private static void ConfigureEnvironment(IHostEnvironment hostingEnvironment, IConfigurationBuilder configurationBuilder)
{
var configurationRoot = configurationBuilder.Build();
configurationRoot = configurationBuilder
.AddConfigurationService()
.Build(); // refresh configuration root to get configuration service settings
var keyVaultName = configurationRoot["KeyVaultName"];
if (!string.IsNullOrEmpty(keyVaultName))
{
// we use the managed identity of the service to authenticate at the KeyVault
var azureServiceTokenProvider = new AzureServiceTokenProvider();
using var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
configurationBuilder.AddAzureKeyVault($"https://{keyVaultName}.vault.azure.net/", keyVaultClient, new DefaultKeyVaultSecretManager());
}
else if (hostingEnvironment.IsDevelopment())
{
// for development we use the local secret store as a fallback if not KeyVaultName is provided
// see: https://docs.microsoft.com/en-us/aspnet/core/security/app-secrets?view=aspnetcore-3.1
configurationBuilder.AddUserSecrets <Startup>();
}
}
private static IConfigurationBuilder ConfigureEnvironment(IHostEnvironment hostingEnvironment, IConfigurationBuilder configurationBuilder)
{
var configurationRoot = configurationBuilder.Build();
var configurationService = configurationRoot.GetConnectionString("ConfigurationService");
if (!string.IsNullOrEmpty(configurationService))
{
// the configuration service connection string can either be an Azure App Configuration
// service connection string or a file uri that points to a local settings file.
configurationRoot = configurationBuilder
.AddConfigurationService(configurationService, true)
.Build(); // refresh configuration root to get configuration service settings
}
var keyVaultName = configurationRoot["KeyVaultName"];
if (!string.IsNullOrEmpty(keyVaultName))
{
#pragma warning disable CA2000 // Dispose objects before losing scope
// we use the managed identity of the service to authenticate at the KeyVault
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(
new KeyVaultClient.AuthenticationCallback(
azureServiceTokenProvider.KeyVaultTokenCallback));
//configurationBuilder.AddAzureKeyVault(
// $"https://{keyVaultName}.vault.azure.net/",
// keyVaultClient,
// new DefaultKeyVaultSecretManager());
#pragma warning restore CA2000 // Dispose objects before losing scope
}
else if (hostingEnvironment.IsDevelopment())
{
// for development we use the local secret store as a fallback if not KeyVaultName is provided
// see: https://docs.microsoft.com/en-us/aspnet/core/security/app-secrets?view=aspnetcore-3.1
configurationBuilder.AddUserSecrets <Startup>();
}
return(configurationBuilder);
}
