public static IServiceCollection AddKeyVault(this IServiceCollection services, IConfiguration configuration)
        {
            var vaultSettings = new VaultSettings();

            configuration.Bind("Vault", vaultSettings);
            KeyVaultClient.AuthenticationCallback callback = async(authority, resource, scope) =>
            {
                var authContext    = new AuthenticationContext(authority);
                var clientCertFile = Path.Combine(
                    Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.UserProfile), ".secrets"),
                    vaultSettings.ClientCertFile);
                var certificate = new X509Certificate2(clientCertFile);
                var clientCred  = new ClientAssertionCertificate(vaultSettings.ClientId, certificate);
                var result      = await authContext.AcquireTokenAsync(resource, clientCred);

                if (result == null)
                {
                    throw new InvalidOperationException("Failed to obtain the JWT token");
                }

                return(result.AccessToken);
            };
            var kvClient = new KeyVaultClient(callback);

            services.AddSingleton <IKeyVaultClient>(kvClient);

            return(services);
        }
Exemple #2
0
        public static IServiceCollection AddKeyVault(this IServiceCollection services, IConfiguration configuration)
        {
            var vaultSettings = new VaultSettings();

            configuration.Bind(nameof(VaultSettings), vaultSettings);
            var loggerFactory = services.BuildServiceProvider().GetService <ILoggerFactory>();
            var logger        = loggerFactory?.CreateLogger <VaultSettings>();

            logger?.LogInformation($"retrieving vault settings: vaultName={vaultSettings.VaultName}");

            KeyVaultClient.AuthenticationCallback callback = async(authority, resource, scope) =>
            {
                var authContext = new AuthenticationContext(authority);
                if (!string.IsNullOrEmpty(vaultSettings.ClientSecretFile))
                {
                    var clientSecretFile = GetSecretOrCertFile(vaultSettings.ClientSecretFile, logger);
                    var clientSecret     = File.ReadAllText(clientSecretFile);

                    var credential = new ClientCredential(vaultSettings.ClientId, clientSecret);
                    var result     = await authContext.AcquireTokenAsync(resource, credential);

                    if (result == null)
                    {
                        throw new InvalidOperationException("Failed to obtain the JWT token");
                    }

                    return(result.AccessToken);
                }
                else
                {
                    var clientCertFile = GetSecretOrCertFile(vaultSettings.ClientCertFile, logger);
                    var certificate    = new X509Certificate2(clientCertFile);

                    Console.WriteLine($"Authenticate client {vaultSettings.ClientId} with cert: {certificate.Thumbprint}");
                    var clientCred = new ClientAssertionCertificate(vaultSettings.ClientId, certificate);

                    Console.WriteLine($"Authenticating...");
                    var result = await authContext.AcquireTokenAsync(resource, clientCred);

                    if (result == null)
                    {
                        throw new InvalidOperationException("Failed to obtain the JWT token");
                    }

                    return(result.AccessToken);
                }
            };
            var kvClient = new KeyVaultClient(callback);

            services.AddSingleton <IKeyVaultClient>(kvClient);

            return(services);
        }
        public static string GetSecret(this IServiceCollection services, IConfiguration configuration, string secretName)
        {
            var serviceProvider = services.BuildServiceProvider();
            var kvClient        = serviceProvider.GetRequiredService <IKeyVaultClient>();
            var vaultSettings   = new VaultSettings();

            configuration.Bind("Vault", vaultSettings);
            var instrumentationKey = kvClient.GetSecretAsync(
                $"https://{vaultSettings.Name}.vault.azure.net",
                secretName)
                                     .GetAwaiter().GetResult();

            return(instrumentationKey.Value);
        }