View on GitHub

Arcus Security

Azure Security development in a breeze

Consuming Azure Key Vault secrets

You can easily create a Key Vault secret provider - The only thing you need to do is specify how you want to configure and to what vault.

var vaultAuthentication = new ManagedServiceIdentityAuthentication();
var vaultConfiguration = new KeyVaultConfiguration(keyVaultUri);
var keyVaultSecretProvider = new KeyVaultSecretProvider(vaultAuthentication, vaultConfiguration)

You can find a list of supported authentication schemes for Azure Key Vault here.

Open for extension

You can easily extend the Key Vault provider by overriding the GetSecret*Async methods on the it.

This useful to provide additional logging, for example, during the retrieval of the secrets.

using Microsoft.Extensions.Logging;
using Arcus.Security.Core;
using Arcus.Security.Providers.AzureKeyVault;

public class LoggedKeyVaultSecretProvider : KeyVaultSecretProvider
    private readonly ILogger _logger;

    public LoggedKeyVaultSecretProvider(ILogger<LoggedKeyVaultSecretProvider> logger)
        _logger = logger;

    public override async Task<Secret> GetSecretAsync(string secretName)
        using (var measurement = DependencyMeasurement.Start())
            Secret secret = await base.GetSecretAsync(secretName);
            _logger.LogDependency("Azure Key Vault", "Secret", isSuccessful: true, startTime: measurement.StartTime, duration: measurement.Elapsed);

        return secret;

← back