public static async Task<IActionResult> Run( [HttpTrigger(AuthorizationLevel.Function, "get", Route = null)] HttpRequest req, ILogger log) { log.LogInformation("C# HTTP trigger function processed a request."); //Getting secret from query string secret = req.Query["secret"]; //Validating if secret is empty if (string.IsNullOrEmpty(secret)) return new BadRequestObjectResult("Request does not contain a valid Secret"); SecretRequest secretRequest = new SecretRequest(secret); log.LogInformation($"GetKeyVaultSecret request received for secret { secretRequest.Secret}"); //Creating keyvault object var keyvault = new KeyVault(); log.LogInformation("Secret Value retrieved from KeyVault."); //Getting secret information var secretBundle = await keyvault.GetSecret(secret); //Returning secret data var secretResponse = new SecretResponse { Secret = secretRequest.Secret, Value = secretBundle.Value }; return new OkObjectResult(secretResponse); }
public DriveHandler(ILogger <Startup> Logger, IConfiguration configuration) { Configuration = configuration; _logger = Logger; var keys = new KeyVault(Logger); _folderId = keys.GetSecret("ChummerFolderId"); }
private UserCredential AuthorizeGoogleUser() { try { //string refreshToken = Startup.AppSettings["AuthenticationGoogleRefreshToken"]; var keys = new KeyVault(_logger); string refreshToken = keys.GetSecret("AuthenticationGoogleRefreshToken"); //_logger.LogInformation("AuthenticationGoogleRefreshToken retrieved from KeyVault: " + refreshToken); var token = new TokenResponse { AccessToken = "", RefreshToken = refreshToken }; var flow2 = new GoogleAuthorizationCodeFlow(new GoogleAuthorizationCodeFlow.Initializer { ClientSecrets = new ClientSecrets { ClientId = keys.GetSecret("GoogleChummerSINersId"), //Startup.AppSettings["Authentication.Google.GoogleChummerSINersId"], ClientSecret = keys.GetSecret("GoogleChummerSINersSecret"), //Startup.AppSettings["Authentication.Google.GoogleChummerSINersSecret"] }, Scopes = Scopes, DataStore = new GoogleIDataStore("me", refreshToken, _logger) }); _logger.LogInformation("AuthenticationGoogleRefreshToken retrieved from KeyVault: " + refreshToken + Environment.NewLine + "\tGoogleChummerSINersId: " + flow2.ClientSecrets.ClientId + Environment.NewLine + "\tGoogleChummerSINersSecret: " + flow2.ClientSecrets.ClientSecret); UserCredential credential = new UserCredential(flow2, "me", token); return(credential); } catch (Exception e) { _logger.LogError("Could Authorize Google User: " + e); throw; } }
public ActionResult LookUp(int beerId) { string clientId = KeyVault.GetSecret("untappd-clientid").Result; string clientSecret = KeyVault.GetSecret("untappd-clientsecret").Result; UntappdClient client = UntappdClient.Create(clientId, clientSecret); ViewBag.Message = client.Lookup(beerId); return(View("Message")); }
[ExcludeFromCodeCoverage] //excluded as Msi isn't part of the build pipeline for testing. public static IConfigurationBuilder AddKeyVaultSecrets(this IConfigurationBuilder builder, List <string> keys, bool throwNotFoundErrors = false) { try { var instanceName = builder.Build().GetValue <string>("KeyVaultInstanceName"); if (instanceName.IsNullOrEmpty()) { throw new InvalidOperationException("Expecting setting \"KeyVaultInstanceName\" to infer instance name"); } var vault = new KeyVault(new MsiConfig { KeyVaultInstanceName = instanceName }); var secrets = new List <KeyValuePair <string, string> >(); // Gather secrets from Key Vault foreach (var key in keys) { try { var value = vault.GetSecret(key).GetAwaiter().GetResult(); secrets.Add(new KeyValuePair <string, string>(key, value)); } catch (KeyVaultErrorException e) { // Throw an exception if requested. if (e.Response.StatusCode == HttpStatusCode.NotFound && throwNotFoundErrors) { throw; } // Do nothing if it fails to find the value. Console.WriteLine($"Failed to find keyvault setting: {key}, exception: {e.Message}"); } } // Add them to config. if (secrets.Any()) { builder.AddInMemoryCollection(secrets); } // Keep track of instance. KeyVaultInstance = vault; // Return updated builder. return(builder); } catch (Exception ex) { throw new InvalidOperationException("Problem occurred retrieving secrets from KeyVault using Managed Identity", ex); } }
public void Test_KeyVault_MsiError() { // Arrange var kvClient = new KeyVault(new MsiConfig { KeyVaultInstanceName = _config.GetValue <string>("InstanceName") }); // Act/Assert kvClient.Name.Should().Be(_config.GetValue <string>("InstanceName")); (kvClient.Config as MsiConfig).Should().NotBeNull(); Assert.Throws <AzureServiceTokenProviderException>(() => kvClient.GetSecret("test").GetAwaiter().GetResult()); }
//https://stackoverflow.com/questions/26098009/how-google-api-v-3-0-net-library-and-google-oauth2-handling-refresh-token/31843907#31843907 public async Task <UserCredential> GetUserCredential(IConfiguration configuration) { try { var keys = new KeyVault(_logger); string refreshToken = keys.GetSecret("AuthenticationGoogleRefreshToken");//Startup.AppSettings["AuthenticationGoogleRefreshToken"]; UserCredential credential = await GoogleWebAuthorizationBroker.AuthorizeAsync( new ClientSecrets { ClientId = keys.GetSecret("GoogleChummerSINersId"), //Startup.AppSettings["Authentication.Google.GoogleChummerSINersId"], ClientSecret = keys.GetSecret("GoogleChummerSINersSecret"), //Startup.AppSettings["Authentication.Google.GoogleChummerSINersSecret"] }, Scopes, "user", CancellationToken.None, new GoogleIDataStore("me", refreshToken, _logger)); return(credential); } catch (Exception e) { _logger.LogError("Could not get UserCredentials: " + e); return(null); } }
public static void SetConnectionString() { string connectionString = ConfigurationManager.ConnectionStrings["BifDbContext"].ConnectionString; if (!connectionString.Contains("{0}")) { HttpContext.Current.Application.Add("connectionString", connectionString); return; } string username = KeyVault.GetSecret("db-username").Result; string password = KeyVault.GetSecret(username).Result; HttpContext.Current.Application.Add("connectionString", string.Format(connectionString, username, password)); }
public JsonResult SearchAsync(string q) { string clientId = KeyVault.GetSecret("untappd-clientid").Result; string clientSecret = KeyVault.GetSecret("untappd-clientsecret").Result; UntappdClient client = UntappdClient.Create(clientId, clientSecret); BeerSearchResult searchResult = client.Search(q); var results = searchResult.Beers.Items.Select(x => new { x.Beer.Id, Name = x.Beer.Name, x.Beer.Rating, Brewery = x.Brewery.Name }); return(Json(results, JsonRequestBehavior.AllowGet)); }
/// <summary> /// Adds key vault secrets to the configuration builder. /// Uses Service Principle configuration for security. /// </summary> /// <param name="builder">The builder to extend.</param> /// <param name="config">The service principle configuration information.</param> /// <param name="keys">The keys to lookup.</param> /// <returns>IConfigurationBuilder.</returns> /// <exception cref="InvalidOperationException">Problem occurred retrieving secrets from KeyVault</exception> public static IConfigurationBuilder AddKeyVaultSecrets(this IConfigurationBuilder builder, ServicePrincipleConfig config, params string[] keys) { try { var vault = new KeyVault(config); var secrets = new List <KeyValuePair <string, string> >(); // Gather secrets from Key Vault foreach (var key in keys) { try { var value = vault.GetSecret(key).GetAwaiter().GetResult(); secrets.Add(new KeyValuePair <string, string>(key, value)); } catch (KeyVaultErrorException e) { // Do nothing if it fails to find the value. Console.WriteLine($"Failed to find keyvault setting: {key}, exception: {e.Message}"); } } // Add them to config. if (secrets.Any()) { builder.AddInMemoryCollection(secrets); } // Keep track of instance. KeyVaultInstance = vault; // Return updated builder. return(builder); } catch (Exception ex) { throw new InvalidOperationException("Problem occurred retrieving secrets from KeyVault using Service Principle", ex); } }