If you host your app on Azure, you can use managed identities to perform authentication between services.
Once the Azure configuration is done, you need to add the following in your app: it only need to store the Azure KeyVault URI - as env variable would be better.
The following code uses Azure KeyVault with the AppConfiguration, so the local appsettings.json
file is empty:
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.ConfigureAppConfiguration((hostingContext, configBuilder) =>
{
if (hostingContext.HostingEnvironment.IsDevelopment()) return;
AddAzureKeyVault(configBuilder);
var configRoot = configBuilder.Build();
AddAzureAppConfiguration(configBuilder, configRoot);
});
webBuilder.UseStartup<Startup>();
});
private static void AddAzureKeyVault(IConfigurationBuilder configBuilder)
{
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
var keyVaultName = Environment.GetEnvironmentVariable("KEY_VAULT_NAME");
configBuilder.AddAzureKeyVault(
$"https://{keyVaultName}.vault.azure.net/",
keyVaultClient,
new DefaultKeyVaultSecretManager());
}
private static void AddAzureAppConfiguration(IConfigurationBuilder configBuilder, IConfigurationRoot configRoot)
{
var appConfigName = configRoot["AppConfiguration-Name"];
configBuilder.AddAzureAppConfiguration(appConfigName);
}