GitHub-Bitwarden
/
key-connector
mirror of https://github.com/bitwarden/key-connector.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

settings updates

pull/2/head
Kyle Spearrin 4 years ago
parent
ad65021e70
commit
45af4e4251
3 changed files with 24 additions and 47 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 18
      src/CryptoAgent/CryptoAgentSettings.cs
  2. 44
      src/CryptoAgent/Startup.cs
  3. 3
      src/CryptoAgent/appsettings.json

18
src/CryptoAgent/CryptoAgentSettings.cs
Unescape View File

@ -8,17 +8,18 @@
public class CertificateSettings public class CertificateSettings
{ {
// Filesystem public string Provider { get; set; }
// filesystem
public string FilesystemPath { get; set; } public string FilesystemPath { get; set; }
public string FilesystemPassword { get; set; } public string FilesystemPassword { get; set; }
// Local store // store
public string StoreThumbprint { get; set; } public string StoreThumbprint { get; set; }
// Azure blob storage // azurestorage
public string AzureStorageConnectionString { get; set; } public string AzureStorageConnectionString { get; set; }
public string AzureStorageContainer { get; set; } public string AzureStorageContainer { get; set; }
public string AzureStorageFileName { get; set; } public string AzureStorageFileName { get; set; }
public string AzureStorageFilePassword { get; set; } public string AzureStorageFilePassword { get; set; }
// Azure key vault // azurekv
public string AzureKeyvaultUri { get; set; } public string AzureKeyvaultUri { get; set; }
public string AzureKeyvaultCertificateName { get; set; } public string AzureKeyvaultCertificateName { get; set; }
public string AzureKeyvaultAdTenantId { get; set; } public string AzureKeyvaultAdTenantId { get; set; }
@ -28,26 +29,25 @@
public class RsaKeySettings public class RsaKeySettings
{ {
// Local certificate provider
public string Provider { get; set; } public string Provider { get; set; }
// Azure key vault // azurekv
public string AzureKeyvaultUri { get; set; } public string AzureKeyvaultUri { get; set; }
public string AzureKeyvaultKeyName { get; set; } public string AzureKeyvaultKeyName { get; set; }
public string AzureKeyvaultAdTenantId { get; set; } public string AzureKeyvaultAdTenantId { get; set; }
public string AzureKeyvaultAdAppId { get; set; } public string AzureKeyvaultAdAppId { get; set; }
public string AzureKeyvaultAdSecret { get; set; } public string AzureKeyvaultAdSecret { get; set; }
// Google Cloud KMS // gcpkms
public string GoogleCloudProjectId { get; set; } public string GoogleCloudProjectId { get; set; }
public string GoogleCloudLocationId { get; set; } public string GoogleCloudLocationId { get; set; }
public string GoogleCloudKeyringId { get; set; } public string GoogleCloudKeyringId { get; set; }
public string GoogleCloudKeyId { get; set; } public string GoogleCloudKeyId { get; set; }
public string GoogleCloudKeyVersionId { get; set; } public string GoogleCloudKeyVersionId { get; set; }
// AWS KMS // awskms
public string AwsAccessKeyId { get; set; } public string AwsAccessKeyId { get; set; }
public string AwsAccessKeySecret { get; set; } public string AwsAccessKeySecret { get; set; }
public string AwsRegion { get; set; } public string AwsRegion { get; set; }
public string AwsKeyId { get; set; } public string AwsKeyId { get; set; }
// Hashicorp Vault... // vault...
// Other HSMs... // Other HSMs...
} }

44
src/CryptoAgent/Startup.cs
Unescape View File

@ -34,73 +34,53 @@ namespace Bit.CryptoAgent
{ {
services.AddSingleton<IRsaKeyService, LocalCertificateRsaKeyService>(); services.AddSingleton<IRsaKeyService, LocalCertificateRsaKeyService>();
if (!string.IsNullOrWhiteSpace(settings.Certificate?.StoreThumbprint)) var certificateProvider = settings.Certificate.Provider?.ToLowerInvariant();
if (certificateProvider == "store")
{ {
services.AddSingleton<ICertificateProviderService, StoreCertificateProviderService>(); services.AddSingleton<ICertificateProviderService, StoreCertificateProviderService>();
} }
else if (!string.IsNullOrWhiteSpace(settings.Certificate?.FilesystemPath)) else if (certificateProvider == "filesystem")
{ {
services.AddSingleton<ICertificateProviderService, FilesystemCertificateProviderService>(); services.AddSingleton<ICertificateProviderService, FilesystemCertificateProviderService>();
} }
else if (!string.IsNullOrWhiteSpace(settings.Certificate?.AzureStorageConnectionString)) else if (certificateProvider == "azurestorage")
{ {
services.AddSingleton<ICertificateProviderService, AzureStorageCertificateProviderService>(); services.AddSingleton<ICertificateProviderService, AzureStorageCertificateProviderService>();
} }
else if (!string.IsNullOrWhiteSpace(settings.Certificate?.AzureKeyvaultUri)) else if (certificateProvider == "azurekv")
{ {
services.AddSingleton<ICertificateProviderService, AzureKeyVaultCertificateProviderService>(); services.AddSingleton<ICertificateProviderService, AzureKeyVaultCertificateProviderService>();
} }
else else
{ {
throw new Exception("No certificate provider configured."); throw new Exception("Unknown certificate provider configured.");
} }
} }
else if (rsaKeyProvider == "azure") else if (rsaKeyProvider == "azurekv")
{
if (!string.IsNullOrWhiteSpace(settings.RsaKey?.AzureKeyvaultUri))
{ {
services.AddSingleton<IRsaKeyService, AzureKeyVaultRsaKeyService>(); services.AddSingleton<IRsaKeyService, AzureKeyVaultRsaKeyService>();
} }
else else if (rsaKeyProvider == "gcpkms")
{
throw new Exception("No azure key vault configured.");
}
}
else if (rsaKeyProvider == "gcp")
{
if (!string.IsNullOrWhiteSpace(settings.RsaKey?.GoogleCloudKeyId))
{ {
services.AddSingleton<IRsaKeyService, GoogleCloudKmsRsaKeyService>(); services.AddSingleton<IRsaKeyService, GoogleCloudKmsRsaKeyService>();
} }
else else if (rsaKeyProvider == "awskms")
{
throw new Exception("No gcp kms configured.");
}
}
else if (rsaKeyProvider == "aws")
{
if (!string.IsNullOrWhiteSpace(settings.RsaKey?.AwsAccessKeyId))
{ {
services.AddSingleton<IRsaKeyService, AwsKmsRsaKeyService>(); services.AddSingleton<IRsaKeyService, AwsKmsRsaKeyService>();
} }
else else
{ {
throw new Exception("No aws kms configured."); throw new Exception("Unknown rsa key provider configured.");
}
}
else
{
throw new Exception("Unknown rsa key provider.");
} }
services.AddSingleton<ICryptoFunctionService, CryptoFunctionService>(); services.AddSingleton<ICryptoFunctionService, CryptoFunctionService>();
services.AddSingleton<ICryptoService, CryptoService>(); services.AddSingleton<ICryptoService, CryptoService>();
// JsonFlatFileDataStore
if (!string.IsNullOrWhiteSpace(settings.Database?.JsonFilePath)) if (!string.IsNullOrWhiteSpace(settings.Database?.JsonFilePath))
{ {
// Assign foobar to keyProperty in order to not use incrementing Id functionality // Assign foobar to keyProperty in order to not use incrementing Id functionality
services.AddSingleton<IDataStore>(new DataStore(settings.Database.JsonFilePath, keyProperty: "--foobar--")); services.AddSingleton<IDataStore>(
new DataStore(settings.Database.JsonFilePath, keyProperty: "--foobar--"));
services.AddSingleton<IApplicationDataRepository, Repositories.JsonFile.ApplicationDataRepository>(); services.AddSingleton<IApplicationDataRepository, Repositories.JsonFile.ApplicationDataRepository>();
services.AddSingleton<IUserKeyRepository, Repositories.JsonFile.UserKeyRepository>(); services.AddSingleton<IUserKeyRepository, Repositories.JsonFile.UserKeyRepository>();
} }

3
src/CryptoAgent/appsettings.json
Unescape View File

@ -8,8 +8,5 @@
}, },
"AllowedHosts": "*", "AllowedHosts": "*",
"cryptoAgentSettings": { "cryptoAgentSettings": {
"rsaKey": {
"provider": "certificate"
}
} }
} }

Write Preview
Loading…
Cancel
Save