How to use Key Vault reference locally in asp.net (framework) application

Bhavya Shah 25 Reputation points
2023-06-09T07:09:44.6533333+00:00

Key Vault reference works locally for DotNet Core apps (Functions, ASP.NET Core). But can we use Key Vault reference locally in ASP.NET (Framework) applications.

E.g.

In framework app, we read app setting values as follows:

using System.Configuration;

var mySecretValue = ConfigurationManager.AppSettings["myKey"];

In my web.config file the value of this key is a key vault reference:

<appSettings>

<add key="myKey" value="@Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/myKey))"/>

</appSettings>

The above works fine when deployed on Azure App Service. I deploy the App Settings under App Service --> Configuration --> AppSettings. mySecretValue variables gets the value of the secret stored in KV.

But when this is run locally, it just gets the literal string stored in web.config file:

E.g.

Value of mySecretValue is @Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/myKey))

It does not resolve the Key Vault reference.

Please note that I run Visual Studio as "Admin" and the Sign-in account in VS has permissions to the respective KV.

Please note that I cannot use Environment.GetEnvironmentVariable() in this case because it is ASP.NET (Framework) app.

Any pointers are appreciated.

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,336 questions
ASP.NET
ASP.NET
A set of technologies in the .NET Framework for building web applications and XML web services.
3,542 questions
{count} vote

Accepted answer
  1. Lan Huang-MSFT 30,071 Reputation points Microsoft Vendor
    2023-06-09T07:56:50.3933333+00:00

    Hi @Bhavya Shah,

    Have you tried adding Key Vault to your web application using Visual Studio Connected Services.

    You can follow the documentation steps below and follow this tutorial and your Key Vault permissions will be set up to work with your own Azure subscription.

    Add Key Vault to your web application by using Visual Studio Connected Services

    You can also refer to the following documents:

    How to Override Web.config values with Azure KeyVault in .NET Framework 4.7.1

    On-prem ASP.NET Framework web app with Azure Key Vault

    Please note that I cannot use Environment.GetEnvironmentVariable() in this case because it is ASP.NET (Framework) app.

    By the way, the Environment.GetEnvironmentVariable method is also available in the .NET Framework.

    https://learn.microsoft.com/en-us/dotnet/api/system.environment.getenvironmentvariable?view=netframework-4.8

    Best regards,
    Lan Huang


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.