I want to mention at first. I went through the other blogs to find the answer but I could not get the clear answer to my questions that I am looking for.
I am getting Key Vault secret from Azure AD at runtime which store the connectionstrings. My current program have the hardcoded connection string but it has to be change and need to be updated from the keyvault secret. I am able to get the connection string programmatically from Azure. The the point is how should I update in the configuration file so it only runs once per application.
The purpose of my question is to know what would be the best practice to update the connection string at runtime and how I can do it. As I mentioned currently it is hardcoded in the webconfig file so without disturbing much of the code updating it in webconfig file would be good for me however, if it is not a good idea then what would be an alternate? Please if providing code example that would be highly appreciated based on ASP.Net MVC 4.xx, I am using ASP.Net MVC 4.8 .
code to get the secret in MVC. Assuption is that the secret has been created.
public string ViewDataWithKeyVault()
{
var AzureKeyVaultName = "MyDbConnectionString";//get this from app settings. You can pass it as param to this method
var secretClient = new SecretClient(new Uri($"https://{AzureKeyVaultName}.vault.azure.net/"), new DefaultAzureCredential());
var secretVaults = secretClient.GetPropertiesOfSecrets().AsPages().ToList();
var listName = new List<string>();
string keyVaultName = "";
foreach (var sV in secretVaults)
{
var keyVaultProp = sV.Values;
foreach (var prop in keyVaultProp)
{
listName.Add(prop.Name);
if (prop.Name.ToLower().Contains("mydb"))
{
keyVaultName = prop.Name;
}
}
}
var sec = secretClient.GetSecret(keyVaultName);
var connstring = sec.Value.ToString();
return connstring;
}
Thanks
CodePudding user response:
Check the below workaround to read the Connection String from Azure KeyVault.
I have stored the Connection string in Azure Secret and set the Secret in Azure App Configuration Section and retrieve the same with key-value in MVC
- In
Azure Portal,create anAzure Key Vault. Provide the required info and click onReview create.
- In Azure Key Vault, create secrets and copy the
Secret Identifierfor future reference
- We need to give access rights to retrieve secrets.
Azure KeyVault=>Access Policies=> Create => selectGet,Listand click onReview createFor principal, search with the name of theAzure App Serviceand select
- In Visual Studio => right click on the project folder => click on
Add=>Connected Service=>Add a service dependency=> AddAzure Key Vault
Sign into
Azure Accountand select theSubscriptionandAzure Key Vaultwhich you have created in previous steps.
After configuring the Key Vault your
web.configwill be added with new settings.
Web.config file
<configSections>
<section name="configBuilders" type="System.Configuration.ConfigurationBuildersSection, System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" restartOnExternalChanges="false" requirePermission="false" />
</configSections>
<configBuilders>
<builders>
<add name="AzureKeyVault"
vaultName="dotnetthoughts"
type="Microsoft.Configuration.ConfigurationBuilders.AzureKeyVaultConfigBuilder, Microsoft.Configuration.ConfigurationBuilders.Azure, Version=1.0.0.0, Culture=neutral"
vaultUri="https://dotnetthoughts.vault.azure.net" />
</builders>
</configBuilders>
<connectionStrings>
<add name="MYconn" connectionString="Gets the value from Azure KeyVault" providerName="System.Data.SqlClient" />
</connectionStrings>
- In Azure App Service, create a new Connection String settings with the same name as in
web.config.Replace theUriwith theSecret IdentifierfromKeyVault Secret
Key - MYconn
Value - @Microsoft.KeyVault(SecretUri=Uri)
In HomeController, add the below code to get the Connection String
public ActionResult Index()
{
var conn = ConfigurationManager.ConnectionStrings["MYconn"];
ViewBag.myConnectionstring = conn;
return View();
}
Index.cshtml
<h2> @ViewBag.myConnectionstring</h2>