Skip to content

ryanjerskine/IdentityServer4.Contrib.KeyManagement.AzureKeyVault

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
AzureKeyVaultSigningCredentialStore.cs
AzureKeyVaultSigningCredentialStore.cs
 
 
AzureKeyVaultValidationKeysStore.cs
AzureKeyVaultValidationKeysStore.cs
 
 
IdentityServer4.KeyManagement.AzureKeyVault.csproj
IdentityServer4.KeyManagement.AzureKeyVault.csproj
 
 
IdentityServer4.KeyManagement.AzureKeyVault.sln
IdentityServer4.KeyManagement.AzureKeyVault.sln
 
 
IdentityServerAzureKeyVaultConfigurationExtensions.cs
IdentityServerAzureKeyVaultConfigurationExtensions.cs
 
 
KeyStore.cs
KeyStore.cs
 
 
README.md
README.md
 
 
appveyor.yml
appveyor.yml
 
 

Repository files navigation

IdentityServer4.Contrib.KeyManagement.AzureKeyVault

Build status

Install-Package IdentityServer4.Contrib.KeyManagement.AzureKeyVault

Call .AddSigningCredentialFromAzureKeyVault:

using Azure.Identity;
using IdentityServer4.KeyManagement.AzureKeyVault;

public void ConfigureServices(IServiceCollection services)
{
  ...
  services.AddIdentityServer()
    .AddSigningCredentialFromAzureKeyVault(Configuration["AzureKeyVault:Url"], "<My Cert Name>", <Signing Key Rollover period in hours>, new ClientSecretCredential("<AAD tenant id>", "<My Key vault client id>", "<My key vault secret>"));
  ...
}

or if you are using MSI:

using Azure.Identity;
using IdentityServer4.KeyManagement.AzureKeyVault;

public void ConfigureServices(IServiceCollection services)
{
  ...
  services.AddIdentityServer()
    .AddSigningCredentialFromAzureKeyVault(Configuration["AzureKeyVault:Url"], "<My Cert Name>", <Signing Key Rollover period in hours>, new DefaultAzureCredential());
  ...
}

This will add all enabled versions of the specified certificate to the ValidationKey set. The current version of the certificate will be used as the signing certificate. Keys are cached for 24hrs to improve performance. If you are utilizing MSI, make sure it is supported with how you are hosting the application.

About

IdentityServer4 key management via Azure Key Vault certificates.

Resources

Readme
Activity

Stars

2 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors 2

  •  
  •  

Languages