private static ISecretInjector GetSecretInjector(IDictionary<string, string> arguments) { ISecretReader secretReader; var vaultName = arguments.GetOrDefault<string>(Arguments.VaultName); if (string.IsNullOrEmpty(vaultName)) { secretReader = new EmptySecretReader(); } else { var clientId = arguments.GetOrThrow<string>(Arguments.ClientId); var certificateThumbprint = arguments.GetOrThrow<string>(Arguments.CertificateThumbprint); var storeName = arguments.GetOrDefault(Arguments.StoreName, StoreName.My); var storeLocation = arguments.GetOrDefault(Arguments.StoreLocation, StoreLocation.LocalMachine); var shouldValidateCert = arguments.GetOrDefault(Arguments.ValidateCertificate, false); var keyVaultConfig = new KeyVaultConfiguration(vaultName, clientId, certificateThumbprint, storeName, storeLocation, shouldValidateCert); secretReader = new CachingSecretReader(new KeyVaultReader(keyVaultConfig), arguments.GetOrDefault(Arguments.RefreshIntervalSec, CachingSecretReader.DefaultRefreshIntervalSec)); } return new SecretInjector(secretReader); }
public ISecretReader CreateSecretReader() { ISecretReader secretReader; var vaultName = _configurationService.ReadRawSetting(ResolveKeyVaultSettingName(VaultNameConfigurationKey)); if (!string.IsNullOrEmpty(vaultName)) { var clientId = _configurationService.ReadRawSetting(ResolveKeyVaultSettingName(ClientIdConfigurationKey)); var certificateThumbprint = _configurationService.ReadRawSetting(ResolveKeyVaultSettingName(CertificateThumbprintConfigurationKey)); var storeName = GetOptionalKeyVaultEnumSettingValue(CertificateStoreName, StoreName.My); var storeLocation = GetOptionalKeyVaultEnumSettingValue(CertificateStoreLocation, StoreLocation.LocalMachine); var certificate = CertificateUtility.FindCertificateByThumbprint(storeName, storeLocation, certificateThumbprint, validationRequired: true); var keyVaultConfiguration = new KeyVaultConfiguration(vaultName, clientId, certificate); secretReader = new KeyVaultReader(keyVaultConfiguration); } else { secretReader = new EmptySecretReader(); } return(new CachingSecretReader(secretReader)); }
public ISecretReader CreateSecretReader(IGalleryConfigurationService configurationService) { if (configurationService == null) { throw new ArgumentNullException(nameof(configurationService)); } ISecretReader secretReader; var vaultName = configurationService.ReadSetting( string.Format(CultureInfo.InvariantCulture, "{0}{1}", KeyVaultConfigurationPrefix, VaultNameConfigurationKey)).Result; if (!string.IsNullOrEmpty(vaultName)) { var clientId = configurationService.ReadSetting( string.Format(CultureInfo.InvariantCulture, "{0}{1}", KeyVaultConfigurationPrefix, ClientIdConfigurationKey)).Result; var certificateThumbprint = configurationService.ReadSetting( string.Format(CultureInfo.InvariantCulture, "{0}{1}", KeyVaultConfigurationPrefix, CertificateThumbprintConfigurationKey)).Result; var keyVaultConfiguration = new KeyVaultConfiguration(vaultName, clientId, certificateThumbprint, validateCertificate: true); secretReader = new KeyVaultReader(keyVaultConfiguration); } else { secretReader = new EmptySecretReader(); } return(new CachingSecretReader(secretReader, _diagnosticsService)); }
public ISecretReader CreateSecretReader(IGalleryConfigurationService configurationService) { if (configurationService == null) { throw new ArgumentNullException(nameof(configurationService)); } ISecretReader secretReader; var vaultName = configurationService.ReadSetting( string.Format(CultureInfo.InvariantCulture, "{0}{1}", KeyVaultConfigurationPrefix, VaultNameConfigurationKey)).Result; if (!string.IsNullOrEmpty(vaultName)) { var clientId = configurationService.ReadSetting( string.Format(CultureInfo.InvariantCulture, "{0}{1}", KeyVaultConfigurationPrefix, ClientIdConfigurationKey)).Result; var certificateThumbprint = configurationService.ReadSetting( string.Format(CultureInfo.InvariantCulture, "{0}{1}", KeyVaultConfigurationPrefix, CertificateThumbprintConfigurationKey)).Result; var keyVaultConfiguration = new KeyVaultConfiguration(vaultName, clientId, certificateThumbprint, validateCertificate: true); secretReader = new KeyVaultReader(keyVaultConfiguration); } else { secretReader = new EmptySecretReader(); } return new CachingSecretReader(secretReader, _diagnosticsService); }
public ISecretReader CreateSecretReader(IConfiguration configuration) { if (configuration == null) { throw new ArgumentNullException(nameof(configuration)); } var vaultName = configuration.Get(VaultNameKey); ISecretReader secretReader; // Is key vault configured? if (string.IsNullOrEmpty(vaultName)) { secretReader = new EmptySecretReader(); } else { var clientId = configuration.Get(ClientIdKey); var certificateThumbprint = configuration.Get(CertificateThumbprintKey); // KeyVault is configured, but not all data is provided. Fail. if (string.IsNullOrEmpty(clientId) || string.IsNullOrEmpty(certificateThumbprint)) { throw new ArgumentException("Not all KeyVault configuration provided. " + $"Parameter: {VaultNameKey} Value: {VaultNameKey}, " + $"Parameter: {ClientIdKey} Value: {ClientIdKey}, " + $"Parameter: {CertificateThumbprintKey} Value: {certificateThumbprint}"); } secretReader = new KeyVaultReader(new KeyVaultConfiguration(vaultName, clientId, certificateThumbprint, validateCertificate: true)); } return secretReader; }
public ISecretReader CreateSecretReader() { ISecretReader secretReader; var vaultName = _configurationService.ReadRawSetting(ResolveKeyVaultSettingName(VaultNameConfigurationKey)); if (!string.IsNullOrEmpty(vaultName)) { var useManagedIdentity = GetOptionalKeyVaultBoolSettingValue(UseManagedIdentityConfigurationKey, defaultValue: false); KeyVaultConfiguration keyVaultConfiguration; if (useManagedIdentity) { keyVaultConfiguration = new KeyVaultConfiguration(vaultName); } else { var clientId = _configurationService.ReadRawSetting(ResolveKeyVaultSettingName(ClientIdConfigurationKey)); var certificateThumbprint = _configurationService.ReadRawSetting(ResolveKeyVaultSettingName(CertificateThumbprintConfigurationKey)); var storeName = GetOptionalKeyVaultEnumSettingValue(CertificateStoreName, StoreName.My); var storeLocation = GetOptionalKeyVaultEnumSettingValue(CertificateStoreLocation, StoreLocation.LocalMachine); var certificate = CertificateUtility.FindCertificateByThumbprint(storeName, storeLocation, certificateThumbprint, validationRequired: true); keyVaultConfiguration = new KeyVaultConfiguration(vaultName, clientId, certificate); } secretReader = new KeyVaultReader(keyVaultConfiguration); } else { secretReader = new EmptySecretReader(); } return(new CachingSecretReader(secretReader, refreshIntervalSec: SecretCachingRefreshInterval)); }
public ISecretReader CreateSecretReader(IConfigurationService configurationService) { var vaultName = configurationService.Get(VaultNameKey).Result; ISecretReader secretReader; // Is key vault configured? if (string.IsNullOrEmpty(vaultName)) { secretReader = new EmptySecretReader(); } else { var clientId = configurationService.Get(ClientIdKey).Result; var certificateThumbprint = configurationService.Get(CertificateThumbprintKey).Result; var storeLocation = (StoreLocation)Enum.Parse(typeof(StoreLocation), configurationService.Get(StoreLocationKey).Result); var storeName = (StoreName)Enum.Parse(typeof(StoreName), configurationService.Get(StoreNameKey).Result); var validateCertificate = bool.Parse(configurationService.Get(ValidateCertificateKey).Result); var certificate = CertificateUtility.FindCertificateByThumbprint(storeName, storeLocation, certificateThumbprint, validateCertificate); secretReader = new KeyVaultReader( new KeyVaultConfiguration( vaultName, clientId, certificate)); } return(secretReader); }
private static ISecretInjector GetSecretInjector(IDictionary <string, string> arguments) { ISecretReader secretReader; var vaultName = arguments.GetOrDefault <string>(Arguments.VaultName); if (string.IsNullOrEmpty(vaultName)) { secretReader = new EmptySecretReader(); } else { var clientId = arguments.GetOrThrow <string>(Arguments.ClientId); var certificateThumbprint = arguments.GetOrThrow <string>(Arguments.CertificateThumbprint); var storeName = arguments.GetOrDefault(Arguments.StoreName, StoreName.My); var storeLocation = arguments.GetOrDefault(Arguments.StoreLocation, StoreLocation.LocalMachine); var shouldValidateCert = arguments.GetOrDefault(Arguments.ValidateCertificate, true); var keyVaultCertificate = CertificateUtility.FindCertificateByThumbprint(storeName, storeLocation, certificateThumbprint, shouldValidateCert); var keyVaultConfig = new KeyVaultConfiguration(vaultName, clientId, keyVaultCertificate); secretReader = new CachingSecretReader(new KeyVaultReader(keyVaultConfig), arguments.GetOrDefault(Arguments.RefreshIntervalSec, CachingSecretReader.DefaultRefreshIntervalSec)); } return(new SecretInjector(secretReader)); }
public ISecretReader CreateSecretReader() { ISecretReader secretReader; // Is KeyVault configured? if (!_configurationDictionary.TryGetValue(VaultNameKey, out var vaultName) || string.IsNullOrEmpty(vaultName)) { secretReader = new EmptySecretReader(); } else { KeyVaultConfiguration keyVaultConfiguration; if (_configurationDictionary.TryGetValue(UseManagedIdentityKey, out var useManagedIdentityStr) && bool.TryParse(useManagedIdentityStr, out var useManagedIdentity) && useManagedIdentity) { keyVaultConfiguration = new KeyVaultConfiguration(vaultName); } else { var clientId = _configurationDictionary[ClientIdKey]; var certificateThumbprint = _configurationDictionary[CertificateThumbprintKey]; var storeLocation = _configurationDictionary[StoreLocationKey]; var storeName = _configurationDictionary[StoreNameKey]; var validateCertificate = _configurationDictionary[ValidateCertificateKey]; var certificate = CertificateUtility.FindCertificateByThumbprint( (StoreName)Enum.Parse(typeof(StoreName), storeName), (StoreLocation)Enum.Parse(typeof(StoreLocation), storeLocation), certificateThumbprint, bool.Parse(validateCertificate)); keyVaultConfiguration = new KeyVaultConfiguration(vaultName, clientId, certificate); } if (!_configurationDictionary.TryGetValue(CacheRefreshIntervalKey, out var cacheRefresh) || !int.TryParse(cacheRefresh, out int refreshIntervalSec)) { refreshIntervalSec = CachingSecretReader.DefaultRefreshIntervalSec; } secretReader = new KeyVaultReader(keyVaultConfiguration); secretReader = new CachingSecretReader(secretReader, refreshIntervalSec); } return(secretReader); }
private async Task <ISecretReader> CreateSecretReaderAsync() { var config = await new ConfigurationFactory( new EnvironmentSettingsConfigurationProvider(CreateSecretInjector(new EmptySecretReader()))) .Get <BasicSearchConfiguration>(); if (config == null) { throw new ArgumentNullException(nameof(config)); } ISecretReader secretReader; // Is KeyVault configured? if (string.IsNullOrEmpty(config.VaultName)) { secretReader = new EmptySecretReader(); } else { // KeyVault is configured, but not all data is provided. Fail. if (string.IsNullOrEmpty(config.ClientId) || string.IsNullOrEmpty(config.CertificateThumbprint)) { throw new ArgumentException("Not all KeyVault configuration provided. " + $"Parameter: {nameof(BasicSearchConfiguration.VaultName)} Value: {config.VaultName}, " + $"Parameter: {nameof(BasicSearchConfiguration.ClientId)} Value: {config.ClientId}, " + $"Parameter: {nameof(BasicSearchConfiguration.CertificateThumbprint)} Value: {config.CertificateThumbprint}, " + $"Parameter: {nameof(BasicSearchConfiguration.StoreName)} Value: {config.StoreName}, " + $"Parameter: {nameof(BasicSearchConfiguration.StoreLocation)} Value: {config.StoreLocation}, " + $"Parameter: {nameof(BasicSearchConfiguration.ValidateCertificate)} Value: {config.ValidateCertificate}"); } var keyVaultCertificate = CertificateUtility.FindCertificateByThumbprint( config.StoreName, config.StoreLocation, config.CertificateThumbprint, config.ValidateCertificate); secretReader = new KeyVaultReader(new KeyVaultConfiguration(config.VaultName, config.ClientId, keyVaultCertificate)); } return(secretReader); }
public ISecretReader CreateSecretReader() { ISecretReader secretReader; var vaultName = _configurationService.ReadRawSetting(ResolveKeyVaultSettingName(VaultNameConfigurationKey)); if (!string.IsNullOrEmpty(vaultName)) { var clientId = _configurationService.ReadRawSetting(ResolveKeyVaultSettingName(ClientIdConfigurationKey)); var certificateThumbprint = _configurationService.ReadRawSetting(ResolveKeyVaultSettingName(CertificateThumbprintConfigurationKey)); var certificate = CertificateUtility.FindCertificateByThumbprint(StoreName.My, StoreLocation.LocalMachine, certificateThumbprint, true); var keyVaultConfiguration = new KeyVaultConfiguration(vaultName, clientId, certificate); secretReader = new KeyVaultReader(keyVaultConfiguration); } else { secretReader = new EmptySecretReader(); } return(new CachingSecretReader(secretReader, _diagnosticsService)); }