Fix for Key Vault reading in AzureAppConfigurationBuilder (#230)

src/Azure/AzureKeyVaultConfigBuilder.cs

@@ -166,9 +166,9 @@ public override string GetValue(string key)
         protected virtual TokenCredential GetCredential() => new DefaultAzureCredential();
 
         /// <summary>
-        /// Gets a <see cref="SecretClientOptions"/> to initialize the Key Vault SecretClient with. This defaults to a new <see cref="SecretClientOptions"/>.
+        /// Gets a <see cref="SecretClientOptions"/> to initialize the Key Vault <see cref="SecretClient"/> with. This defaults to a new <see cref="SecretClientOptions"/>.
         /// </summary>
-        /// <returns>A token credential.</returns>
+        /// <returns>SecretClientOptions instance.</returns>
         protected virtual SecretClientOptions GetSecretClientOptions() => new SecretClientOptions();
 
 

src/AzureAppConfig/AzureAppConfigurationBuilder.cs

@@ -221,15 +221,22 @@ public override string GetValue(string key)
         }
 
         /// <summary>
-        /// Gets a <see cref="TokenCredential"/> to authenticate with App Configuration. This defaults to <see cref="DefaultAzureCredential"/>.
+        /// Gets a <see cref="TokenCredential"/> to authenticate with App Configuration including Key-Value references to Azure Key Vault. This defaults to <see cref="DefaultAzureCredential"/>.
         /// </summary>
         /// <returns>A token credential.</returns>
         protected virtual TokenCredential GetCredential() => new DefaultAzureCredential();
 
         /// <summary>
-        /// Gets a <see cref="ConfigurationClientOptions"/> to initialize the Key Vault SecretClient with. This defaults to a new <see cref="ConfigurationClientOptions"/>.
+        /// Gets a <see cref="SecretClientOptions"/> to initialize the Key Vault <see cref="SecretClient"/> with. This defaults to a new <see cref="SecretClientOptions"/>.
         /// </summary>
-        /// <returns>A token credential.</returns>
+        /// <returns>A <see cref="SecretClientOptions"/> instance.</returns>
+        /// <remarks>The <see cref="SecretClient"/> is used here to read Azure App Configuration key-value references to Azure Key Vault.</remarks>
+        protected virtual SecretClientOptions GetSecretClientOptions() => new SecretClientOptions();
+
+        /// <summary>
+        /// Gets a <see cref="ConfigurationClientOptions"/> to initialize <see cref="ConfigurationClient"/> with. This defaults to a new <see cref="ConfigurationClientOptions"/>.
+        /// </summary>
+        /// <returns>A <see cref="ConfigurationClientOptions"/> instance.</returns>
         protected virtual ConfigurationClientOptions GetConfigurationClientOptions() => new ConfigurationClientOptions();
 
         private async Task<string> GetValueAsync(string key)
@@ -384,7 +391,7 @@ private async Task<string> GetKeyVaultValue(SecretReferenceConfigurationSetting
 
         private SecretClient GetSecretClient(KeyVaultSecretIdentifier identifier)
         {
-            return _kvClientCache.GetOrAdd(identifier.VaultUri, uri => new SecretClient(identifier.VaultUri, new DefaultAzureCredential()));
+            return _kvClientCache.GetOrAdd(identifier.VaultUri, uri => new SecretClient(identifier.VaultUri, GetCredential(), GetSecretClientOptions()));
         }
     }
 }