Azure KeyVault support #39

Merged
merged 2 commits into from Feb 27, 2017

Conversation

Projects
None yet
2 participants
@jeffwilcox
Member

jeffwilcox commented Jul 13, 2016

Hi, I wanted to open this pull request now to start soliciting feedback and see what changes the maintainer(s) may suggest before taking this feature in.

We are using this functionality in production to allow for very easy configuration and deployment in the cloud using Azure App Service (WebJob to run the task), Git deployment - just update configuration files quickly, etc. - and then Azure KeyVault to store the secrets for the personal access tokens and/or passwords for both VSTS and Office 365 / EWS.

I found the relative consistency of the project all over the place, so there are some formatting changes in this diff that were introduced by a NuGet package update.

High-level changes:

  • Adds the Microsoft.Azure.KeyVault NuGet package (this introduces some messy-looking assemblies for HttpClient, etc., fyi)
  • Updates JSON.NET to v9.x, a newer version is needed for the KeyVault library
  • Adds a new KeyVaultSecret configuration class whose values contain 3 components: the KeyVault secret URI, and then 2 environment variables which contain the Azure Active Directory Application's client ID and secret. In Azure App Service, a secure deployment environment populates these values, enabling you to commit configuration files to the repo for your e-mail tasks without having to introduce any secrets, DPAPI files, etc.
  • Minor refactoring to the way that passwords are discovered, using a new CredentialHelper class. This class is a little messy because of the async Task model used in the KeyVault library, and that the rest of the library is not sync, but since the application does not run in a UI context, things work fine.
  • Settings added at this time for TFS PAT, TFS password, EWS password to use KeyVault optionally, the trigger being a non-null value for the new key vault properties added similar to the DPAPI file configuration values

Also happy to discuss internally, my alias is JWilcox. We're using this so that we have zero VMs to manage and just a simple Git repo. Good stuff.

Appreciate your insight.

@hershi

This comment has been minimized.

Show comment
Hide comment
@hershi

hershi Jul 24, 2016

Collaborator

Thanks for taking the time to work on this Jeff! I'll review and work with you to get this merged - this is definitely a great addition.

Collaborator

hershi commented Jul 24, 2016

Thanks for taking the time to work on this Jeff! I'll review and work with you to get this merged - this is definitely a great addition.

@hershi hershi merged commit f6dba00 into Microsoft:master Feb 27, 2017

@jeffwilcox jeffwilcox deleted the jeffwilcox:feature/keyvault branch Feb 27, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment