public void UpdateSecret(string secretId, string secret) { KeyVaultClient kvClient = AuthUsingADALCallback(vaultBaseUrl); Task task = Task.Run(async() => { await kvClient.UpdateSecretAsync(vaultBaseUrl, secretId, secret); }); }
public static async Task <string> UpdateSecretAttributes(string secretKeyIdentifier) { var client = new KeyVaultClient( new KeyVaultClient.AuthenticationCallback(GetAccessTokenAsync), new System.Net.Http.HttpClient()); SecretAttributes attributes = new SecretAttributes(); attributes.Expires = DateTime.UtcNow.AddDays(15); var secret = await client.UpdateSecretAsync(secretKeyIdentifier, null, attributes, null).ConfigureAwait(false); return(secret.Value); }
/// <summary> /// /// </summary> /// <param name="secret"></param> /// <param name="value"></param> /// <param name="token"></param> /// <returns>Key Vault Secret Version Identifier</returns> protected override async Task <string> OnPersistSecretToVaultAsync(Secret secret, string value, CancellationToken token) { //todo: store new secret value //todo: vary credential providers based on need (MI/Keys/etc) var azureServiceTokenProvider = new AzureServiceTokenProvider(); KeyVaultClient kvClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback)); SecretPolicy effectivePolicy = secret?.Configuration?.Policy; switch (secret.ObjectType) { case "secret": var attributes = new SecretAttributes() { Enabled = true }; if (null != effectivePolicy) { attributes.Expires = DateTime.UtcNow.Add(TimeSpan.FromSeconds(effectivePolicy.RotationIntervalInSec)); } value = await ProcessSecretExpressionAsync(secret, value, kvClient, token); var result = await kvClient.SetSecretAsync($"https://{secret.VaultName}.vault.azure.net", secret.ObjectName, value , secretAttributes : attributes, cancellationToken : token); if (string.Compare(result.SecretIdentifier.Version, secret.Version, true) != 0) //disable previous version... { await kvClient.UpdateSecretAsync(secret.Uri, secretAttributes : new SecretAttributes() { Enabled = false }); } return(result.SecretIdentifier.Version); case "key": break; case "certificate": break; } return(null); }