public AzureKeyvaultService(IOptions <KeyvaultSettings> keyvaultOptions, AzureServiceTokenProvider azureServiceTokenProvider)
{
/*
* The AzureServiceTokenProvider class (which is part of Microsoft.Azure.Services.AppAuthentication) tries the following methods to get an access token:-
* 1. Managed Service Identity (MSI) - for scenarios where the code is deployed to Azure, and the Azure resource supports MSI.
* 2. Azure CLI (for local development) - Azure CLI version 2.0.12 and above supports the get-access-token option. AzureServiceTokenProvider uses this option to get an access token for local development.
* 3. Active Directory Integrated Authentication (for local development). To use integrated Windows authentication, your domain’s Active Directory must be federated with Azure Active Directory. Your application must be running on a domain-joined machine under a user’s domain credentials.
*/
_azureServiceTokenProvider = azureServiceTokenProvider;
_keyvaultSettings = keyvaultOptions.Value;
}
public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.ConfigureAppConfiguration((context, config) =>
{
var builtConfig = config.Build();
var keyvaultSettings = new KeyvaultSettings();
builtConfig.Bind("Keyvault", keyvaultSettings);
var keyVaultConfig = new ConfigurationBuilder()
.AddAzureKeyVault(
keyvaultSettings.Uri,
keyvaultSettings.AppId,
keyvaultSettings.Secret)
.Build();
config.AddConfiguration(keyVaultConfig);
})
.UseStartup <Startup>();
