Home > Software engineering >  Store secrets from appsettings.json file in .Net Console Application on Azure Key Vault
Store secrets from appsettings.json file in .Net Console Application on Azure Key Vault

Time:11-16

I have a .Net Core console application which retrieves raw data, then applies a Kusto query and finally uploads them on azure. I have the client secrets stored in the appsettings.json file. However, this is not a good practice since they should never be stored there. I would like to know how can I store the following information on Azure Key Vaults (BlobConnectionString, KustoConnectionString, ClientId, ClientSecret, ApplicationInsights Instrumentation Key) which are found in the appsettings.json file. I found several documentations about azure key vaults related to .Net Core Web Apps but I didn't find anything related to Console Applications. What are the exact steps to do so? Should I first create a key vault service. Or should I do something before? What should I do then with the values of the keys mentioned above in the appsettings.json and is there a code sample which is ready used to directly retrieve the values stored in the Key Vaults so when I execute my code it will normally work like before.

I would really appreciate it if someone can give me an idea how to do that and if there are any previous code samples related to the same subject.

CodePudding user response:

KeyVault can be added to any .net core application by using AddAzureKeyVault, and then accessing it in exactly the same way as other configuration providers (File: appsettings.json, UserSecrets, Environment variables).

Full example: https://docs.microsoft.com/en-us/aspnet/core/security/key-vault-configuration?view=aspnetcore-6.0

public static IHostBuilder CreateHostBuilder(string[] args) =>
    Host.CreateDefaultBuilder(args)
        .ConfigureAppConfiguration((context, config) =>
        {
            config.AddAzureKeyVault(
               new SecretClient(
               new Uri("Your Key Vault Endpoint"),
               new DefaultAzureCredential()),
               new AzureKeyVaultConfigurationOptions())
           {
               ...
           });
        })
  • Related