From ca9aa40873fcd346ee4937940da4bf8f2c6cb317 Mon Sep 17 00:00:00 2001 From: Kyle Spearrin Date: Thu, 23 Mar 2017 22:02:55 -0400 Subject: [PATCH] manage data protection keys with azure and enc --- src/Api/Api.csproj | 1 + src/Api/Startup.cs | 13 +++++++++++++ src/Api/settings.json | 3 +++ src/Core/GlobalSettings.cs | 6 ++++++ 4 files changed, 23 insertions(+) diff --git a/src/Api/Api.csproj b/src/Api/Api.csproj index bfdcb676b5..cf6fb1af53 100644 --- a/src/Api/Api.csproj +++ b/src/Api/Api.csproj @@ -22,6 +22,7 @@ + diff --git a/src/Api/Startup.cs b/src/Api/Startup.cs index 4b681c05ec..942a529a62 100644 --- a/src/Api/Startup.cs +++ b/src/Api/Startup.cs @@ -31,6 +31,8 @@ using Serilog; using Serilog.Events; using Bit.Api.IdentityServer; using Bit.Core.Enums; +using Microsoft.AspNetCore.DataProtection; +using Microsoft.WindowsAzure.Storage; namespace Bit.Api { @@ -71,6 +73,16 @@ namespace Bit.Api services.Configure(Configuration.GetSection("IpRateLimitOptions")); services.Configure(Configuration.GetSection("IpRateLimitPolicies")); + // Data Protection + if(Environment.IsProduction()) + { + var dataProtectionCert = CoreHelpers.GetCertificate(globalSettings.DataProtection.CertificateThumbprint); + var storageAccount = CloudStorageAccount.Parse(globalSettings.Storage.ConnectionString); + services.AddDataProtection() + .PersistKeysToAzureBlobStorage(storageAccount, "aspnet-dataprotection/keys.xml") + .ProtectKeysWithCertificate(dataProtectionCert); + } + // Repositories services.AddSingleton(); services.AddSingleton(); @@ -81,6 +93,7 @@ namespace Bit.Api services.AddSingleton(); services.AddSingleton(); services.AddSingleton(); + services.AddSingleton(); // Context services.AddScoped(); diff --git a/src/Api/settings.json b/src/Api/settings.json index 8384bbe8a6..a07b0b4db6 100644 --- a/src/Api/settings.json +++ b/src/Api/settings.json @@ -24,6 +24,9 @@ "identityServer": { "certificateThumbprint": "SECRET" }, + "dataProtection": { + "certificateThumbprint": "SECRET" + }, "storage": { "connectionString": "SECRET" }, diff --git a/src/Core/GlobalSettings.cs b/src/Core/GlobalSettings.cs index 1235ee9e03..a2404d6a0d 100644 --- a/src/Core/GlobalSettings.cs +++ b/src/Core/GlobalSettings.cs @@ -11,6 +11,7 @@ public virtual PushSettings Push { get; set; } = new PushSettings(); public virtual StorageSettings Storage { get; set; } = new StorageSettings(); public virtual IdentityServerSettings IdentityServer { get; set; } = new IdentityServerSettings(); + public virtual DataProtectionSettings DataProtection { get; set; } = new DataProtectionSettings(); public virtual DocumentDbSettings DocumentDb { get; set; } = new DocumentDbSettings(); public class SqlServerSettings @@ -49,6 +50,11 @@ public string CertificateThumbprint { get; set; } } + public class DataProtectionSettings + { + public string CertificateThumbprint { get; set; } + } + public class DocumentDbSettings { public string Uri { get; set; }