Skip to main content
Version: v1.3.0

Azure Key Vault secret provider

Azure Key Vault secret provider brings secrets from Azure Key Vault to your application.


Adding secrets from Azure Key Vault into the secret store requires following package:

PM > Install-Package Arcus.Security.Providers.AzureKeyVault


After installing the package, the additional extensions becomes available when building the secret store.

using Microsoft.Extensions.Hosting;
public class Program{    public static void Main(string[] args)    {        CreateHostBuilder(args).Build().Run();    }
    public static IHostBuilder CreateHostBuilder(string[] args)    {            return Host.CreateDefaultBuilder(args)                   .ConfigureSecretStore((context, config, builder) =>                   {                         // Adding the Azure Key Vault secret provider with the built-in overloads                         builder.AddAzureKeyVaultWithManagedServiceIdentity(keyVaultUri);
                        // Several other built-in overloads are available too:                        // `AddAzureKeyVaultWithServicePrincipal`                        // `AddAzureKeyVaultWithCertificate`
                        // Or, alternatively using the fully customizable approach.                        var vaultAuthentication = new ManagedServiceIdentityAuthentication();                        var vaultConfiguration = new KeyVaultConfiguration(keyVaultUri);
                        builder.AddAzureKeyVault(vaultAuthentication, vaultConfiguration);
                        // Adding a default cached variant of the Azure Key Vault provider (default: 5 min caching).                        builder.AddAzureKeyVaultWithManagedServiceIdentity(keyVaultUri, allowCaching: true);
                        // Assign a configurable cached variant of the Azure Key Vault provider.                        var cacheConfiguration = new CacheConfiguration(TimeSpan.FromMinutes(1));                        builder.AddAzureKeyVaultWithManagedServiceIdentity(keyVaultUri, cacheConfiguration);                    })                    .ConfigureWebHostDefaults(webBuilder => webBuilder.UseStartup<Startup>());    }}