Aspire.Azure.Security.KeyVault 9.0.0

Prefix Reserved
dotnet add package Aspire.Azure.Security.KeyVault --version 9.0.0                
NuGet\Install-Package Aspire.Azure.Security.KeyVault -Version 9.0.0                
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Aspire.Azure.Security.KeyVault" Version="9.0.0" />                
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add Aspire.Azure.Security.KeyVault --version 9.0.0                
#r "nuget: Aspire.Azure.Security.KeyVault, 9.0.0"                
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install Aspire.Azure.Security.KeyVault as a Cake Addin
#addin nuget:?package=Aspire.Azure.Security.KeyVault&version=9.0.0

// Install Aspire.Azure.Security.KeyVault as a Cake Tool
#tool nuget:?package=Aspire.Azure.Security.KeyVault&version=9.0.0                

Aspire.Azure.Security.KeyVault

Retrieves secrets from Azure Key Vault to use in your application. Registers a SecretClient in the DI container for connecting to Azure Key Vault. Enables corresponding health checks, logging and telemetry.

Getting started

Prerequisites

Install the package

Install the .NET Aspire Azure Key Vault library with NuGet:

dotnet add package Aspire.Azure.Security.KeyVault

Usage examples

Add secrets to configuration

In the Program.cs file of your project, call the builder.Configuration.AddAzureKeyVaultSecrets extension method to add the secrets in the Azure Key Vault to the application's Configuration. The method takes a connection name parameter.

builder.Configuration.AddAzureKeyVaultSecrets("secrets");

You can then retrieve a secret through normal IConfiguration APIs. For example, to retrieve a secret from a Web API controller:

public ProductsController(IConfiguration configuration)
{
    string secretValue = configuration["secretKey"];
}

Use SecretClient

Alternatively, you can use a SecretClient to retrieve the secrets on demand. In the Program.cs file of your project, call the AddAzureKeyVaultClient extension method to register a SecretClient for use via the dependency injection container. The method takes a connection name parameter.

builder.AddAzureKeyVaultClient("secrets");

You can then retrieve the SecretClient instance using dependency injection. For example, to retrieve the client from a Web API controller:

private readonly SecretClient _client;

public ProductsController(SecretClient client)
{
    _client = client;
}

See the Azure.Security.KeyVault.Secrets documentation for examples on using the SecretClient.

Configuration

The .NET Aspire Azure Key Vault library provides multiple options to configure the Azure Key Vault connection based on the requirements and conventions of your project. Note that the VaultUri is required to be supplied.

Use a connection string

When using a connection string from the ConnectionStrings configuration section, you can provide the name of the connection string when calling builder.AddAzureKeyVaultClient():

builder.AddAzureKeyVaultClient("secretConnectionName");

And then the vault URI will be retrieved from the ConnectionStrings configuration section. The vault URI which works with the AzureSecurityKeyVaultSettings.Credential property to establish a connection. If no credential is configured, the DefaultAzureCredential is used.

{
  "ConnectionStrings": {
    "secretConnectionName": "https://{account_name}.vault.azure.net/"
  }
}

Use configuration providers

The .NET Aspire Azure Key Vault library supports Microsoft.Extensions.Configuration. It loads the AzureSecurityKeyVaultSettings and SecretClientOptions from configuration by using the Aspire:Azure:Security:KeyVault key. Example appsettings.json that configures some of the options:

{
  "Aspire": {
    "Azure": {
      "Security": {
        "KeyVault": {
          "DisableHealthChecks": true,
          "DisableTracing": false,
          "ClientOptions": {
            "Diagnostics": {
              "ApplicationId": "myapp"
            }
          }
        }
      }
    }
  }
}

Use inline delegates

You can also pass the Action<AzureSecurityKeyVaultSettings> configureSettings delegate to set up some or all the options inline, for example to disable health checks from code:

builder.AddAzureKeyVaultClient("secrets", settings => settings.DisableHealthChecks = true);

You can also setup the SecretClientOptions using the optional Action<IAzureClientBuilder<SecretClient, SecretClientOptions>> configureClientBuilder parameter of the AddAzureKeyVaultClient method. For example, to set the first part of "User-Agent" headers for all requests issues by this client:

builder.AddAzureKeyVaultClient("secrets", configureClientBuilder: clientBuilder => clientBuilder.ConfigureOptions(options => options.Diagnostics.ApplicationId = "myapp"));

AppHost extensions

In your AppHost project, install the Aspire Azure KeyVault Hosting library with NuGet:

dotnet add package Aspire.Hosting.Azure.KeyVault

Then, in the Program.cs file of AppHost, add a Key Vault connection and consume the connection using the following methods:

// Service registration
var keyVault = builder.ExecutionContext.IsPublishMode
    ? builder.AddAzureKeyVault("secrets")
    : builder.AddConnectionString("secrets");

// Service consumption
var myService = builder.AddProject<Projects.MyService>()
                       .WithReference(keyVault);

The AddAzureKeyVault method adds an Azure Key Vault resource to the builder. Or AddConnectionString can be used to read connection information from the AppHost's configuration (for example, from "user secrets") under the ConnectionStrings:secrets config key. The WithReference method passes that connection information into a connection string named secrets in the MyService project. In the Program.cs file of MyService, the connection can be consumed using:

builder.AddAzureKeyVaultClient("secrets");

Additional documentation

Feedback & contributing

https://github.com/dotnet/aspire

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (1)

Showing the top 1 NuGet packages that depend on Aspire.Azure.Security.KeyVault:

Package Downloads
Hexalith.Infrastructure.AspireService.Hosting

Hexalith is a set of libraries to build a micro-service architecture.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
9.0.0 11,723 11/12/2024
9.0.0-rc.1.24511.1 1,742 10/15/2024
8.2.2 5,003 10/24/2024
8.2.1 8,726 9/26/2024
8.2.0 17,916 8/29/2024
8.1.0 14,689 7/23/2024
8.0.2 7,337 6/28/2024
8.0.1 8,846 5/21/2024
8.0.0 534 5/21/2024
8.0.0-preview.7.24251.11 554 5/7/2024
8.0.0-preview.6.24214.1 934 4/23/2024
8.0.0-preview.5.24201.12 1,845 4/9/2024
8.0.0-preview.4.24156.9 1,747 3/12/2024
8.0.0-preview.3.24105.21 3,178 2/13/2024
8.0.0-preview.2.23619.3 1,030 12/20/2023
8.0.0-preview.1.23557.2 405 11/14/2023