Home > OS >  How to set the Azure WebApp Environment variables/Configuration values from Azure Key Vault?
How to set the Azure WebApp Environment variables/Configuration values from Azure Key Vault?

Time:06-10

I have a .Net Core 3.1 WebAPI with the following configurations in the appsettings.json file

{
  "AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "Domain": "[email protected]", //Domain name configured in Azure: null,
    "TenantId": "xxxxx", // Tenant Id configured in Azure
    "ClientId": "xxxx", //  Client Id configured in Azure
    "CallbackPath": "/signin-oidc"
  },
  "ApplicationInsights": {
    "InstrumentationKey": "xxxxx"
  },
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft": "Warning",
      "Microsoft.Hosting.Lifetime": "Information"
    }
  },
  "AllowedHosts": "*"
}

I have created an Azure WebApp and added the above settings

enter image description here

and deployed the application using zip package, it works as expected.

However, I am asked to store the credentials in the Azure Key vault and use it instead of directly storing it at the WebApp level.

What should I do so that WebAPP configuration would pull the configuration values from the Azure Key Vault and have it ready for the application to use?

CodePudding user response:

How to set the Azure WebApp Environment variables/Configuration values from Azure Key Vault?

enter image description here

Add a secret to Key Vault

In Azure Portal => Your KeyVault => Secrets => Select Generate/Import => Create a secret

Upload options: Enter Manual.
Name: Enter Message.
Value: Enter Hello from Key Vault.

enter image description here

Add a Key Vault reference to App Configuration

  • In Azure Portal => Your App Configuration store instance => Configuration Explorer => Select Create > Key vault reference
Key: Select TestApp:Settings:KeyVaultMessage.
Label: Leave this value blank.
Subscription, Resource group, and Key vault: Enter the values corresponding to those in the key vault you created.
Secret: Select the secret named Message that you created.

enter image description here

Update code to use a Key Vault reference

  • Add NuGet package reference Azure.Identity
  • In Program.cs , add reference
    using Azure.Identity;
    
  • Call the config.AddAzureAppConfiguration method to update the CreateWebHostBuilder method to use App Configuration.
  • Include the ConfigureKeyVault option, and give your Key Vault the correct credentials.
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
webBuilder.ConfigureAppConfiguration((hostingContext, config) =>
{
    var settings = config.Build();
    config.AddAzureAppConfiguration(options =>
    {
        options.Connect(settings["ConnectionStrings:AppConfig"])
        .ConfigureKeyVault(kv =>
        {
            kv.SetCredential(new DefaultAzureCredential());
        });
    });
})
.UseStartup<Startup>());
  • You can access the values of Key Vault references in the same way you can access the values of ordinary App Configuration keys.

Grant your app access to Key Vault

  • Related