Exemplo n.º 1
0
        private void UpdateCacheExpirationTimeForSecret(string key, CachedKeyVaultSecret cachedSecret, bool success)
        {
            if (!_keyVaultOptions.SecretRefreshIntervals.TryGetValue(key, out TimeSpan cacheExpirationTime))
            {
                if (_keyVaultOptions.DefaultSecretRefreshInterval.HasValue)
                {
                    cacheExpirationTime = _keyVaultOptions.DefaultSecretRefreshInterval.Value;
                }
            }

            if (cacheExpirationTime > TimeSpan.Zero)
            {
                if (success)
                {
                    cachedSecret.RefreshAttempts = 0;
                    cachedSecret.RefreshAt       = DateTimeOffset.UtcNow.Add(cacheExpirationTime);
                }
                else
                {
                    if (cachedSecret.RefreshAttempts < int.MaxValue)
                    {
                        cachedSecret.RefreshAttempts++;
                    }

                    cachedSecret.RefreshAt = DateTimeOffset.UtcNow.Add(cacheExpirationTime.CalculateBackoffTime(cachedSecret.RefreshAttempts));
                }
            }
        }
Exemplo n.º 2
0
        public async Task <string> GetSecretValue(Uri secretUri, string key, CancellationToken cancellationToken)
        {
            string secretName    = secretUri?.Segments?.ElementAtOrDefault(2)?.TrimEnd('/');
            string secretVersion = secretUri?.Segments?.ElementAtOrDefault(3)?.TrimEnd('/');
            string secretValue   = null;

            if (_cachedKeyVaultSecrets.TryGetValue(key, out CachedKeyVaultSecret cachedSecret) &&
                (!cachedSecret.RefreshAt.HasValue || DateTimeOffset.UtcNow < cachedSecret.RefreshAt.Value))
            {
                return(cachedSecret.SecretValue);
            }

            SecretClient client = GetSecretClient(secretUri);

            if (client == null && _keyVaultOptions.SecretResolver == null)
            {
                throw new UnauthorizedAccessException("No key vault credential or secret resolver callback configured, and no matching secret client could be found.");
            }

            bool success = false;

            try
            {
                if (client != null)
                {
                    KeyVaultSecret secret = await client.GetSecretAsync(secretName, secretVersion, cancellationToken).ConfigureAwait(false);

                    secretValue = secret.Value;
                }
                else if (_keyVaultOptions.SecretResolver != null)
                {
                    secretValue = await _keyVaultOptions.SecretResolver(secretUri).ConfigureAwait(false);
                }

                cachedSecret = new CachedKeyVaultSecret(secretValue);
                success      = true;
            }
            finally
            {
                SetSecretInCache(key, cachedSecret, success);
            }

            return(secretValue);
        }
Exemplo n.º 3
0
        private void SetSecretInCache(string key, CachedKeyVaultSecret cachedSecret, bool success = true)
        {
            if (cachedSecret == null)
            {
                cachedSecret = new CachedKeyVaultSecret();
            }

            UpdateCacheExpirationTimeForSecret(key, cachedSecret, success);
            _cachedKeyVaultSecrets[key] = cachedSecret;

            if (key == _nextRefreshKey)
            {
                UpdateNextRefreshableSecretFromCache();
            }
            else if ((cachedSecret.RefreshAt.HasValue && _nextRefreshTime.HasValue && cachedSecret.RefreshAt.Value < _nextRefreshTime.Value) ||
                     (cachedSecret.RefreshAt.HasValue && !_nextRefreshTime.HasValue))
            {
                _nextRefreshKey  = key;
                _nextRefreshTime = cachedSecret.RefreshAt.Value;
            }
        }