Aspnetcore.docs: Azure KeyVault configuration provider for dotnet core: include MSI piece

Created on 29 Jun 2018  ·  11Comments  ·  Source: dotnet/AspNetCore.Docs

It looks like version 2.1.1 of Microsoft.Extensions.Configuration.AzureKeyVault includes the awesome hidden gem that has Managed Service Identity support. It reduces the overhead of managing secrets/certificates as long as you're hosting in Azure with integrated Active Directory.

        public static IWebHost BuildWebHost(string[] args) =>
            WebHost.CreateDefaultBuilder(args)
                .UseStartup<Startup>()
                .ConfigureAppConfiguration((context, config) =>
                {
                    var builtConfig = config.Build();
                    var keyVaultConfigBuilder = new ConfigurationBuilder();
                    keyVaultConfigBuilder.AddAzureKeyVault(builtConfig["KeyVaultUrl"]);
                    var keyVaultConfig = keyVaultConfigBuilder.Build();
                    config.AddConfiguration(keyVaultConfig);
                })
                .Build();

Document Details

Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

P1 Source - Docs.ms
Source
picture hiraldesai

All 11 comments

Thanks for the note @hiraldesai. I'll take a look at this as soon as I can get free.

guardrex picture guardrex on 29 Jun 2018

@CamSoper @scottaddie is this something you could do?
cc @guardrex

Rick-Anderson picture Rick-Anderson on 22 Oct 2018

@Rick-Anderson I can take care of it. There's a meeting tomorrow to discuss. We may be able to simply link to the existing Azure .NET dev center doc.

scottaddie picture scottaddie on 23 Oct 2018
👍1

Hi Scott,

Is this something you are looking forward to include this feature in near future?
We really wanted to utilise the MSI functionality from our web Api to get Key vault configuration builder.

appreciate your help in advance. :)

cheers,
Abhi

abhiTechcs picture abhiTechcs on 6 Nov 2018

@abhiTechcs I plan to work on this in the current sprint. In the meantime, see the following doc:

https://docs.microsoft.com/azure/key-vault/quick-create-net

You can also see how I've configured Key Vault with MSI in one of my personal repos:

https://github.com/scottaddie/ViewComponentsDemo/blob/master/ViewComponentsDemo/Program.cs#L18-L21

In this app, the .NET Core CLI's Secret Manager tool is used locally if the ASPNETCORE_HOSTINGSTARTUP__KEYVAULT__CONFIGURATIONENABLED environment variable is false. Set that to true to use Key Vault locally instead of Secret Manager.

scottaddie picture scottaddie on 6 Nov 2018

@guardrex @scottaddie Any news on when this may land?

EdBlankenship picture EdBlankenship on 9 Jan 2019

Not on my end ... this is assigned to Scott, so I defer to him.

guardrex picture guardrex on 9 Jan 2019

Update: Coming Soon! I have one issue in front of this, and then it's likely that I'll get to this issue immediately after that.

guardrex picture guardrex on 24 Jan 2019
👍1

@glennc can you answer this?

Do you want to retain the PowerShell approach here along with the portal experience, or do you want to drop the PowerShell approach and try to link out for it?

My preference is Azure CLI, it's easier to maintain.

Rick-Anderson picture Rick-Anderson on 25 Jan 2019

you mean only CLI ... no portal.
Yes

Definitely can't say don't use the portal. The Azure team needs to doc the portal. The portal changes frequently.

Rick-Anderson picture Rick-Anderson on 25 Jan 2019
👍1

@glennc I'm going to attempt to slide in a note regarding a couple of 🐉 when using the portal. The topic will go with Azure CLI as its main approach. I'll ping u on the PR with the critical bits in a PR comment.

guardrex picture guardrex on 25 Jan 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

YeyoCoder picture YeyoCoder  ·  3Comments
nenmyx picture nenmyx  ·  3Comments
Raghumu picture Raghumu  ·  3Comments
aaron-bozit picture aaron-bozit  ·  3Comments
madelson picture madelson  ·  3Comments