public async Task <IActionResult> OnPostAsync() { if (!ModelState.IsValid) { return(Page()); } // Azure key vault password retrieval happens here, it did not work with OnGetAsync(), the global variable did not hold the password string password = ""; try { AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider(); KeyVaultClient keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback)); SecretBundle secret = await keyVaultClient.GetSecretAsync("https://Key-Vault-11223344.vault.azure.net/secrets/GmailPassword").ConfigureAwait(false); password = secret.Value; } catch (KeyVaultErrorException e) { Message = e.Message; } if (string.IsNullOrEmpty(password)) { Message = "Website is experiencing technical difficulties."; return(Page()); } // Initiating the mail and sending it MailAddress fromAddress = new MailAddress(Emails.fromEmailAddress, "No Reply"); MailAddress toAddress = new MailAddress(Emails.toEmailAddress); SmtpClient smtp = new SmtpClient { Host = "smtp.gmail.com", Port = 587, EnableSsl = true, DeliveryMethod = SmtpDeliveryMethod.Network, UseDefaultCredentials = false, Credentials = new NetworkCredential(fromAddress.Address, password) }; using MailMessage msg = new MailMessage(fromAddress, toAddress) { Subject = $"Message from {Contact.Name} with subject: {Contact.Subject}", Body = Contact.Message }; await smtp.SendMailAsync(msg); msg.Dispose(); // Probably isn't necessary smtp.Dispose(); return(RedirectToPage("Index")); }
/// <summary> /// Retrieves secrets from keyvault /// </summary> /// <param name="secretIdentifier">Secret Identifier (e.g. http://kvname.valut.azure.net/secrets/secretname..... )</param> /// <returns></returns> public string GetSecret(string secretIdentifier) { if (IsTokenExpired) { AuthToken = null; } Task <SecretBundle> GHUserName = Task.Run(async() => await KVClient.GetSecretAsync(secretIdentifier).ConfigureAwait(false)); SecretBundle sb = GHUserName.Result; return(sb.Value); }
public void GettingASecret() { var endpoint = TestEnvironment.KeyVaultUri; #region Snippet:GetSecret var client = new MiniSecretClient(new Uri(endpoint), new DefaultAzureCredential()); SecretBundle secret = client.GetSecret("TestSecret"); Console.WriteLine(secret.Value); #endregion }
public string GetKey(SecretBundle secret) { // Remove the prefix from the secret name and replace two // dashes in any name with the KeyDelimiter, which is the // delimiter used in configuration (usually a colon). Azure // Key Vault doesn't allow a colon in secret names. var isCommonSecret = secret.SecretIdentifier.Name.StartsWith(CommonPrefix); var prefix = isCommonSecret ? CommonPrefix : _prefix; var secretName = secret.SecretIdentifier.Name.Substring(prefix.Length); return(secretName.Replace("--", ConfigurationPath.KeyDelimiter)); }
public static RSA CreateRSAKeysAndSaveInVault(KeyVaultClient keyVaultClient, string vaultBaseUrl, string keyName) { //Generate teh RSA Key RSA rsaKeys = RSA.Create(2048); Microsoft.Azure.KeyVault.WebKey.JsonWebKey rsaKeysJson = new Microsoft.Azure.KeyVault.WebKey.JsonWebKey(rsaKeys, true); //save as KV Secret both public / private part of the Keys SecretBundle keySetResult = keyVaultClient.SetSecretAsync(vaultBaseUrl, $"key-{keyName}", rsaKeysJson.ToString()).Result; return(rsaKeys); }
static void Main(string[] args) { string keyVaultRoot = "https://PROVIDE.vault.azure.net/secrets/"; var azureServiceTokenProvider = new AzureServiceTokenProvider(); var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback)); SecretBundle secretBundle = keyVaultClient.GetSecretAsync($"{keyVaultRoot}Secret1").Result; var secretValue = secretBundle.Value; }
private async Task GitSetupAsync() { AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider(); KeyVaultClient keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback)); SecretBundle secretBundle = await keyVaultClient.GetSecretAsync(_secretUri).ConfigureAwait(false); var productInformation = new ProductHeaderValue("MLGitHubLabeler"); _client = new GitHubClient(productInformation) { Credentials = new Credentials(secretBundle.Value) }; }
private async Task <string> GetSecretFromURIAsync(string secretURI) { SecretBundle sec = await vault.GetSecretAsync(secretURI); if (sec.ContentType.Equals("base64String")) { return(Encoding.UTF8.GetString(Convert.FromBase64String(sec.Value))); } else { return(sec.Value); } }
static void getMySecret(IConfiguration config, KeyVaultClient keyVault) { // To-Do Make sure secretURI is not null or other possible exceptions string mySecretURI = config.GetSection("mySecret").Value; try{ SecretBundle secret = keyVault.GetSecretAsync(mySecretURI).GetAwaiter().GetResult(); Console.WriteLine(secret.Value); } catch (Exception ex) { Console.WriteLine(ex.Message); } }
public async Task <ActionResult> Secret() { string keyVaultEndPoint = ConfigurationManager.AppSettings["KeyVaultEndPoint"]; KeyVaultClient.AuthenticationCallback callback = new KeyVaultClient.AuthenticationCallback(GetToken); KeyVaultClient keyVaultClient = new KeyVaultClient(callback); SecretBundle secretBundle = await keyVaultClient.GetSecretAsync(keyVaultEndPoint, "keyvault-secret").ConfigureAwait(false); ViewBag.Message = secretBundle.Value; return(View()); }
private X509Certificate2 GetTokenCertificate() { if (string.IsNullOrEmpty(keyVaultSettings.ClientId) || string.IsNullOrEmpty(keyVaultSettings.ClientSecret)) { return(new X509Certificate2(certSettings.CertificatePath, certSettings.CertificatePwd)); } KeyVaultClient client = KeyVaultSettings.GetClient(keyVaultSettings.ClientId, keyVaultSettings.ClientSecret); CertificateBundle certificate = client.GetCertificateAsync(keyVaultSettings.SecretUri, certSettings.CertificateName).GetAwaiter().GetResult(); SecretBundle secret = client.GetSecretAsync(certificate.SecretIdentifier.Identifier).GetAwaiter().GetResult(); byte[] pfxBytes = Convert.FromBase64String(secret.Value); return(new X509Certificate2(pfxBytes)); }
public async Task <string> GetSecretAsync(string secretUri) { try { SecretBundle secretValue = await _keyVaultClient.GetSecretAsync($"{GetKeyVaultServiceURL()}/secrets/{secretUri}"); return(secretValue.Value); } catch (Exception e) { Console.WriteLine(e); } return(string.Empty); }
private static async Task <string> GetPublicKeyAsync(string secretIdentifier) { if (!secrects.ContainsKey(secretIdentifier)) { var azureServiceTokenProvider = new AzureServiceTokenProvider(); var authenticationCallback = new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback); var kvClient = new KeyVaultClient(authenticationCallback, client); SecretBundle secretBundle = await kvClient.GetSecretAsync(secretIdentifier); secrects[secretIdentifier] = secretBundle.Value; } return(secrects[secretIdentifier]); }
private static async Task <string> GetPrivateKeyAsync(string secretIdentifier) { if (!secrects.ContainsKey(secretIdentifier)) { var azureServiceTokenProvider = new AzureServiceTokenProvider(); var authenticationCallback = new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback); var kvClient = new KeyVaultClient(authenticationCallback, client); SecretBundle secretBundle = await kvClient.GetSecretAsync(secretIdentifier); byte[] data = Convert.FromBase64String(secretBundle.Value); secrects[secretIdentifier] = Encoding.UTF8.GetString(data); } return(secrects[secretIdentifier]); }
public async Task Invoke(HttpContext context) { if (context.Request.Path.HasValue && rgxKey.IsMatch(context.Request.Path)) { var key = rgxKey.Match(context.Request.Path).Groups[1].Value; if (!string.IsNullOrEmpty(_config.GetValue <string>($"KeyVaultValues:{key}"))) { var bundle = new SecretBundle(value: _config.GetValue <string>($"KeyVaultValues:{key}")); await context.Response.WriteAsync(JsonConvert.SerializeObject(bundle)); } } await _next.Invoke(context); }
// Use Cert to access AKV private static async Task <string> RetrieveSecretAsync(string akvBaseUrl, string clientId, X509Certificate2 cert, string secretName) { var assertionCert = new ClientAssertionCertificate(clientId, cert); var kvClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(async(authority, resource, scope) => { var context = new AuthenticationContext(authority, TokenCache.DefaultShared); var result = await context.AcquireTokenAsync(resource, assertionCert); return(result.AccessToken); })); SecretBundle secretBundle = await kvClient.GetSecretAsync(akvBaseUrl, secretName); return(secretBundle != null ? secretBundle.Value : null); }
private async Task <CloudBlobClient> GetCloudBlobClientAsync() { var secretName = "storageKey"; SecretBundle secretBundle = null; // TODO: Need to cache this secretBundle = await _keyVaultClient.GetSecretAsync(_keyVaultUrl, secretName) .ConfigureAwait(false); var creds = new StorageCredentials(_storageAccountName, secretBundle.Value); var blobClient = new CloudBlobClient(new Uri(_storageAccountUrl), creds); return(blobClient); }
public async Task CreateSecret(VehiclePolicies policydata) { // Create the content for the Policy data to be stored as Secret Insdata akvdata = new Insdata { Id = policydata.Id, Inscompany = policydata.Inscompany, Policyno = policydata.Policyno, Userid = policydata.Userid, Vehicleno = policydata.Vehicleno }; //Create a JSON String of the Policy data to be stored as Secret string insurancepolicysecret = JsonConvert.SerializeObject(akvdata); byte[] datatoencrypt = System.Text.Encoding.UTF8.GetBytes(insurancepolicysecret); string keyUri = string.Format("https://{0}.vault.azure.net/keys/{1}", _keyVaultName, _keyName); string keyVaultUri = string.Format("https://{0}.vault.azure.net", _keyVaultName); //Encrypt the data before it is stored as a Secret KeyOperationResult result = await _keyVaultClient.EncryptAsync(keyUri, JsonWebKeyEncryptionAlgorithm.RSAOAEP256, datatoencrypt); byte[] encdata = result.Result; string encrypteddata = Convert.ToBase64String(encdata); //Set the Policy Start and Expiry Data to be added as attributes to the secret SecretAttributes attribs = new SecretAttributes { Enabled = true, Expires = DateTime.UtcNow.AddYears(1), NotBefore = DateTime.UtcNow }; IDictionary <string, string> alltags = new Dictionary <string, string> { { "InsuranceCompany", policydata.Inscompany } }; string contentType = "DigitalInsurance"; // Create a Secret with the encrypted Policy data SecretBundle bundle = await _keyVaultClient.SetSecretAsync(keyVaultUri, policydata.Uidname, encrypteddata, alltags, contentType, attribs); string bundlestr = bundle.Value; policydata.Version = bundle.SecretIdentifier.Version; policydata.Lastmod = bundle.Attributes.Updated; policydata.Startdate = bundle.Attributes.NotBefore; policydata.Enddate = bundle.Attributes.Expires; }
private async Task <SecretBundle> GetSecretFromVault(string secretName) { var secretIdentifier = _keyVaultPath + "secrets/" + secretName + "/"; try { SecretBundle secret = await _keyVaultClient.GetSecretAsync(secretIdentifier); return(secret); } catch (Exception ex) { Debug.Write(ex.ToString()); } return(null); }
public RegistrationController() { // Initialize the KeyVaultClient // The AzureServiceTokenProvider allows us to access the KeyVault using the // application's Managed Service Identity _azureServiceTokenProvider = new AzureServiceTokenProvider(); _keyVaultClient = new KeyVaultClient( new KeyVaultClient.AuthenticationCallback( _azureServiceTokenProvider.KeyVaultTokenCallback)); SecretBundle clientID = _keyVaultClient.GetSecretAsync(ConfigurationManager.AppSettings["KEYVAULT_ENDPOINT"], CLIENT_ID).Result; SecretBundle clientSecret = _keyVaultClient.GetSecretAsync(ConfigurationManager.AppSettings["KEYVAULT_ENDPOINT"], CLIENT_SECRET).Result; _registrationService = new RegistrationService(ConfigurationManager.AppSettings["TableStorageConnectionString"]); _appService = new AppService(ConfigurationManager.AppSettings["TENANT"], clientID.Value, clientSecret.Value); _subscriptionService = new SubscriptionService(ConfigurationManager.AppSettings["APIMUrl"], ConfigurationManager.AppSettings["APIMIdentifier"], ConfigurationManager.AppSettings["APIMKey"]); }
internal static async Task <X509Certificate2> GetCertificateFromKeyvault(string certName) { AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider(); string keyVaultName = System.Environment.GetEnvironmentVariable("KeyVaultName", EnvironmentVariableTarget.Process); KeyVaultClient keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback)); SecretBundle kvSecret = await keyVaultClient.GetSecretAsync($"https://{keyVaultName}.vault.azure.net/secrets/{certName}"); X509Certificate2 certificate = new X509Certificate2(Convert.FromBase64String(kvSecret.Value), string.Empty, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable); return(certificate); }
private (SecretAttributes attributes, SecretBundle bundle) CreateSecret(string name, string value, Func <SecretAttributes> attributesFactory = null, Action <SecretBundle> bundleAction = null) { var id = new SecretIdentifier(VaultUri, name).Identifier; var secretAttributes = attributesFactory?.Invoke() ?? new SecretAttributes() { Enabled = true }; var secretBundle = new SecretBundle(VaultUri, id); secretBundle.Id = id; secretBundle.Attributes = secretAttributes; secretBundle.Value = value; bundleAction?.Invoke(secretBundle); return(secretAttributes, secretBundle); }
private string PrintSecretBundleMetadata(SecretBundle bundle) { StringBuilder strBuilder = new StringBuilder(); strBuilder.AppendFormat($"id: {bundle.Id}\n"); strBuilder.AppendFormat($"\tcontent type: {bundle.ContentType}\n"); strBuilder.AppendFormat($"\tmanaged: {bundle.Managed}\n"); strBuilder.AppendFormat($"\tenabled: {bundle.Attributes.Enabled}\n"); strBuilder.AppendFormat($"\tnbf: {bundle.Attributes.NotBefore}\n"); strBuilder.AppendFormat($"\texp: {bundle.Attributes.Expires}\n"); strBuilder.AppendFormat($"\tcreated: {bundle.Attributes.Created}\n"); strBuilder.AppendFormat($"\tupdated: {bundle.Attributes.Updated}\n"); strBuilder.AppendFormat($"\trecoveryLevel: {bundle.Attributes.RecoveryLevel}\n"); return(strBuilder.ToString()); }
public async Task <SecretWrapper> SetSecretAsync(string secretName, string secretValue, CancellationToken cancellationToken) { EnsureArg.IsNotNullOrWhiteSpace(secretName, nameof(secretName)); EnsureArg.IsNotNullOrWhiteSpace(secretValue, nameof(secretValue)); SecretBundle result = await _keyVaultClient.SetSecretAsync( _keyVaultUri.AbsoluteUri, secretName, secretValue, tags : null, contentType : null, secretAttributes : null, cancellationToken); return(new SecretWrapper(result.Id, result.Value)); }
private static async Task <X509Certificate2> GetCertificateAsync(IConfiguration configuration) { var azureServiceTokenProvider = new AzureServiceTokenProvider(); var keyVaultClient = new KeyVaultClient( new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback)); IConfigurationSection keyVaultConfiguration = configuration.GetSection("KeyVault"); SecretBundle rawSecret = await keyVaultClient.GetSecretAsync(keyVaultConfiguration["BaseUrl"], keyVaultConfiguration["SecretName"]); return(new X509Certificate2(Convert.FromBase64String(rawSecret.Value), (string)null, X509KeyStorageFlags.MachineKeySet)); }
public async Task <string> GetSecret(string secretPath) { if (_memoryCache.TryGetValue(_cachePrefix + secretPath, out string cachedToken)) { return(cachedToken); } KeyVaultClient keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(GetToken)); SecretBundle secret = await keyVaultClient.GetSecretAsync(Config.BaseSecretURL + secretPath); // For safety we don't want to keep hold of results indefinately. // This will allow a one day lead on retiring old keys. _memoryCache.Set(secretPath, secret.Value, DateTimeOffset.Now.AddDays(1)); return(secret.Value); }
private static void DoVault() { kvc = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(GetToken)); // write // writeKeyVault(); SecretBundle secret = Task.Run(() => kvc.GetSecretAsync(BASESECRETURI + @"/secrets/" + SECRETNAME)).ConfigureAwait(false).GetAwaiter().GetResult(); Console.WriteLine(secret.Value); //Console.WriteLine(secret.Tags["Test1"].ToString()); Console.ReadLine(); }
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { var builder = new ConfigurationBuilder() .SetBasePath(Directory.GetCurrentDirectory()) .AddJsonFile("appsettings.json", optional: false, reloadOnChange: true); Configuration = builder.Build(); services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2); kvc = Utility.GetKeyClient(Configuration.GetSection("KeyVault").GetSection("employee").Value); SecretBundle secret = Utility.GetSecret(Configuration.GetSection("KeyVault").GetSection("employee").Value); services.AddDbContext <employeeContext> (options => options.UseSqlServer(secret.Value)); services.AddOptions(); }
public async Task <string> GetSecretAsync(string secretName, CancellationToken cancellationToken) { try { string cachedSecret = await _cache.GetStringAsync(secretName, cancellationToken); if (!string.IsNullOrWhiteSpace(cachedSecret)) { return(cachedSecret); } SecretBundle secret = await _client.GetSecretAsync(_settings.KeyVaultUrl, secretName, cancellationToken); if (!string.IsNullOrWhiteSpace(secret.Value)) { await _cache.SetStringAsync(secretName, secret.Value, new DistributedCacheEntryOptions() { SlidingExpiration = TimeSpan.FromHours(_settings.SecretCacheTimeoutMinutes) }, cancellationToken); } return(secret.Value); } #if DEBUG catch (AzureServiceTokenProviderException) { _log.LogInformation("ATTENTION DEVELOPER: You need may need to install the Azure CLI. Then try restart this application."); throw; } catch (KeyVaultErrorException ex) when(ex.Response.StatusCode == HttpStatusCode.Unauthorized) { _log.LogInformation("ATTENTION DEVELOPER: You need to log into Azure using your own credentials. Using the Azure CLI, run 'az login', provide your credentials and then run 'az account set -s <YOUR SUBSCRIPTION ID>'. Then try restart this application."); throw; } #endif catch (KeyVaultErrorException ex) when(ex.Response.StatusCode == HttpStatusCode.NotFound) { _log.LogWarning(ex, $"The secret {secretName} could not be found in the keyvault."); throw; } catch (KeyVaultErrorException ex) { _log.LogError(ex, $"Something went wrong: {ex.Message}"); throw; } }
public async Task GettingASecretAsync() { var endpoint = TestEnvironment.KeyVaultUri; #region Snippet:GetSecretAsync #if SNIPPET string endpoint = "https://myvault.vault.azure.net"; #endif var client = new MiniSecretClient(new Uri(endpoint), new DefaultAzureCredential()); SecretBundle secret = await client.GetSecretAsync("TestSecret"); Console.WriteLine(secret.Value); #endregion Assert.NotNull(secret.Value); }