/// <summary> /// Register AWS Systems Manager (SSM) to persist the ASP.NET Core DataProtection framework keys. Keys will be stored in SSM's /// Parameter Store using the prefix specified by the parameterNamePrefix parameter. It is expected that only DataProtection keys will be stored /// with this prefix. /// </summary> /// <param name="builder"></param> /// <param name="parameterNamePrefix">The prefix applied to the DataProtection key names.</param> /// <param name="setupAction">Delegate to specify options for persistence. For example setting a KMS Key ID.</param> /// <returns></returns> public static IDataProtectionBuilder PersistKeysToAWSSystemsManager(this IDataProtectionBuilder builder, string parameterNamePrefix, Action <PersistOptions> setupAction = null) { if (builder == null) { throw new ArgumentNullException(nameof(builder)); } builder.Services.TryAddAWSService <IAmazonSimpleSystemsManagement>(); builder.Services.AddSingleton <IConfigureOptions <KeyManagementOptions> >(services => { var ssmOptions = new PersistOptions(); setupAction?.Invoke(ssmOptions); var ssmClient = services.GetService <IAmazonSimpleSystemsManagement>(); var loggerFactory = services.GetService <ILoggerFactory>() ?? NullLoggerFactory.Instance; return(new ConfigureOptions <KeyManagementOptions>(options => { options.XmlRepository = new SSMXmlRepository(ssmClient, parameterNamePrefix, ssmOptions, loggerFactory); })); }); return(builder); }
public void UseKMSKey() { var prefix = "/" + BasePrefix + "/"; var keyText = "<key id=\"foo\"></key>"; var kmsKeyId = "customer-provided-kms-key-id"; _mockSSM.Setup(client => client.PutParameterAsync(It.IsAny <PutParameterRequest>(), It.IsAny <CancellationToken>())) .Callback <PutParameterRequest, CancellationToken>((request, token) => { Assert.NotNull(request.Name); Assert.Equal(prefix + "bar", request.Name); Assert.NotNull(request.Description); Assert.NotNull(request.Value); XElement parsed = XElement.Parse(request.Value); Assert.NotNull(parsed); Assert.NotNull(request.KeyId); Assert.Equal(kmsKeyId, request.KeyId); }) .Returns((PutParameterRequest r, CancellationToken token) => { return(Task.FromResult(new PutParameterResponse())); }); var options = new PersistOptions { KMSKeyId = kmsKeyId }; var repository = new SSMXmlRepository(_mockSSM.Object, prefix, options, null); XElement key = XElement.Parse(keyText); repository.StoreElement(key, "bar"); }