private static EncryptionKey GetEncryptionKeyFromConfiguration(IConfigurationRoot configuration)
        {
            Uri keyVaultKeyUri = new Uri(configuration["AzureKeyVaultKeyIdentifier"]);

            if (!keyVaultKeyUri.Host.Contains("vault.azure.net") || keyVaultKeyUri.Segments.Length != 4 || keyVaultKeyUri.Segments[1] != "keys/")
            {
                throw new ArgumentException("Invalid 'AzureKeyVaultKeyIdentifier' - Expected format: 'https://<key-vault-name>.vault.azure.net/keys/<key-name>/<key-version>'", "AzureKeyVaultKeyIdentifier");
            }

            var encryptionKey = new EncryptionKey
            {
                KeyVaultUri        = $"{keyVaultKeyUri.Scheme}://{keyVaultKeyUri.Host}",
                KeyVaultKeyName    = keyVaultKeyUri.Segments[2].Trim('/'),
                KeyVaultKeyVersion = keyVaultKeyUri.Segments[3].Trim('/')
            };

            string applicationId = configuration["AzureActiveDirectoryApplicationId"];

            if (!string.IsNullOrWhiteSpace(applicationId))
            {
                encryptionKey.AccessCredentials = new AzureActiveDirectoryApplicationCredentials
                {
                    ApplicationId     = applicationId,
                    ApplicationSecret = configuration["AzureActiveDirectoryApplicationSecret"]
                };
            }

            encryptionKey.Validate();
            return(encryptionKey);
        }
 /// <summary>
 /// Validate the object.
 /// </summary>
 /// <exception cref="ValidationException">
 /// Thrown if validation fails
 /// </exception>
 public virtual void Validate()
 {
     if (StorageAccountCredentialId == null)
     {
         throw new ValidationException(ValidationRules.CannotBeNull, "StorageAccountCredentialId");
     }
     if (EncryptionKey != null)
     {
         EncryptionKey.Validate();
     }
 }