I have a .Net Core 3.1 WebAPI with the following configurations in the appsettings.json file
{
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "[email protected]", //Domain name configured in Azure: null,
"TenantId": "xxxxx", // Tenant Id configured in Azure
"ClientId": "xxxx", // Client Id configured in Azure
"CallbackPath": "/signin-oidc"
},
"ApplicationInsights": {
"InstrumentationKey": "xxxxx"
},
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
},
"AllowedHosts": "*"
}
I have created an Azure WebApp and added the above settings
and deployed the application using zip package, it works as expected.
However, I am asked to store the credentials in the Azure Key vault and use it instead of directly storing it at the WebApp level.
What should I do so that WebAPP configuration would pull the configuration values from the Azure Key Vault and have it ready for the application to use?
CodePudding user response:
How to set the Azure WebApp Environment variables/Configuration values from Azure Key Vault?
Add a secret to Key Vault
In Azure Portal => Your KeyVault => Secrets => Select Generate/Import => Create a secret
Upload options: Enter Manual.
Name: Enter Message.
Value: Enter Hello from Key Vault.
Add a Key Vault reference to App Configuration
- In Azure Portal => Your App Configuration store instance => Configuration Explorer => Select Create > Key vault reference
Key: Select TestApp:Settings:KeyVaultMessage.
Label: Leave this value blank.
Subscription, Resource group, and Key vault: Enter the values corresponding to those in the key vault you created.
Secret: Select the secret named Message that you created.
Update code to use a Key Vault reference
- Add NuGet package reference
Azure.Identity
- In
Program.cs
, add referenceusing Azure.Identity;
- Call the
config.AddAzureAppConfiguration
method to update theCreateWebHostBuilder
method to use App Configuration. - Include the
ConfigureKeyVault
option, and give your Key Vault the correct credentials.
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
webBuilder.ConfigureAppConfiguration((hostingContext, config) =>
{
var settings = config.Build();
config.AddAzureAppConfiguration(options =>
{
options.Connect(settings["ConnectionStrings:AppConfig"])
.ConfigureKeyVault(kv =>
{
kv.SetCredential(new DefaultAzureCredential());
});
});
})
.UseStartup<Startup>());
- You can access the values of Key Vault references in the same way you can access the values of ordinary App Configuration keys.
Grant your app access to Key Vault
- A Key Vault access policy or Azure role-based access control can be used to provide access.