All geek questions in one place

KeyVault list of secrets without logging in for every secret?

I managed to list all the secrets in Azure KeyVault - however, I need to make a call to get a token every time I want to get the next secret.

How to save credentials, so I only need to log in once per cycle?

    public async Task<List<string>> getsecretslist(string url)
    {

        var kv = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(GetToken));

        List<string> secretlist = new List<string>(); 
        var all = kv.GetSecretsAsync(url);
        var myId = "";
        foreach (Microsoft.Azure.KeyVault.Models.SecretItem someItem in all.Result)
        {
            myId = someItem.Id;
            var mOtherThing = someItem.Identifier;
            var yep = await kv.GetSecretAsync(mOtherThing.ToString());
            secretlist.Add(yep.Value);
        }

        return secretlist;
    }
+4
source share
4 answers

GetToken , . . ADAL (, TokenCache.DefaultShared).

public static async Task<string> GetToken(string authority, string resource, string scope)
{
    var assertionCert = new ClientAssertionCertificate(clientId, certificate);
    var context = new AuthenticationContext(authority, TokenCache.DefaultShared);
    var result = await context.AcquireTokenAsync(resource, assertionCert).ConfigureAwait(false);

    return result.AccessToken;
}
+8

, , - , GetToken, :

var authenticationContext = new AuthenticationContext(authority, TokenCache.DefaultShared);

var authenticationResult = await authenticationContext.AcquireTokenAsync(resource, KeyVaultUserClientId, new Uri(KeyVaultRedirectUri), new PlatformParameters(PromptBehavior.SelectAccount)).ConfigureAwait(false);

return authenticationResult.AccessToken;

, , ( 60 ), , lastAuthenticationResult

private static KeyVaultClient KeyVaultClient
{
    get
    {
        if (lastAuthenticationResult != null && DateTime.UtcNow.AddSeconds(5) < lastAuthenticationResult.ExpiresOn)
        {
            if (m_cachedKeyVaultClient != null)
            {
                return m_cachedKeyVaultClient;
            }
            else
            {
                return new KeyVaultClient(getCachedToken);
            }
        }

        if (m_keyVaultClient == null)
            m_keyVaultClient = new KeyVaultClient(GetAccessTokenAsync);

        return m_keyVaultClient;
    }
}


private static async Task<string> getCachedToken(string authority, string resource, string scope)
{
    return lastAuthenticationResult.AccessToken;
}
+1

GetSecretAsync . GetSecretsAsync. .

, , .

var all = kv.GetSecretsAsync(url).GetAwaiter().GetResult();
foreach (var secret in all.Value)
{
    secretlist.Add(secret.Id);
}
0

Azure, GetSecretsAsync. : .

enter image description here

, -:

 public async Task<List<KeyValuePair<string, string>>> ListAllSecrets()
    {
        try
        {
            var azureServiceTokenProvider = new AzureServiceTokenProvider();
            var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));

            var Secret = keyVaultClient.GetSecretsAsync
                ("https://xyz.vault.azure.net").GetAwaiter().GetResult();

            var dictionary = new List<KeyValuePair<string, string>>();
            foreach (var item in Secret)
            {
                var value = keyVaultClient.GetSecretAsync(item.Id).GetAwaiter().GetResult().Value;
                dictionary.Add(new KeyValuePair<string, string>(item.Identifier.Name, value));
            }

            return dictionary;
        }
        catch (Exception ex)
        {
            return default(List<KeyValuePair<string, string>>);
        }
    }
0

Source: https://habr.com/ru/post/1671726/

More articles:


All Articles