/// <summary>
/// Gets the authenticated Key Vault client.
/// </summary>
protected async Task <IKeyVaultClient> GetClientAsync()
{
if (_isUsingAzureSdk)
{
throw new InvalidOperationException(
$"Azure Key Vault secret provider is configured using the new Azure.Security.KeyVault.Secrets package, please call the '{nameof(GetSecretClient)}' instead to have access to the low-level Key Vault client");
}
Logger.LogTrace("Authenticating with the Azure Key Vault {VaultUri}...", VaultUri);
await LockCreateKeyVaultClient.WaitAsync();
try
{
if (_keyVaultClient is null)
{
_keyVaultClient = await _authentication.AuthenticateAsync();
}
Logger.LogTrace("Authenticated with the Azure Key Vault {VaultUri}", VaultUri);
return(_keyVaultClient);
}
catch (Exception exception)
{
Logger.LogError(exception, "Failure during authenticating with the Azure Key Vault {VaultUri}", VaultUri);
throw;
}
finally
{
LockCreateKeyVaultClient.Release();
}
}
/// <summary>
/// Gets the authenticated Key Vault client.
/// </summary>
/// <returns></returns>
protected async Task <IKeyVaultClient> GetClientAsync()
{
await LockCreateKeyVaultClient.WaitAsync();
try
{
if (_keyVaultClient == null)
{
_keyVaultClient = await _authentication.AuthenticateAsync();
}
return(_keyVaultClient);
}
finally
{
LockCreateKeyVaultClient.Release();
}
}
/// <summary>
/// Rotates the Azure Service Bus connection string key, stored inside Azure Key Vault with the specified <paramref name="secretName"/>.
/// </summary>
/// <param name="secretName">The name of the secret where the Azure Service Bus connection string is stored.</param>
/// <exception cref="ArgumentException">Thrown when the <paramref name="secretName"/> is blank.</exception>
public async Task RotateServiceBusSecretAsync(string secretName)
{
Guard.NotNullOrWhitespace(secretName, nameof(secretName),
"Requires a non-blank secret name that points to a secret in the Azure Key Vault resource to set the new rotated Azure Service Bus connection strings keys to");
Interlocked.Increment(ref _index);
using IKeyVaultClient keyVaultClient = await _authentication.AuthenticateAsync();
if (_index % 2 != 0)
{
string secondaryConnectionString = await _serviceBusClient.RotateConnectionStringKeyAsync(KeyType.SecondaryKey);
await SetConnectionStringSecretAsync(keyVaultClient, secretName, secondaryConnectionString, KeyType.SecondaryKey);
await _serviceBusClient.RotateConnectionStringKeyAsync(KeyType.PrimaryKey);
}
else
{
string primaryConnectionString = await _serviceBusClient.RotateConnectionStringKeyAsync(KeyType.PrimaryKey);
await SetConnectionStringSecretAsync(keyVaultClient, secretName, primaryConnectionString, KeyType.PrimaryKey);
await _serviceBusClient.RotateConnectionStringKeyAsync(KeyType.SecondaryKey);
}
}
