Reputation: 2583
How to integrate a class library in Azure Web App?
I have applications hosted as in Azure app service in a resource group. Similarly, I have various applications hosted in different subscriptions/RGs.
The below code/class library is developed using .Net
using System;
using System.Threading.Tasks;
using Azure.Identity;
using Azure.Security.KeyVault.Secrets;
namespace AKVClassLibrary
{
public class KeyVaultService
{
private readonly string _keyVaultUrl;
private readonly SecretClient _secretClient;
public KeyVaultService(string keyVaultUrl)
{
_keyVaultUrl = keyVaultUrl;
// Using DefaultAzureCredential allows the app to use managed identity for
authentication
_secretClient = new SecretClient(new Uri(_keyVaultUrl), new
DefaultAzureCredential());
}
public async Task<string> GetSecretAsync(string secretName)
{
try
{
KeyVaultSecret secret = await _secretClient.GetSecretAsync(secretName);
return secret.Value;
}
catch (Exception ex)
{
Console.WriteLine($"Error fetching secret: {ex.Message}");
return null;
}
}
}
}
The code will fetch the secret from the Azure Key Vault. How to integrate the class library in the Azure Web Application? So that web application will get the secret from the from the Azure Key vault using the DLL?
Upvotes: 0
Views: 53
Answers (1)
Reputation: 2026
If I understand correctly, you want to build the Class Library - with fixed _keyVaultUrl and other applications can refer without specify or understand how _keyVaultUrl looks like. The generated DLL you may need to deploy it individually and does not remove any existing files in the destination directory, read more at https://learn.microsoft.com/en-us/azure/app-service/deploy-zip?tabs=cli#deploy-individual-files
You may also restart app service to get secret again
Actually, I would prefer expose the _keyVaultUrl and do handling add/retrieve secret in Configuration. There is completely secured because you can use Managed Identity - which allow authenticating Azure Key Vault from App Service, thus even with being leaked, user has no idea to authenticate and use _keyVaultUrl basically
https://learn.microsoft.com/en-us/azure/key-vault/general/tutorial-net-create-vault-azure-web-app?tabs=azure-cli
Upvotes: 1
Related Questions
- What is the difference between .NET Core and .NET Standard Class Library project types?
- "Key vault reference error" in azure web app configuration setting
- Update the secret identifier URL in the application settings of a azure web app
- Docker-compose with secrets from Azure key-vault secret in multi-container linux web app
- How do I access an Azure KeyValut from an .Net Framework Asp.Net application hosted in an Azure App Service?
- Azure Active Directory app service can't connect to Azure Keyvault using user creds/token
- Azure Key Vault reference in Azure App Service
- “Key vault access denied” in azure web app configuration setting
- SecretClient class in azure-keyvault-secrets python package throws unexpected errir