示例#1
0
 /// <summary>
 /// Create keyvault provider
 /// </summary>
 /// <param name="configuration"></param>
 /// <param name="keyVaultUri"></param>
 /// <param name="allowInteractiveLogon"></param>
 private KeyVaultConfigurationProvider(IConfigurationRoot configuration,
                                       string keyVaultUri, bool allowInteractiveLogon)
 {
     _keyVault    = new KeyVaultClientBootstrap(configuration, allowInteractiveLogon);
     _keyVaultUri = keyVaultUri;
     _cache       = new ConcurrentDictionary <string, Task <SecretBundle> >();
     _reloadToken = new ConfigurationReloadToken();
 }
示例#2
0
        /// <summary>
        /// Add Keyvault protection
        /// </summary>
        /// <param name="builder"></param>
        /// <param name="configuration"></param>
        public static IDataProtectionBuilder AddAzureKeyVaultDataProtection(
            this IDataProtectionBuilder builder, IConfiguration configuration)
        {
            var config = new DataProtectionConfig(configuration);

            if (string.IsNullOrEmpty(config.KeyVaultBaseUrl))
            {
                throw new InvalidConfigurationException(
                          "Keyvault base url is missing in your configuration " +
                          "for dataprotection to be able to store the root key.");
            }
            var keyName  = config.KeyVaultKeyDataProtection;
            var keyVault = new KeyVaultClientBootstrap(configuration);

            if (!TryInititalizeKeyAsync(keyVault.Client, config.KeyVaultBaseUrl, keyName).Result)
            {
                throw new UnauthorizedAccessException("Cannot access keyvault");
            }
            var identifier = $"{config.KeyVaultBaseUrl.TrimEnd('/')}/keys/{keyName}";

            return(builder.ProtectKeysWithAzureKeyVault(keyVault.Client, identifier));
        }