The AspNetCore.Azure.Configuration.KvCertificate based on idea DotNetCore.Azure.Configuration.KvSecrets which package allows storing configuration values using Azure Key Vault Certificates.
- Allows to load certifcates by list and map them into new names.
- Allows to load certifcates into the configuration section.
Install the package with DotNetCore.Azure.Configuration.KvCertificates:
Version 8.0.x : **supports only Microsoft.AspNetCore.App 8.0
dotnet add package DotNetCore.Azure.Configuration.KvCertificatesYou need an Azure subscription
To load initialize configuration from Azure Key Vault secrets call the AddAzureKeyVault on ConfigurationBuilder:
Program.cs
var builder = WebApplication.CreateBuilder(args);
builder.AddKeyVaultConfigurationProvider(); StartupExt.cs
Used DotNetCore Configuration Templates to inject secrets into Microservice configuration. (Add to project nuget package DotNetCore.Configuration.Formatter.)
public static void AddKeyVaultConfigurationProvider(this WebApplicationBuilder builder)
{
var credential = new DefaultAzureCredential(
new DefaultAzureCredentialOptions()
{
ExcludeSharedTokenCacheCredential = true,
ExcludeVisualStudioCodeCredential = true,
ExcludeVisualStudioCredential = true,
ExcludeInteractiveBrowserCredential = true
});
var optionsCert = builder.Configuration
.GetTypeNameFormatted<AzureKvCertificatesConfigurationOptions>();
// Adds Azure Key Valt configuration provider.
builder.Configuration.AddAzureKeyVaultCertificates(credential, optionsCert);
}appsettings.json
"AzureKvCertificatesConfigurationOptions": {
"ConfigurationSectionPrefix": "certificates",
"VaultUri": "https://mps-Development-microsevices.vault.azure.net/",
"VaultCertificates": [
"Development-jwt-microservices"
]
}
The Azure Identity library provides easy Azure Active Directory support for authentication.
Read more about configuration in ASP.NET Core.
Use DotNetCore Configuration Templates to inject secrets into Microservice configuration.
Add to project nuget package DotNetCore.Azure.Configuration.KvSecrets.
Add to project nuget package DotNetCore.Configuration.Formatter.
DOTNET_RUNNING_IN_CONTAINER=true
ASPNETCORE_ENVIRONMENT=Development
...
host_environmet=datacenter
public class ApplicationConfiguration
{
public bool IsDocker {get; set;}
public string RunLocation {get; set;}
public string AppEnvironment {get; set;}
public string BusConnection {get; set;}
public string DbUser {get; set;}
public string DbPassword {get; set;}
}{
"AzureKvConfigurationOptions": {
"ConfigurationSectionPrefix": "secret",
"VaultUri": "https://secrets128654s235.vault.azure.net/",
"VaultSecrets": [
"service-bus-Development-connection",
"sql-Development-password",
"sql-Development-user",
"service-bus-Production-connection",
"sql-Production-password",
"sql-Production-user" ]
},
"AzureKvCertificatesConfigurationOptions": {
"ConfigurationSectionPrefix": "certificates",
"VaultUri": "https://mps-Development-microsevices.vault.azure.net/",
"VaultCertificates": [
"Development-jwt-microservices"
]
}
ApplicationConfiguration:{
"IsDocker": "{DOTNET_RUNNING_IN_CONTAINER??false}",
"RunLocation":"{host_environmet??local}",
"AppEnvironment":"{ENVIRONMENT}",
"BusConnection":"{secret:service-bus-{ENVIRONMENT}-connection}",
"DbPassword":"{secret:sql-{ENVIRONMENT}-password}",
"DbUser":"{secret:sql-{ENVIRONMENT}-user}",
"JwtCertificate": "{certificates:{ENVIRONMENT}-jwt-microservices}"
}
} var applicationConfig = Configuration.UseFormater()
.GetSection(nameof(ApplicationConfiguration))
.Get<ApplicationConfiguration>();public class ApplicationConfiguration
{
public bool IsDocker {get; set;}
public string RunLocation {get; set;}
public string AppEnvironment {get; set;}
public string BusConnection {get; set;}
public string DbUser {get; set;}
public string DbPassword {get; set;}
public KvCertificateConfigContainer JwtCertificate { get; set; }
}Program.cs
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.ConfigureAppConfiguration(Startup.AddKvCertificatesConfigurations);
webBuilder.UseStartup<Startup>();
});Startup.cs
public static void AddKvCertificatesConfigurations(WebHostBuilderContext hostingContext, IConfigurationBuilder configurationBuilder)
{
var configBuilder = new ConfigurationBuilder().AddInMemoryCollection();
IHostEnvironment env = hostingContext.HostingEnvironment;
configBuilder.AddJsonFile("appsettings.json", optional: true, reloadOnChange: false)
.AddJsonFile($"appsettings.{env.EnvironmentName}.json", optional: true, reloadOnChange: false);
configBuilder.AddEnvironmentVariables();
var config = configBuilder.Build();
var options = configuration.GetSection(nameof(AzureKvCertificatesConfigurationOptions))
.Get<AzureKvCertificatesConfigurationOptions>();
var credential = new DefaultAzureCredential(
new DefaultAzureCredentialOptions()
{
ExcludeSharedTokenCacheCredential = true,
ExcludeVisualStudioCodeCredential = true,
ExcludeVisualStudioCredential = true,
ExcludeInteractiveBrowserCredential = true
});
// Adds Azure Key Valt configuration provider.
configurationBuilder.AddAzureKeyVaultCertificates(credential, options);
var optionsSecrets = configuration.GetSection(nameof(AzureKvConfigurationOptions))
.Get<AzureKvConfigurationOptions>();
// Adds Azure Key Valt configuration provider.
configurationBuilder.AddAzureKeyVault(credential, options);
or with shorthand
var applicationConfig = Configuration.GetTypeNameFormatted<ApplicationConfiguration>();