This is a sample showing how to use an HttpPipelinePolicy
to cache and proxy secrets, keys, and certificates from Azure Key Vault. The Azure.Core packages provides a number of useful HTTP pipeline policies like configurable retries, logging, and more; and, you can add your own policies.
To use this sample, you will need to install the Azure.Core package, which is installed automatically when installing any of the Azure Key Vault packages:
Once you build this project, you can reference this sample in your own project by either:
- Adding a
<ProjectReference>
to this sample project in your own project, or - Running
dotnet pack
on this sample project, publish it to a private NuGet source, and add a<PackageReference>
toAzureSamples.Security.KeyVault.Proxy
.
After you reference this sample, in your own project source, add the following:
using AzureSamples.Security.KeyVault.Proxy;
All HTTP clients for Azure.* packages allow you to customize the HTTP pipeline using their respective client options classes, such as the SecretClientOptions
class below:
SecretClientOptions options = new SecretClientOptions();
options.AddPolicy(new KeyVaultProxy(), HttpPipelinePosition.PerCall);
SecretClient client = new SecretClient(
new Uri("https://myvault.vault.azure.net"),
new DefaultAzureCredential(),
options);
Whenever you make a call to a resource with given a unique URI, it will be cached, by default, for 1 hour. You can change the default time-to-live (TTL) like so:
SecretClientOptions options = new SecretClientOptions();
options.AddPolicy(new KeyVaultProxy(TimeSpan.FromSeconds(30)), HttpPipelinePosition.PerCall);
When the resource has expired, the next request will go to the server and a successful GET
response for certificates, keys, or secrets will be cached.
Please leave feedback, ask questions, and file issues in our Issues page.
This project is licensed under the MIT license.