Reputation: 171
How to configure Azure KeyVault refresh interval with the Azure.Security.KeyVault libraries
I am trying to configure a periodic refresh of Key Vault values. My original code generated by Visual Studio looks like this
var keyvaultEndpoint = new Uri($"https://{vaultName}.vault.azure.net/");
config.AddAzureKeyVault(
keyVaultEndpoint,
new DefaultAzureCredential()
);
I found one of the extension methods accepts an object of type AzureKeyVaultConfigurationOptions which has a TimeSpan property named ReloadInterval. It turns out this extension method was a part of Microsoft's older SDK that has been replaced as discussed in this SO post. In case the post disappears, the OP encountered this error, which talks about the package "Microsoft.Azure.KeyVault" being replaced with "Azure.Security.KeyVault" and they recommend moving to the latest code. Since AzureKeyVaultConfigurationOptions is an SDK v3 object it is no longer recommended.
So if AzureKeyVaultConfigurationOptions is not included in the new SDK, what is the recommended way to set a reload interval?
Upvotes: 2
Views: 3667
Answers (2)
Reputation: 1186
It is possible actually using Azure.Extensions.AspNetCore.Configuration.Secrets. (Tested with 1.0.2)
As follows:
config.AddAzureKeyVault(
new Uri(Configuration["KeyVault:URI"]),
new DefaultAzureCredential(
new DefaultAzureCredentialOptions
{
ExcludeSharedTokenCacheCredential = true,
VisualStudioTenantId = Configuration["AzureAd:TenantId"]
}),
new AzureKeyVaultConfigurationOptions()
{
ReloadInterval = TimeSpan.FromMinutes(15)
}
);
Upvotes: 4
Reputation: 7483
As you can see in the document, ReloadInterval is only used for v3. In the version 4.x.x, there is a similar class for the delay of retry attempts.
RetryOptions class is the set of options that can be specified to influence how retry attempts are made, and a failure is eligible to be retried. Delay means the delay between retry attempts for a fixed approach. The following shows how to use it in Secret, it can also used for Certificates and Keys.
SecretClientOptions options = new SecretClientOptions()
{
Retry =
{
Delay= TimeSpan.FromSeconds(2),
MaxDelay = TimeSpan.FromSeconds(16),
MaxRetries = 5,
Mode = RetryMode.Exponential
}
};
var client = new SecretClient(new Uri("https://<your-unique-key-vault-name>.vault.azure.net/"), new DefaultAzureCredential(),options);
KeyVaultSecret secret = client.GetSecret("mySecret");
string secretValue = secret.Value;
Upvotes: 1
Related Questions
- Token Refresh to Azure KeyVault Access
- Azure Key Vault configuration section in .NET Core
- Azure KeyVault Configuration Provider reload values on change
- Azure KeyVault Enable or disable secret key from c#
- How can we configure Near Expiry Event time in Azure Key Vault?
- Is there a way to notify the web app about key vault secret's updates before cache expires
- Set expiry in Azure key vault secret
- Azure KeyVault expiration date update
- How do you manually renew a certificate in AzureKeyValut
- Updating KeyVault Access policy with c#