Home > Mobile >  What would be the best practice to update the connection string from Key vault secret at runtime in
What would be the best practice to update the connection string from Key vault secret at runtime in

Time:11-05

I want to mention at first. I went through the other blogs to find the answer but I could not get the clear answer to my questions that I am looking for.

I am getting Key Vault secret from Azure AD at runtime which store the connectionstrings. My current program have the hardcoded connection string but it has to be change and need to be updated from the keyvault secret. I am able to get the connection string programmatically from Azure. The the point is how should I update in the configuration file so it only runs once per application.

The purpose of my question is to know what would be the best practice to update the connection string at runtime and how I can do it. As I mentioned currently it is hardcoded in the webconfig file so without disturbing much of the code updating it in webconfig file would be good for me however, if it is not a good idea then what would be an alternate? Please if providing code example that would be highly appreciated based on ASP.Net MVC 4.xx, I am using ASP.Net MVC 4.8 .

code to get the secret in MVC. Assuption is that the secret has been created.

 public string ViewDataWithKeyVault()
    {

        var AzureKeyVaultName = "MyDbConnectionString";//get this from app settings. You can pass it as param to this method

        var secretClient = new SecretClient(new Uri($"https://{AzureKeyVaultName}.vault.azure.net/"), new DefaultAzureCredential());
        var secretVaults = secretClient.GetPropertiesOfSecrets().AsPages().ToList();

        var listName = new List<string>();
        string keyVaultName = "";
        foreach (var sV in secretVaults)
        {
            var keyVaultProp = sV.Values;
            foreach (var prop in keyVaultProp)
            {
                listName.Add(prop.Name);
                if (prop.Name.ToLower().Contains("mydb"))
                {
                    keyVaultName = prop.Name;
                }
            }
        }

        var sec = secretClient.GetSecret(keyVaultName);
        var connstring = sec.Value.ToString();
        return connstring;
    }

Thanks

CodePudding user response:

Check the below workaround to read the Connection String from Azure KeyVault. I have stored the Connection string in Azure Secret and set the Secret in Azure App Configuration Section and retrieve the same with key-value in MVC

  • In Azure Portal,create an Azure Key Vault. Provide the required info and click on Review create.

enter image description here

  • In Azure Key Vault, create secrets and copy the Secret Identifier for future reference

enter image description here

  • We need to give access rights to retrieve secrets. Azure KeyVault => Access Policies => Create => select Get,List and click on Review create For principal, search with the name of the Azure App Service and select

enter image description here

  • In Visual Studio => right click on the project folder => click on Add => Connected Service => Add a service dependency => Add Azure Key Vault

enter image description here

  • Sign into Azure Account and select the Subscription and Azure Key Vault which you have created in previous steps. enter image description here

  • After configuring the Key Vault your web.config will be added with new settings.

Web.config file

  <configSections>
    <section name="configBuilders" type="System.Configuration.ConfigurationBuildersSection, System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" restartOnExternalChanges="false" requirePermission="false" />
  </configSections>
  <configBuilders>
    <builders>
      <add name="AzureKeyVault"
            vaultName="dotnetthoughts"
            type="Microsoft.Configuration.ConfigurationBuilders.AzureKeyVaultConfigBuilder, Microsoft.Configuration.ConfigurationBuilders.Azure, Version=1.0.0.0, Culture=neutral"
            vaultUri="https://dotnetthoughts.vault.azure.net" />
    </builders>
  </configBuilders>
  <connectionStrings>
    <add name="MYconn" connectionString="Gets the value from Azure KeyVault" providerName="System.Data.SqlClient" />
  </connectionStrings>
  • In Azure App Service, create a new Connection String settings with the same name as in web.config.Replace the Uri with the Secret Identifier from KeyVault Secret
Key - MYconn
Value - @Microsoft.KeyVault(SecretUri=Uri)

enter image description here In HomeController, add the below code to get the Connection String

 public ActionResult Index()
        {
            var conn = ConfigurationManager.ConnectionStrings["MYconn"];        
            ViewBag.myConnectionstring = conn;
            return View();
        }

Index.cshtml

<h2> @ViewBag.myConnectionstring</h2>
  • Related