public override async Task <RegeneratedSecret> Rekey(TimeSpan requestedValidPeriod) { _logger.LogInformation("Regenerating Key Vault key {KeyName}", Configuration.KeyName); var client = GetKeyClient(); Response <KeyVaultKey> currentKey = await client.GetKeyAsync(Configuration.KeyName); CreateKeyOptions creationOptions = new CreateKeyOptions() { Enabled = true, ExpiresOn = DateTimeOffset.UtcNow + requestedValidPeriod, NotBefore = DateTimeOffset.UtcNow }; foreach (KeyOperation op in currentKey.Value.KeyOperations) { creationOptions.KeyOperations.Add(op); } foreach (System.Collections.Generic.KeyValuePair <string, string> tag in currentKey.Value.Properties.Tags) { creationOptions.Tags.Add(tag.Key, tag.Value); } Response <KeyVaultKey> key = await client.CreateKeyAsync(Configuration.KeyName, currentKey.Value.KeyType, creationOptions); _logger.LogInformation("Successfully rekeyed Key Vault key {KeyName}", Configuration.KeyName); return(new RegeneratedSecret() { UserHint = Configuration.UserHint, NewSecretValue = key.Value.Key.Id.GetSecureString() }); }
public async Task CreateKeyWithOptions() { var exp = new DateTimeOffset(new DateTime(637027248120000000, DateTimeKind.Utc)); DateTimeOffset nbf = exp.AddDays(-30); var keyOptions = new CreateKeyOptions() { KeyOperations = { KeyOperation.Verify }, Enabled = false, ExpiresOn = exp, NotBefore = nbf, }; KeyVaultKey key = await Client.CreateKeyAsync(Recording.GenerateId(), KeyType.Ec, keyOptions); RegisterForCleanup(key.Name); KeyVaultKey keyReturned = await Client.GetKeyAsync(key.Name); AssertKeyVaultKeysEqual(key, keyReturned); }
private PSKeyVaultKey CreateKey(KeyClient client, string keyName, PSKeyVaultKeyAttributes keyAttributes, int?size, string curveName) { // todo duplicated code with Track2VaultClient.CreateKey CreateKeyOptions options; bool isHsm = keyAttributes.KeyType == KeyType.RsaHsm || keyAttributes.KeyType == KeyType.EcHsm; if (keyAttributes.KeyType == KeyType.Rsa || keyAttributes.KeyType == KeyType.RsaHsm) { options = new CreateRsaKeyOptions(keyName, isHsm) { KeySize = size }; } else if (keyAttributes.KeyType == KeyType.Ec || keyAttributes.KeyType == KeyType.EcHsm) { options = new CreateEcKeyOptions(keyName, isHsm); if (string.IsNullOrEmpty(curveName)) { (options as CreateEcKeyOptions).CurveName = null; } else { (options as CreateEcKeyOptions).CurveName = new KeyCurveName(curveName); } } else { options = new CreateKeyOptions(); } // Common key attributes options.NotBefore = keyAttributes.NotBefore; options.ExpiresOn = keyAttributes.Expires; options.Enabled = keyAttributes.Enabled; options.Exportable = keyAttributes.Exportable; options.ReleasePolicy = keyAttributes.ReleasePolicy?.ToKeyReleasePolicy(); if (keyAttributes.KeyOps != null) { foreach (var keyOp in keyAttributes.KeyOps) { options.KeyOperations.Add(new KeyOperation(keyOp)); } } if (keyAttributes.Tags != null) { foreach (DictionaryEntry entry in keyAttributes.Tags) { options.Tags.Add(entry.Key.ToString(), entry.Value.ToString()); } } if (keyAttributes.KeyType == KeyType.Rsa || keyAttributes.KeyType == KeyType.RsaHsm) { return(new PSKeyVaultKey(client.CreateRsaKey(options as CreateRsaKeyOptions).Value, _uriHelper, isHsm: true)); } else if (keyAttributes.KeyType == KeyType.Ec || keyAttributes.KeyType == KeyType.EcHsm) { return(new PSKeyVaultKey(client.CreateEcKey(options as CreateEcKeyOptions).Value, _uriHelper, isHsm: true)); } else if (keyAttributes.KeyType == KeyType.Oct || keyAttributes.KeyType.ToString() == "oct-HSM") { return(new PSKeyVaultKey(client.CreateKey(keyName, KeyType.Oct, options).Value, _uriHelper, isHsm: true)); } else { throw new NotSupportedException($"{keyAttributes.KeyType} is not supported"); } }
public KeyVaultKey Store(string name, KeyType keyType, CreateKeyOptions keyOptions = null) { _logger.LogInformation("Storing key: {Name}", name); return(_client.CreateKey(name, keyType, keyOptions)); }