Replace configuration tokens with ISecretProvider

When building your IConfiguration, you can use the extension .AddAzureKeyVault to pass in your ISecretProvider instead of using the built-in Azure Key Vault provider.

Installation

This feature requires to install our NuGet package

PM > Install-Package Arcus.Security.Providers.AzureKeyVault

Usage

Example how the configuration builder is used inside a web application:

IKeyVaultAuthentication vaultAuthentication = new ManagedServiceIdentityAuthentication();
IKeyVaultConfiguration vaultConfiguration = new KeyVaultConfiguration(keyVaultUri);
ISecretProvider yourSecretProvider = new KeyVaultSecretProvider(vaultAuthentication, vaultConfiguration);

var config = new ConfigurationBuilder()
    .AddAzureKeyVault(yourSecretProvider)
    .Build();

var host = new WebHostBuilder()
    .UseConfiguration(config)
    .UseKestrel()
    .UseStartup<Startup>();

Note that the above code sample does not provide any caching capabilities. In contrary to the AzureKeyVaultConfigurationProvider, the Arcus.KeyVaultSecretProvider does not cache retrieved secrets nor does it retrieve all secrets from KeyVault upfront as the AzureKeyVaultConfigurationProvider does. Each time a secret is requested, it will be fetched from KeyVault.

To provide caching capabilities, you can make use of the CachedSecretProvider as shown below:

IKeyVaultAuthentication vaultAuthentication = new ManagedServiceIdentityAuthentication();
IKeyVaultConfiguration vaultConfiguration = new KeyVaultConfiguration(keyVaultUri);
ISecretProvider yourSecretProvider = new KeyVaultSecretProvider(vaultAuthentication, vaultConfiguration);

var config = new ConfigurationBuilder()
    .AddAzureKeyVault(yourSecretProvider.WithCaching())
    .Build();

var host = new WebHostBuilder()
    .UseConfiguration(config)
    .UseKestrel()
    .UseStartup<Startup>();