder keyEncoder,
KeyVaultConfigurationCachePolicy cachePolicy,
IAsyncConfiguration localConfiguration = null)
{
_vault = vault;
_keyEncoder = keyEncoder;
_cachePolicy = cachePolicy;
_localConfiguration = localConfiguration;
}
private async void ShowAccessPermissions(IKeyVault vault)
{
var dialog = new KeyAccessPermissionsDialog(
Factory.GetAzureActiveDirectoryService(vault.TenantId.ToString("D")),
Factory.GetManagementService(vault.SubscriptionId, vault.ResourceGroup),
vault);
var result = await dialog.ShowAsync();
if (result == ContentDialogResult.Primary)
{
// todo: save
}
}
private async void ShowAddKey(IKeyVault vault)
{
var dlg = new AddKeyDialog();
var result = await new AddKeyDialog().ShowAsync();
if (result == ContentDialogResult.Primary)
{
var svc = Factory.GetKeyVaultService(vault, (await Authentication.Instance.GetKeyVaultApiToken(vault.TenantId.ToString("D"))).AsBearer());
switch (dlg.Mode)
{
case AddKeyDialog.AddKeyDialogMode.Create:
await svc.CreateKey(dlg.KeyName, dlg.UseHSM, dlg.Enabled, dlg.KeyOps);
break;
case AddKeyDialog.AddKeyDialogMode.Restore:
break;
case AddKeyDialog.AddKeyDialogMode.RSAImport:
break;
}
}
}
public ApiService(IKeyVault _KeyVault, IRedisCache _RedisCache, ILogger <ApiService> _Logger)
{
KeyVault = _KeyVault;
RedisCache = _RedisCache;
Logger = _Logger;
}
private static async Task SetSecrets(ApplicationConfiguration configuration, IKeyVault secretStore, IKeyVaultConfigurationKeyEncoder encoder, bool verbose)
{
try
{
IApplicationResourceSettingNameProvider nameProvider = new ApplicationResourceSettingNameProvider();
// set the secrets
foreach (ApplicationComponent component in configuration.ApplicationComponents)
{
IComponentIdentity componentIdentity = new ComponentIdentity(component.Fqn);
if (!string.IsNullOrWhiteSpace(component.SqlServerConnectionString))
{
string key = nameProvider.SqlConnectionString(componentIdentity);
await SetValueInSecretStoreIfIsSecret(secretStore, encoder, verbose, configuration, key, component.SqlServerConnectionString);
}
if (!string.IsNullOrWhiteSpace(component.StorageAccountConnectionString))
{
string key = nameProvider.StorageAccountConnectionString(componentIdentity);
await SetValueInSecretStoreIfIsSecret(secretStore, encoder, verbose, configuration, key, component.StorageAccountConnectionString);
}
if (!string.IsNullOrWhiteSpace(component.ServiceBusConnectionString))
{
string key = nameProvider.ServiceBusConnectionString(componentIdentity);
await SetValueInSecretStoreIfIsSecret(secretStore, encoder, verbose, configuration, key, component.ServiceBusConnectionString);
}
if (!string.IsNullOrWhiteSpace(component.DbContextType))
{
string key = nameProvider.SqlContextType(componentIdentity);
await SetValueInSecretStoreIfIsSecret(secretStore, encoder, verbose, configuration, key, component.DbContextType);
}
if (!string.IsNullOrWhiteSpace(component.DefaultQueueName))
{
string key = nameProvider.DefaultQueueName(componentIdentity);
await SetValueInSecretStoreIfIsSecret(secretStore, encoder, verbose, configuration, key, component.DefaultQueueName);
}
if (!string.IsNullOrWhiteSpace(component.DefaultBlobContainerName))
{
string key = nameProvider.DefaultBlobContainerName(componentIdentity);
await SetValueInSecretStoreIfIsSecret(secretStore, encoder, verbose, configuration, key, component.DefaultBlobContainerName);
}
if (!string.IsNullOrWhiteSpace(component.DefaultTableName))
{
string key = nameProvider.DefaultTableName(componentIdentity);
await SetValueInSecretStoreIfIsSecret(secretStore, encoder, verbose, configuration, key, component.DefaultTableName);
}
if (!string.IsNullOrWhiteSpace(component.DefaultLeaseBlockName))
{
string key = nameProvider.DefaultLeaseBlockName(componentIdentity);
await SetValueInSecretStoreIfIsSecret(secretStore, encoder, verbose, configuration, key, component.DefaultLeaseBlockName);
}
if (!string.IsNullOrWhiteSpace(component.DefaultSubscriptionName))
{
string key = nameProvider.DefaultSubscriptionName(componentIdentity);
await SetValueInSecretStoreIfIsSecret(secretStore, encoder, verbose, configuration, key, component.DefaultSubscriptionName);
}
if (!string.IsNullOrWhiteSpace(component.DefaultTopicName))
{
string key = nameProvider.DefaultTopicName(componentIdentity);
await SetValueInSecretStoreIfIsSecret(secretStore, encoder, verbose, configuration, key, component.DefaultTopicName);
}
if (!string.IsNullOrWhiteSpace(component.DefaultBrokeredMessageQueueName))
{
string key = nameProvider.DefaultBrokeredMessageQueueName(componentIdentity);
await SetValueInSecretStoreIfIsSecret(secretStore, encoder, verbose, configuration, key, component.DefaultBrokeredMessageQueueName);
}
foreach (ApplicationComponentSetting setting in component.Settings)
{
string key = nameProvider.SettingName(componentIdentity, setting.Key);
await SetValueInSecretStoreIfIsSecret(secretStore, encoder, verbose, configuration, key, setting.Value);
}
}
}
catch (AggregateException aex)
{
StringBuilder sb = new StringBuilder();
foreach (Exception ex in aex.InnerExceptions)
{
sb.AppendLine(ex.Message);
}
throw new ConsoleAppException(sb.ToString(), aex);
}
}
private static async Task SetValueInSecretStoreIfIsSecret(IKeyVault secretStore, IKeyVaultConfigurationKeyEncoder encoder, bool verbose, ApplicationConfiguration configuration, string key, string value)
{
if (configuration.Secrets.Contains(value))
{
string encodedKey = encoder.Encode(key);
await secretStore.SetSecretAsync(encodedKey, value);
if (verbose)
{
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine("Secret set for key {0}", key);
}
}
}
public async Task DeleteKeyVault(IKeyVault vault)
{
await Task.Yield();
}
public KeyVaultConfiguration(IKeyVault vault, IKeyVaultConfigurationKeyEncoder keyEncoder, IConfiguration localConfiguration = null)
{
_vault = vault;
_keyEncoder = keyEncoder;
_localConfiguration = localConfiguration;
}
public MergingKeyVault(IKeyVault primaryVault, IKeyVault secondaryVault)
{
PrimaryVault = primaryVault;
SecondaryVault = secondaryVault;
}
public static async ValueTask <string> GetSecretAsync(this IKeyVault keyVault, string key) => (await keyVault.TryGetSecretAsync(key)) ?? throw new KeyNotFoundException();
public static string GetSecret(this IKeyVault keyVault, string key) => keyVault.TryGetSecret(key) ?? throw new KeyNotFoundException();
public static IKeyVault WithRawPrefix(this IKeyVault keyVault, string rawPrefix) => new PrefixScopedKeyVault(keyVault, rawPrefix);
public static IKeyVault GetSection(this IKeyVault keyVault, string prefix, string delimiter = ":") => keyVault.WithRawPrefix(prefix + delimiter);
public PrefixScopedKeyVault(IKeyVault keyVault, string prefix)
{
KeyVault = keyVault;
Prefix = prefix;
}
public RedisCache(IKeyVault _KeyVault, ILogger <RedisCache> _Logger)
{
keyVault = _KeyVault;
Logger = _Logger;
}
public CryptographyService(IRijndealCryptography cryptography, IKeyVault keyVault)
{
_keyVault = keyVault;
_cryptography = cryptography;
}
public KeyVaultViewModel(IKeyVault vault) : base(vault)
{
}
public SensitiveDataService(IUserRepository userRepository, IKeyVault keyVault)
{
_userRepository = userRepository;
_keyVault = keyVault;
}
public async Task DeleteKeyVault(IKeyVault vault)
{
await _client.DeleteVault(vault.Name);
}
public KeyVaultConfigParser(IKeyVault keyVault)
{
_keyVault = keyVault;
}
public HybridEncryption(IKeyVault keyVault)
{
_keyVault = keyVault;
}
public IKeyVaultService GetKeyVaultService(IKeyVault vault, string token = null)
{
return(new KeyVaultServiceSimulator());
}
public KeyVaultDecorator(IKeyVault vault)
{
_vault = vault;
}
public KeyVaultRestClient(IKeyVault keyVault, HttpClient client)
: base(client, "2015-06-01")
{
_root = keyVault.Uri;
}
