-
Notifications
You must be signed in to change notification settings - Fork 4.5k
/
KeyVaultSecretManager.cs
77 lines (68 loc) · 3.12 KB
/
KeyVaultSecretManager.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.
using System;
using System.Collections.Generic;
using System.Linq;
using Azure.Core;
using Azure.Security.KeyVault.Secrets;
using Microsoft.Extensions.Configuration;
namespace Azure.Extensions.AspNetCore.Configuration.Secrets
{
/// <summary>
/// Default implementation of <see cref="KeyVaultSecretManager"/> that loads all secrets
/// and replaces '--' with ':' in key names.
/// </summary>
public class KeyVaultSecretManager
{
internal static KeyVaultSecretManager Instance { get; } = new KeyVaultSecretManager();
/// <summary>
/// Maps secret to a configuration key.
/// </summary>
/// <param name="secret">The <see cref="KeyVaultSecret"/> instance.</param>
/// <returns>Configuration key name to store secret value.</returns>
public virtual string GetKey(KeyVaultSecret secret)
{
return secret.Name.Replace("--", ConfigurationPath.KeyDelimiter);
}
/// <summary>
/// Converts a loaded list of secrets into a corresponding set of configuration key-value pairs.
/// </summary>
/// <param name="secrets">A set of secrets retrieved during <see cref="AzureKeyVaultConfigurationProvider.Load"/> call.</param>
/// <returns>The dictionary of configuration key-value pairs that would be assigned to the <see cref="ConfigurationProvider.Data"/>
/// and exposed from the <see cref="IConfiguration"/>.</returns>
/// <exception cref="ArgumentNullException">When <paramref name="secrets"/> is <code>null</code>.</exception>
public virtual Dictionary<string, string> GetData(IEnumerable<KeyVaultSecret> secrets)
{
Argument.AssertNotNull(secrets, nameof(secrets));
var data = new Dictionary<string, KeyVaultSecret>(StringComparer.OrdinalIgnoreCase);
foreach (var secret in secrets)
{
string key = GetKey(secret);
// It is possible that multiple
// LoadedSecrets objects uses the same configuration key. This loop
// takes the latest updated value for each key.
if (data.TryGetValue(key, out KeyVaultSecret currentSecret))
{
if (secret.Properties.UpdatedOn > currentSecret.Properties.UpdatedOn)
{
data[key] = secret;
}
}
else
{
data.Add(key, secret);
}
}
return data.ToDictionary(d => d.Key, v => v.Value.Value, StringComparer.OrdinalIgnoreCase);
}
/// <summary>
/// Checks if <see cref="KeyVaultSecret"/> value should be retrieved.
/// </summary>
/// <param name="secret">The <see cref="SecretProperties"/> instance.</param>
/// <returns><code>true</code> if secrets value should be loaded, otherwise <code>false</code>.</returns>
public virtual bool Load(SecretProperties secret)
{
return true;
}
}
}