VikJon.AzureKeyVaultProvider 1.0.8

Azure Key Vault References with support for referencing by name, omitting the secret version identifier

Install-Package VikJon.AzureKeyVaultProvider -Version 1.0.8
dotnet add package VikJon.AzureKeyVaultProvider --version 1.0.8
<PackageReference Include="VikJon.AzureKeyVaultProvider" Version="1.0.8" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add VikJon.AzureKeyVaultProvider --version 1.0.8
The NuGet Team does not provide support for this client. Please contact its maintainers for support.

AzureKeyVaultConfigProvider

This nuget package gives you an alternative to Azure Key Vault References that provides
the following benefits:

  • The one major downside when it comes to key vault references is that you have to know the secretVersion (GUID) of the secret you're referencing. This becomes a problem
    when the development teams don't have access to the key vaults in the production environment. This nuget package removes the need to include
    the secret version
    when referencing a key vault secret. Using this package makes it possible to declare key vault references looking like this: @AzureKeyVault(mysecret, https://myvault.vault.azure.net/)

  • With this package you won't have to repeat the base url of the key vault to be used. All you have to do is to declare the configuration parameter AZURE_KEY_VAULT_URL once, looking something like this:

// appsettings.json
{
	"AZURE_KEY_VAULT_URL": "https://myvault.vault.azure.net/",
	"SENDGRID_API_KEY": "@AzureKeyVault(SendgridApiKey)",
}

Isn't that nice and clean looking? Having to repeat the key vault url is of course no major problem. But it becomes tedious to manage when having a lot of secrets and the url to the vault changes.

Setup

After that you've installed the package using nuget you have to invoke the extension method VikJon.AzureKeyVaultConfigProvider.AddAzureKeyVaultWithNameRefSupport on the ConfigurationBuilder of your .netcore app. This usually looks something like this in Program.cs

using Microsoft.AspNetCore;
using Microsoft.AspNetCore.Hosting;
using VikJon.AzureKeyVaultConfigProvider;

public class Program
{
    public static void Main(string[] args)
    {
        CreateWebHostBuilder(args).Build().Run();
    }

    public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
        WebHost.CreateDefaultBuilder(args)
            .ConfigureAppConfiguration((hostingContext, config) =>
            {
            	config
                  .SetBasePath(Directory.GetCurrentDirectory())
                  .AddJsonFile($"appsettings.json", optional: true, reloadOnChange: true)
                  .AddEnvironmentVariables()
                  .AddCommandLine(args)
		  .AddAzureKeyVaultWithNameRefSupport()
            })
            .UseStartup<Startup>();
}

Notice! You should not invoke config.AddAzureKeyVault on the ConfigurationBuilder

Now you can start referencing key vault secrets using the following syntax @AzureKeyVault([SECRET_NAME], [KEY_VAULT_URL:optional])

// appsettings.json
{
	"AZURE_KEY_VAULT_URL": "https://myvault.vault.azure.net/",
	"SENDGRID_API_KEY": "@AzureKeyVault(SendgridApiKey)"
}

You have the option to provide the base url of your key vault instance on every call to @AzureKeyVault(...) or you can add a single configuration parameter named AZURE_KEY_VAULT_URL, containing the base url.

Authentication

This package takes for granted that you're using Managed Identites to authenticate against the key vault. If that is not the case you need to implement VikJon.AzureKeyVaultConfigProvider.IKeyVaultGateway and provide the extension method AddAzureKeyVaultWithNameRefSupport with an instance of that implementation.

AzureKeyVaultConfigProvider

This nuget package gives you an alternative to Azure Key Vault References that provides
the following benefits:

  • The one major downside when it comes to key vault references is that you have to know the secretVersion (GUID) of the secret you're referencing. This becomes a problem
    when the development teams don't have access to the key vaults in the production environment. This nuget package removes the need to include
    the secret version
    when referencing a key vault secret. Using this package makes it possible to declare key vault references looking like this: @AzureKeyVault(mysecret, https://myvault.vault.azure.net/)

  • With this package you won't have to repeat the base url of the key vault to be used. All you have to do is to declare the configuration parameter AZURE_KEY_VAULT_URL once, looking something like this:

// appsettings.json
{
	"AZURE_KEY_VAULT_URL": "https://myvault.vault.azure.net/",
	"SENDGRID_API_KEY": "@AzureKeyVault(SendgridApiKey)",
}

Isn't that nice and clean looking? Having to repeat the key vault url is of course no major problem. But it becomes tedious to manage when having a lot of secrets and the url to the vault changes.

Setup

After that you've installed the package using nuget you have to invoke the extension method VikJon.AzureKeyVaultConfigProvider.AddAzureKeyVaultWithNameRefSupport on the ConfigurationBuilder of your .netcore app. This usually looks something like this in Program.cs

using Microsoft.AspNetCore;
using Microsoft.AspNetCore.Hosting;
using VikJon.AzureKeyVaultConfigProvider;

public class Program
{
    public static void Main(string[] args)
    {
        CreateWebHostBuilder(args).Build().Run();
    }

    public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
        WebHost.CreateDefaultBuilder(args)
            .ConfigureAppConfiguration((hostingContext, config) =>
            {
            	config
                  .SetBasePath(Directory.GetCurrentDirectory())
                  .AddJsonFile($"appsettings.json", optional: true, reloadOnChange: true)
                  .AddEnvironmentVariables()
                  .AddCommandLine(args)
		  .AddAzureKeyVaultWithNameRefSupport()
            })
            .UseStartup<Startup>();
}

Notice! You should not invoke config.AddAzureKeyVault on the ConfigurationBuilder

Now you can start referencing key vault secrets using the following syntax @AzureKeyVault([SECRET_NAME], [KEY_VAULT_URL:optional])

// appsettings.json
{
	"AZURE_KEY_VAULT_URL": "https://myvault.vault.azure.net/",
	"SENDGRID_API_KEY": "@AzureKeyVault(SendgridApiKey)"
}

You have the option to provide the base url of your key vault instance on every call to @AzureKeyVault(...) or you can add a single configuration parameter named AZURE_KEY_VAULT_URL, containing the base url.

Authentication

This package takes for granted that you're using Managed Identites to authenticate against the key vault. If that is not the case you need to implement VikJon.AzureKeyVaultConfigProvider.IKeyVaultGateway and provide the extension method AddAzureKeyVaultWithNameRefSupport with an instance of that implementation.

This package is not used by any popular GitHub repositories.

Version History

Version Downloads Last updated
1.0.8 276 9/6/2019
1.0.7 68 9/6/2019
1.0.6 46 9/3/2019
1.0.5 54 9/3/2019
1.0.4 45 9/3/2019
1.0.3 44 9/2/2019
1.0.2 43 9/2/2019