Reputation: 221
How to use Azure KeyVault reference for connectionString in an App
UPDATE: FIX IS IN MY COMMENT BELOW. Could moderators please pin that as an answer. Thanks!
I am trying to set up an Azure KeyVault without making any code changes to my Web.Config file. I have a web app that has a SQL database for data storage and I'm trying to replace the connectionString in such a way so that it is dynamically injected during the deployment of the app using the Azure App Service configuration. I am using a reference to my key vault secret to refer to this in my App service configuration. However, I am unable to access the data, and I get the following error:
https://i.sstatic.net/oBx8H.jpg
I've tried the following:
- Create the KeyVault instance
- Add a secret to the KeyVault
- Give access to the web application to be able to access this KeyVault using Azure Active Directory. I created a new app registration, assigned the access policy of the key vault to give this active directory all the rights to be able to access/set/get/list the secrets.
- Integrate Key Vault in my Azure App Service by going to my app service and going to configuration and adding the connection string as follows:
https://i.sstatic.net/RMyAg.jpg
As you can see, I'm using a reference from the KeyVault in this form:
@Microsoft.KeyVault(SecretUri=https://xxx.vault.azure.net/secrets/mysecret/xxxzxxzxxzxzx)
I even tried using a reference like this:
@Microsoft.KeyVault(VaultName=xxx-kv-arm;SecretName=connectionString;SecretVersion=xxx)
in my Azure App Service configuration to access the secret from the key vault and pass it as a connectionString during deployment.
My Web.config:
<?xml version="1.0" encoding="utf-8"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=301880
-->
<configuration>
<configSections>
<!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
<section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
</configSections>
<connectionStrings>
<add name="SchoolContext" connectionString=" " providerName="System.Data.SqlClient" />
</connectionStrings>
<appSettings>
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
</appSettings>
</configuration>
What exactly am I doing wrong?
Upvotes: 3
Views: 4647
Answers (1)
Reputation: 15629
However, I do not see this app service in my azure active directory, any clues as to why this is?
You can find the app under Enterprise applications, remember to set the application type to All applications.
The issue is solved by the op, just add it to the answer to make it visible to others.
Go to App service, go to Identity and then enable system assigned identity. This will allow us to go to my Key Vault instance and configure access policies for this App service itself instead of the new Azure Active Directory.
Here is the document for your reference.
Upvotes: 1
Related Questions
- Azure Service Bus Connection String in KeyVault
- Use Key vault to store default connection string of ABP Framework
- Azure Key Vault - Storage and Access for Connection Strings
- How to set Key Vault integration in MVC Asp.net application for connection string per environment
- How to set a connection string for web app in arm template that references a keyvault?
- How to get connection string out of Azure KeyVault?
- How to reference a key-vault secret in a part of the connection string in Azure Functions/apps
- What does the connectionString attribute look like in AzureKeyVault ConfigurationBuilder?
- Storing SQL Database Connection Strings in Azure Key Vault
- Securing connection strings and app settings in an Azure App - how to use them locally