Skip to content

Commit

Permalink
Merge pull request #1 from gsoft-inc/feature/secretclient-opts-defaul…
Browse files Browse the repository at this point in the history
…tazurecreds

Use DefaultAzureCredential instead of ManagedIdentityCredential + allow to pass SecretClient options
  • Loading branch information
asimmon authored Jul 7, 2022
2 parents fa98458 + f284439 commit 6bf1d18
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 12 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,9 @@ namespace ShareGate.Extensions.Configuration.Secrets;

public interface ISecretClientProvider
{
SecretClient GetSecretClient(KeyVaultKind keyVaultKind);
SecretClient GetSecretClient(KeyVaultKind keyVaultKind, SecretClientOptions? options = null);

SecretClient GetSecretClient(Uri keyVaultUri);
SecretClient GetSecretClient(Uri keyVaultUri, SecretClientOptions? options = null);

SecretClient GetSecretClient(string configurationKey);
SecretClient GetSecretClient(string configurationKey, SecretClientOptions? options = null);
}
Original file line number Diff line number Diff line change
Expand Up @@ -28,13 +28,13 @@ public SecretClientProvider(IConfigurationBuilder configurationBuilder, IHostEnv
{
}

public SecretClient GetSecretClient(KeyVaultKind keyVaultKind)
public SecretClient GetSecretClient(KeyVaultKind keyVaultKind, SecretClientOptions? options = null)
{
var keyVaultUri = this.GetKeyVaultUri(keyVaultKind);
return this.GetSecretClient(keyVaultUri);
return this.GetSecretClient(keyVaultUri, options);
}

public SecretClient GetSecretClient(Uri keyVaultUri)
public SecretClient GetSecretClient(Uri keyVaultUri, SecretClientOptions? options = null)
{
if (keyVaultUri == null)
{
Expand All @@ -44,18 +44,18 @@ public SecretClient GetSecretClient(Uri keyVaultUri)
var azureCredential = this._tokenCredentialProvider.GetTokenCredential();

// SecretClient already has a default retry policy (max 3 retries)
return new SecretClient(keyVaultUri, azureCredential);
return new SecretClient(keyVaultUri, azureCredential, options);
}

public SecretClient GetSecretClient(string configurationKey)
public SecretClient GetSecretClient(string configurationKey, SecretClientOptions? options = null)
{
if (configurationKey == null)
{
throw new ArgumentNullException(nameof(configurationKey));
}

var keyVaultUri = this.GetKeyVaultUri(configurationKey);
return this.GetSecretClient(keyVaultUri);
return this.GetSecretClient(keyVaultUri, options);
}

private Uri GetKeyVaultUri(KeyVaultKind keyVaultKind)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,16 +28,16 @@ public TokenCredential GetTokenCredential()
return GetAzureCliCompatibleTokenCredential();
}

// We prefer to only use Azure Managed Identity over DefaultAzureCredential which allows multiple ways to authenticate against Azure
// See https://docs.microsoft.com/en-us/dotnet/api/azure.identity.defaultazurecredential?view=azure-dotnet
return new ManagedIdentityCredential();
return new DefaultAzureCredential();
}

private static TokenCredential GetAzureCliCompatibleTokenCredential()
{
// Azure CLI does not work when Fiddler is active so we need to use an interactive authentication method instead
// When Fiddler is not active, we try to use AzureCliCredential because it's way faster than DefaultAzureCredential on startup
return FiddlerProxyDetector.IsFiddlerActive()
? new CachedInteractiveBrowserCredential()
: new ChainedTokenCredential(new AzureCliCredential(), new ManagedIdentityCredential());
: new ChainedTokenCredential(new AzureCliCredential(), new DefaultAzureCredential());
}
}

0 comments on commit 6bf1d18

Please sign in to comment.