in src/Microsoft.Extensions.Configuration.AzureAppConfiguration/AzureKeyVaultReference/AzureKeyVaultSecretProvider.cs [38:80]
public async Task<string> GetSecretValue(KeyVaultSecretIdentifier secretIdentifier, string key, string label, Logger logger, CancellationToken cancellationToken)
{
string secretValue = null;
if (_cachedKeyVaultSecrets.TryGetValue(secretIdentifier.SourceId, out CachedKeyVaultSecret cachedSecret) &&
(!cachedSecret.RefreshAt.HasValue || DateTimeOffset.UtcNow < cachedSecret.RefreshAt.Value))
{
return cachedSecret.SecretValue;
}
SecretClient client = GetSecretClient(secretIdentifier.SourceId);
if (client == null && _keyVaultOptions.SecretResolver == null)
{
throw new UnauthorizedAccessException("No key vault credential or secret resolver callback configured, and no matching secret client could be found.");
}
bool success = false;
try
{
if (client != null)
{
KeyVaultSecret secret = await client.GetSecretAsync(secretIdentifier.Name, secretIdentifier.Version, cancellationToken).ConfigureAwait(false);
logger.LogDebug(LogHelper.BuildKeyVaultSecretReadMessage(key, label));
logger.LogInformation(LogHelper.BuildKeyVaultSettingUpdatedMessage(key));
secretValue = secret.Value;
}
else if (_keyVaultOptions.SecretResolver != null)
{
secretValue = await _keyVaultOptions.SecretResolver(secretIdentifier.SourceId).ConfigureAwait(false);
}
cachedSecret = new CachedKeyVaultSecret(secretValue, secretIdentifier.SourceId);
success = true;
}
finally
{
SetSecretInCache(secretIdentifier.SourceId, key, cachedSecret, success);
}
return secretValue;
}