How to set the Azure WebApp Environment variables/Configuration values from Azure Key Vault?-CodePudding

I have a .Net Core 3.1 WebAPI with the following configurations in the appsettings.json file

{
  "AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "Domain": "[email protected]", //Domain name configured in Azure: null,
    "TenantId": "xxxxx", // Tenant Id configured in Azure
    "ClientId": "xxxx", //  Client Id configured in Azure
    "CallbackPath": "/signin-oidc"
  },
  "ApplicationInsights": {
    "InstrumentationKey": "xxxxx"
  },
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft": "Warning",
      "Microsoft.Hosting.Lifetime": "Information"
    }
  },
  "AllowedHosts": "*"
}

I have created an Azure WebApp and added the above settings

and deployed the application using zip package, it works as expected.

However, I am asked to store the credentials in the Azure Key vault and use it instead of directly storing it at the WebApp level.

What should I do so that WebAPP configuration would pull the configuration values from the Azure Key Vault and have it ready for the application to use?

CodePudding user response：

How to set the Azure WebApp Environment variables/Configuration values from Azure Key Vault?

Add a secret to Key Vault

In Azure Portal => Your KeyVault => Secrets => Select Generate/Import => Create a secret

Upload options: Enter Manual.
Name: Enter Message.
Value: Enter Hello from Key Vault.

Add a Key Vault reference to App Configuration

In Azure Portal => Your App Configuration store instance => Configuration Explorer => Select Create > Key vault reference

Key: Select TestApp:Settings:KeyVaultMessage.
Label: Leave this value blank.
Subscription, Resource group, and Key vault: Enter the values corresponding to those in the key vault you created.
Secret: Select the secret named Message that you created.

Update code to use a Key Vault reference

Add NuGet package reference Azure.Identity
In Program.cs , add reference
```
using Azure.Identity;
```
Call the config.AddAzureAppConfiguration method to update the CreateWebHostBuilder method to use App Configuration.
Include the ConfigureKeyVault option, and give your Key Vault the correct credentials.

public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
webBuilder.ConfigureAppConfiguration((hostingContext, config) =>
{
    var settings = config.Build();
    config.AddAzureAppConfiguration(options =>
    {
        options.Connect(settings["ConnectionStrings:AppConfig"])
        .ConfigureKeyVault(kv =>
        {
            kv.SetCredential(new DefaultAzureCredential());
        });
    });
})
.UseStartup<Startup>());

You can access the values of Key Vault references in the same way you can access the values of ordinary App Configuration keys.

Grant your app access to Key Vault

A Key Vault access policy or Azure role-based access control can be used to provide access.