Add documentation for KeyVault.Azure and minor code fixes

OrchardCMS · Jun 15, 2020 · 584b72b · 584b72b
1 parent 1a92632
commit 584b72b
Show file tree

Hide file tree

Showing 7 changed files with 50 additions and 28 deletions.
diff --git a/src/OrchardCore.Build/Dependencies.AspNetCore.props b/src/OrchardCore.Build/Dependencies.AspNetCore.props
@@ -16,6 +16,7 @@
     <PackageManagement Include="Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation" Version="$(AspNetCoreVersion)" />
     <PackageManagement Include="Microsoft.AspNetCore.Mvc.Testing" Version="$(AspNetCoreVersion)" />
     <PackageManagement Include="Microsoft.AspNetCore.Owin" Version="$(AspNetCoreVersion)" />
+    <PackageManagement Include="Microsoft.Extensions.Configuration.AzureKeyVault" Version="$(AspNetCoreVersion)" />
     <PackageManagement Include="Microsoft.Extensions.Http.Polly" Version="$(AspNetCoreVersion)" />
   </ItemGroup>
 </Project>
diff --git a/src/OrchardCore.Build/Dependencies.props b/src/OrchardCore.Build/Dependencies.props
@@ -22,7 +22,6 @@
     <PackageManagement Include="MailKit" Version="2.6.0" />
     <PackageManagement Include="Markdig" Version="0.20.0" />
     <PackageManagement Include="MessagePack" Version="2.1.115" />
-    <PackageManagement Include="Microsoft.Extensions.Configuration.AzureKeyVault" Version="3.1.3" />
     <PackageManagement Include="Microsoft.NET.Test.Sdk" Version="16.2.0" />
     <PackageManagement Include="MimeKit" Version="2.7.0" />
     <PackageManagement Include="MiniProfiler.AspNetCore.Mvc" Version="4.1.0" />

diff --git a/...OrchardCore/OrchardCore.KeyVault.Azure/Extensions/AzureKeyVaultWebHostBuilderExtension.cs b/...OrchardCore/OrchardCore.KeyVault.Azure/Extensions/AzureKeyVaultWebHostBuilderExtension.cs
@@ -28,13 +28,11 @@ public static IHostBuilder UseOrchardCoreAzureKeyVault(this IHostBuilder builder
                     keyVaultEndpoint, 
                     clientId, 
                     clientSecret,  
-                    new CustomKeyVaultSecretManager()
+                    new AzureKeyVaultSecretManager()
                 );
             });
 
             return builder;
         }
-
-
     }
 }
diff --git a/src/OrchardCore/OrchardCore.KeyVault.Azure/OrchardCore.KeyVault.Azure.csproj b/src/OrchardCore/OrchardCore.KeyVault.Azure/OrchardCore.KeyVault.Azure.csproj
@@ -12,7 +12,6 @@
     <ProjectReference Include="..\OrchardCore.Abstractions\OrchardCore.Abstractions.csproj" />
   </ItemGroup>
 
-
   <ItemGroup>
     <PackageReference Include="Microsoft.Extensions.Configuration.AzureKeyVault" />
   </ItemGroup>

diff --git a/src/OrchardCore/OrchardCore.KeyVault.Azure/Services/AzureKeyVaultSecretManager.cs b/src/OrchardCore/OrchardCore.KeyVault.Azure/Services/AzureKeyVaultSecretManager.cs
@@ -0,0 +1,11 @@
+using Microsoft.Azure.KeyVault.Models;
+using Microsoft.Extensions.Configuration.AzureKeyVault;
+
+namespace OrchardCore.Azure.KeyVault.Services
+{
+    public class AzureKeyVaultSecretManager : DefaultKeyVaultSecretManager
+    {
+        public override string GetKey(SecretBundle secret) =>
+            secret.SecretIdentifier.Name.Replace("---", "_").Replace("--", ":");
+    }
+}
diff --git a/src/OrchardCore/OrchardCore.KeyVault.Azure/Services/CustomKeyVaultSecretManager.cs b/src/OrchardCore/OrchardCore.KeyVault.Azure/Services/CustomKeyVaultSecretManager.cs
diff --git a/src/docs/reference/modules/KeyVault.Azure/README.md b/src/docs/reference/modules/KeyVault.Azure/README.md
@@ -0,0 +1,37 @@
+# Azure Key Vault (`OrchardCore.Azure.KeyVault`)
+The Azure Key Vault configuration provider adds app configuration values from the Azure Key Vault in order to safeguared your cryptographic keys and secrets used by your app. It also contains custom override of the DefaultKeyVaultManger class that retrieves secrets from Azure Key Vault and translates ---
+to an underscore (_)  and -- to a colon (:). Both underscores and colons are illegal characters in Azure KeyVault.
+
+Example:
+Key Vault Input: "OrchardCore--OrchardCore---Shells---Database--ConnectionString".
+Output: "OrchardCore:OrchardCore_Shells_Database:ConnectionString".
+See https://github.com/OrchardCMS/OrchardCore/issues/6359.
+
+
+# Configuration:
+You'll need to specify the name of your Azure Key Vault and [register a service principle](https://docs.microsoft.com/en-us/azure/key-vault/general/group-permissions-for-apps) in Active Directory for accessing your key vault using an access control policy.
+```json
+"OrchardCore_Azure_KeyVault": {
+    "KeyVaultName": "", // Set the name of your Azure Key Vault.
+    "AzureADApplicationId": "", // Set the Azure AD Application Id
+    "AzureADApplicationSecret": "" //Set the Azure AD Application Secret
+}
+```
+You should **never check in your client secret into source control** as this defeats the purpose of using a key vault in the first place. Instead set your client secret as an environmnet variable on your machine, or create a seperate azurekeyvault.json file and add it to your gitignore.
+
+In the `program.cs`, add UseOrchardCoreAzureKeyVault() to the Generic Host in CreateHostBuilder().
+```csharp
+using OrchardCore.KeyVault.Azure;
+public class Program
+{
+    public static Task Main(string[] args)
+        => BuildHost(args).RunAsync();
+
+    public static IHost BuildHost(string[] args) =>
+        Host.CreateDefaultBuilder(args)
+            .UseOrchardCoreAzureKeyVault()
+            .ConfigureWebHostDefaults(webBuilder => webBuilder.UseStartup<Startup>())
+            .Build();
+}
+```
+