Get started with the Azure Key Vault integration
Esta página aún no está disponible en tu idioma.
Azure Key Vault helps safeguard cryptographic keys and secrets used by cloud applications and services. The Aspire Azure Key Vault integration enables you to connect to existing Azure Key Vault instances.
In this introduction, you’ll see how to install and use the Aspire Azure Key Vault integrations in a simple configuration. If you already have this knowledge, see Azure Key Vault Hosting integration for full reference details.
Set up hosting integration
Section titled “Set up hosting integration”To begin, install the Aspire Azure Key Vault Hosting integration in your Aspire AppHost project. This integration allows you to create and manage Azure Key Vault resources from your Aspire hosting projects:
aspire add azure-keyvaultLa CLI de Aspire es interactiva; asegúrate de seleccionar el resultado adecuado cuando se te pida:
Select an integration to add:
> azure-keyvault (Aspire.Hosting.Azure.KeyVault)> Other results listed as selectable options...#:package Aspire.Hosting.Azure.KeyVault@*<PackageReference Include="Aspire.Hosting.Azure.KeyVault" Version="*" />Next, in the AppHost project, create an Azure Key Vault resource and pass it to the consuming client projects:
var builder = DistributedApplication.CreateBuilder(args);
var keyVault = builder.AddAzureKeyVault("key-vault");
builder.AddProject<Projects.ExampleProject>() .WithReference(keyVault);
// After adding all resources, run the app...
builder.Build().Run();The preceding code adds an Azure Key Vault resource named key-vault to the AppHost project. The WithReference method passes the connection information to the ExampleProject project.
Set up client integration
Section titled “Set up client integration”To use Azure Key Vault from your client applications, install the Aspire Azure Key Vault client integration in your client project:
dotnet add package Aspire.Azure.Security.KeyVault#:package Aspire.Azure.Security.KeyVault@*<PackageReference Include="Aspire.Azure.Security.KeyVault" Version="*" />The client integration provides two ways to access secrets from Azure Key Vault:
- Add secrets to app configuration, using either the
IConfigurationor theIOptions<T>pattern. - Use a
SecretClientto retrieve secrets on demand.
Add secrets to configuration
Section titled “Add secrets to configuration”In the Program.cs file of your client-consuming project, call the AddAzureKeyVaultSecrets extension method on the IConfiguration to add the secrets as part of your app’s configuration:
builder.Configuration.AddAzureKeyVaultSecrets(connectionName: "key-vault");You can then retrieve a secret-based configuration value through the normal IConfiguration APIs, or by binding to strongly-typed classes with the options pattern.
Add an Azure Secret client
Section titled “Add an Azure Secret client”Alternatively, you can use the SecretClient directly to retrieve the secrets on demand:
builder.AddAzureKeyVaultClient(connectionName: "key-vault");Use injected Azure Key Vault properties
Section titled “Use injected Azure Key Vault properties”In the AppHost, when you used the WithReference method to pass an Azure Key Vault resource to a consuming client project, Aspire injects several configuration properties that you can use in the consuming project.
Aspire exposes each property as an environment variable named [RESOURCE]_[PROPERTY]. For instance, the Uri property of a resource called keyvault becomes KEYVAULT_URI.
Use the GetValue() method to obtain these environment variables in consuming projects:
string vaultUri = builder.Configuration.GetValue<string>("KEYVAULT_URI");Use Azure Key Vault resources in client code
Section titled “Use Azure Key Vault resources in client code”After adding the SecretClient to the builder, you can get the SecretClient instance using dependency injection:
public class ExampleService(SecretClient client){ // Use client...}For full details on using the client integration, see Azure Key Vault Client integration.