/// <summary> /// Configures the application. /// </summary> /// <param name="builder">The <see cref="IConfigurationBuilder"/> to configure.</param> /// <param name="context">The <see cref="HostBuilderContext"/> to use.</param> /// <returns> /// The <see cref="IConfigurationBuilder"/> passed as the value of <paramref name="builder"/>. /// </returns> public static IConfigurationBuilder ConfigureApplication(this IConfigurationBuilder builder, HostBuilderContext context) { builder.AddApplicationInsightsSettings(developerMode: context.HostingEnvironment.IsDevelopment()); // Build the configuration so far IConfiguration config = builder.Build(); // Get the settings for Azure Key Vault string vault = config["AzureKeyVault:Uri"]; string clientId = config["AzureKeyVault:ClientId"]; string clientSecret = config["AzureKeyVault:ClientSecret"]; // Can Managed Service Identity be used instead of direct Key Vault integration? bool canUseMsi = !string.Equals(config["WEBSITE_DISABLE_MSI"], bool.TrueString, StringComparison.OrdinalIgnoreCase) && !string.IsNullOrEmpty(config["MSI_ENDPOINT"]) && !string.IsNullOrEmpty(config["MSI_SECRET"]); bool canUseKeyVault = !string.IsNullOrEmpty(vault) && (canUseMsi || (!string.IsNullOrEmpty(clientId) && !string.IsNullOrEmpty(clientSecret))); if (canUseKeyVault) { var manager = new AzureEnvironmentSecretManager(config.AzureEnvironment()); if (canUseMsi) { #pragma warning disable CA2000 var provider = new AzureServiceTokenProvider(); var client = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(provider.KeyVaultTokenCallback)); builder.AddAzureKeyVault(vault, client, manager); #pragma warning restore CA2000 } else { builder.AddAzureKeyVault( vault, clientId, clientSecret, manager); } } return(builder); }
/// <summary> /// Configures the application. /// </summary> /// <param name="builder">The <see cref="IConfigurationBuilder"/> to configure.</param> /// <param name="context">The <see cref="HostBuilderContext"/> to use.</param> /// <returns> /// The <see cref="IConfigurationBuilder"/> passed as the value of <paramref name="builder"/>. /// </returns> public static IConfigurationBuilder ConfigureApplication(this IConfigurationBuilder builder, HostBuilderContext context) { builder.AddApplicationInsightsSettings(developerMode: context.HostingEnvironment.IsDevelopment()); // Build the configuration so far IConfiguration config = builder.Build(); // Get the settings for Azure Key Vault string vault = config["AzureKeyVault:Uri"]; string clientId = config["AzureKeyVault:ClientId"]; string clientSecret = config["AzureKeyVault:ClientSecret"]; string tenantId = config["AzureKeyVault:TenantId"]; // Can Managed Service Identity be used instead of direct Key Vault integration? bool canUseMsi = !string.Equals(config["WEBSITE_DISABLE_MSI"], bool.TrueString, StringComparison.OrdinalIgnoreCase) && !string.IsNullOrEmpty(config["MSI_ENDPOINT"]) && !string.IsNullOrEmpty(config["MSI_SECRET"]); bool canUseKeyVault = !string.IsNullOrEmpty(vault) && (canUseMsi || (!string.IsNullOrEmpty(clientId) && !string.IsNullOrEmpty(clientSecret) && !string.IsNullOrEmpty(tenantId))); if (canUseKeyVault) { var manager = new AzureEnvironmentSecretManager(config.AzureEnvironment()); TokenCredential credential; if (canUseMsi) { credential = new ManagedIdentityCredential(); } else { credential = new ClientSecretCredential(tenantId, clientId, clientSecret); } builder.AddAzureKeyVault(new Uri(vault), credential, manager); } return(builder); }