Aspire.Azure.Security.KeyVault
9.0.0
Prefix Reserved
dotnet add package Aspire.Azure.Security.KeyVault --version 9.0.0
NuGet\Install-Package Aspire.Azure.Security.KeyVault -Version 9.0.0
<PackageReference Include="Aspire.Azure.Security.KeyVault" Version="9.0.0" />
paket add Aspire.Azure.Security.KeyVault --version 9.0.0
#r "nuget: Aspire.Azure.Security.KeyVault, 9.0.0"
// Install Aspire.Azure.Security.KeyVault as a Cake Addin #addin nuget:?package=Aspire.Azure.Security.KeyVault&version=9.0.0 // Install Aspire.Azure.Security.KeyVault as a Cake Tool #tool nuget:?package=Aspire.Azure.Security.KeyVault&version=9.0.0
Aspire.Azure.Security.KeyVault
Retrieves secrets from Azure Key Vault to use in your application. Registers a SecretClient in the DI container for connecting to Azure Key Vault. Enables corresponding health checks, logging and telemetry.
Getting started
Prerequisites
- Azure subscription - create one for free
- Azure Key Vault - create one.
Install the package
Install the .NET Aspire Azure Key Vault library with NuGet:
dotnet add package Aspire.Azure.Security.KeyVault
Usage examples
Add secrets to configuration
In the Program.cs file of your project, call the builder.Configuration.AddAzureKeyVaultSecrets
extension method to add the secrets in the Azure Key Vault to the application's Configuration. The method takes a connection name parameter.
builder.Configuration.AddAzureKeyVaultSecrets("secrets");
You can then retrieve a secret through normal IConfiguration
APIs. For example, to retrieve a secret from a Web API controller:
public ProductsController(IConfiguration configuration)
{
string secretValue = configuration["secretKey"];
}
Use SecretClient
Alternatively, you can use a SecretClient
to retrieve the secrets on demand. In the Program.cs file of your project, call the AddAzureKeyVaultClient
extension method to register a SecretClient
for use via the dependency injection container. The method takes a connection name parameter.
builder.AddAzureKeyVaultClient("secrets");
You can then retrieve the SecretClient
instance using dependency injection. For example, to retrieve the client from a Web API controller:
private readonly SecretClient _client;
public ProductsController(SecretClient client)
{
_client = client;
}
See the Azure.Security.KeyVault.Secrets documentation for examples on using the SecretClient
.
Configuration
The .NET Aspire Azure Key Vault library provides multiple options to configure the Azure Key Vault connection based on the requirements and conventions of your project. Note that the VaultUri
is required to be supplied.
Use a connection string
When using a connection string from the ConnectionStrings
configuration section, you can provide the name of the connection string when calling builder.AddAzureKeyVaultClient()
:
builder.AddAzureKeyVaultClient("secretConnectionName");
And then the vault URI will be retrieved from the ConnectionStrings
configuration section. The vault URI which works with the AzureSecurityKeyVaultSettings.Credential
property to establish a connection. If no credential is configured, the DefaultAzureCredential is used.
{
"ConnectionStrings": {
"secretConnectionName": "https://{account_name}.vault.azure.net/"
}
}
Use configuration providers
The .NET Aspire Azure Key Vault library supports Microsoft.Extensions.Configuration. It loads the AzureSecurityKeyVaultSettings
and SecretClientOptions
from configuration by using the Aspire:Azure:Security:KeyVault
key. Example appsettings.json
that configures some of the options:
{
"Aspire": {
"Azure": {
"Security": {
"KeyVault": {
"DisableHealthChecks": true,
"DisableTracing": false,
"ClientOptions": {
"Diagnostics": {
"ApplicationId": "myapp"
}
}
}
}
}
}
}
Use inline delegates
You can also pass the Action<AzureSecurityKeyVaultSettings> configureSettings
delegate to set up some or all the options inline, for example to disable health checks from code:
builder.AddAzureKeyVaultClient("secrets", settings => settings.DisableHealthChecks = true);
You can also setup the SecretClientOptions using the optional Action<IAzureClientBuilder<SecretClient, SecretClientOptions>> configureClientBuilder
parameter of the AddAzureKeyVaultClient
method. For example, to set the first part of "User-Agent" headers for all requests issues by this client:
builder.AddAzureKeyVaultClient("secrets", configureClientBuilder: clientBuilder => clientBuilder.ConfigureOptions(options => options.Diagnostics.ApplicationId = "myapp"));
AppHost extensions
In your AppHost project, install the Aspire Azure KeyVault Hosting library with NuGet:
dotnet add package Aspire.Hosting.Azure.KeyVault
Then, in the Program.cs file of AppHost
, add a Key Vault connection and consume the connection using the following methods:
// Service registration
var keyVault = builder.ExecutionContext.IsPublishMode
? builder.AddAzureKeyVault("secrets")
: builder.AddConnectionString("secrets");
// Service consumption
var myService = builder.AddProject<Projects.MyService>()
.WithReference(keyVault);
The AddAzureKeyVault
method adds an Azure Key Vault resource to the builder. Or AddConnectionString
can be used to read connection information from the AppHost's configuration (for example, from "user secrets") under the ConnectionStrings:secrets
config key. The WithReference
method passes that connection information into a connection string named secrets
in the MyService
project. In the Program.cs file of MyService
, the connection can be consumed using:
builder.AddAzureKeyVaultClient("secrets");
Additional documentation
- https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/keyvault/Azure.Security.KeyVault.Secrets/README.md
- https://github.com/dotnet/aspire/tree/main/src/Components/README.md
Feedback & contributing
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 was computed. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. |
-
net8.0
- AspNetCore.HealthChecks.Azure.KeyVault.Secrets (>= 8.0.1)
- Azure.Core (>= 1.44.1)
- Azure.Extensions.AspNetCore.Configuration.Secrets (>= 1.3.2)
- Azure.Identity (>= 1.13.1)
- Azure.Security.KeyVault.Secrets (>= 4.7.0)
- Microsoft.Extensions.Azure (>= 1.7.6)
- Microsoft.Extensions.Configuration.Abstractions (>= 8.0.0)
- Microsoft.Extensions.Configuration.Binder (>= 8.0.2)
- Microsoft.Extensions.DependencyInjection.Abstractions (>= 8.0.2)
- Microsoft.Extensions.Diagnostics.HealthChecks (>= 8.0.11)
- Microsoft.Extensions.Hosting.Abstractions (>= 8.0.1)
- Microsoft.Extensions.Logging.Abstractions (>= 8.0.2)
- Microsoft.Extensions.Options (>= 8.0.2)
- Microsoft.Extensions.Primitives (>= 8.0.0)
- OpenTelemetry.Extensions.Hosting (>= 1.9.0)
- System.Text.Json (>= 8.0.5)
NuGet packages (1)
Showing the top 1 NuGet packages that depend on Aspire.Azure.Security.KeyVault:
Package | Downloads |
---|---|
Hexalith.Infrastructure.AspireService.Hosting
Hexalith is a set of libraries to build a micro-service architecture. |
GitHub repositories
This package is not used by any popular GitHub repositories.
Version | Downloads | Last updated |
---|---|---|
9.0.0 | 22,184 | 11/12/2024 |
9.0.0-rc.1.24511.1 | 1,865 | 10/15/2024 |
8.2.2 | 5,677 | 10/24/2024 |
8.2.1 | 9,196 | 9/26/2024 |
8.2.0 | 18,843 | 8/29/2024 |
8.1.0 | 15,177 | 7/23/2024 |
8.0.2 | 7,872 | 6/28/2024 |
8.0.1 | 8,850 | 5/21/2024 |
8.0.0 | 567 | 5/21/2024 |
8.0.0-preview.7.24251.11 | 558 | 5/7/2024 |
8.0.0-preview.6.24214.1 | 940 | 4/23/2024 |
8.0.0-preview.5.24201.12 | 1,858 | 4/9/2024 |
8.0.0-preview.4.24156.9 | 1,749 | 3/12/2024 |
8.0.0-preview.3.24105.21 | 3,188 | 2/13/2024 |
8.0.0-preview.2.23619.3 | 1,038 | 12/20/2023 |
8.0.0-preview.1.23557.2 | 408 | 11/14/2023 |