-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathKeyVaultServices.cs
84 lines (75 loc) · 2.69 KB
/
KeyVaultServices.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
using Azure.Identity;
using Azure.Security.KeyVault.Secrets;
namespace KeyVaultEditor
{
public class KeyVaultServices
{
private SecretClient? secretClient;
private readonly ILogger<KeyVaultServices> logger;
public string? Url { get; set; }
public KeyVaultServices(ILogger<KeyVaultServices> logger)
{
this.logger = logger;
}
public void SetSecretClient(Uri url)
{
if (Url != url.AbsoluteUri)
{
Url = url.AbsoluteUri;
logger.LogInformation("Accessing {keyvault}", url);
secretClient = new SecretClient(url, new DefaultAzureCredential());
}
}
public async Task<bool> DeleteSecretValue(string name)
{
if (secretClient != null)
{
var op = await secretClient.StartDeleteSecretAsync(name);
var res = await op.WaitForCompletionAsync();
return res?.Value?.Name == name;
}
return false;
}
public async Task<IList<KeyVaultSecret>> GetAllSecretsAsync()
{
var secrets = new List<KeyVaultSecret>();
if (secretClient != null)
{
var secretProperties = secretClient.GetPropertiesOfSecretsAsync();
await foreach (var secretProperty in secretProperties)
{
var response = await secretClient.GetSecretAsync(secretProperty.Name);
secrets.Add(response);
}
}
return secrets;
}
public async Task<(bool, string?)> StoreNewKeyVaultSecretValue(string name, string value, bool recover = true)
{
try
{
if (secretClient != null)
{
var secret = await secretClient.SetSecretAsync(name, value);
return (secret != null, null);
}
return (false, "No Vault URL set");
}
catch (Azure.RequestFailedException rfe)
{
if (recover && rfe.ErrorCode == "Conflict")
{
var recoveredSecret = await secretClient!.StartRecoverDeletedSecretAsync(name);
await recoveredSecret.WaitForCompletionAsync();
//try again without recover
return await StoreNewKeyVaultSecretValue(name, value, false);
}
else
{
logger.LogError(rfe, "Failed to add {name}", name);
return (false, rfe.Message);
}
}
}
}
}