Added encryption of environment specific appsettings. Upgraded target framework.

mrukas · mrukas · commit b5a6eeb0e314 · 2021-10-24T02:18:18.000+02:00
diff --git a/.gitignore b/.gitignore
@@ -518,3 +518,5 @@ MigrationBackup/
 # Ionide (cross platform F# VS Code tools) working folder
 
 # End of https://www.toptal.com/developers/gitignore/api/visualstudio,csharp
+
+!cert.pfx
diff --git a/ConfigCrypter.Console/ConfigCrypter.Console.csproj b/ConfigCrypter.Console/ConfigCrypter.Console.csproj
@@ -2,7 +2,7 @@
 
 	<PropertyGroup>
 		<OutputType>Exe</OutputType>
-		<TargetFramework>netcoreapp3.0</TargetFramework>
+		<TargetFramework>netcoreapp3.1</TargetFramework>
 		<PackAsTool>true</PackAsTool>
 		<ToolCommandName>config-crypter</ToolCommandName>
 		<PackageOutputPath>./nupkg</PackageOutputPath>
@@ -16,6 +16,7 @@
 		<RepositoryUrl>https://github.com/devattic/ConfigCrypter</RepositoryUrl>
 		<Company>DevAttic</Company>
 		<PackageTags>config appsettings encryption tool netcore</PackageTags>
+		<Version>1.1.0</Version>
 	</PropertyGroup>
 
 	<ItemGroup>
diff --git a/ConfigCrypter/ConfigCrypter.csproj b/ConfigCrypter/ConfigCrypter.csproj
@@ -14,12 +14,15 @@
 		<RepositoryUrl>https://github.com/devattic/ConfigCrypter</RepositoryUrl>
 		<PackageTags>netcore aspnetcore netstandard config appsettings encryption decryption</PackageTags>
 		<PackageLicenseExpression>MIT</PackageLicenseExpression>
+		<AssemblyVersion>1.1.0.0</AssemblyVersion>
+		<Version>1.1.0</Version>
 	</PropertyGroup>
 
 	<ItemGroup>
 		<PackageReference Include="CommandLineParser" Version="2.8.0" />
 		<PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" Version="3.0.0" />
 		<PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="3.0.0" />
+		<PackageReference Include="Microsoft.Extensions.Hosting.Abstractions" Version="3.0.0" />
 		<PackageReference Include="Newtonsoft.Json" Version="12.0.3" />
 	</ItemGroup>
 
diff --git a/ConfigCrypter/ConfigProviders/Json/EncryptedJsonConfigProvider.cs b/ConfigCrypter/ConfigProviders/Json/EncryptedJsonConfigProvider.cs
@@ -29,8 +29,10 @@ public override void Load()
             {
                 foreach (var key in _jsonConfigSource.KeysToDecrypt)
                 {
-                    var encryptedValue = Data[key];
-                    Data[key] = crypter.DecryptString(encryptedValue);
+                    if (Data.TryGetValue(key, out var encryptedValue))
+                    {
+                        Data[key] = crypter.DecryptString(encryptedValue);
+                    }
                 }
             }
         }
diff --git a/ConfigCrypter/Extensions/ConfigurationBuilderExtensions.cs b/ConfigCrypter/Extensions/ConfigurationBuilderExtensions.cs
@@ -1,7 +1,8 @@
-﻿using System;
-using DevAttic.ConfigCrypter.CertificateLoaders;
+﻿using DevAttic.ConfigCrypter.CertificateLoaders;
 using DevAttic.ConfigCrypter.ConfigProviders.Json;
 using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.Hosting;
+using System;
 
 namespace DevAttic.ConfigCrypter.Extensions
 {
@@ -23,11 +24,34 @@ public static IConfigurationBuilder AddEncryptedAppSettings(
             }
 
             var configSource = new EncryptedJsonConfigSource { Path = "appsettings.json" };
-            configAction(configSource);
+            configAction?.Invoke(configSource);
 
-            InitializeCertificateLoader(configSource);
+            return AddEncryptedJsonConfig(builder, configSource);
+        }
+
+        /// <summary>
+        /// Adds a provider to decrypt keys in the appsettings.json and the corresponding environment appsettings files.
+        /// </summary>
+        /// <param name="builder">A ConfigurationBuilder instance.</param>
+        /// <param name="configAction">An action used to configure the configuration source.</param>
+        /// <param name="hostEnvironment">The current host environment. Used to add environment specific appsettings files. (appsettings.Development.json, appsettings.Production.json)</param>
+        /// <returns>The current ConfigurationBuilder instance.</returns>
+        public static IConfigurationBuilder AddEncryptedAppSettings(
+            this IConfigurationBuilder builder, IHostEnvironment hostEnvironment, Action<EncryptedJsonConfigSource> configAction)
+        {
+            if (builder is null)
+            {
+                throw new ArgumentNullException(nameof(builder));
+            }
+
+            var appSettingSource = new EncryptedJsonConfigSource { Path = "appsettings.json" };
+            var environmentSource = new EncryptedJsonConfigSource { Path = $"appsettings.{hostEnvironment.EnvironmentName}.json", Optional = true };
+            configAction?.Invoke(appSettingSource);
+            configAction?.Invoke(environmentSource);
+
+            AddEncryptedJsonConfig(builder, appSettingSource);
+            AddEncryptedJsonConfig(builder, environmentSource);
 
-            builder.Add(configSource);
             return builder;
         }
 
@@ -47,14 +71,28 @@ public static IConfigurationBuilder AddEncryptedJsonConfig(
             }
 
             var configSource = new EncryptedJsonConfigSource();
-            configAction(configSource);
+            configAction?.Invoke(configSource);
 
             InitializeCertificateLoader(configSource);
 
             builder.Add(configSource);
             return builder;
         }
 
+        /// <summary>
+        /// Adds a provider to decrypt keys in the given json config file by using the passed EncryptedJsonConfigSource.
+        /// </summary>
+        /// <param name="builder">A ConfigurationBuilder instance.</param>
+        /// <param name="configSource">The fully configured config source.</param>
+        /// <returns>The current ConfigurationBuilder instance.</returns>
+        public static IConfigurationBuilder AddEncryptedJsonConfig(this IConfigurationBuilder builder, EncryptedJsonConfigSource configSource)
+        {
+            InitializeCertificateLoader(configSource);
+            builder.Add(configSource);
+
+            return builder;
+        }
+
         private static void InitializeCertificateLoader(EncryptedJsonConfigSource config)
         {
             if (!string.IsNullOrEmpty(config.CertificatePath))
diff --git a/Example.WebApp/Example.WebApp.csproj b/Example.WebApp/Example.WebApp.csproj
@@ -8,12 +8,6 @@
     <None Remove="test-certificate.pfx" />
   </ItemGroup>
 
-  <ItemGroup>
-    <Content Include="test-certificate.pfx">
-      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
-    </Content>
-  </ItemGroup>
-
   <ItemGroup>
     <ProjectReference Include="..\ConfigCrypter\ConfigCrypter.csproj" />
   </ItemGroup>
diff --git a/Example.WebApp/Program.cs b/Example.WebApp/Program.cs
@@ -1,6 +1,7 @@
 using System.Collections.Generic;
 using DevAttic.ConfigCrypter.Extensions;
 using Microsoft.AspNetCore.Hosting;
+using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.Hosting;
 
 namespace Example.WebApp
@@ -18,11 +19,11 @@ public static IHostBuilder CreateHostBuilder(string[] args) =>
                 {
                     webBuilder.UseStartup<Startup>();
                 })
-                .ConfigureAppConfiguration(cfg =>
+                .ConfigureAppConfiguration((hostingContext, cfg) =>
                 {
-                    cfg.AddEncryptedAppSettings(crypter =>
+                    cfg.AddEncryptedAppSettings(hostingContext.HostingEnvironment, crypter =>
                     {
-                        crypter.CertificatePath = "test-certificate.pfx";
+                        crypter.CertificatePath = "cert.pfx";
                         crypter.KeysToDecrypt = new List<string> { "Nested:KeyToEncrypt" };
                     });
                 });
diff --git a/Example.WebApp/appsettings.Development.json b/Example.WebApp/appsettings.Development.json
@@ -5,5 +5,8 @@
       "Microsoft": "Warning",
       "Microsoft.Hosting.Lifetime": "Information"
     }
+  },
+  "Nested": {
+    "KeyToEncrypt": "jQ42kYnVFiu2Fpod4jnaHWfDjhFbxqucGLlUi5HqSnNAVDhwwFLAwvoBQVLfwpN1TC8WBwbWynN2Ej7EO2uRA+cNZUCGxFj+LY+YGJnwT8u1a59gG4QDKgUHp53KtU/UoTWNxPiXWCCRoumvZt1vkPVzO9qYlhRCR6UAPMHQc6lu8UdakW8uCU1sitvtLOdiVGvIk3yLOFg3iJ4XfGn+f8Myvu773v9jLM6541x5Jsyv7mFyNklVBnihwsyBg3WzpjYicms2ioxWBsU+nPGZbX8fyzLTBVvEa1WxyAg8M2IbetdREEl5zwwnI0Ak1MR/lhXN9s9eks1paYloKh9lxg=="
   }
-}
+}
diff --git a/Example.WebApp/appsettings.Production.json b/Example.WebApp/appsettings.Production.json
@@ -0,0 +1,5 @@
+{
+  "Nested": {
+    "KeyToEncrypt": "lFd454PZda3cx/d5YUEKw/dt4yy0rN08niRqCIAmVU8vmPufuhkrTF1K4eyZGQAo1H8UsiQxQO+7CvOSEgODznm6hcO4TofOlyMbiBR/1xswZ0QVFtOpN6JWOtdFJcu/ROrV+T0jl/dcfB5JRLFSJvdsJRMPpwOCrkPeKJ9sQftoOt6V3M258lV5bItdwdYfqCUPS7lq1VPeT4i4HM9ZxqlNU3BxAaAm4YkyXIVpTvMwrvUU2QO7/jbASpWdRxBa1l9FHamhYbMcePinjj3v16MjptYyHl84Wc6XZBBXFm11QHTEAOcFmGEsoxrbDEB6ipGsC+xUoy6IwLtmOxpDTw=="
+  }
+}
diff --git a/Example.WebApp/appsettings.json b/Example.WebApp/appsettings.json
@@ -8,6 +8,6 @@
   },
   "AllowedHosts": "*",
   "Nested": {
-    "KeyToEncrypt": "CL5DfNyy8utV5RIFJ90RqTqKu12VoOl4TahozXwBD/0hSF2sJPOx4w9MQotnzV0e5uMI7sFxPzkZxOOaHNb0KaU670Hh0E4jwHjG3e6veF1rC+J7QCCKpS3ywccyCppJjvKZcvIRF1bJDNMEO55MrtSUvdsSg51y4EzopWtkHTyCnRHshbDoaSjdJ7Spfe6oBQ+I/3GUnWdPRdB37D3cR3m803FuKV69ac5xQbEy8hPyYYka0wl6AAbnvrJGWCtoW4pgA7sCS1D2u8KMN6BUPq7K1hsS6GcqJORcZDurmEdge7Ik8G7QMJpasGn3qQI3HlconXVb2XvouIKnsR11VQ=="
+    "KeyToEncrypt": "XPTvTMWCczyrVC3ZcyH3ZC91ueBI1a2FFjrs8pwDC47HRriqdV4tUthERw2WEji3XGQ5rJAy2J0fJz9GRUdxZ8TvSp2LqZi50tns7YkL1HLNVLG+h0BBOzOV9zW4EXZKyNgsjLCsnEQplqpe9dTKcRZLg+ATT17A3C92GP9TO4eoyAPQu5iBt/VVckjM/Cd727yfSBoMlgTx4GeUI+je+aWDSqCdC9m+Cn7wROaK3hp1CVtOsnOqAzwQUKychewMw9VNbzHxBgNaSQ3IqeVFwtL1G2vvE9/+MudXqhTUSRO2Nv7bcva9xPzybdKPUy4u7OIRM8F+WRGieP01nYU79A=="
   }
 }
diff --git a/Example.WebApp/cert.pfx b/Example.WebApp/cert.pfx
diff --git a/cert.pfx b/cert.pfx

Original file line number	Diff line number	Diff line change
`@@ -29,8 +29,10 @@ public override void Load()`
`29`	`29`	`{`
`30`	`30`	`foreach (var key in _jsonConfigSource.KeysToDecrypt)`
`31`	`31`	`{`
`32`		`- var encryptedValue = Data[key];`
`33`		`- Data[key] = crypter.DecryptString(encryptedValue);`
	`32`	`+ if (Data.TryGetValue(key, out var encryptedValue))`
	`33`	`+ {`
	`34`	`+ Data[key] = crypter.DecryptString(encryptedValue);`
	`35`	`+ }`
`34`	`36`	`}`
`35`	`37`	`}`
`36`	`38`	`}`
Original file line number	Diff line number	Diff line change
`@@ -5,5 +5,8 @@`
`5`	`5`	`"Microsoft": "Warning",`
`6`	`6`	`"Microsoft.Hosting.Lifetime": "Information"`
`7`	`7`	`}`
	`8`	`+ },`
	`9`	`+ "Nested": {`
	`10`	`+ "KeyToEncrypt": "jQ42kYnVFiu2Fpod4jnaHWfDjhFbxqucGLlUi5HqSnNAVDhwwFLAwvoBQVLfwpN1TC8WBwbWynN2Ej7EO2uRA+cNZUCGxFj+LY+YGJnwT8u1a59gG4QDKgUHp53KtU/UoTWNxPiXWCCRoumvZt1vkPVzO9qYlhRCR6UAPMHQc6lu8UdakW8uCU1sitvtLOdiVGvIk3yLOFg3iJ4XfGn+f8Myvu773v9jLM6541x5Jsyv7mFyNklVBnihwsyBg3WzpjYicms2ioxWBsU+nPGZbX8fyzLTBVvEa1WxyAg8M2IbetdREEl5zwwnI0Ak1MR/lhXN9s9eks1paYloKh9lxg=="`
`8`	`11`	`}`
`9`		`-}`
	`12`	`+}`
-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +{
 +  "Nested": {
 +    "KeyToEncrypt": "lFd454PZda3cx/d5YUEKw/dt4yy0rN08niRqCIAmVU8vmPufuhkrTF1K4eyZGQAo1H8UsiQxQO+7CvOSEgODznm6hcO4TofOlyMbiBR/1xswZ0QVFtOpN6JWOtdFJcu/ROrV+T0jl/dcfB5JRLFSJvdsJRMPpwOCrkPeKJ9sQftoOt6V3M258lV5bItdwdYfqCUPS7lq1VPeT4i4HM9ZxqlNU3BxAaAm4YkyXIVpTvMwrvUU2QO7/jbASpWdRxBa1l9FHamhYbMcePinjj3v16MjptYyHl84Wc6XZBBXFm11QHTEAOcFmGEsoxrbDEB6ipGsC+xUoy6IwLtmOxpDTw=="
 +  }
 +}
Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,6 @@`
`8`	`8`	`},`
`9`	`9`	`"AllowedHosts": "*",`
`10`	`10`	`"Nested": {`
`11`		`- "KeyToEncrypt": "CL5DfNyy8utV5RIFJ90RqTqKu12VoOl4TahozXwBD/0hSF2sJPOx4w9MQotnzV0e5uMI7sFxPzkZxOOaHNb0KaU670Hh0E4jwHjG3e6veF1rC+J7QCCKpS3ywccyCppJjvKZcvIRF1bJDNMEO55MrtSUvdsSg51y4EzopWtkHTyCnRHshbDoaSjdJ7Spfe6oBQ+I/3GUnWdPRdB37D3cR3m803FuKV69ac5xQbEy8hPyYYka0wl6AAbnvrJGWCtoW4pgA7sCS1D2u8KMN6BUPq7K1hsS6GcqJORcZDurmEdge7Ik8G7QMJpasGn3qQI3HlconXVb2XvouIKnsR11VQ=="`
	`11`	`+ "KeyToEncrypt": "XPTvTMWCczyrVC3ZcyH3ZC91ueBI1a2FFjrs8pwDC47HRriqdV4tUthERw2WEji3XGQ5rJAy2J0fJz9GRUdxZ8TvSp2LqZi50tns7YkL1HLNVLG+h0BBOzOV9zW4EXZKyNgsjLCsnEQplqpe9dTKcRZLg+ATT17A3C92GP9TO4eoyAPQu5iBt/VVckjM/Cd727yfSBoMlgTx4GeUI+je+aWDSqCdC9m+Cn7wROaK3hp1CVtOsnOqAzwQUKychewMw9VNbzHxBgNaSQ3IqeVFwtL1G2vvE9/+MudXqhTUSRO2Nv7bcva9xPzybdKPUy4u7OIRM8F+WRGieP01nYU79A=="`
`12`	`12`	`}`
`13`	`13`	`}`