Skip to main content
Version: v1.3.0

Azure Key Vault secret provider

Azure Key Vault secret provider brings secrets from Azure Key Vault to your application.

Installation#

Adding secrets from Azure Key Vault into the secret store requires following package:

PM > Install-Package Arcus.Security.Providers.AzureKeyVault

Configuration#

After installing the package, the additional extensions becomes available when building the secret store.

using Microsoft.Extensions.Hosting;
public class Program{    public static void Main(string[] args)    {        CreateHostBuilder(args).Build().Run();    }
    public static IHostBuilder CreateHostBuilder(string[] args)    {            return Host.CreateDefaultBuilder(args)                   .ConfigureSecretStore((context, config, builder) =>                   {                         // Adding the Azure Key Vault secret provider with the built-in overloads                         builder.AddAzureKeyVaultWithManagedServiceIdentity(keyVaultUri);
                        // Several other built-in overloads are available too:                        // `AddAzureKeyVaultWithServicePrincipal`                        // `AddAzureKeyVaultWithCertificate`
                        // Or, alternatively using the fully customizable approach.                        var vaultAuthentication = new ManagedServiceIdentityAuthentication();                        var vaultConfiguration = new KeyVaultConfiguration(keyVaultUri);
                        builder.AddAzureKeyVault(vaultAuthentication, vaultConfiguration);
                        // Adding a default cached variant of the Azure Key Vault provider (default: 5 min caching).                        builder.AddAzureKeyVaultWithManagedServiceIdentity(keyVaultUri, allowCaching: true);
                        // Assign a configurable cached variant of the Azure Key Vault provider.                        var cacheConfiguration = new CacheConfiguration(TimeSpan.FromMinutes(1));                        builder.AddAzureKeyVaultWithManagedServiceIdentity(keyVaultUri, cacheConfiguration);                    })                    .ConfigureWebHostDefaults(webBuilder => webBuilder.UseStartup<Startup>());    }}