https://github.com/stijnmoreels/arcus.security.authorization-poc

Proof of concept of a role-based authorization of the secret providers registered in the Arcus secret store by low-level customization.
https://github.com/stijnmoreels/arcus.security.authorization-poc

arcus authorization role-based-access-control security

Last synced: over 1 year ago
JSON representation

Proof of concept of a role-based authorization of the secret providers registered in the Arcus secret store by low-level customization.

• Host: GitHub
• URL: https://github.com/stijnmoreels/arcus.security.authorization-poc
• Owner: stijnmoreels
• License: mit
• Created: 2020-09-14T11:36:06.000Z (almost 6 years ago)
• Default Branch: master
• Last Pushed: 2020-09-18T12:02:43.000Z (over 5 years ago)
• Last Synced: 2025-01-21T23:41:29.542Z (over 1 year ago)
• Topics: arcus, authorization, role-based-access-control, security
• Language: C#
• Homepage:
• Size: 13.7 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Arcus.Security.Core.Authorization

Example of how the Arcus secret store can be customized to include authorization on provider-level.

```csharp

public class Program

{

    public static void Main(string[] args) =>

        CreateHostBuilder(args).Build().Run();

    public static IHostBuilder CreateHostBuilder(string[] args) =>

        Host.CreateDefaultBuilder(args)

            .ConfigureAppConfiguration((context, config) => 

            {

                config.AddJsonFile("appsettings.json")

                      .AddJsonFile("appsettings.Development.json");

            })

            .ConfigureServices(services => services.AddSingleton(new FixedRoleAuthorization(Role.Writer))

            .ConfigureSecretStore((IConfiguration config, SecretStoreBuilder secretStoreBuilder) =>

            {

#if DEBUG

                secretStoreBuilder.AddConfiguration(config);

#endif

                var keyVaultName = config["KeyVault_Name"];

                secretStoreBuilder.AuthorizedWithin(Role.Writer, builder => 

                    builder.AddAzureKeyVaultWithManagedServiceIdentity($"https://{keyVaultName}.vault.azure.net"));

                    

                secretStoreBuilder.AuthorizedWithin(Role.Admin, builder => builder.AddEnvironmentVariables();

            })

            .ConfigureWebHostDefaults(webBuilder => webBuilder.UseStartup());

}

```