Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Azure KeyVault Configuration Provider reload values on change

Tags:

c#

.net

asp.net-core

azure

azure-keyvault

I'm using Azure Key Vault Configuration Provider to read some secrets at app startup. The secrets however keep rotating throughout the day and I want to be able to reload the new values when this rotation happens.

What I'm talking about is similar to the reloadOnChange api 

.ConfigureAppConfiguration((context, config) =>
{
    config.AddJsonFile("appsettings.json", reloadOnChange: true);
})

Is this possible at all?

This is a webapi project so in practice, I could get away with manually reloading the values for every HttpRequest if that's better/more feasibe.

like image 832
reggaemahn Avatar asked Jun 29 '19 01:06

reggaemahn

3 Answers

Using Microsoft.Extensions.Configuration.AzureKeyVault (v3) you can do the following:

configurationBuilder.AddAzureKeyVault(new AzureKeyVaultConfigurationOptions
{
    Vault = configuration["KeyVaultUrl"],
    ReloadInterval = TimeSpan.FromMinutes(10),
    Client = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(
       new AzureServiceTokenProvider().KeyVaultTokenCallback))
});

Now when you request for IConfiguration in your services, the KeyVault secrets will be available and refreshed based on your reload interval.

like image 147
Bobby Koteski Avatar answered Oct 13 '22 02:10

Bobby Koteski

Secrets are cached until IConfigurationRoot.Reload() is called. Expired, disabled, and updated secrets in the key vault are not respected by the app until Reload is executed.

Configuration.Reload();

For more details, you could refer to this article.

like image 44
Joey Cai Avatar answered Oct 13 '22 00:10

Joey Cai

Same thing as Bobby Koteski proposed, but with a newer Azure.Extensions.AspNetCore.Configuration.Secrets package, as Microsoft.Extensions.Configuration.AzureKeyVault is deprecated.

ReloadInterval is a time to wait between attempts at polling the Azure Key Vault for changes.

configurationBuilder.AddAzureKeyVault(
    new SecretClient(
        new Uri(configuration["KeyVaultBaseUrl"]),
        new ManagedIdentityCredential(configuration["UserAssignedManagedIdentityClientId"])
    ),
    new AzureKeyVaultConfigurationOptions()
    {
        ReloadInterval = TimeSpan.FromSeconds(1000)
    }
);

And a link to a source code to see how it actually works :)

like image 2
Philip Vrazhevski Avatar answered Oct 13 '22 00:10

Philip Vrazhevski
Sign in to Comment

Related questions

ASP.Net Core filters with arguments and DI
Error on using Fody [ImplementPropertyChanged]
What is a difference between "foo is null" and "foo == null"
Guid property on Mysql Entity Framework
chaining methods in base and derived class
Use the dynamic keyword/.NET 4.6 feature in Unity
Xamarin Button Command (inside of ListView.ItemTemplate) Not Firing
How to get default value of auto property in C# using reflection?
Unity aircraft physics
How to use autofac in an UWP app?
Thread.Sleep(-1)
And operator in MongoDB to perform query with multi-filters using the official .NET driver
Using Unity instead of ASP.Net Core DI IServiceCollection
How to Split ConfigureServices method (of Startup) into multiple files
In Which .Net Framework Version C# 7.2 is Available
More Elegant LINQ Alternative to Foreach Extension
Named tuple in dictionary?
How to get form data from Postman To WebApi
No Definition for GetQueryNameValuePairs in Azure Function
How can I change a bool to a 0 or a 1, can I cast it?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!