public AzureKeyVaultService(AzureKeyVaultConfiguration azureKeyVaultConfiguration) { if (azureKeyVaultConfiguration == null) { throw new ArgumentException("missing azureKeyVaultConfiguration"); } if (string.IsNullOrEmpty(azureKeyVaultConfiguration.AzureKeyVaultEndpoint)) { throw new ArgumentException("missing keyVaultEndpoint"); } _azureKeyVaultConfiguration = azureKeyVaultConfiguration; }
public static async Task <(X509Certificate2 ActiveCertificate, X509Certificate2 SecondaryCertificate)> GetCertificates(AzureKeyVaultConfiguration certificateConfiguration) { (X509Certificate2 ActiveCertificate, X509Certificate2 SecondaryCertificate)certs = (null, null); if (!string.IsNullOrEmpty(certificateConfiguration.AzureKeyVaultEndpoint)) { var keyVaultCertificateService = new AzureKeyVaultService(certificateConfiguration); certs = await keyVaultCertificateService.GetCertificatesFromKeyVault().ConfigureAwait(false); } return(certs); }
public static void AddDataProtection <TDbContext>(this IServiceCollection services, DataProtectionConfiguration dataProtectionConfiguration, AzureKeyVaultConfiguration azureKeyVaultConfiguration) where TDbContext : DbContext, IDataProtectionKeyContext { var dataProtectionBuilder = services.AddDataProtection() .SetApplicationName("Skoruba.IdentityServer4") .PersistKeysToDbContext <TDbContext>(); if (dataProtectionConfiguration.ProtectKeysWithAzureKeyVault) { if (azureKeyVaultConfiguration.UseClientCredentials) { dataProtectionBuilder.ProtectKeysWithAzureKeyVault( new Uri(azureKeyVaultConfiguration.DataProtectionKeyIdentifier), new ClientSecretCredential(azureKeyVaultConfiguration.TenantId, azureKeyVaultConfiguration.ClientId, azureKeyVaultConfiguration.ClientSecret)); } else { dataProtectionBuilder.ProtectKeysWithAzureKeyVault(new Uri(azureKeyVaultConfiguration.DataProtectionKeyIdentifier), new DefaultAzureCredential()); } } }
public static void AddDataProtection <TDbContext>(this IServiceCollection services, DataProtectionConfiguration dataProtectionConfiguration, AzureKeyVaultConfiguration azureKeyVaultConfiguration) where TDbContext : DbContext, IDataProtectionKeyContext { var dataProtectionBuilder = services.AddDataProtection() .SetApplicationName("Skoruba.IdentityServer4") .PersistKeysToDbContext <TDbContext>(); if (dataProtectionConfiguration.ProtectKeysWithAzureKeyVault) { if (azureKeyVaultConfiguration.UseClientCredentials) { dataProtectionBuilder.ProtectKeysWithAzureKeyVault(azureKeyVaultConfiguration.DataProtectionKeyIdentifier, azureKeyVaultConfiguration.ClientId, azureKeyVaultConfiguration.ClientSecret); } else { var azureServiceTokenProvider = new AzureServiceTokenProvider(); var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback)); dataProtectionBuilder.ProtectKeysWithAzureKeyVault(keyVaultClient, azureKeyVaultConfiguration.DataProtectionKeyIdentifier); } } }