Skip to content

Allows storing configuration values in Azure Key Vault Secrets, using the right Azure credentials based on the current environment.

License

Notifications You must be signed in to change notification settings

gsoft-inc/wl-extensions-configuration-secrets

Repository files navigation

Workleap.Extensions.Configuration.Secrets

nuget build

This package allows storing configuration values in Azure Key Vault Secrets, using the right Azure credentials based on the current environment.

It can also be used to register ITokenCredentialProvider and ISecretClientProvider in IServiceCollection in order to access Azure credentials or a SecretClient instance.

Getting started

dotnet add package Workleap.Extensions.Configuration.Secrets

Example with an ASP.NET Core minimal API:

var builder = WebApplication.CreateBuilder();

// There are three ways to load configuration values from Azure Key Vault:
builder.Configuration.AddKeyVaultSecrets(builder.Environment);
builder.Configuration.AddKeyVaultSecrets(builder.Environment, new Uri("<my-key-vault-url>"));
builder.Configuration.AddKeyVaultSecrets(builder.Environment, "<my-configuration-key>");

// Register ITokenCredentialProvider and ISecretClientProvider services (optional)
builder.Services.AddKeyVaultSecrets();

Using the registered services

ITokenCredentialProvider and its public implementation TokenCredentialProvider provides an instance of TokenCredential based on the current environment:

  • ManagedIdentityCredential on a non-development environment,
  • Chained credentials of AzureCliCredential and ManagedIdentityCredential in development environment, or
  • CachedInteractiveBrowserCredential in development environment only when Fiddler is opened (Fiddler interferes with az login authentication).
var azureCredential = new TokenCredentialProvider(environment).GetTokenCredential(); // or
var azureCredential = services.GetRequiredService<ITokenCredentialProvider>().GetTokenCredential();

ISecretClientProvider and its public implementation SecretClientProvider provides an instance of SecretClient based on the current environment:

var secretClientProvider = new SecretClientProvider(configurationBuilder, environment); // or
var secretClientProvider = new SecretClientProvider(configuration, environment); // or
var secretClientProvider = services.GetRequiredService<ISecretClientProvider>();
var secretClient = secretClientProvider.GetSecretClient(keyVaultKind); // or
var secretClient = secretClientProvider.GetSecretClient(keyVaultUri); // or
var secretClient = secretClientProvider.GetSecretClient(configurationKey);

License

Copyright © 2022, Workleap. This code is licensed under the Apache License, Version 2.0. You may obtain a copy of this license at https://github.com/gsoft-inc/gsoft-license/blob/master/LICENSE.

About

Allows storing configuration values in Azure Key Vault Secrets, using the right Azure credentials based on the current environment.

Resources

License

Security policy

Stars

Watchers

Forks