/// <summary>
/// Create keyvault provider
/// </summary>
/// <param name="configuration"></param>
/// <param name="keyVaultUri"></param>
/// <param name="allowInteractiveLogon"></param>
private KeyVaultConfigurationProvider(IConfigurationRoot configuration,
string keyVaultUri, bool allowInteractiveLogon)
{
_keyVault = new KeyVaultClientBootstrap(configuration, allowInteractiveLogon);
_keyVaultUri = keyVaultUri;
_cache = new ConcurrentDictionary <string, Task <SecretBundle> >();
_reloadToken = new ConfigurationReloadToken();
}
/// <summary>
/// Add Keyvault protection
/// </summary>
/// <param name="builder"></param>
/// <param name="configuration"></param>
public static IDataProtectionBuilder AddAzureKeyVaultDataProtection(
this IDataProtectionBuilder builder, IConfiguration configuration)
{
var config = new DataProtectionConfig(configuration);
if (string.IsNullOrEmpty(config.KeyVaultBaseUrl))
{
throw new InvalidConfigurationException(
"Keyvault base url is missing in your configuration " +
"for dataprotection to be able to store the root key.");
}
var keyName = config.KeyVaultKeyDataProtection;
var keyVault = new KeyVaultClientBootstrap(configuration);
if (!TryInititalizeKeyAsync(keyVault.Client, config.KeyVaultBaseUrl, keyName).Result)
{
throw new UnauthorizedAccessException("Cannot access keyvault");
}
var identifier = $"{config.KeyVaultBaseUrl.TrimEnd('/')}/keys/{keyName}";
return(builder.ProtectKeysWithAzureKeyVault(keyVault.Client, identifier));
}
