/// <summary> /// Probe the specified secret, displaying metadata on success. /// </summary> /// <param name="vault">vault name</param> /// <param name="secret">secret name</param> /// <param name="version">secret version id</param> /// <returns></returns> public async Task <string> ProbeSecretAsync(string vault, string secret, string version) { // initialize a KeyVault client with a managed identity-based authentication callback var kvClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback((a, r, s) => { return(AuthenticationCallbackAsync(a, r, s)); })); Log(LogLevel.Info, $"\nRunning with configuration: \n\tobserved vault: {config.VaultName}\n\tobserved secret: {config.SecretName}\n\tMI endpoint: {config.ManagedIdentityEndpoint}\n\tMI auth code: {config.ManagedIdentityAuthenticationCode}\n\tMI auth header: {config.ManagedIdentityAuthenticationHeader}"); string response = String.Empty; // start probe Log(LogLevel.Info, $"\n== {DateTime.UtcNow.ToString()}: Probing secret..."); try { var secretResponse = await kvClient.GetSecretWithHttpMessagesAsync(vault, secret, version) .ConfigureAwait(false); if (secretResponse.Response.IsSuccessStatusCode) { // use the secret: secretValue.Body.Value; response = String.Format($"Successfully probed secret '{secret}' in vault '{vault}': {PrintSecretBundleMetadata(secretResponse.Body)}"); } else { response = String.Format($"Non-critical error encountered retrieving secret '{secret}' in vault '{vault}': {secretResponse.Response.ReasonPhrase} ({secretResponse.Response.StatusCode})"); } } catch (Microsoft.Rest.ValidationException ve) { response = String.Format($"encountered REST validation exception 0x{ve.HResult.ToString("X")} trying to access '{secret}' in vault '{vault}' from {ve.Source}: {ve.Message}"); } catch (KeyVaultErrorException kvee) { response = String.Format($"encountered KeyVault exception 0x{kvee.HResult.ToString("X")} trying to access '{secret}' in vault '{vault}': {kvee.Response.ReasonPhrase} ({kvee.Response.StatusCode})"); } catch (Exception ex) { // handle generic errors here response = String.Format($"encountered exception 0x{ex.HResult.ToString("X")} trying to access '{secret}' in vault '{vault}': {ex.Message}"); } Log(LogLevel.Info, response); return(response); }