-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add Key Vault Data Protection to dotnet (#1076)
* Add Data Protection to dotnet * Add Data Protection Terraform module to deploy a Key Vault Key * Deploy a File Share that can be mounted to all the containers * [sonarcloud] Remove nullable annotation * Updated Azure.Identity to 1.12.1 to fix build * Update DataProtection.Keys package to v1.3.0 * Abstract DP service to it's own file
- Loading branch information
1 parent
7525760
commit e09afa3
Showing
8 changed files
with
56 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
31 changes: 31 additions & 0 deletions
31
Dfe.PrepareConversions/Dfe.PrepareConversions/Utils/DataProtectionService.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
using Azure.Identity; | ||
using Microsoft.Extensions.Configuration; | ||
using Microsoft.Extensions.DependencyInjection; | ||
using Microsoft.AspNetCore.DataProtection; | ||
using System; | ||
using System.IO; | ||
|
||
namespace Dfe.PrepareConversions.Utils | ||
{ | ||
internal static class DataProtectionService | ||
{ | ||
public static void AddDataProtectionService(this IServiceCollection services, IConfiguration configuration) | ||
{ | ||
var dp = services.AddDataProtection(); | ||
var dpTargetPath = "@/srv/app/storage"; | ||
|
||
if (Directory.Exists(dpTargetPath)) { | ||
// If a Key Vault Key URI is defined, expect to encrypt the keys.xml | ||
string kvProtectionKeyUri = configuration.GetValue<string>("DataProtection:KeyVaultKey"); | ||
|
||
if (!string.IsNullOrWhiteSpace(kvProtectionKeyUri)) | ||
{ | ||
throw new InvalidOperationException("DataProtection:Path is undefined or empty"); | ||
} | ||
|
||
dp.PersistKeysToFileSystem(new DirectoryInfo(dpTargetPath)); | ||
dp.ProtectKeysWithAzureKeyVault(new Uri(kvProtectionKeyUri), new DefaultAzureCredential()); | ||
} | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
module "data_protection" { | ||
source = "github.com/DFE-Digital/terraform-azurerm-aspnet-data-protection?ref=v1.0.1" | ||
|
||
data_protection_key_vault_assign_role = false | ||
data_protection_key_vault_subnet_prefix = "172.16.100.0/28" | ||
data_protection_key_vault_access_ipv4 = local.key_vault_access_ipv4 | ||
data_protection_resource_prefix = "${local.environment}${local.project_name}" | ||
data_protection_azure_location = local.azure_location | ||
data_protection_tags = local.tags | ||
data_protection_resource_group_name = module.azure_container_apps_hosting.azurerm_resource_group_default.name | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters