I want to mention at first. I went through the other blogs to find the answer but I could not get the clear answer to my questions that I am looking for.
I am getting Key Vault secret from Azure AD at runtime which store the connectionstrings. My current program have the hardcoded connection string but it has to be change and need to be updated from the keyvault secret. I am able to get the connection string programmatically from Azure. The the point is how should I update in the configuration file so it only runs once per application.
The purpose of my question is to know what would be the best practice to update the connection string at runtime and how I can do it. As I mentioned currently it is hardcoded in the webconfig file so without disturbing much of the code updating it in webconfig file would be good for me however, if it is not a good idea then what would be an alternate? Please if providing code example that would be highly appreciated based on ASP.Net MVC 4.xx, I am using ASP.Net MVC 4.8 .
code to get the secret in MVC. Assuption is that the secret has been created.
public string ViewDataWithKeyVault()
{
var AzureKeyVaultName = "MyDbConnectionString";//get this from app settings. You can pass it as param to this method
var secretClient = new SecretClient(new Uri($"https://{AzureKeyVaultName}.vault.azure.net/"), new DefaultAzureCredential());
var secretVaults = secretClient.GetPropertiesOfSecrets().AsPages().ToList();
var listName = new List<string>();
string keyVaultName = "";
foreach (var sV in secretVaults)
{
var keyVaultProp = sV.Values;
foreach (var prop in keyVaultProp)
{
listName.Add(prop.Name);
if (prop.Name.ToLower().Contains("mydb"))
{
keyVaultName = prop.Name;
}
}
}
var sec = secretClient.GetSecret(keyVaultName);
var connstring = sec.Value.ToString();
return connstring;
}
Thanks
CodePudding user response:
Check the below workaround to read the Connection String from Azure KeyVault.
I have stored the Connection string
in Azure Secret
and set the Secret in Azure App Configuration Section
and retrieve the same with key-value in MVC
- In
Azure Portal
,create anAzure Key Vault
. Provide the required info and click onReview create
.
- In Azure Key Vault, create secrets and copy the
Secret Identifier
for future reference
- We need to give access rights to retrieve secrets.
Azure KeyVault
=>Access Policies
=> Create => selectGet,List
and click onReview create
For principal, search with the name of theAzure App Service
and select
- In Visual Studio => right click on the project folder => click on
Add
=>Connected Service
=>Add a service dependency
=> AddAzure Key Vault
Sign into
Azure Account
and select theSubscription
andAzure Key Vault
which you have created in previous steps.After configuring the Key Vault your
web.config
will be added with new settings.
Web.config
file
<configSections>
<section name="configBuilders" type="System.Configuration.ConfigurationBuildersSection, System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" restartOnExternalChanges="false" requirePermission="false" />
</configSections>
<configBuilders>
<builders>
<add name="AzureKeyVault"
vaultName="dotnetthoughts"
type="Microsoft.Configuration.ConfigurationBuilders.AzureKeyVaultConfigBuilder, Microsoft.Configuration.ConfigurationBuilders.Azure, Version=1.0.0.0, Culture=neutral"
vaultUri="https://dotnetthoughts.vault.azure.net" />
</builders>
</configBuilders>
<connectionStrings>
<add name="MYconn" connectionString="Gets the value from Azure KeyVault" providerName="System.Data.SqlClient" />
</connectionStrings>
- In Azure App Service, create a new Connection String settings with the same name as in
web.config
.Replace theUri
with theSecret Identifier
fromKeyVault Secret
Key - MYconn
Value - @Microsoft.KeyVault(SecretUri=Uri)
In HomeController
, add the below code to get the Connection String
public ActionResult Index()
{
var conn = ConfigurationManager.ConnectionStrings["MYconn"];
ViewBag.myConnectionstring = conn;
return View();
}
Index.cshtml
<h2> @ViewBag.myConnectionstring</h2>