DEV Community

Cover image for 10-Day .Net Aspire Challenge: Day 9 — Azure Key Vault
Sukhpinder Singh
Sukhpinder Singh

Posted on • Edited on • Originally published at Medium

10-Day .Net Aspire Challenge: Day 9 — Azure Key Vault

Step-by-step guide on how to use the .Net Aspire Azure Key Vault component in Visual Studio.

Introduction

.Net Aspire framework is used to develop cloud and production-ready distributed applications. It consists of components to handle cloud-native concerns such as Redis, Postgres etc.

Prerequisites

Objectives

Learn how to create a starter project using .Net Aspire with the Azure Key Vault.

Github Sample: The solution structure is divided into the following projects

  • DotnetAspireChallenge.ApiService

  • DotnetAspireChallenge.AppHost

  • DotnetAspireChallenge.ServiceDefaults

  • DotnetAspireChallenge.Web

Getting Started

Step 1: Install the following NuGet package

Install the following Nuget package into the subsequent project “DotnetAspireChallenge.AppHost

dotnet add package Aspire.Hosting.Azure.KeyVault
Enter fullscreen mode Exit fullscreen mode

In the above project, register the Azure Key Vault

    var secrets = builder.ExecutionContext.IsPublishMode
        ? builder.AddAzureKeyVault("secrets")
        : builder.AddConnectionString("secrets");
Enter fullscreen mode Exit fullscreen mode

Note: A keyVault connection string is required, which means an Azure KeyVault service should be UP and RUNNING on the Azure cloud.

Step 2: Install another NuGet package

Install the following Nuget package into the subsequent project “DotnetAspireChallenge.ApiService

dotnet add package Aspire.Azure.Security.KeyVault
Enter fullscreen mode Exit fullscreen mode

There are two ways to use Azure KeyVault

  • Using Configuration

  • Using SecretClient

For Configuration

Register the context of the Program.cs file as follows

    builder.Configuration.AddAzureKeyVaultSecrets("secrets")
Enter fullscreen mode Exit fullscreen mode

then retrieve the secrets using the IConfiguration class as follows

    public class ExampleService(IConfiguration configuration)
    {
        string secretValue = configuration["secretKey"];
        // Use secretValue ...
    }
Enter fullscreen mode Exit fullscreen mode

For SecretClient

Create an extension class and register a minimal API GET method to demonstrate the SecretClient usage in the API Service

    public static class AspireKeyVaultExtension
    {

        public static void MapKeyVaultEndpoint(this WebApplication app)
        {
            app.MapGet("/vault", async (SecretClient secretClient) =>
            {

                try
                {
                    // Define the secret name and value
                    string secretName = "mySecret";
                    string secretValue = "This is a secret value";

                    // Set the secret
                    KeyVaultSecret secret = new KeyVaultSecret(secretName, secretValue);

                    await secretClient.SetSecretAsync(secret);
                    return Results.Ok(await secretClient.GetSecretAsync(secretName));

                }
                catch (RequestFailedException e)
                {
                    Console.WriteLine("HTTP error code {0}: {1}", e.Status, e.ErrorCode);
                    Console.WriteLine(e.Message);
                    return Results.Problem($"HTTP error code {e.Status}: {e.Message}");
                }
            });
        }
    }
Enter fullscreen mode Exit fullscreen mode

and finally, register in the Program.cs file

    app.MapKeyVaultEndpoint();
Enter fullscreen mode Exit fullscreen mode

Add additional connection string properties using the JSON syntax

    {
      "Aspire": {
        "Azure": {
          "Security": {
            "KeyVault": {
              "VaultUri": "YOUR_VAULT_URI",
              "DisableHealthChecks": false,
              "DisableTracing": true,
              "ClientOptions": {
                "DisableChallengeResourceVerification": true
              }
            }
          }
        }
      }
    }
Enter fullscreen mode Exit fullscreen mode

Congratulations..!! You’ve successfully integrated the Azure KeyVault component into the .Net Aspire project.

Github Project

GitHub - ssukhpinder/DotnetAspireChallenge: 10 Day .Net Aspire Challenge

More Cheatsheets

Cheat Sheets — .Net

C# Programming🚀

Thank you for being a part of the C# community! Before you leave:

Follow us: Youtube | X | LinkedIn | Dev.to
Visit our other platforms: GitHub
More content at C# Programming

Top comments (0)