Azure Key Vault Secrets configuration provider for Microsoft.Extensions.Configuration
The Azure.Extensions.AspNetCore.Configuration.Secrets
package allows storing configuration values using Azure Key Vault Secrets.
Getting started
Install the package
Install the package with NuGet:
dotnet add package Azure.Extensions.AspNetCore.Configuration.Secrets
Prerequisites
You need an Azure subscription and Azure Key Vault to use this package.
To create a new Key Vault, you can use the Azure Portal, Azure PowerShell, or the Azure CLI. Here's an example using the Azure CLI:
az keyvault create --name MyVault --resource-group MyResourceGroup --location westus
az keyvault secret set --vault-name MyVault --name MySecret --value "hVFkk965BuUv"
Azure role-based access control
When using azure role-based access control, the identity you are authenticating has to have the "Key Vault Reader" and "Key Vault Secrets User" roles. The "Key Vault Reader" role allows the extension to list secrets while the "Key Vault Secrets User" allows retrieving their values.
az role assignment create --role "Key Vault Reader" --assignee {i.e user@microsoft.com} --scope /subscriptions/{subscriptionid}/resourcegroups/{resource-group-name}
az role assignment create --role "Key Vault Secrets User" --assignee {i.e user@microsoft.com} --scope /subscriptions/{subscriptionid}/resourcegroups/{resource-group-name}
Key concepts
Thread safety
We guarantee that all client instance methods are thread-safe and independent of each other (guideline). This ensures that the recommendation of reusing client instances is always safe, even across threads.
Additional concepts
Client options | Accessing the response | Long-running operations | Handling failures | Diagnostics | Mocking | Client lifetime
Examples
To load initialize configuration from Azure Key Vault secrets call the AddAzureKeyVault
on ConfigurationBuilder
:
ConfigurationBuilder builder = new ConfigurationBuilder();
builder.AddAzureKeyVault(new Uri("<Vault URI>"), new DefaultAzureCredential());
IConfiguration configuration = builder.Build();
Console.WriteLine(configuration["MySecret"]);
The Azure Identity library provides easy Azure Active Directory support for authentication.
Next steps
Read more about configuration in ASP.NET Core.
Contributing
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit cla.microsoft.com.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.