public static IServiceCollection AddKeyVault(this IServiceCollection services, IConfiguration configuration)
{
var vaultSettings = new VaultSettings();
configuration.Bind("Vault", vaultSettings);
KeyVaultClient.AuthenticationCallback callback = async(authority, resource, scope) =>
{
var authContext = new AuthenticationContext(authority);
var clientCertFile = Path.Combine(
Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.UserProfile), ".secrets"),
vaultSettings.ClientCertFile);
var certificate = new X509Certificate2(clientCertFile);
var clientCred = new ClientAssertionCertificate(vaultSettings.ClientId, certificate);
var result = await authContext.AcquireTokenAsync(resource, clientCred);
if (result == null)
{
throw new InvalidOperationException("Failed to obtain the JWT token");
}
return(result.AccessToken);
};
var kvClient = new KeyVaultClient(callback);
services.AddSingleton <IKeyVaultClient>(kvClient);
return(services);
}
public static IServiceCollection AddKeyVault(this IServiceCollection services, IConfiguration configuration)
{
var vaultSettings = new VaultSettings();
configuration.Bind(nameof(VaultSettings), vaultSettings);
var loggerFactory = services.BuildServiceProvider().GetService <ILoggerFactory>();
var logger = loggerFactory?.CreateLogger <VaultSettings>();
logger?.LogInformation($"retrieving vault settings: vaultName={vaultSettings.VaultName}");
KeyVaultClient.AuthenticationCallback callback = async(authority, resource, scope) =>
{
var authContext = new AuthenticationContext(authority);
if (!string.IsNullOrEmpty(vaultSettings.ClientSecretFile))
{
var clientSecretFile = GetSecretOrCertFile(vaultSettings.ClientSecretFile, logger);
var clientSecret = File.ReadAllText(clientSecretFile);
var credential = new ClientCredential(vaultSettings.ClientId, clientSecret);
var result = await authContext.AcquireTokenAsync(resource, credential);
if (result == null)
{
throw new InvalidOperationException("Failed to obtain the JWT token");
}
return(result.AccessToken);
}
else
{
var clientCertFile = GetSecretOrCertFile(vaultSettings.ClientCertFile, logger);
var certificate = new X509Certificate2(clientCertFile);
Console.WriteLine($"Authenticate client {vaultSettings.ClientId} with cert: {certificate.Thumbprint}");
var clientCred = new ClientAssertionCertificate(vaultSettings.ClientId, certificate);
Console.WriteLine($"Authenticating...");
var result = await authContext.AcquireTokenAsync(resource, clientCred);
if (result == null)
{
throw new InvalidOperationException("Failed to obtain the JWT token");
}
return(result.AccessToken);
}
};
var kvClient = new KeyVaultClient(callback);
services.AddSingleton <IKeyVaultClient>(kvClient);
return(services);
}
public static string GetSecret(this IServiceCollection services, IConfiguration configuration, string secretName)
{
var serviceProvider = services.BuildServiceProvider();
var kvClient = serviceProvider.GetRequiredService <IKeyVaultClient>();
var vaultSettings = new VaultSettings();
configuration.Bind("Vault", vaultSettings);
var instrumentationKey = kvClient.GetSecretAsync(
$"https://{vaultSettings.Name}.vault.azure.net",
secretName)
.GetAwaiter().GetResult();
return(instrumentationKey.Value);
}
