There are quite a lot of questions here similar to mine, but none of them seem to help in order to solve the issue, hence a new question. I am connecting to a key vault which returns the db connection string using the following code in the .net web api application in Program.cs file
var kVUri = $"https://{config["azureKeyVault:vault"]}.vault.azure.net/";
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(
new KeyVaultClient.AuthenticationCallback(
azureServiceTokenProvider.KeyVaultTokenCallback)
);
configurationBuilder.AddAzureKeyVault(kVUri, keyVaultClient, new DefaultKeyVaultSecretManager());
The above code works great locally, as I have access to the keyvault, however when deploying the code to the build is failing on the task for the dotnet ef migrations. It's a cmdline task, running "dotnet ef migrations script ..." Error is "Microsoft.Azure.Services.AppAuthentication.AzureServiceTokenProviderException: Parameters: Connection String: [No connection string specified]"
I have ensured that the MI is switched on in the app service, there is a App Registration in AD, and this service has been given permissions on the Key Vault, the service connection which the pipeline runs on also has permissions to the vault.
When the connection to keyvault was done using the clientId and secret, the EF migrations used to run. I read that i need to add RunAs=app but that seems to be if I call the servicetokenprovider using the cli, which in this case I am not, if it does need to go into the pipeline, not sure where it needs to go.
Some assistance will be highly appreciated.
