-
Notifications
You must be signed in to change notification settings - Fork 3
KeyVault
Mohammad Moattar edited this page Jul 23, 2021
·
3 revisions
The KeyVault stored configurations (Key, Secrets) can be added to the ConfigurationBuilder during the startup.
To be able to configure the Azure KeyVault follow the linked article here: https://docs.microsoft.com/en-us/aspnet/core/security/key-vault-configuration?view=aspnetcore-5.0#use-application-id-and-x509-certificate-for-non-azure-hosted-apps
After the successful setup and configuration of the KeyVault and certificate, you can add key vault to your configuration builder
var builder = new ConfigurationBuilder();
builder.AddAzureKeyVault(m =>
{
m.KeyVaultNames = new string[]{};
m.AzureAdApplicationId = "AppID";
m.AzureAdApplicationCertThumbprint = "CertificateThumbprint";
m.AzureAdTenantId = "TenantID";
});The following configurations need to be set up:
- KeyVaultNames: List of the key vault names that the application would like to have access to
- LocalCertificateStore: The location of the certification. It can be LocalMachine or CurrentUser
- AzureAdApplicationId: Azure App Id belong to the application to reach the key vault
- AzureAdApplicationCertThumbprint: Certificate Thumbprint from Azure App
- AzureAdTenantId: Tenant id of the Azure subscription
The extension can be used conditionally to enable the registration per environment (Between local dev and production)
builder.AddAzureKeyVault(() => FunctionToEnableRegistration(), m =>
{
});