public async Task RotateSecretAsync(Secret secret, CancellationToken token)
{
if (null == secret)
{
throw new ArgumentNullException(nameof(secret));
}
if (secret.SecretType == SecretType.Attached)
{
if (null == secret.Configuration)
{
throw new ArgumentNullException(nameof(secret.Configuration));
}
if (null == secret.Configuration.Policy)
{
throw new ArgumentException(nameof(secret.Configuration.Policy));
}
}
_logger?.LogInformation($"Attempting to rotate secret {secret.Uri}.");
ISecretManager provider = null;
try
{
ServiceType effectiveServiceType = (secret.Configuration == null) ? ServiceType.Unspecified : secret.Configuration.ServiceType;
provider = CreateSecretManagementProvider(effectiveServiceType);
}
catch (InvalidOperationException)
{
_logger.LogWarning($"Unable to locate SecretManager for {secret.Configuration.ServiceType}");
throw;
}
Key rotated = null;
try
{
rotated = await provider.RotateSecretAsync(secret, token);
_logger?.LogInformation($"Rotated secret {secret.Uri}");
}
catch (Exception ex)
{
_logger?.LogWarning($"Unable to rotate secret {secret.Uri}. Exception: {ex.Message}");
throw;
}
if (null != rotated)
{
_logger?.LogInformation($"Updating secret metadata for {secret.Uri}");
//update Key.Name into secret record?
secret.CurrentKeyName = rotated.Name;
secret.Version = rotated.SecretVersion;
secret.LastRotatedOn = DateTime.UtcNow;
try
{
await _dataProvider.SaveSecretAsync(secret, token); //Save secret
_logger?.LogInformation($"Updated secret metadata for {secret.Uri}");
}
catch (Exception ex)
{
_logger?.LogWarning($"Unable to update secret metadata {secret.Uri}. Exception: {ex.Message}");
throw;
}
}
}