As good development practice teams should not check-in any secrets/configuration setting like DB connection strings, usernames, passwords. Instead they should be be kept in safe stores like key vault and accessed directly from your application, without much ado/difficulty.
If you need to configure your application with Azure key vault for reading all your application configuration keys / settings, then do the following changes in your application and it would bind the appsettings.config with the keyvault of your settings/configuration.
Here the following settings you need to do in your code :
using Microsoft.AspNetCore.Hosting; using Microsoft.Azure.KeyVault; using Microsoft.Azure.Services.AppAuthentication; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.Configuration.AzureKeyVault; using Microsoft.Extensions.Hosting; namespace Sample.Parag.KeyVaultExample.TestWF { public class Program { public static void Main(string[] args) { CreateHostBuilder(args).Build().Run(); } public static IHostBuilder CreateHostBuilder(string[] args) => Host.CreateDefaultBuilder(args) .ConfigureAppConfiguration(async (builder) => { var builtConfig = builder.Build(); var keyVaultName = builtConfig["KeyVaultName"]; var azureServiceTokenProvider = new AzureServiceTokenProvider(); var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback)); builder.AddAzureKeyVault( $"https://{keyVaultName}.vault.azure.net/", keyVaultClient, new DefaultKeyVaultSecretManager()); }) .ConfigureWebHostDefaults(webBuilder => { webBuilder.UseStartup<Startup>(); }); } }
Here KeyVaultName in buildConfig["KeyVaultName"], is defined in appsettings.json , and it is the name of keyvault name.
like
...
"KeyVaultName": "azureApp-key-vaultName",
...
Next you can start accessing any secret stored in Azure Key Vault like this :
public string GetFooFunc()
{
return this.config["SomeKeyName"];
}
No comments:
Post a Comment