chore: use key vault for client secret

nlykkei · Jul 12, 2024 · 8a3a3f3 · 8a3a3f3
1 parent 490f0c9
commit 8a3a3f3
Show file tree

Hide file tree

Showing 7 changed files with 8 additions and 12 deletions.
diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
@@ -9,18 +9,13 @@ on:
       resourceGroupName:
         required: true
         type: string
-      reviewApiUrl:
-        required: true
-        type: string
     secrets:
       AZURE_CLIENT_ID:
         required: true
       AZURE_TENANT_ID:
         required: true
       AZURE_SUBSCRIPTION_ID:
         required: true
-      reviewApiKey:
-        required: true
 
 jobs:
   validate:

diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -32,12 +32,10 @@ jobs:
     with:
       environment: test
       resourceGroupName: TodoAppTest
-      reviewApiUrl: https://sandbox.contoso.com/reviews
     secrets:
       AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
       AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
       AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-      reviewApiKey: ${{ secrets.REVIEW_API_KEY_TEST }}
     needs: [build, lint]
 
   deploy-production:
@@ -46,10 +44,8 @@ jobs:
     with:
       environment: production
       resourceGroupName: TodoAppProd
-      reviewApiUrl: https://api.contoso.com/reviews
     secrets:
       AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
       AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
       AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-      reviewApiKey: ${{ secrets.REVIEW_API_KEY_PRODUCTION }}
     needs: [deploy-test]
diff --git a/infra/main.bicep b/infra/main.bicep
@@ -81,6 +81,10 @@ resource appServiceApp 'Microsoft.Web/sites@2022-03-01' = {
           name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
           value: applicationInsights.properties.ConnectionString
         }
+        {
+          name: 'AzureAd__ClientSecret'
+          value: '@Microsoft.KeyVault(SecretUri=https://todo-app-rbqkyp2g5zxmq.vault.azure.net/secrets/ClientSecret/)'
+        }
       ]
     }
   }

diff --git a/src/TodoApp/Controllers/WeatherForecastController.cs b/src/TodoApp/Controllers/WeatherForecastController.cs
@@ -30,7 +30,7 @@ public WeatherForecastController(ILogger<WeatherForecastController> logger,
     [HttpGet(Name = "GetWeatherForecast")]
     public async Task<IEnumerable<WeatherForecast>> Get()
     {
-        // var user = await _graphServiceClient.Me.GetAsync();
+        var user = await _graphServiceClient.Me.GetAsync();
 
         _logger.LogInformation("Getting weather forecast");
 

diff --git a/src/TodoApp/Properties/launchSettings.json b/src/TodoApp/Properties/launchSettings.json
@@ -28,4 +28,4 @@
       }
     }
   }
-}
+}
diff --git a/src/TodoApp/appsettings.Development.json b/src/TodoApp/appsettings.Development.json
@@ -5,4 +5,4 @@
       "Microsoft.AspNetCore": "Warning"
     }
   }
-}
+}
diff --git a/src/TodoApp/appsettings.json b/src/TodoApp/appsettings.json
@@ -4,6 +4,7 @@
     "Domain": "qualified.domain.name",
     "TenantId": "1d063515-6cad-4195-9486-ea65df456faa",
     "ClientId": "cf2b7db1-87aa-4fe1-90c8-219abd6f1609",
+    "ClientSecret": "secret-from-app-registration",
     "Scopes": "user_impersonation",
     "CallbackPath": "/signin-oidc"
   },
-Original file line number
+Diff line change
@@ Expand Up / @@ -28,4 +28,4 @@ @@
           }
         }
       }
-    }
+    }