The DotNetCore.Azure.Configuration.KvSecrets based on Azure.Extensions.AspNetCore.Configuration.Secrets.
- Allows storing configuration values using Azure Key Vault Secrets.
- Allows to load secrets by list and map them into new names.
- Allows to load secrets into the configuration section.
Install the package with DotNetCore.Azure.Configuration.KvSecrets:
Version 8.x.x : supports only .NET 8.0
Version 7.x.x : supports only .NET 7.0
Version 6.x.x : supports only .NET 6.0
Version 5.x.x : supports only Microsoft.AspNetCore.App 5.0-*
Version 3.1.x : supports only Microsoft.AspNetCore.App 3.1.0-*
dotnet add package DotNetCore.Azure.Configuration.KvSecretsYou need an Azure subscription and [Azure Key Vault][keyvault_doc] to use this package.
To create a new Key Vault, you can use the Azure Portal, Azure PowerShell, or the Azure CLI. Here's an example using the Azure CLI:
az keyvault create --name MyVault --resource-group MyResourceGroup --location westus
az keyvault secret set --vault-name MyVault --name MySecret --value "hVFkk965BuUv"Can be used in conjunction with DotNetCore Azure Configuration KeyVault Certificates.
Add configuration provider with WebHostBuiler initialization.
Program.cs
var builder = WebApplication.CreateBuilder(args);
builder.AddKeyVaultConfigurationProvider(); StartupExt.cs
Used DotNetCore Configuration Templates to inject secrets into Microservice configuration. (Add to project nuget package DotNetCore.Configuration.Formatter.)
public static void AddKeyVaultConfigurationProvider(this WebApplicationBuilder builder)
{
var credential = new DefaultAzureCredential(
new DefaultAzureCredentialOptions()
{
ExcludeSharedTokenCacheCredential = true,
ExcludeVisualStudioCodeCredential = true,
ExcludeVisualStudioCredential = true,
ExcludeInteractiveBrowserCredential = true
});
var optionsKv = builder.Configuration
.GetTypeNameFormatted<AzureKvConfigurationOptions>();
// Adds Azure Key Valt configuration provider.
builder.Configuration.AddAzureKeyVault(credential, optionsKv);
}appsettings.json
"AzureKvConfigurationOptions": {
"ConfigurationSectionPrefix": "secret",
"VaultUri": "https://secrets128654s235.vault.azure.net/",
"VaultSecrets": [
"service-bus-Developement-connection",
"sql-Developement-password",
"sql-Developement-user"
"service-bus-Production-connection",
"sql-Production-password",
"sql-Production-user" ]
}The Azure Identity library provides easy Azure Active Directory support for authentication.
Read more about configuration in ASP.NET Core.
Use DotNetCore Configuration Templates to inject secrets into Microservice configuration.
Add to project nuget package DotNetCore.Configuration.Formatter.
DOTNET_RUNNING_IN_CONTAINER=true
ASPNETCORE_ENVIRONMENT=Development
...
host_environmet=datacenter
public class ApplicationConfiguration
{
public bool IsDocker {get; set;}
public string RunLocation {get; set;}
public string AppEnvironment {get; set;}
public string BusConnection {get; set;}
public string DbUser {get; set;}
public string DbPassword {get; set;}
}{
"AzureKvConfigurationOptions": {
"ConfigurationSectionPrefix": "secret",
"VaultUri": "https://secrets128654s235.vault.azure.net/",
"VaultSecrets": [
"service-bus-Development-connection",
"sql-Development-password",
"sql-Development-user",
"service-bus-Production-connection",
"sql-Production-password",
"sql-Production-user" ]
}
ApplicationConfiguration:{
"IsDocker": "{DOTNET_RUNNING_IN_CONTAINER??false}",
"RunLocation":"{host_environmet??local}",
"AppEnvironment":"{ENVIRONMENT}",
"BusConnection":"{secret:service-bus-{ENVIRONMENT}-connection}",
"DbPassword":"{secret:sql-{ENVIRONMENT}-password}",
"DbUser":"{secret:sql-{ENVIRONMENT}-user}"
}
} var applicationConfig = Configuration.UseFormater()
.GetSection(nameof(ApplicationConfiguration))
.Get<ApplicationConfiguration>();or with shorthand
var applicationConfig = Configuration.GetTypeNameFormatted<ApplicationConfiguration>();