Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add new module for OrchardCore.KeyVault.Azure #6422

Merged
merged 16 commits into from
Dec 19, 2020
Merged

Add new module for OrchardCore.KeyVault.Azure #6422

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
1a92632
Add new module for OrchardCore.KeyVault.Azure
Jun 14, 2020
584b72b
Add documentation for KeyVault.Azure and minor code fixes
Jun 15, 2020
5a3e559
Update README.md
deanmarcussen Jun 15, 2020
7efcebc
Move Az Key Vault documentation to Core folder & update mkdocs.yml
JoshLefebvre Jun 15, 2020
6518ee2
Fix spelling mistakes in docs and update az key vault extension metho…
Jul 3, 2020
4e35481
Merge branch 'dev' into joshlefebvre/addOrchardCore.KeyVault.Azure
JoshLefebvre Jul 31, 2020
f226041
Merge branch 'dev' into joshlefebvre/addOrchardCore.KeyVault.Azure
agriffard Oct 24, 2020
238f099
Merge branch 'dev' into joshlefebvre/addOrchardCore.KeyVault.Azure
agriffard Nov 10, 2020
babcabb
Updating KeyVault to use Azure packaging
LefeWareSolutions Dec 8, 2020
56b282d
Merge remote-tracking branch 'upstream/dev' into joshlefebvre/addOrch…
JoshLefebvre Dec 9, 2020
837691f
Updating OchardCore.Azure.KeyVault to use Azure Identity
JoshLefebvre Dec 9, 2020
8538dc3
Small spelling change in appsettings
JoshLefebvre Dec 10, 2020
079b62d
Move KeyVault library to OrchardCore Folder and Update Naming
JoshLefebvre Dec 18, 2020
ba37db1
Merge remote-tracking branch 'upstream/dev' into joshlefebvre/addOrch…
JoshLefebvre Dec 18, 2020
56abadf
Fix .sln file
JoshLefebvre Dec 18, 2020
9e1b20f
Fix .sln file
JoshLefebvre Dec 18, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions OrchardCore.sln
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -380,6 +380,8 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "OrchardCore.ShortCodes", "s
EndProject
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "OrchardCore.ShortCodes.Abstractions", "src\OrchardCore\OrchardCore.ShortCodes.Abstractions\OrchardCore.ShortCodes.Abstractions.csproj", "{901DA1A3-E5C7-4965-80EA-A1780BE1B820}"
EndProject
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "OrchardCore.KeyVault.Azure", "src\OrchardCore\OrchardCore.KeyVault.Azure\OrchardCore.KeyVault.Azure.csproj", "{13A89FAE-EDEA-4ED1-8C8E-13AB78F1FD03}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Expand Down Expand Up @@ -1010,6 +1012,10 @@ Global
{901DA1A3-E5C7-4965-80EA-A1780BE1B820}.Debug|Any CPU.Build.0 = Debug|Any CPU
{901DA1A3-E5C7-4965-80EA-A1780BE1B820}.Release|Any CPU.ActiveCfg = Release|Any CPU
{901DA1A3-E5C7-4965-80EA-A1780BE1B820}.Release|Any CPU.Build.0 = Release|Any CPU
{13A89FAE-EDEA-4ED1-8C8E-13AB78F1FD03}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{13A89FAE-EDEA-4ED1-8C8E-13AB78F1FD03}.Debug|Any CPU.Build.0 = Debug|Any CPU
{13A89FAE-EDEA-4ED1-8C8E-13AB78F1FD03}.Release|Any CPU.ActiveCfg = Release|Any CPU
{13A89FAE-EDEA-4ED1-8C8E-13AB78F1FD03}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
Expand Down Expand Up @@ -1186,6 +1192,7 @@ Global
{38EE0258-F010-425B-949F-9ECCE886584B} = {F23AC6C2-DE44-4699-999D-3C478EF3D691}
{9EEEB83D-85C5-4025-8367-CD7D1ACBBB1A} = {90030E85-0C4F-456F-B879-443E8A3F220D}
{901DA1A3-E5C7-4965-80EA-A1780BE1B820} = {F23AC6C2-DE44-4699-999D-3C478EF3D691}
{13A89FAE-EDEA-4ED1-8C8E-13AB78F1FD03} = {F23AC6C2-DE44-4699-999D-3C478EF3D691}
EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
SolutionGuid = {46A1D25A-78D1-4476-9CBF-25B75E296341}
Expand Down
1 change: 1 addition & 0 deletions src/OrchardCore.Build/Dependencies.AspNetCore.props
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
<PackageManagement Include="Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation" Version="$(AspNetCoreVersion)" />
<PackageManagement Include="Microsoft.AspNetCore.Mvc.Testing" Version="$(AspNetCoreVersion)" />
<PackageManagement Include="Microsoft.AspNetCore.Owin" Version="$(AspNetCoreVersion)" />
<PackageManagement Include="Microsoft.Extensions.Configuration.AzureKeyVault" Version="$(AspNetCoreVersion)" />
<PackageManagement Include="Microsoft.Extensions.Http.Polly" Version="$(AspNetCoreVersion)" />
</ItemGroup>
</Project>
7 changes: 7 additions & 0 deletions src/OrchardCore.Cms.Web/appsettings.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,5 +39,12 @@
// "BlobName": "", // Optional, defaults to Sites/tenant_name/DataProtectionKeys.xml. Templatable, refer docs.
// "CreateContainer": true // Creates the container during app startup if it does not already exist.
//},
// Uncomment to load app configuration values from Azure Key Vault.
// Add '.UseOrchardCoreAzureKeyVault()' to the Generic Host in CreateHostBuilder()
//"OrchardCore_Azure_KeyVault": {
// "KeyVaultName": "", // Set the name of your Azure Key Vault.
// "AzureADApplicationId": "", // Set the Azure AD Application Id
// "AzureADApplicationSecret": "" //The Azure AD Application Secret should never be checked into source control. Instead use an environment variable.
// }
}
}
38 changes: 38 additions & 0 deletions ...OrchardCore/OrchardCore.KeyVault.Azure/Extensions/AzureKeyVaultWebHostBuilderExtension.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
using System;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Hosting;
using OrchardCore.Azure.KeyVault.Services;

namespace OrchardCore.Azure.KeyVault.Extensions
{
public static class AzureKeyVaultWebHostBuilderExtension
{
/// <summary>
/// Adds Azure Key Vault as a Configuration Source.
/// </summary>
/// <param name="builder">The web host builder to configure.</param>
/// <returns>The web host builder.</returns>
public static IHostBuilder UseOrchardCoreAzureKeyVault(this IHostBuilder builder)
JoshLefebvre marked this conversation as resolved.
Show resolved Hide resolved
{
if (builder == null) throw new ArgumentNullException(nameof(builder));

builder.ConfigureAppConfiguration((context, configuration) =>
{
var builtConfig = configuration.Build();
var keyVaultName = builtConfig["OrchardCore:OrchardCore_Azure_KeyVault:KeyVaultName"];
var clientId = builtConfig["OrchardCore:OrchardCore_Azure_KeyVault:AzureADApplicationId"];
var clientSecret = builtConfig["OrchardCore:OrchardCore_Azure_KeyVault:AzureADApplicationSecret"];

var keyVaultEndpoint = "https://" + keyVaultName + ".vault.azure.net";
configuration.AddAzureKeyVault(
keyVaultEndpoint,
clientId,
clientSecret,
new AzureKeyVaultSecretManager()
);
});

return builder;
}
}
}
19 changes: 19 additions & 0 deletions src/OrchardCore/OrchardCore.KeyVault.Azure/OrchardCore.KeyVault.Azure.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
<Project Sdk="Microsoft.NET.Sdk">

<PropertyGroup>
<TargetFramework>$(AspNetCoreTargetFramework)</TargetFramework>
</PropertyGroup>

<ItemGroup>
<FrameworkReference Include="Microsoft.AspNetCore.App" />
</ItemGroup>

<ItemGroup>
<ProjectReference Include="..\OrchardCore.Abstractions\OrchardCore.Abstractions.csproj" />
</ItemGroup>

<ItemGroup>
<PackageReference Include="Microsoft.Extensions.Configuration.AzureKeyVault" />
</ItemGroup>

</Project>
11 changes: 11 additions & 0 deletions src/OrchardCore/OrchardCore.KeyVault.Azure/Services/AzureKeyVaultSecretManager.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
using Microsoft.Azure.KeyVault.Models;
using Microsoft.Extensions.Configuration.AzureKeyVault;

namespace OrchardCore.Azure.KeyVault.Services
{
public class AzureKeyVaultSecretManager : DefaultKeyVaultSecretManager
{
public override string GetKey(SecretBundle secret) =>
secret.SecretIdentifier.Name.Replace("---", "_").Replace("--", ":");
}
}
37 changes: 37 additions & 0 deletions src/docs/reference/modules/KeyVault.Azure/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
# Azure Key Vault (`OrchardCore.Azure.KeyVault`)
The Azure Key Vault configuration provider adds app configuration values from the Azure Key Vault in order to safeguared your cryptographic keys and secrets used by your app. It also contains custom override of the DefaultKeyVaultManger class that retrieves secrets from Azure Key Vault and translates ---
to an underscore (_) and -- to a colon (:). Both underscores and colons are illegal characters in Azure KeyVault.

Example:
Key Vault Input: "OrchardCore--OrchardCore---Shells---Database--ConnectionString".
Output: "OrchardCore:OrchardCore_Shells_Database:ConnectionString".
See https://github.com/OrchardCMS/OrchardCore/issues/6359.


# Configuration:
You'll need to specify the name of your Azure Key Vault and [register a service principle](https://docs.microsoft.com/en-us/azure/key-vault/general/group-permissions-for-apps) in Active Directory for accessing your key vault using an access control policy.
```json
"OrchardCore_Azure_KeyVault": {
"KeyVaultName": "", // Set the name of your Azure Key Vault.
"AzureADApplicationId": "", // Set the Azure AD Application Id
"AzureADApplicationSecret": "" //Set the Azure AD Application Secret
}
```
You should **never check in your client secret into source control** as this defeats the purpose of using a key vault in the first place. Instead set your client secret as an environmnet variable on your machine, or create a seperate azurekeyvault.json file and add it to your gitignore.

In the `program.cs`, add UseOrchardCoreAzureKeyVault() to the Generic Host in CreateHostBuilder().
```csharp
using OrchardCore.KeyVault.Azure;
public class Program
{
public static Task Main(string[] args)
=> BuildHost(args).RunAsync();

public static IHost BuildHost(string[] args) =>
Host.CreateDefaultBuilder(args)
.UseOrchardCoreAzureKeyVault()
.ConfigureWebHostDefaults(webBuilder => webBuilder.UseStartup<Startup>())
.Build();
}
```