docs: mention arcus secret store (#85)

stijnmoreels · web-flow · commit 5ba1736f849d · 2021-10-14T12:12:59.000+02:00
* docs: mention arcus secret store

* pr-add: update also v0.3 feature docs
diff --git a/docs/preview/02-Features/02-Security/auto-invalidate-secrets.md b/docs/preview/02-Features/02-Security/auto-invalidate-secrets.md
@@ -25,6 +25,40 @@ To make this automation opperational, following Azure Resources has to be used:
 
 ## Usage
 
+Make sure that you have registered the [Arcus secret store](https://security.arcus-azure.net/features/secret-store/) so an `ISecretProvider`/`ICachedSecretProvider` is available to auto invalidate.
+This is usually done in the `Program.cs`. See our [dedicated documentation](https://security.arcus-azure.net/features/secret-store/) for more information on the secret store.
+
+```csharp
+using Microsoft.Extensions.Hosting;
+
+public class Program
+{
+    public static void Main(string[] args)
+        {
+            CreateHostBuilder(args).Build().Run();
+        }
+
+        public static IHostBuilder CreateHostBuilder(string[] args) =>
+            Host.CreateDefaultBuilder(args)
+                .ConfigureAppConfiguration((context, config) => 
+                {
+                    config.AddJsonFile("appsettings.json")
+                          .AddJsonFile("appsettings.Development.json");
+                })
+                .ConfigureSecretStore((context, config, builder) =>
+                {
+#if DEBUG
+                    builder.AddConfiguration(config);
+#endif
+                    var keyVaultName = config["KeyVault_Name"];
+                    builder.AddEnvironmentVariables()
+                           .AddAzureKeyVaultWithManagedServiceIdentity($"https://{keyVaultName}.vault.azure.net");
+                })
+                .ConfigureWebHostDefaults(webBuilder => webBuilder.UseStartup<Startup>());
+    }
+}
+```
+
 Our background job has to be configured in `ConfigureServices` method:
 
 ```csharp
@@ -36,19 +70,13 @@ public class Startup
 {
     public void ConfigureServices(IServiceCollection services)
     {
-        // An 'ISecretProvider' implementation (see: https://security.arcus-azure.net/) to access the Azure Service Bus Topic resource;
-        //     this will get the 'serviceBusTopicConnectionStringSecretKey' string (configured below) and has to retrieve the connection string for the topic.
-        services.AddSingleton<ISecretProvider>(serviceProvider => ...);
-
-        // An `ICachedSecretProvider` implementation which secret keys will automatically be invalidated.
-        services.AddSingleton<ICachedSecretProvider>(serviceProvider => new CachedSecretProvider(mySecretProvider));
-
         services.AddAutoInvalidateKeyVaultSecretBackgroundJob(
             // Prefix of the Azure Service Bus Topic subscription;
             //    this allows the background jobs to support applications that are running multiple instances, processing the same type of events, without conflicting subscription names.
             subscriptionNamePrefix: "MyPrefix"
 
             // Connection string secret key to a Azure Service Bus Topic.
+            // Make sure that this key is available in the Arcus secret store.
             serviceBusTopicConnectionStringSecretKey: "MySecretKeyToServiceBusTopicConnectionString");
     }
 }
diff --git a/docs/preview/02-Features/03-Databricks/job-metrics.md b/docs/preview/02-Features/03-Databricks/job-metrics.md
@@ -19,6 +19,40 @@ PM > Install-Package Arcus.BackgroundJobs.Databricks
 
 ## Usage
 
+Make sure that you have registered the [Arcus secret store](https://security.arcus-azure.net/features/secret-store/) so an `ISecretProvider` is available to retrieve the connection token for the Databricks instance.
+This is usually done in the `Program.cs`. See our [dedicated documentation](https://security.arcus-azure.net/features/secret-store/) for more information on the secret store.
+
+```csharp
+using Microsoft.Extensions.Hosting;
+
+public class Program
+{
+    public static void Main(string[] args)
+    {
+        CreateHostBuilder(args).Build().Run();
+    }
+
+    public static IHostBuilder CreateHostBuilder(string[] args) =>
+        Host.CreateDefaultBuilder(args)
+            .ConfigureAppConfiguration((context, config) => 
+            {
+                config.AddJsonFile("appsettings.json")
+                      .AddJsonFile("appsettings.Development.json");
+            })
+            .ConfigureSecretStore((context, config, builder) =>
+            {
+#if DEBUG
+                    builder.AddConfiguration(config);
+#endif
+                    var keyVaultName = config["KeyVault_Name"];
+                    builder.AddEnvironmentVariables()
+                           .AddAzureKeyVaultWithManagedServiceIdentity($"https://{keyVaultName}.vault.azure.net");
+            })
+            .ConfigureWebHostDefaults(webBuilder => webBuilder.UseStartup<Startup>());
+    }
+}
+```
+
 Our background job has to be configured in `ConfigureServices` method:
 
 ```csharp
@@ -29,20 +63,18 @@ public class Startup
 {
     public void ConfigureServices(IServiceCollection services)
     {
-        // An 'ISecretProvider' implementation (see: https://security.arcus-azure.net/) to access the Azure Service Bus Topic resource;
-        //     this will get the 'tokenSecretKey' string (configured below) and has to retrieve the connection token for the Databricks instance.
-        services.AddSingleton<ISecretProvider>(serviceProvider => ...);
-
         // Simplest registration of the scheduler job:
         services.AddDatabricksJobMetricsJob(
             baseUrl: "https://url.to.databricks.instance/"
             // Token secret key to connect to the Databricks token.
+            // Make sure that this key is available in the Arcus secret store.
             tokenSecretKey: "Databricks.Token");
 
         // Customized registration of the scheduler job:
         services.AddDatabricksJobMetricsJob(
             baseUrl: "https://url.to.databricks.instance/"
             // Token secret key to connect to the Databricks token.
+            // Make sure that this key is available in the Arcus secret store.
             tokenSecretKey: "Databricks.Token",
             options =>
             {
diff --git a/docs/versioned_docs/version-v0.3/02-Features/02-Security/auto-invalidate-secrets.md b/docs/versioned_docs/version-v0.3/02-Features/02-Security/auto-invalidate-secrets.md
@@ -25,6 +25,40 @@ To make this automation opperational, following Azure Resources has to be used:
 
 ## Usage
 
+Make sure that you have registered the [Arcus secret store](https://security.arcus-azure.net/features/secret-store/) so an `ISecretProvider`/`ICachedSecretProvider` is available to auto invalidate.
+This is usually done in the `Program.cs`. See our [dedicated documentation](https://security.arcus-azure.net/features/secret-store/) for more information on the secret store.
+
+```csharp
+using Microsoft.Extensions.Hosting;
+
+public class Program
+{
+    public static void Main(string[] args)
+        {
+            CreateHostBuilder(args).Build().Run();
+        }
+
+        public static IHostBuilder CreateHostBuilder(string[] args) =>
+            Host.CreateDefaultBuilder(args)
+                .ConfigureAppConfiguration((context, config) => 
+                {
+                    config.AddJsonFile("appsettings.json")
+                          .AddJsonFile("appsettings.Development.json");
+                })
+                .ConfigureSecretStore((context, config, builder) =>
+                {
+#if DEBUG
+                    builder.AddConfiguration(config);
+#endif
+                    var keyVaultName = config["KeyVault_Name"];
+                    builder.AddEnvironmentVariables()
+                           .AddAzureKeyVaultWithManagedServiceIdentity($"https://{keyVaultName}.vault.azure.net");
+                })
+                .ConfigureWebHostDefaults(webBuilder => webBuilder.UseStartup<Startup>());
+    }
+}
+```
+
 Our background job has to be configured in `ConfigureServices` method:
 
 ```csharp
@@ -36,19 +70,13 @@ public class Startup
 {
     public void ConfigureServices(IServiceCollection services)
     {
-        // An 'ISecretProvider' implementation (see: https://security.arcus-azure.net/) to access the Azure Service Bus Topic resource;
-        //     this will get the 'serviceBusTopicConnectionStringSecretKey' string (configured below) and has to retrieve the connection string for the topic.
-        services.AddSingleton<ISecretProvider>(serviceProvider => ...);
-
-        // An `ICachedSecretProvider` implementation which secret keys will automatically be invalidated.
-        services.AddSingleton<ICachedSecretProvider>(serviceProvider => new CachedSecretProvider(mySecretProvider));
-
         services.AddAutoInvalidateKeyVaultSecretBackgroundJob(
             // Prefix of the Azure Service Bus Topic subscription;
             //    this allows the background jobs to support applications that are running multiple instances, processing the same type of events, without conflicting subscription names.
             subscriptionNamePrefix: "MyPrefix"
 
             // Connection string secret key to a Azure Service Bus Topic.
+            // Make sure that this key is available in the Arcus secret store.
             serviceBusTopicConnectionStringSecretKey: "MySecretKeyToServiceBusTopicConnectionString");
     }
 }
diff --git a/docs/versioned_docs/version-v0.3/02-Features/03-Databricks/job-metrics.md b/docs/versioned_docs/version-v0.3/02-Features/03-Databricks/job-metrics.md
@@ -19,6 +19,40 @@ PM > Install-Package Arcus.BackgroundJobs.Databricks -Version 0.3.0
 
 ## Usage
 
+Make sure that you have registered the [Arcus secret store](https://security.arcus-azure.net/features/secret-store/) so an `ISecretProvider` is available to retrieve the connection token for the Databricks instance.
+This is usually done in the `Program.cs`. See our [dedicated documentation](https://security.arcus-azure.net/features/secret-store/) for more information on the secret store.
+
+```csharp
+using Microsoft.Extensions.Hosting;
+
+public class Program
+{
+    public static void Main(string[] args)
+    {
+        CreateHostBuilder(args).Build().Run();
+    }
+
+    public static IHostBuilder CreateHostBuilder(string[] args) =>
+        Host.CreateDefaultBuilder(args)
+            .ConfigureAppConfiguration((context, config) => 
+            {
+                config.AddJsonFile("appsettings.json")
+                      .AddJsonFile("appsettings.Development.json");
+            })
+            .ConfigureSecretStore((context, config, builder) =>
+            {
+#if DEBUG
+                    builder.AddConfiguration(config);
+#endif
+                    var keyVaultName = config["KeyVault_Name"];
+                    builder.AddEnvironmentVariables()
+                           .AddAzureKeyVaultWithManagedServiceIdentity($"https://{keyVaultName}.vault.azure.net");
+            })
+            .ConfigureWebHostDefaults(webBuilder => webBuilder.UseStartup<Startup>());
+    }
+}
+```
+
 Our background job has to be configured in `ConfigureServices` method:
 
 ```csharp
@@ -29,20 +63,18 @@ public class Startup
 {
     public void ConfigureServices(IServiceCollection services)
     {
-        // An 'ISecretProvider' implementation (see: https://security.arcus-azure.net/) to access the Azure Service Bus Topic resource;
-        //     this will get the 'tokenSecretKey' string (configured below) and has to retrieve the connection token for the Databricks instance.
-        services.AddSingleton<ISecretProvider>(serviceProvider => ...);
-
         // Simplest registration of the scheduler job:
         services.AddDatabricksJobMetricsJob(
             baseUrl: "https://url.to.databricks.instance/"
             // Token secret key to connect to the Databricks token.
+            // Make sure that this key is available in the Arcus secret store.
             tokenSecretKey: "Databricks.Token");
 
         // Customized registration of the scheduler job:
         services.AddDatabricksJobMetricsJob(
             baseUrl: "https://url.to.databricks.instance/"
             // Token secret key to connect to the Databricks token.
+            // Make sure that this key is available in the Arcus secret store.
             tokenSecretKey: "Databricks.Token",
             options =>
             {
