internal async Task <EncryptionSettings> GetEncryptionSettingForPropertyAsync( string propertyName, EncryptionProcessor encryptionProcessor, CancellationToken cancellationToken) { CachedEncryptionSettings cachedEncryptionSettings = await this.EncryptionSettingCacheByPropertyName.GetAsync( propertyName, obsoleteValue : null, async() => await this.FetchCachedEncryptionSettingsAsync(propertyName, encryptionProcessor, cancellationToken), cancellationToken); if (cachedEncryptionSettings == null) { return(null); } // we just cache the algo for the property for a duration of 1 hour and when it expires we try to fetch the cached Encrypted key // from the Cosmos Client and try to create a Protected Data Encryption Key which tries to unwrap the key. // 1) Try to check if the KEK has been revoked may be post rotation. If the request fails this could mean the KEK was revoked, // the user might have rewraped the Key and that is when we try to force fetch it from the Backend. // So we only read back from the backend only when an operation like wrap/unwrap with the Master Key fails. if (cachedEncryptionSettings.EncryptionSettingsExpiryUtc <= DateTime.UtcNow) { cachedEncryptionSettings = await this.EncryptionSettingCacheByPropertyName.GetAsync( propertyName, obsoleteValue : null, async() => await this.FetchCachedEncryptionSettingsAsync(propertyName, encryptionProcessor, cancellationToken), cancellationToken, forceRefresh : true); } return(cachedEncryptionSettings.EncryptionSettings); }
internal void SetEncryptionSettingForProperty(string propertyName, EncryptionSettings encryptionSettings, DateTime expiryUtc) { CachedEncryptionSettings cachedEncryptionSettings = new CachedEncryptionSettings(encryptionSettings, expiryUtc); this.EncryptionSettingCacheByPropertyName.Set(propertyName, cachedEncryptionSettings); }