/// <summary>
/// Use key vault for application configuration. This provides a secure way of retrieving secrets at runtime (connection strings, passwords etc.)
/// </summary>
/// <param name="dependencyResolver">The dependency resolver</param>
/// <param name="clientId">Client ID of the Azure AD application associated with the key vault (must be granted read access to secrets)</param>
/// <param name="clientSecret">Client secret of the Azure AD application associated with the key vault (must be granted read access to secrets)</param>
/// <param name="vaultUri">The URI of the key vault e.g. https://mykeyvault.vault.azure.net</param>
/// <param name="useKeyVaultExclusively">Defaults to false in which case only application keys not found in the local configuration (app settings, cscfg etc.) will be looked up in the vault. True if everything should be looked up in the vault.</param>
/// <param name="checkIfKeyVaultKeyExistsBeforeGet">If true then this checks if the key exists in the vault before attempting a get. This is expensive but currently helps with Powershell sync context / message pump issues.</param>
/// <returns>The dependency resolver confiugred with a key vault used for application configuration</returns>
public static IDependencyResolver UseKeyVaultApplicationConfiguration(this IDependencyResolver dependencyResolver,
string clientId,
string clientSecret,
string vaultUri,
bool useKeyVaultExclusively=false,
bool checkIfKeyVaultKeyExistsBeforeGet=false)
{
IConfiguration existingConfiguration = null;
if (!useKeyVaultExclusively)
{
existingConfiguration = dependencyResolver.Resolve<IConfiguration>();
}
IConfiguration keyVaultConfiguration = new KeyVaultConfiguration(
new KeyVault.Implementation.KeyVault(clientId, clientSecret, vaultUri, checkIfKeyVaultKeyExistsBeforeGet),
dependencyResolver.Resolve<IKeyVaultConfigurationKeyEncoder>(),
existingConfiguration);
dependencyResolver.Register(() => keyVaultConfiguration);
return dependencyResolver;
}
