Skip to content

Commit

Permalink
Samples: Refactors client encryption samples to use the latest encryp…
Browse files Browse the repository at this point in the history 
…tion package -1.0.0-previewV19 (Azure#2983)

Samples: Refactors client encryption samples to use the latest encryption package -1.0.0-previewV19
  • Loading branch information
@kr-santosh
kr-santosh authored Jan 18, 2022
1 parent 67cbd89 commit ca94a78
Show file tree
Hide file tree
Showing 4 changed files with 25 additions and 28 deletions.
6 changes: 3 additions & 3 deletions Microsoft.Azure.Cosmos.Samples/Usage/Encryption/Encryption.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,13 +8,13 @@
<LangVersion>latest</LangVersion>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Microsoft.Azure.Cosmos.Encryption" Version="1.0.0-previewV15" />
<PackageReference Include="Microsoft.Data.Encryption.AzureKeyVaultProvider" Version="0.2.0-pre" />
<PackageReference Include="Azure.Identity" Version="1.5.0" />
<PackageReference Include="Microsoft.Azure.Cosmos.Encryption" Version="1.0.0-previewV19" />
<PackageReference Include="Microsoft.Extensions.Configuration" Version="2.2.0" />
<PackageReference Include="Microsoft.Extensions.Configuration.FileExtensions" Version="2.2.0" />
<PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="2.2.0" />
<PackageReference Include="Newtonsoft.Json" Version="12.0.2" />
</ItemGroup>
</ItemGroup>
<ItemGroup>
<None Include="AppSettings.json">
<CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
Expand Down
34 changes: 16 additions & 18 deletions Microsoft.Azure.Cosmos.Samples/Usage/Encryption/Program.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,6 @@
using Cosmos.Samples.Shared;
using Microsoft.Azure.Cosmos;
using Microsoft.Azure.Cosmos.Encryption;
using Microsoft.Data.Encryption.Cryptography;
using Microsoft.Data.Encryption.AzureKeyVaultProvider;
using Microsoft.Extensions.Configuration;

// ----------------------------------------------------------------------------------------------------------
Expand Down Expand Up @@ -56,11 +54,11 @@ public static async Task Main(string[] _)

// Get the Token Credential that is capable of providing an OAuth Token.
TokenCredential tokenCredential = GetTokenCredential(configuration);
AzureKeyVaultKeyStoreProvider azureKeyVaultKeyStoreProvider = new AzureKeyVaultKeyStoreProvider(tokenCredential);
AzureKeyVaultKeyWrapProvider azureKeyVaultKeyWrapProvider = new AzureKeyVaultKeyWrapProvider(tokenCredential);

Program.client = Program.CreateClientInstance(configuration, azureKeyVaultKeyStoreProvider);
Program.client = Program.CreateClientInstance(configuration, azureKeyVaultKeyWrapProvider);

await Program.AdminSetupAsync(client, azureKeyVaultKeyStoreProvider);
await Program.AdminSetupAsync(client, azureKeyVaultKeyWrapProvider);
await Program.RunDemoAsync();
}
catch (CosmosException cre)
Expand All @@ -81,7 +79,7 @@ public static async Task Main(string[] _)
}
// </Main>

private static CosmosClient CreateClientInstance(IConfigurationRoot configuration, AzureKeyVaultKeyStoreProvider azureKeyVaultKeyStoreProvider)
private static CosmosClient CreateClientInstance(IConfigurationRoot configuration, AzureKeyVaultKeyWrapProvider azureKeyVaultKeyWrapProvider)
{
string endpoint = configuration["EndPointUrl"];
if (string.IsNullOrEmpty(endpoint))
Expand All @@ -98,7 +96,7 @@ private static CosmosClient CreateClientInstance(IConfigurationRoot configuratio
CosmosClient encryptionCosmosClient = new CosmosClient(endpoint, authKey);

// enable encryption support on the cosmos client.
return encryptionCosmosClient.WithEncryption(azureKeyVaultKeyStoreProvider);
return encryptionCosmosClient.WithEncryption(azureKeyVaultKeyWrapProvider);
}

private static X509Certificate2 GetCertificate(string clientCertThumbprint)
Expand Down Expand Up @@ -148,7 +146,7 @@ private static TokenCredential GetTokenCredential(IConfigurationRoot configurati
/// Administrative operations - create the database, container, and generate the necessary client encryption keys.
/// These are initializations and are expected to be invoked only once - do not invoke these before every item request.
/// </summary>
private static async Task AdminSetupAsync(CosmosClient client, AzureKeyVaultKeyStoreProvider azureKeyVaultKeyStoreProvider)
private static async Task AdminSetupAsync(CosmosClient client, AzureKeyVaultKeyWrapProvider azureKeyVaultKeyWrapProvider)
{
Database database = await client.CreateDatabaseIfNotExistsAsync(Program.encryptedDatabaseId);

Expand All @@ -162,38 +160,38 @@ private static async Task AdminSetupAsync(CosmosClient client, AzureKeyVaultKeyS
// Create the Client Encryption Keys for Encrypting the configured Paths.
await database.CreateClientEncryptionKeyAsync(
"key1",
DataEncryptionKeyAlgorithm.AEAD_AES_256_CBC_HMAC_SHA256,
new EncryptionKeyWrapMetadata(azureKeyVaultKeyStoreProvider.ProviderName, "akvMasterKey", MasterKeyUrl));
DataEncryptionKeyAlgorithm.AeadAes256CbcHmacSha256,
new EncryptionKeyWrapMetadata(azureKeyVaultKeyWrapProvider.ProviderName, "akvMasterKey", MasterKeyUrl));

await database.CreateClientEncryptionKeyAsync(
"key2",
DataEncryptionKeyAlgorithm.AEAD_AES_256_CBC_HMAC_SHA256,
new EncryptionKeyWrapMetadata(azureKeyVaultKeyStoreProvider.ProviderName, "akvMasterKey", MasterKeyUrl));
DataEncryptionKeyAlgorithm.AeadAes256CbcHmacSha256,
new EncryptionKeyWrapMetadata(azureKeyVaultKeyWrapProvider.ProviderName, "akvMasterKey", MasterKeyUrl));

// Configure the required Paths to be Encrypted with appropriate settings.
ClientEncryptionIncludedPath path1 = new ClientEncryptionIncludedPath()
{
Path = "/SubTotal",
ClientEncryptionKeyId = "key1",
EncryptionType = EncryptionType.Deterministic.ToString(),
EncryptionAlgorithm = DataEncryptionKeyAlgorithm.AEAD_AES_256_CBC_HMAC_SHA256.ToString()
EncryptionType = EncryptionType.Deterministic,
EncryptionAlgorithm = DataEncryptionKeyAlgorithm.AeadAes256CbcHmacSha256
};

// non primitive data type.Leaves get encrypted.
ClientEncryptionIncludedPath path2 = new ClientEncryptionIncludedPath()
{
Path = "/Items",
ClientEncryptionKeyId = "key2",
EncryptionType = EncryptionType.Deterministic.ToString(),
EncryptionAlgorithm = DataEncryptionKeyAlgorithm.AEAD_AES_256_CBC_HMAC_SHA256.ToString()
EncryptionType = EncryptionType.Deterministic,
EncryptionAlgorithm = DataEncryptionKeyAlgorithm.AeadAes256CbcHmacSha256
};

ClientEncryptionIncludedPath path3 = new ClientEncryptionIncludedPath()
{
Path = "/OrderDate",
ClientEncryptionKeyId = "key1",
EncryptionType = EncryptionType.Deterministic.ToString(),
EncryptionAlgorithm = DataEncryptionKeyAlgorithm.AEAD_AES_256_CBC_HMAC_SHA256.ToString()
EncryptionType = EncryptionType.Deterministic,
EncryptionAlgorithm = DataEncryptionKeyAlgorithm.AeadAes256CbcHmacSha256
};

// Create a container with the appropriate partition key definition (we choose the "AccountNumber" property here) and throughput (we choose 1000 here).
Expand Down
9 changes: 4 additions & 5 deletions Microsoft.Azure.Cosmos.Samples/Usage/ReEncryption/Program.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@
using Azure.Identity;
using Microsoft.Azure.Cosmos;
using Microsoft.Azure.Cosmos.Encryption;
using Microsoft.Data.Encryption.AzureKeyVaultProvider;
using Microsoft.Extensions.Configuration;
using System.Collections.Generic;
using System.Net;
Expand Down Expand Up @@ -88,9 +87,9 @@ public static async Task Main(string[] _)

// Get the Token Credential that is capable of providing an OAuth Token.
TokenCredential tokenCredential = Program.GetTokenCredential(configuration);
AzureKeyVaultKeyStoreProvider azureKeyVaultKeyStoreProvider = new AzureKeyVaultKeyStoreProvider(tokenCredential);
AzureKeyVaultKeyWrapProvider azureKeyVaultWrapProvider = new AzureKeyVaultKeyWrapProvider(tokenCredential);

Program.client = Program.CreateClientInstance(configuration, azureKeyVaultKeyStoreProvider);
Program.client = Program.CreateClientInstance(configuration, azureKeyVaultWrapProvider);

await Program.CreateAndRunReEncryptionTasks();
}
Expand All @@ -113,7 +112,7 @@ public static async Task Main(string[] _)

private static CosmosClient CreateClientInstance(
IConfigurationRoot configuration,
AzureKeyVaultKeyStoreProvider azureKeyVaultKeyStoreProvider)
AzureKeyVaultKeyWrapProvider azureKeyVaultKeyWrapProvider)
{
string endpoint = configuration["EndPointUrl"];
if (string.IsNullOrEmpty(endpoint))
Expand All @@ -134,7 +133,7 @@ private static CosmosClient CreateClientInstance(
CosmosClient encryptionCosmosClient = new CosmosClient(endpoint, authKey, options);

// enable encryption support on the cosmos client.
return encryptionCosmosClient.WithEncryption(azureKeyVaultKeyStoreProvider);
return encryptionCosmosClient.WithEncryption(azureKeyVaultKeyWrapProvider);
}

private static X509Certificate2 GetCertificate(string clientCertThumbprint)
Expand Down
4 changes: 2 additions & 2 deletions Microsoft.Azure.Cosmos.Samples/Usage/ReEncryption/ReEncryption.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,8 @@
<LangVersion>latest</LangVersion>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Microsoft.Azure.Cosmos.Encryption" Version="1.0.0-previewV18" />
<PackageReference Include="Microsoft.Data.Encryption.AzureKeyVaultProvider" Version="0.2.0-pre" />
<PackageReference Include="Azure.Identity" Version="1.5.0" />
<PackageReference Include="Microsoft.Azure.Cosmos.Encryption" Version="1.0.0-previewV19" />
<PackageReference Include="Microsoft.Extensions.Configuration" Version="2.2.0" />
<PackageReference Include="Microsoft.Extensions.Configuration.FileExtensions" Version="2.2.0" />
<PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="2.2.0" />
Expand Down

0 comments on commit ca94a78

Please sign in to comment.