Skip to content

Azure Key Vault References with support for referencing by name, omitting the secret version identifier


Notifications You must be signed in to change notification settings


Folders and files

Last commit message
Last commit date

Latest commit



29 Commits

Repository files navigation


Don't mind this repo, it's no longer relevant since Microsoft now have implemented support for refering to a secret without declaring the version of the secret!


This nuget package gives you an alternative to Azure Key Vault References that provides the following benefits:

  • The one major downside when it comes to key vault references is that you have to know the secretVersion (GUID) of the secret you're referencing. This becomes a problem when the development teams don't have access to the key vaults in the production environment. This nuget package removes the need to include the secret version when referencing a key vault secret. Using this package makes it possible to declare key vault references looking like this: @AzureKeyVault(mysecret,

  • With this package you won't have to repeat the base url of the key vault to be used. All you have to do is to declare the configuration parameter AZURE_KEY_VAULT_URL once, looking something like this:

// appsettings.json

Isn't that nice and clean looking? Having to repeat the key vault url is of course no major problem. But it becomes tidious to manage when having a lot of secrets and the url to the vault changes.


After that you've installed the package using nuget you have to invoke the extension method VikJon.AzureKeyVaultConfigProvider.AddAzureKeyVaultWithNameRefSupport on the ConfigurationBuilder of your .netcore app. This usually looks something like this in Program.cs

using Microsoft.AspNetCore;
using Microsoft.AspNetCore.Hosting;
using VikJon.AzureKeyVaultConfigProvider;

public class Program
    public static void Main(string[] args)

    public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
            .ConfigureAppConfiguration((hostingContext, config) =>
                  .AddJsonFile($"appsettings.json", optional: true, reloadOnChange: true)

Notice! You should not invoke config.AddAzureKeyVault on the ConfigurationBuilder

Now you can start referencing key vault secrets using the following syntax @AzureKeyVault([SECRET_NAME], [KEY_VAULT_URL:optional])

// appsettings.json

You have the option to provide the base url of your key vault instance on every call to @AzureKeyVault(...) or you can add a single configuration parameter named AZURE_KEY_VAULT_URL, containing the base url.


This package takes for granted that you're using Managed Identites to authenticate against the key vault. If that is not the case you need to implement VikJon.AzureKeyVaultConfigProvider.IKeyVaultGateway and provide the extension method AddAzureKeyVaultWithNameRefSupport with an instance of that implementation.


Azure Key Vault References with support for referencing by name, omitting the secret version identifier







No releases published