private static ISecretInjector GetSecretInjector(IDictionary<string, string> arguments)
{
ISecretReader secretReader;
var vaultName = arguments.GetOrDefault<string>(Arguments.VaultName);
if (string.IsNullOrEmpty(vaultName))
{
secretReader = new EmptySecretReader();
}
else
{
var clientId = arguments.GetOrThrow<string>(Arguments.ClientId);
var certificateThumbprint = arguments.GetOrThrow<string>(Arguments.CertificateThumbprint);
var storeName = arguments.GetOrDefault(Arguments.StoreName, StoreName.My);
var storeLocation = arguments.GetOrDefault(Arguments.StoreLocation, StoreLocation.LocalMachine);
var shouldValidateCert = arguments.GetOrDefault(Arguments.ValidateCertificate, false);
var keyVaultConfig = new KeyVaultConfiguration(vaultName, clientId, certificateThumbprint, storeName, storeLocation, shouldValidateCert);
secretReader = new CachingSecretReader(new KeyVaultReader(keyVaultConfig),
arguments.GetOrDefault(Arguments.RefreshIntervalSec, CachingSecretReader.DefaultRefreshIntervalSec));
}
return new SecretInjector(secretReader);
}
public ISecretReader CreateSecretReader()
{
ISecretReader secretReader;
var vaultName = _configurationService.ReadRawSetting(ResolveKeyVaultSettingName(VaultNameConfigurationKey));
if (!string.IsNullOrEmpty(vaultName))
{
var clientId = _configurationService.ReadRawSetting(ResolveKeyVaultSettingName(ClientIdConfigurationKey));
var certificateThumbprint = _configurationService.ReadRawSetting(ResolveKeyVaultSettingName(CertificateThumbprintConfigurationKey));
var storeName = GetOptionalKeyVaultEnumSettingValue(CertificateStoreName, StoreName.My);
var storeLocation = GetOptionalKeyVaultEnumSettingValue(CertificateStoreLocation, StoreLocation.LocalMachine);
var certificate = CertificateUtility.FindCertificateByThumbprint(storeName, storeLocation, certificateThumbprint, validationRequired: true);
var keyVaultConfiguration = new KeyVaultConfiguration(vaultName, clientId, certificate);
secretReader = new KeyVaultReader(keyVaultConfiguration);
}
else
{
secretReader = new EmptySecretReader();
}
return(new CachingSecretReader(secretReader));
}
public ISecretReader CreateSecretReader(IGalleryConfigurationService configurationService)
{
if (configurationService == null)
{
throw new ArgumentNullException(nameof(configurationService));
}
ISecretReader secretReader;
var vaultName = configurationService.ReadSetting(
string.Format(CultureInfo.InvariantCulture, "{0}{1}", KeyVaultConfigurationPrefix, VaultNameConfigurationKey)).Result;
if (!string.IsNullOrEmpty(vaultName))
{
var clientId = configurationService.ReadSetting(
string.Format(CultureInfo.InvariantCulture, "{0}{1}", KeyVaultConfigurationPrefix, ClientIdConfigurationKey)).Result;
var certificateThumbprint = configurationService.ReadSetting(
string.Format(CultureInfo.InvariantCulture, "{0}{1}", KeyVaultConfigurationPrefix, CertificateThumbprintConfigurationKey)).Result;
var keyVaultConfiguration = new KeyVaultConfiguration(vaultName, clientId, certificateThumbprint, validateCertificate: true);
secretReader = new KeyVaultReader(keyVaultConfiguration);
}
else
{
secretReader = new EmptySecretReader();
}
return(new CachingSecretReader(secretReader, _diagnosticsService));
}
public ISecretReader CreateSecretReader(IGalleryConfigurationService configurationService)
{
if (configurationService == null)
{
throw new ArgumentNullException(nameof(configurationService));
}
ISecretReader secretReader;
var vaultName = configurationService.ReadSetting(
string.Format(CultureInfo.InvariantCulture, "{0}{1}", KeyVaultConfigurationPrefix, VaultNameConfigurationKey)).Result;
if (!string.IsNullOrEmpty(vaultName))
{
var clientId = configurationService.ReadSetting(
string.Format(CultureInfo.InvariantCulture, "{0}{1}", KeyVaultConfigurationPrefix, ClientIdConfigurationKey)).Result;
var certificateThumbprint = configurationService.ReadSetting(
string.Format(CultureInfo.InvariantCulture, "{0}{1}", KeyVaultConfigurationPrefix, CertificateThumbprintConfigurationKey)).Result;
var keyVaultConfiguration = new KeyVaultConfiguration(vaultName, clientId, certificateThumbprint, validateCertificate: true);
secretReader = new KeyVaultReader(keyVaultConfiguration);
}
else
{
secretReader = new EmptySecretReader();
}
return new CachingSecretReader(secretReader, _diagnosticsService);
}
public ISecretReader CreateSecretReader(IConfiguration configuration)
{
if (configuration == null)
{
throw new ArgumentNullException(nameof(configuration));
}
var vaultName = configuration.Get(VaultNameKey);
ISecretReader secretReader;
// Is key vault configured?
if (string.IsNullOrEmpty(vaultName))
{
secretReader = new EmptySecretReader();
}
else
{
var clientId = configuration.Get(ClientIdKey);
var certificateThumbprint = configuration.Get(CertificateThumbprintKey);
// KeyVault is configured, but not all data is provided. Fail.
if (string.IsNullOrEmpty(clientId) || string.IsNullOrEmpty(certificateThumbprint))
{
throw new ArgumentException("Not all KeyVault configuration provided. " +
$"Parameter: {VaultNameKey} Value: {VaultNameKey}, " +
$"Parameter: {ClientIdKey} Value: {ClientIdKey}, " +
$"Parameter: {CertificateThumbprintKey} Value: {certificateThumbprint}");
}
secretReader = new KeyVaultReader(new KeyVaultConfiguration(vaultName, clientId, certificateThumbprint, validateCertificate: true));
}
return secretReader;
}
public ISecretReader CreateSecretReader()
{
ISecretReader secretReader;
var vaultName = _configurationService.ReadRawSetting(ResolveKeyVaultSettingName(VaultNameConfigurationKey));
if (!string.IsNullOrEmpty(vaultName))
{
var useManagedIdentity = GetOptionalKeyVaultBoolSettingValue(UseManagedIdentityConfigurationKey, defaultValue: false);
KeyVaultConfiguration keyVaultConfiguration;
if (useManagedIdentity)
{
keyVaultConfiguration = new KeyVaultConfiguration(vaultName);
}
else
{
var clientId = _configurationService.ReadRawSetting(ResolveKeyVaultSettingName(ClientIdConfigurationKey));
var certificateThumbprint = _configurationService.ReadRawSetting(ResolveKeyVaultSettingName(CertificateThumbprintConfigurationKey));
var storeName = GetOptionalKeyVaultEnumSettingValue(CertificateStoreName, StoreName.My);
var storeLocation = GetOptionalKeyVaultEnumSettingValue(CertificateStoreLocation, StoreLocation.LocalMachine);
var certificate = CertificateUtility.FindCertificateByThumbprint(storeName, storeLocation, certificateThumbprint, validationRequired: true);
keyVaultConfiguration = new KeyVaultConfiguration(vaultName, clientId, certificate);
}
secretReader = new KeyVaultReader(keyVaultConfiguration);
}
else
{
secretReader = new EmptySecretReader();
}
return(new CachingSecretReader(secretReader, refreshIntervalSec: SecretCachingRefreshInterval));
}
public ISecretReader CreateSecretReader(IConfigurationService configurationService)
{
var vaultName = configurationService.Get(VaultNameKey).Result;
ISecretReader secretReader;
// Is key vault configured?
if (string.IsNullOrEmpty(vaultName))
{
secretReader = new EmptySecretReader();
}
else
{
var clientId = configurationService.Get(ClientIdKey).Result;
var certificateThumbprint = configurationService.Get(CertificateThumbprintKey).Result;
var storeLocation = (StoreLocation)Enum.Parse(typeof(StoreLocation), configurationService.Get(StoreLocationKey).Result);
var storeName = (StoreName)Enum.Parse(typeof(StoreName), configurationService.Get(StoreNameKey).Result);
var validateCertificate = bool.Parse(configurationService.Get(ValidateCertificateKey).Result);
var certificate = CertificateUtility.FindCertificateByThumbprint(storeName, storeLocation, certificateThumbprint, validateCertificate);
secretReader = new KeyVaultReader(
new KeyVaultConfiguration(
vaultName,
clientId,
certificate));
}
return(secretReader);
}
private static ISecretInjector GetSecretInjector(IDictionary <string, string> arguments)
{
ISecretReader secretReader;
var vaultName = arguments.GetOrDefault <string>(Arguments.VaultName);
if (string.IsNullOrEmpty(vaultName))
{
secretReader = new EmptySecretReader();
}
else
{
var clientId = arguments.GetOrThrow <string>(Arguments.ClientId);
var certificateThumbprint = arguments.GetOrThrow <string>(Arguments.CertificateThumbprint);
var storeName = arguments.GetOrDefault(Arguments.StoreName, StoreName.My);
var storeLocation = arguments.GetOrDefault(Arguments.StoreLocation, StoreLocation.LocalMachine);
var shouldValidateCert = arguments.GetOrDefault(Arguments.ValidateCertificate, true);
var keyVaultCertificate = CertificateUtility.FindCertificateByThumbprint(storeName, storeLocation, certificateThumbprint, shouldValidateCert);
var keyVaultConfig = new KeyVaultConfiguration(vaultName, clientId, keyVaultCertificate);
secretReader = new CachingSecretReader(new KeyVaultReader(keyVaultConfig),
arguments.GetOrDefault(Arguments.RefreshIntervalSec, CachingSecretReader.DefaultRefreshIntervalSec));
}
return(new SecretInjector(secretReader));
}
public ISecretReader CreateSecretReader()
{
ISecretReader secretReader;
// Is KeyVault configured?
if (!_configurationDictionary.TryGetValue(VaultNameKey, out var vaultName) ||
string.IsNullOrEmpty(vaultName))
{
secretReader = new EmptySecretReader();
}
else
{
KeyVaultConfiguration keyVaultConfiguration;
if (_configurationDictionary.TryGetValue(UseManagedIdentityKey, out var useManagedIdentityStr) &&
bool.TryParse(useManagedIdentityStr, out var useManagedIdentity) &&
useManagedIdentity)
{
keyVaultConfiguration = new KeyVaultConfiguration(vaultName);
}
else
{
var clientId = _configurationDictionary[ClientIdKey];
var certificateThumbprint = _configurationDictionary[CertificateThumbprintKey];
var storeLocation = _configurationDictionary[StoreLocationKey];
var storeName = _configurationDictionary[StoreNameKey];
var validateCertificate = _configurationDictionary[ValidateCertificateKey];
var certificate = CertificateUtility.FindCertificateByThumbprint(
(StoreName)Enum.Parse(typeof(StoreName), storeName),
(StoreLocation)Enum.Parse(typeof(StoreLocation), storeLocation),
certificateThumbprint,
bool.Parse(validateCertificate));
keyVaultConfiguration = new KeyVaultConfiguration(vaultName, clientId, certificate);
}
if (!_configurationDictionary.TryGetValue(CacheRefreshIntervalKey, out var cacheRefresh) ||
!int.TryParse(cacheRefresh, out int refreshIntervalSec))
{
refreshIntervalSec = CachingSecretReader.DefaultRefreshIntervalSec;
}
secretReader = new KeyVaultReader(keyVaultConfiguration);
secretReader = new CachingSecretReader(secretReader, refreshIntervalSec);
}
return(secretReader);
}
private async Task <ISecretReader> CreateSecretReaderAsync()
{
var config =
await new ConfigurationFactory(
new EnvironmentSettingsConfigurationProvider(CreateSecretInjector(new EmptySecretReader())))
.Get <BasicSearchConfiguration>();
if (config == null)
{
throw new ArgumentNullException(nameof(config));
}
ISecretReader secretReader;
// Is KeyVault configured?
if (string.IsNullOrEmpty(config.VaultName))
{
secretReader = new EmptySecretReader();
}
else
{
// KeyVault is configured, but not all data is provided. Fail.
if (string.IsNullOrEmpty(config.ClientId) || string.IsNullOrEmpty(config.CertificateThumbprint))
{
throw new ArgumentException("Not all KeyVault configuration provided. " +
$"Parameter: {nameof(BasicSearchConfiguration.VaultName)} Value: {config.VaultName}, " +
$"Parameter: {nameof(BasicSearchConfiguration.ClientId)} Value: {config.ClientId}, " +
$"Parameter: {nameof(BasicSearchConfiguration.CertificateThumbprint)} Value: {config.CertificateThumbprint}, " +
$"Parameter: {nameof(BasicSearchConfiguration.StoreName)} Value: {config.StoreName}, " +
$"Parameter: {nameof(BasicSearchConfiguration.StoreLocation)} Value: {config.StoreLocation}, " +
$"Parameter: {nameof(BasicSearchConfiguration.ValidateCertificate)} Value: {config.ValidateCertificate}");
}
var keyVaultCertificate = CertificateUtility.FindCertificateByThumbprint(
config.StoreName,
config.StoreLocation,
config.CertificateThumbprint,
config.ValidateCertificate);
secretReader =
new KeyVaultReader(new KeyVaultConfiguration(config.VaultName, config.ClientId, keyVaultCertificate));
}
return(secretReader);
}
public ISecretReader CreateSecretReader()
{
ISecretReader secretReader;
var vaultName = _configurationService.ReadRawSetting(ResolveKeyVaultSettingName(VaultNameConfigurationKey));
if (!string.IsNullOrEmpty(vaultName))
{
var clientId = _configurationService.ReadRawSetting(ResolveKeyVaultSettingName(ClientIdConfigurationKey));
var certificateThumbprint = _configurationService.ReadRawSetting(ResolveKeyVaultSettingName(CertificateThumbprintConfigurationKey));
var certificate = CertificateUtility.FindCertificateByThumbprint(StoreName.My, StoreLocation.LocalMachine, certificateThumbprint, true);
var keyVaultConfiguration = new KeyVaultConfiguration(vaultName, clientId, certificate);
secretReader = new KeyVaultReader(keyVaultConfiguration);
}
else
{
secretReader = new EmptySecretReader();
}
return(new CachingSecretReader(secretReader, _diagnosticsService));
}
