Step-by-step guide on how to use the .Net Aspire Azure Key Vault component in Visual Studio.
Introduction
.Net Aspire framework is used to develop cloud and production-ready distributed applications. It consists of components to handle cloud-native concerns such as Redis, Postgres etc.
Prerequisites
Install .Net 8
Install Visual Studio 2022 version 17 or higher
.Net Aspire Workload
Container runtime such as Docker Desktop
10 Day .Net Aspire Challenge
Objectives
Learn how to create a starter project using .Net Aspire with the Azure Key Vault.
Github Sample: The solution structure is divided into the following projects
DotnetAspireChallenge.ApiService
DotnetAspireChallenge.AppHost
DotnetAspireChallenge.ServiceDefaults
DotnetAspireChallenge.Web
Getting Started
Step 1: Install the following NuGet package
Install the following Nuget package into the subsequent project “DotnetAspireChallenge.AppHost”
dotnet add package Aspire.Hosting.Azure.KeyVault
In the above project, register the Azure Key Vault
var secrets = builder.ExecutionContext.IsPublishMode
? builder.AddAzureKeyVault("secrets")
: builder.AddConnectionString("secrets");
Note: A keyVault connection string is required, which means an Azure KeyVault service should be UP and RUNNING on the Azure cloud.
Step 2: Install another NuGet package
Install the following Nuget package into the subsequent project “DotnetAspireChallenge.ApiService”
dotnet add package Aspire.Azure.Security.KeyVault
There are two ways to use Azure KeyVault
Using Configuration
Using SecretClient
For Configuration
Register the context of the Program.cs file as follows
builder.Configuration.AddAzureKeyVaultSecrets("secrets")
then retrieve the secrets using the IConfiguration class as follows
public class ExampleService(IConfiguration configuration)
{
string secretValue = configuration["secretKey"];
// Use secretValue ...
}
For SecretClient
Create an extension class and register a minimal API GET method to demonstrate the SecretClient usage in the API Service
public static class AspireKeyVaultExtension
{
public static void MapKeyVaultEndpoint(this WebApplication app)
{
app.MapGet("/vault", async (SecretClient secretClient) =>
{
try
{
// Define the secret name and value
string secretName = "mySecret";
string secretValue = "This is a secret value";
// Set the secret
KeyVaultSecret secret = new KeyVaultSecret(secretName, secretValue);
await secretClient.SetSecretAsync(secret);
return Results.Ok(await secretClient.GetSecretAsync(secretName));
}
catch (RequestFailedException e)
{
Console.WriteLine("HTTP error code {0}: {1}", e.Status, e.ErrorCode);
Console.WriteLine(e.Message);
return Results.Problem($"HTTP error code {e.Status}: {e.Message}");
}
});
}
}
and finally, register in the Program.cs file
app.MapKeyVaultEndpoint();
Add additional connection string properties using the JSON syntax
{
"Aspire": {
"Azure": {
"Security": {
"KeyVault": {
"VaultUri": "YOUR_VAULT_URI",
"DisableHealthChecks": false,
"DisableTracing": true,
"ClientOptions": {
"DisableChallengeResourceVerification": true
}
}
}
}
}
}
Congratulations..!! You’ve successfully integrated the Azure KeyVault component into the .Net Aspire project.
Github Project
GitHub - ssukhpinder/DotnetAspireChallenge: 10 Day .Net Aspire Challenge
More Cheatsheets
C# Programming🚀
Thank you for being a part of the C# community! Before you leave:
Follow us: Youtube | X | LinkedIn | Dev.to
Visit our other platforms: GitHub
More content at C# Programming
Top comments (0)