Consuming Azure Key Vault secrets¶
Store Azure Key vault secrets¶
The Azure Key vault secret provider provides the capability to also store secrets. This functionality is only available on the secret provider itself and not on the entire secret store.
Following steps guide you to store an Azure Key Vault secret via the Azure Key vault secret provider.
-
Register the Azure Key Vault secret provider as a named secret provider
stores.AddAzureKeyVaultWithManagedIdentity(..., name: "AzureKeyVault.ManagedIdentity"); -
Retrieve the Azure Key Vault secret provider from the
ISecretStore(see the named secret provider docs for info)ISecretStore secretStore = ... var secretProvider = secretStore.GetProvider<AzureKeyVaultSecretProvider>("AzureKeyVault.ManagedIdentity); -
Store the secret by calling the
StoreSecretAsyncmethod.AzureKeyVaultSecretProvider secretProvider = ... await secretProvider.StoreSecretAsync("MySecret", "P@ssw0rd!);
Open for extension¶
ou can easily extend the Azure Key Vault provider by overriding the GetSecret*Async methods on the it.
This useful to provide additional logging, for example, during the retrieval of the secrets.
public class LoggedAzureKeyVaultSecretProvider : AzureKeyVaultSecretProvider
{
private readonly ILogger _logger;
public LoggedAzureKeyVaultSecretProvider(ILogger<LoggedAzureKeyVaultSecretProvider> logger)
{
_logger = logger;
}
public override async Task<Secret> GetSecretAsync(string secretName)
{
using (var measurement = DependencyMeasurement.Start())
{
Secret secret = await base.GetSecretAsync(secretName);
_logger.LogDependency("Azure Key Vault", "Secret", isSuccessful: true, startTime: measurement.StartTime, duration: measurement.Elapsed);
}
return secret;
}
}