[ExcludeFromCodeCoverage] //excluded as Msi isn't part of the build pipeline for testing.
public static IConfigurationBuilder AddKeyVaultSecrets(this IConfigurationBuilder builder, List <string> keys, bool throwNotFoundErrors = false)
{
try
{
var instanceName = builder.Build().GetValue <string>("KeyVaultInstanceName");
if (instanceName.IsNullOrEmpty())
{
throw new InvalidOperationException("Expecting setting \"KeyVaultInstanceName\" to infer instance name");
}
var vault = new KeyVault(new MsiConfig {
KeyVaultInstanceName = instanceName
});
var secrets = new List <KeyValuePair <string, string> >();
// Gather secrets from Key Vault
foreach (var key in keys)
{
try
{
var value = vault.GetSecret(key).GetAwaiter().GetResult();
secrets.Add(new KeyValuePair <string, string>(key, value));
}
catch (KeyVaultErrorException e)
{
// Throw an exception if requested.
if (e.Response.StatusCode == HttpStatusCode.NotFound && throwNotFoundErrors)
{
throw;
}
// Do nothing if it fails to find the value.
Console.WriteLine($"Failed to find keyvault setting: {key}, exception: {e.Message}");
}
}
// Add them to config.
if (secrets.Any())
{
builder.AddInMemoryCollection(secrets);
}
// Keep track of instance.
KeyVaultInstance = vault;
// Return updated builder.
return(builder);
}
catch (Exception ex)
{
throw new InvalidOperationException("Problem occurred retrieving secrets from KeyVault using Managed Identity", ex);
}
}
public KeyVaultIntegrationTests()
{
_config = new ConfigurationBuilder().AddJsonFile("appSettings.json").Build();
_kvClient = new KeyVault(new ServicePrincipleConfig
{
KeyVaultInstanceName = _config.GetValue <string>("InstanceName"),
AppSecret = _config.GetValue <string>("AppSecret"),
TenantId = _config.GetValue <string>("TenantId"),
AppId = _config.GetValue <string>("AppId"),
});
}
/// <summary>
/// Adds key vault secrets to the configuration builder.
/// Uses Service Principle configuration for security.
/// </summary>
/// <param name="builder">The builder to extend.</param>
/// <param name="config">The service principle configuration information.</param>
/// <param name="keys">The keys to lookup.</param>
/// <returns>IConfigurationBuilder.</returns>
/// <exception cref="InvalidOperationException">Problem occurred retrieving secrets from KeyVault</exception>
public static IConfigurationBuilder AddKeyVaultSecrets(this IConfigurationBuilder builder, ServicePrincipleConfig config, params string[] keys)
{
try
{
var vault = new KeyVault(config);
var secrets = new List <KeyValuePair <string, string> >();
// Gather secrets from Key Vault
foreach (var key in keys)
{
try
{
var value = vault.GetSecret(key).GetAwaiter().GetResult();
secrets.Add(new KeyValuePair <string, string>(key, value));
}
catch (KeyVaultErrorException e)
{
// Do nothing if it fails to find the value.
Console.WriteLine($"Failed to find keyvault setting: {key}, exception: {e.Message}");
}
}
// Add them to config.
if (secrets.Any())
{
builder.AddInMemoryCollection(secrets);
}
// Keep track of instance.
KeyVaultInstance = vault;
// Return updated builder.
return(builder);
}
catch (Exception ex)
{
throw new InvalidOperationException("Problem occurred retrieving secrets from KeyVault using Service Principle", ex);
}
}
