public void Configure(IWebJobsBuilder builder)
{
var tempProvider = builder.Services.BuildServiceProvider();
var config = tempProvider.GetRequiredService <IConfiguration>();
builder.AddAzureKeyVault(config["AzureKeyVault_Uri"]);
}
public void Configure(IWebJobsBuilder builder)
{
var tempProvider = builder.Services.BuildServiceProvider();
var config = tempProvider.GetRequiredService <IConfiguration>();
// NOTE: This is *only* for local dev & demos - as we now have a secret in our code... again ;-(
// For production use a MSI
builder.AddAzureKeyVault(config["KeyVaultUrl"], config["KeyVaultClientId"], config["KeyVaultClientSecret"]);
}
/// <summary>
/// Adds an <see cref="T:Microsoft.Extensions.Configuration.IConfigurationProvider" /> that reads configuration values from the Azure KeyVault using Managed Service Identity.
/// </summary>
/// <param name="builder">The <see cref="IWebJobsBuilder" /> to add to.</param>
/// <param name="vault">The Azure KeyVault uri.</param>
/// <returns></returns>
public static IWebJobsBuilder AddAzureKeyVault(this IWebJobsBuilder builder, string vault)
{
if (builder == null)
{
throw new ArgumentNullException(nameof(builder));
}
if (String.IsNullOrWhiteSpace(vault))
{
throw new ArgumentException("Vault can not be null or whitespace.", nameof(vault));
}
return(builder.AddAzureKeyVault(configurationBuilder =>
{
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var callback = new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback);
var keyVaultClient = new KeyVaultClient(callback, new HttpClient());
configurationBuilder.AddAzureKeyVault(vault, keyVaultClient, new DefaultKeyVaultSecretManager());
return keyVaultClient;
}));
}