Azure-docs: Bind operations don't appear to work when using Azure Key Vault References when attempting to store JSON as secret value

@AlphaCreative, Thanks for the question! We are taking a look into this and will get back to you soon.

Discovered that the issue is larger than just GetConnectionString so something else is going on. Closing this issue for now until we can do further investigation.

@AlphaCreative, Thanks for the clarification. Could you please send an email to AzCommunity[at]Microsoft[dot]com referencing this GitHub issue, we would like to work closer with you on this matter.
Since we will work with you offline, we will now proceed to close this thread.

Just for some extra information here, the Key Vault reference just gets resolved to an environment variable with the value from KV. I would not expect any special behavior in terms of how sections are handled. It should be just like a JSON env var in ASP.NET Core. The only thing I can think of would be if we're mangling the value. Is the value that you see in the env var the same as what you set in KV?

And actually now that I think on it, don't config sections actually need to be colon delimited in env vars? JSON is just for when dealing with a config file, correct?

https://docs.microsoft.com/en-us/aspnet/core/fundamentals/configuration/?view=aspnetcore-2.2#getsection-getchildren-and-exists

Well the crux of the issue here could be that we were expecting this to work with appsettings.json and I think that is where we got off track. We thought we could use this to replace the values in our appsettings.json with key vault references and expected the configuration subsystem using GetSection and GetConnectionString calls to work as is. After looking into this further it appears that Key Vault references only really apply to env variables as key:value pairs and does not support strongly typed complex config entities like appsettings.json does. Can someone confirm this is the case? We were hoping this feature was something it is not?

@AlphaCreative, Thank you for sharing additional details.
@mattchenderson, Requesting your insights on this further.

Yes, KV references resolve to environment variables. If you have a way to normalize structured config from an environment variable, then you are all set. As mentioned before, ASP.NET Core does honor config sections from environment variables that are delimited with a colon or double underscore.

From the doc I linked:

When working with hierarchical keys in environment variables, a colon separator (:) may not work on all platforms (for example, Bash). A double underscore (__) is supported by all platforms and is replaced by a colon.

Understood and thanks for the clarification. We were hoping for this feature to be something that it is not intended to be so that makes sense.

That said, it would be pretty cool if you were using the appsettings.json configuration model to be able to just do something like this to support keyvault integration in appsettings.json:

“ExternalAPIConfig” : "@Microsoft.KeyVault(SecretUri=https://mykv.vault.azure.net/secrets/ExternalAPIConfig/8646ac83af6b4115a7234a754f11fe76)"