Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Azure KeyVault support #39

Merged
merged 2 commits into from Feb 27, 2017
Merged

Azure KeyVault support #39

merged 2 commits into from Feb 27, 2017

Conversation

@jeffwilcox
Copy link
Member

@jeffwilcox jeffwilcox commented Jul 13, 2016

Hi, I wanted to open this pull request now to start soliciting feedback and see what changes the maintainer(s) may suggest before taking this feature in.

We are using this functionality in production to allow for very easy configuration and deployment in the cloud using Azure App Service (WebJob to run the task), Git deployment - just update configuration files quickly, etc. - and then Azure KeyVault to store the secrets for the personal access tokens and/or passwords for both VSTS and Office 365 / EWS.

I found the relative consistency of the project all over the place, so there are some formatting changes in this diff that were introduced by a NuGet package update.

High-level changes:

  • Adds the Microsoft.Azure.KeyVault NuGet package (this introduces some messy-looking assemblies for HttpClient, etc., fyi)
  • Updates JSON.NET to v9.x, a newer version is needed for the KeyVault library
  • Adds a new KeyVaultSecret configuration class whose values contain 3 components: the KeyVault secret URI, and then 2 environment variables which contain the Azure Active Directory Application's client ID and secret. In Azure App Service, a secure deployment environment populates these values, enabling you to commit configuration files to the repo for your e-mail tasks without having to introduce any secrets, DPAPI files, etc.
  • Minor refactoring to the way that passwords are discovered, using a new CredentialHelper class. This class is a little messy because of the async Task model used in the KeyVault library, and that the rest of the library is not sync, but since the application does not run in a UI context, things work fine.
  • Settings added at this time for TFS PAT, TFS password, EWS password to use KeyVault optionally, the trigger being a non-null value for the new key vault properties added similar to the DPAPI file configuration values

Also happy to discuss internally, my alias is JWilcox. We're using this so that we have zero VMs to manage and just a simple Git repo. Good stuff.

Appreciate your insight.

@hershi
Copy link
Collaborator

@hershi hershi commented Jul 24, 2016

Thanks for taking the time to work on this Jeff! I'll review and work with you to get this merged - this is definitely a great addition.

@hershi hershi merged commit f6dba00 into microsoft:master Feb 27, 2017
@jeffwilcox jeffwilcox deleted the jeffwilcox:feature/keyvault branch Feb 27, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants
You can’t perform that action at this time.