This package allows storing configuration values in Azure Key Vault Secrets, using the right Azure credentials based on the current environment.
It can also be used to register ITokenCredentialProvider
and ISecretClientProvider
in IServiceCollection
in order to access Azure credentials or a SecretClient
instance.
dotnet add package Workleap.Extensions.Configuration.Secrets
Example with an ASP.NET Core minimal API:
var builder = WebApplication.CreateBuilder();
// There are three ways to load configuration values from Azure Key Vault:
builder.Configuration.AddKeyVaultSecrets(builder.Environment);
builder.Configuration.AddKeyVaultSecrets(builder.Environment, new Uri("<my-key-vault-url>"));
builder.Configuration.AddKeyVaultSecrets(builder.Environment, "<my-configuration-key>");
// Register ITokenCredentialProvider and ISecretClientProvider services (optional)
builder.Services.AddKeyVaultSecrets();
ITokenCredentialProvider
and its public implementation TokenCredentialProvider
provides an instance of TokenCredential
based on the current environment:
ManagedIdentityCredential
on a non-development environment,- Chained credentials of
AzureCliCredential
andManagedIdentityCredential
in development environment, or CachedInteractiveBrowserCredential
in development environment only when Fiddler is opened (Fiddler interferes withaz login
authentication).
var azureCredential = new TokenCredentialProvider(environment).GetTokenCredential(); // or
var azureCredential = services.GetRequiredService<ITokenCredentialProvider>().GetTokenCredential();
ISecretClientProvider
and its public implementation SecretClientProvider
provides an instance of SecretClient
based on the current environment:
var secretClientProvider = new SecretClientProvider(configurationBuilder, environment); // or
var secretClientProvider = new SecretClientProvider(configuration, environment); // or
var secretClientProvider = services.GetRequiredService<ISecretClientProvider>();
var secretClient = secretClientProvider.GetSecretClient(keyVaultKind); // or
var secretClient = secretClientProvider.GetSecretClient(keyVaultUri); // or
var secretClient = secretClientProvider.GetSecretClient(configurationKey);
Copyright © 2022, Workleap. This code is licensed under the Apache License, Version 2.0. You may obtain a copy of this license at https://github.com/gsoft-inc/gsoft-license/blob/master/LICENSE.