Add Azure KeyVault integration

kirkone · kirkone · commit e2f9f63fc063 · 2019-11-14T20:12:03.000+01:00
- When a KeyVault URI is in the enviroment the vault will be used also
- This depends on a Managed Service Idendity

+semver: feature
diff --git a/src/EasyConfig.SiteExtension/EasyConfig.SiteExtension.csproj b/src/EasyConfig.SiteExtension/EasyConfig.SiteExtension.csproj
@@ -13,6 +13,8 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Mvc.NewtonsoftJson" Version="3.0.0" />
+    <PackageReference Include="Microsoft.Azure.Services.AppAuthentication" Version="1.3.1" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.AzureKeyVault" Version="3.0.0" />
   </ItemGroup>
 
 </Project>
diff --git a/src/EasyConfig.SiteExtension/Program.cs b/src/EasyConfig.SiteExtension/Program.cs
@@ -1,6 +1,10 @@
 namespace EasyConfig.SiteExtension
 {
     using Microsoft.AspNetCore.Hosting;
+    using Microsoft.Azure.KeyVault;
+    using Microsoft.Azure.Services.AppAuthentication;
+    using Microsoft.Extensions.Configuration;
+    using Microsoft.Extensions.Configuration.AzureKeyVault;
     using Microsoft.Extensions.Hosting;
 
     public class Program
@@ -9,6 +13,36 @@ public class Program
 
         public static IHostBuilder CreateHostBuilder(string[] args) =>
             Host.CreateDefaultBuilder(args)
-                .ConfigureWebHostDefaults(webBuilder => webBuilder.UseStartup<Startup>());
+                .ConfigureWebHostDefaults(webBuilder => webBuilder.UseStartup<Startup>())
+                .ConfigureAppConfiguration(
+                    (ctx, builder) =>
+                    {
+                        //Build the config from sources we have
+                        var config = builder.Build();
+
+                        // Get the uri for the Vault from configuration
+                        var keyVaultUri = config["KeyVault:Uri"];
+
+                        // Add KeyVault only if the uri is not empty
+                        if (!string.IsNullOrWhiteSpace(keyVaultUri))
+                        {
+                            //Create Managed Service Identity token provider
+                            var azureServiceTokenProvider = new AzureServiceTokenProvider();
+
+                            //Create the Key Vault client
+                            var keyVaultClient = new KeyVaultClient(
+                                new KeyVaultClient.AuthenticationCallback(
+                                azureServiceTokenProvider.KeyVaultTokenCallback)
+                            );
+
+                            //Add Key Vault to configuration pipeline
+                            _ = builder.AddAzureKeyVault(
+                                keyVaultUri,
+                                keyVaultClient,
+                                new DefaultKeyVaultSecretManager()
+                            );
+                        }
+                    }
+                );
     }
 }
