Skip to content

Implement health checks for Azure Key Vault CertificateClient and KeyClient#15966

Open
Formatted wants to merge 1 commit intomicrosoft:mainfrom
Formatted:add-keyvault-certificates-keys-health-checks
Open

Implement health checks for Azure Key Vault CertificateClient and KeyClient#15966
Formatted wants to merge 1 commit intomicrosoft:mainfrom
Formatted:add-keyvault-certificates-keys-health-checks

Conversation

@Formatted
Copy link
Copy Markdown

@Formatted Formatted commented Apr 8, 2026

Description

CertificateClient and KeyClient registrations had GetHealthCheckEnabled hardcoded to false and CreateHealthCheck throwing NotImplementedException, meaning health checks were silently disabled for these two Key Vault client types regardless of the DisableHealthChecks setting.

This PR adds AzureKeyVaultCertificatesHealthCheck and AzureKeyVaultKeysHealthCheck — lightweight IHealthCheck implementations that use the already-registered SDK clients to enumerate the first page of properties (one read-only API call), verifying vault connectivity. No new NuGet dependencies are introduced since no equivalent split packages exist in AspNetCore.Diagnostics.HealthChecks for Certificates or Keys (only Secrets has one). The conformance test SetHealthCheck overrides for both client types are also enabled.

Fixes # (issue) — N/A, addressing existing NotImplementedException / hardcoded false

Checklist

  • Is this feature complete?
    • Yes. Ready to ship.
  • Are you including unit tests for the changes and scenario tests if relevant?
    • Yes — SetHealthCheck conformance tests enabled for CertificateClientConformanceTests and KeyClientConformanceTests
  • Did you add public API?
    • No
  • Does the change make any security assumptions or guarantees?
    • No
  • Does the change require an update in our Aspire docs?
    • No

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 8, 2026

🚀 Dogfood this PR with:

⚠️ WARNING: Do not do this without first carefully reviewing the code of this PR to satisfy yourself it is safe.

curl -fsSL https://raw.githubusercontent.com/microsoft/aspire/main/eng/scripts/get-aspire-cli-pr.sh | bash -s -- 15966

Or

  • Run remotely in PowerShell:
iex "& { $(irm https://raw.githubusercontent.com/microsoft/aspire/main/eng/scripts/get-aspire-cli-pr.ps1) } 15966"

eerhardt
eerhardt reviewed Apr 8, 2026
View reviewed changes
tests/Aspire.Azure.Security.KeyVault.Tests/CertificateClientConformanceTests.cs
}

protected override void SetHealthCheck(AzureSecurityKeyVaultSettings options, bool enabled)
// Disable Key Vault health check tests until https://github.com/Xabaril/AspNetCore.Diagnostics.HealthChecks/issues/2279 is fixed
Copy link
Copy Markdown
Member

@eerhardt eerhardt Apr 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it would be better if we fixed this issue in Xabaril/AspNetCore.Diagnostics.HealthChecks instead. And then used that library.

Copy link
Copy Markdown
Author

@Formatted Formatted Apr 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

opened PR to add the dedicated packages. Will update this PR to use them once merged and published to NuGet.

@Formatted Formatted mentioned this pull request Apr 8, 2026
Open
6 tasks
@github-actions github-actions bot mentioned this pull request Apr 8, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eerhardt eerhardt eerhardt left review comments

@radical radical Awaiting requested review from radical radical is a code owner

@sebastienros sebastienros Awaiting requested review from sebastienros sebastienros is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Formatted @eerhardt