Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Issues with VersionTag in AzureKeyVaultConfigBuilder #20
When specifying the version identifier, config builder replaces only the specific secret value and does not replace other secrets from Key Vault.
Further technical details
At the moment the version tag is specified along with the setting up of AzureKeyVault ConfigBuilder
In Key Vault the Version is specific to an object (Key, Secret or Certificate). So when you have multiple Secrets and create multiple versions for each of them, each gets a different version identifier. So specifying the version tag at the config builder level does not make sense. It should be part of specifying the key under appSettings/connectionStrings.
The issue needs some discussion on how and where the version needs to be specified. Happy to discuss further.
I can think of some options here
<add key="VersionedSecret/bc55d5cf01ba4567af470d4626bc6377" value="dummy2" />
Passing in version identifier like this does work when preload is set to false because the keys dictionary does not get pre-populated which makes individual key requests to go through and the URL formed is similar to the one as if we passed name and version separately.
<add key="VersionedSecret" value="version:bc55d5cf01ba4567af470d4626bc6377" />
If we can come up with some version identifier ('version:') to be used along with the identifier and specify that as part of the value. But at present, the GetValue calls only get the key and not the value. Not sure if it will be possible/make sense to pass in the value as well to the abstract methods.
I might be missing out on some things here though, so happy to discuss this further :)
@StephenMolloy It would be related to how we fix #27 as well. Looks like that might need a way where we have VaultName/Uri as part of the configuration and the VaultConfigurationBuilder can read the default values. Is that a much larger change to make the config value also to be passed in along with the key? (TBH I have not looked into the code where that happens, Will look it up some time this week assuming that is part of this same repository)