Check the source code here: github.com/mhdbouk/keyvault-configuration-demo and check my blog post on how to apply the ClientSecret instead of Azure Managed Identity here mdbouk.com/secure-on-premise-net-application-with-azure-key-vault/
That's a lot better and flexible than having the secrets in the azure web app configurations! Love the reload option you can make the application name prefix a config setting as well to avoid hardcoding in the builder 😜not relevant for the key vault demo though lol
What would be the approach when the application itself isn’t running on Azure but for example on premise but I would like to make use of KeyVault for managing secrets, is that possible?
Yes, that is possible. Create a custom application registration on Azure and set up the necessary access policy for it in the KeyVault. Then, you can connect to the KeyVault either by using a secret key (generated within the app registration) or by uploading and utilizing a certificate. In the program.cs file, the configuration is similar but involves different settings: specify ManagedIdentityClientId or replace DefaultAzureCredential with ClientCertificateCredential, and you can take it from there.
I tried to use Azure Key Vaults with one of my project. It's working well on the production with windows server but when I run my app on linux platform there are many bugs about azure and it didn't work.
Check the source code here: github.com/mhdbouk/keyvault-configuration-demo and check my blog post on how to apply the ClientSecret instead of Azure Managed Identity here mdbouk.com/secure-on-premise-net-application-with-azure-key-vault/
Does the CustomSecretManager run every time the reload happens? Or does it only reload if there are changes in the key vault? Great video, by the way!
Many thanks. Very clear.
Thank you 🙌
Thank you
best video so far!
Well, thank you sir! 🙏
Thanks a lot. I also use this method with shared configurations such as authUrl or Blob Storage,... by adding Shared Prefix
Nice one!
That's a lot better and flexible than having the secrets in the azure web app configurations! Love the reload option
you can make the application name prefix a config setting as well to avoid hardcoding in the builder 😜not relevant for the key vault demo though lol
Yes, you are right 😅 It is better to have the prefix/application name as a setting. Glad you liked the video, my friend!
What would be the approach when the application itself isn’t running on Azure but for example on premise but I would like to make use of KeyVault for managing secrets, is that possible?
Yes, that is possible. Create a custom application registration on Azure and set up the necessary access policy for it in the KeyVault. Then, you can connect to the KeyVault either by using a secret key (generated within the app registration) or by uploading and utilizing a certificate. In the program.cs file, the configuration is similar but involves different settings: specify ManagedIdentityClientId or replace DefaultAzureCredential with ClientCertificateCredential, and you can take it from there.
Can you create a video that shows how to create a secret key by group, then show how to access the secret key by group in C# ?
Thanks for the feedback! It sounds like a great topic, Let me see what I can do. Stay tuned!
I tried to use Azure Key Vaults with one of my project. It's working well on the production with windows server but when I run my app on linux platform there are many bugs about azure and it didn't work.
That is strange, in the example that I shared in the video, the app was hosted in a Linux environment. What kind of issues are you facing?