Update to Encryption sample

Azure · Feb 23, 2022 · d241c31 · d241c31
1 parent 96295ee
commit d241c31
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 9 deletions.
diff --git a/Microsoft.Azure.Cosmos.Samples/Usage/Encryption/Encryption.csproj b/Microsoft.Azure.Cosmos.Samples/Usage/Encryption/Encryption.csproj
@@ -9,7 +9,8 @@
   </PropertyGroup>
   <ItemGroup>
     <PackageReference Include="Azure.Identity" Version="1.5.0" />
-    <PackageReference Include="Microsoft.Azure.Cosmos.Encryption" Version="1.0.0-previewV19" />
+	<PackageReference Include="Azure.Security.KeyVault.Keys" Version="4.2.0" />
+    <PackageReference Include="Microsoft.Azure.Cosmos.Encryption" Version="1.0.0-previewV20" />
     <PackageReference Include="Microsoft.Extensions.Configuration" Version="2.2.0" />
     <PackageReference Include="Microsoft.Extensions.Configuration.FileExtensions" Version="2.2.0" />
     <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="2.2.0" />

diff --git a/Microsoft.Azure.Cosmos.Samples/Usage/Encryption/Program.cs b/Microsoft.Azure.Cosmos.Samples/Usage/Encryption/Program.cs
@@ -4,7 +4,9 @@
     using System.Security.Cryptography.X509Certificates;
     using System.Threading.Tasks;
     using Azure.Core;
+    using Azure.Core.Cryptography;
     using Azure.Identity;
+    using Azure.Security.KeyVault.Keys.Cryptography;
     using Cosmos.Samples.Shared;
     using Microsoft.Azure.Cosmos;
     using Microsoft.Azure.Cosmos.Encryption;
@@ -54,11 +56,11 @@ public static async Task Main(string[] _)
 
                 // Get the Token Credential that is capable of providing an OAuth Token.
                 TokenCredential tokenCredential = GetTokenCredential(configuration);
-                AzureKeyVaultKeyWrapProvider azureKeyVaultKeyWrapProvider = new AzureKeyVaultKeyWrapProvider(tokenCredential);
+                KeyResolver keyResolver = new KeyResolver(tokenCredential);
 
-                Program.client = Program.CreateClientInstance(configuration, azureKeyVaultKeyWrapProvider);
+                Program.client = Program.CreateClientInstance(configuration, keyResolver);
 
-                await Program.AdminSetupAsync(client, azureKeyVaultKeyWrapProvider);
+                await Program.AdminSetupAsync(client);
                 await Program.RunDemoAsync();
             }
             catch (CosmosException cre)
@@ -79,7 +81,7 @@ public static async Task Main(string[] _)
         }
         // </Main>
 
-        private static CosmosClient CreateClientInstance(IConfigurationRoot configuration, AzureKeyVaultKeyWrapProvider azureKeyVaultKeyWrapProvider)
+        private static CosmosClient CreateClientInstance(IConfigurationRoot configuration, IKeyEncryptionKeyResolver keyResolver)
         {
             string endpoint = configuration["EndPointUrl"];
             if (string.IsNullOrEmpty(endpoint))
@@ -96,7 +98,7 @@ private static CosmosClient CreateClientInstance(IConfigurationRoot configuratio
             CosmosClient encryptionCosmosClient = new CosmosClient(endpoint, authKey);
 
             // enable encryption support on the cosmos client.
-            return encryptionCosmosClient.WithEncryption(azureKeyVaultKeyWrapProvider);
+            return encryptionCosmosClient.WithEncryption(keyResolver, KeyEncryptionKeyResolverId.AzureKeyVault);
         }
 
         private static X509Certificate2 GetCertificate(string clientCertThumbprint)
@@ -146,7 +148,7 @@ private static TokenCredential GetTokenCredential(IConfigurationRoot configurati
         /// Administrative operations - create the database, container, and generate the necessary client encryption keys.
         /// These are initializations and are expected to be invoked only once - do not invoke these before every item request.
         /// </summary>
-        private static async Task AdminSetupAsync(CosmosClient client, AzureKeyVaultKeyWrapProvider azureKeyVaultKeyWrapProvider)
+        private static async Task AdminSetupAsync(CosmosClient client)
         {
             Database database = await client.CreateDatabaseIfNotExistsAsync(Program.encryptedDatabaseId);
 
@@ -161,12 +163,12 @@ private static async Task AdminSetupAsync(CosmosClient client, AzureKeyVaultKeyW
             await database.CreateClientEncryptionKeyAsync(
                     "key1",
                     DataEncryptionKeyAlgorithm.AeadAes256CbcHmacSha256,
-                    new EncryptionKeyWrapMetadata(azureKeyVaultKeyWrapProvider.ProviderName, "akvMasterKey", MasterKeyUrl));
+                    new EncryptionKeyWrapMetadata(KeyEncryptionKeyResolverId.AzureKeyVault, "akvMasterKey", MasterKeyUrl));
 
             await database.CreateClientEncryptionKeyAsync(
                     "key2",
                     DataEncryptionKeyAlgorithm.AeadAes256CbcHmacSha256,
-                    new EncryptionKeyWrapMetadata(azureKeyVaultKeyWrapProvider.ProviderName, "akvMasterKey", MasterKeyUrl));
+                    new EncryptionKeyWrapMetadata(KeyEncryptionKeyResolverId.AzureKeyVault, "akvMasterKey", MasterKeyUrl));
 
             // Configure the required Paths to be Encrypted with appropriate settings.
             ClientEncryptionIncludedPath path1 = new ClientEncryptionIncludedPath()