Consuming Secrets

Consuming secrets

Every provider implements ISecretProvider which makes it easy to use a consistent flow, regardless of the provider.

You can easily retrieve secrets as following:

var secret = await secretProvider.GetSecretAsync("EventGrid-AuthKey");

Caching Secrets

Some secret providers recommend to cache secrets for a while to avoid hitting the service limitations.

We provide a CachedSecretProvider which allows them to be cached in memory for a certain amount of time.

var cachedSecretProvider = new CachedSecretProvider(secretProvider);
var secret = await cachedSecretProvider.GetSecretAsync("EventGrid-AuthKey");

If you prefer a more fluent approach you can also use our WithCaching extension.

var cachedSecretProvider = new KeyVaultSecretProvider(vaultAuthenticator, vaultConfiguration)
                                    .WithCaching();
var secret = await cachedSecretProvider.GetSecretAsync("EventGrid-AuthKey");

Configuring the cache

By default we only keep them around for 5 minutes, but you can configure this yourself.

var cacheConfiguration = new CacheConfiguration(TimeSpan.FromMinutes(10)); // Optional: Default is 5 min
var cachedSecretProvider = new CachedSecretProvider(secretProvider, cacheConfiguration);
var secret = await cachedSecretProvider.GetSecretAsync("EventGrid-AuthKey");

Bypassing cached secrets

In some scenarios you'd like to skip the cache and retrieve the secret by looking it up in the secret-store, instead of retrieving it from the cache.

This is important because in certain scenarios your secrets can be rolled and thus you will be revoked access.

var secret = await cachedSecretProvider.GetSecretAsync("EventGrid-AuthKey", ignoreCache: true);