asp.net core 3.1 - changing package from "Microsoft.Extensions.Configuration.AzureKeyVault" To "Azure.Extensions.AspNetCore.Configuration.Secrets"

Question

I am using nuget Microsoft.Extensions.Configuration.AzureKeyVault and I am using below code for asp.net core 3.1 in Program.cs,

I am doing custom certificate authentication for azure keyVault. Also using custom secret management.

   public static IHostBuilder CreateHostBuilder(string[] args) =>
        Host.CreateDefaultBuilder(args)
            .ConfigureAppConfiguration((context, config) =>
            {
                    config.AddAzureKeyVault(new AzureKeyVaultConfigurationOptions
                    {
                        Vault = "key vault url",
                        ReloadInterval = TimeSpan.FromSeconds(15),
                        //authenticate with custom certificate
                        Client = new KeyVaultClient(CustomCertificateAuthenticationCallback),
                        Manager = new CustomKeyVaultSecretManager()
                    });
                }
            })
            .ConfigureWebHostDefaults(webBuilder =>
            {
                webBuilder.UseStartup<Startup>();
            }); 

The package Microsoft.Extensions.Configuration.AzureKeyVault is deprecated and I have uninstalled this package and installed the updated one Azure.Extensions.AspNetCore.Configuration.Secrets. After switching to this package I am NOT able to figure our how to use custom validation and how to pass keyvault url

question from:https://stackoverflow.com/questions/65858151/changing-package-from-microsoft-extensions-configuration-azurekeyvault-to-azu

Answer 1

You could try SecretClient method, and refer to this official document about Azure Key Vault Configuration Provider.

using Azure.Security.KeyVault.Secrets;
using Azure.Identity;
using Azure.Extensions.AspNetCore.Configuration.Secrets;

public static IHostBuilder CreateHostBuilder(string[] args) =>
    Host.CreateDefaultBuilder(args)
        .ConfigureAppConfiguration((context, config) =>
        {
            if (context.HostingEnvironment.IsProduction())
            {
                var builtConfig = config.Build();
                var secretClient = new SecretClient(new Uri($"https://{builtConfig["KeyVaultName"]}.vault.azure.net/"),
                                                         new DefaultAzureCredential());
                config.AddAzureKeyVault(secretClient, new KeyVaultSecretManager());


            }
        })
        .ConfigureWebHostDefaults(webBuilder =>
        {
            webBuilder.UseStartup<Startup>();
        });

SecretClient doesn't support AuthenticationCallback(Microsoft.Azure.KeyVault.KeyVaultClient.AuthenticationCallback).

If you would like to authenticate with certificate, you could new TokenCredential with Azure.Identity.ClientCertificateCredential.

X509Certificate2 cer = new X509Certificate2(certPath, pfxpassword, X509KeyStorageFlags.EphemeralKeySet);
var secretClient = new SecretClient(new Uri($"https://{builtConfig["KeyVaultName"]}.vault.azure.net/"),
                                            new ClientCertificateCredential(tenantID, clientID, cer);