Configuration: Azure Key Vault

- [Male] The brand new configuration provider was added in 1.1, and that is the Azure Key Vault Configuration Provider. So this is used to load secrets from Azure Key Vault storage, and it requires the Microsoft.Extensions.Configuration.AzureKeyVault package. You must have a Key Vault, and the link on your screen will show you how to create a Key Vault and add some secrets. Then in Azure you have to register your app with the Azure Active Directory and generate a client id and secret and then you add those secrets to the configuration with the Add Azure Key Vault method.

So to look at how we do this, we start in the app settings, where we have the vault client and client secret, and these are just example settings right now, I actually have mine in appsettings.development. I'm going to not ship those with the code, because, well, they're my secrets. The way we use this, is very simply, we build our configuration, we need those values from the app settings, so we call builder.build here on line 48, but we can still add on to that, but by building it on line 48 and lines 49 through 52, we can actually access the configuration to get the vault client id and client secret.

Then we do a build again, this adds our Azure Key Vault values into our configuration, and then we can just reference them as any other configuration section. So line 55 is just a simple key name value pair, and then lines 56 and 57 actually have sections and there's two different ways of calling that. You can do section: secret name, or you can type in get section with a section and then the secret name underneath it.

So let's run this to make sure it works. I've got a break point set so we can look at it. Alright, so let me minimize some windows here, we're going to build our configuration so we have access to the app settings files. We then add the Azure Key Vault with those proper parameters, and then we do a build again cause that will then pull in those settings, and it's going out to the cloud, so it takes a little bit of time, and then we pull back those values. So we see that secret one is secret underscore value one, not really secret, but secret underscore value two, and then secret two B is the same thing as two A, just grabbed a little differently.

So very simply you can add in those custom secrets and not even worry about having them on your server, or your developer's machines. Now in the download code, I'm going to go ahead and comment all of this out, except for line 53, that one's kind of important, that way when you run this app if you have not configured an Azure Key Vault, it won't break.