# AzureKeyVaultResourceExtensions Methods - Package: [Aspire.Hosting.Azure.KeyVault](/reference/api/csharp/aspire.hosting.azure.keyvault.md) - Type: [AzureKeyVaultResourceExtensions](/reference/api/csharp/aspire.hosting.azure.keyvault/azurekeyvaultresourceextensions.md) - Kind: `Methods` - Members: `9` Provides extension methods for adding the Azure Key Vault resources to the application model. ## AddAzureKeyVault(IDistributedApplicationBuilder, string) - Name: `AddAzureKeyVault(IDistributedApplicationBuilder, string)` - Modifiers: `extension` - Returns: `IResourceBuilder` - Source: [GitHub](https://github.com/microsoft/aspire/blob/cbc352350f1a9bafbaff10d14a2c8de4ac186a48/src/Aspire.Hosting.Azure.KeyVault/AzureKeyVaultResourceExtensions.cs#L66-L147) Adds an Azure Key Vault resource to the application model. ```csharp public static class AzureKeyVaultResourceExtensions { public static IResourceBuilder AddAzureKeyVault( this IDistributedApplicationBuilder builder, string name) { // ... } } ``` ## Parameters - `builder` (`IDistributedApplicationBuilder`) The `Hosting.IDistributedApplicationBuilder`. - `name` (`string`) The name of the resource. This name will be used as the connection string name when referenced in a dependency. ## Returns `IResourceBuilder` -- A reference to the `ApplicationModel.IResourceBuilder`1`. ## Remarks By default references to the Azure Key Vault resource will be assigned the following roles: - `KeyVaultBuiltInRole.KeyVaultAdministrator` These can be replaced by calling [AzureKeyVaultResourceExtensions.WithRoleAssignments(IResourceBuilder, IResourceBuilder, KeyVaultBuiltInRole[])](/reference/api/csharp/aspire.hosting.azure.keyvault/azurekeyvaultresourceextensions/methods.md#withroleassignments-iresourcebuilder-t-iresourcebuilder-azurekeyvaultresource-keyvaultbuiltinrole). Managing Secrets: Use the [AzureKeyVaultResourceExtensions.AddSecret(IResourceBuilder, string, IResourceBuilder)](/reference/api/csharp/aspire.hosting.azure.keyvault/azurekeyvaultresourceextensions/methods.md#addsecret-iresourcebuilder-azurekeyvaultresource-string-iresourcebuilder-parameterresource) methods to add secrets to the Key Vault: ```csharp var builder = DistributedApplication.CreateBuilder(args); var vault = builder.AddAzureKeyVault("vault"); // Add a secret from a parameter var secret = builder.AddParameter("secretParam", secret: true); vault.AddSecret("my-secret", secret); // Add a secret from a reference expression var connectionString = ReferenceExpression.Create($"Server={server};Database={db}"); vault.AddSecret("connection-string", connectionString); // Get a reference to an existing secret var existingSecret = vault.GetSecret("existing-secret"); ``` ## ATS metadata ### ATS export - Available to Polyglot AppHosts through the Aspire Type System. ## AddSecret(IResourceBuilder, string, IResourceBuilder) - Name: `AddSecret(IResourceBuilder, string, IResourceBuilder)` - Modifiers: `extension` - Returns: `IResourceBuilder` - Source: [GitHub](https://github.com/microsoft/aspire/blob/cbc352350f1a9bafbaff10d14a2c8de4ac186a48/src/Aspire.Hosting.Azure.KeyVault/AzureKeyVaultResourceExtensions.cs) Adds a secret to the Azure Key Vault resource with the value from a parameter resource. ```csharp public static class AzureKeyVaultResourceExtensions { public static IResourceBuilder AddSecret( this IResourceBuilder builder, string name, IResourceBuilder parameterResource) { // ... } } ``` ## Parameters - `builder` (`IResourceBuilder`) The Azure Key Vault resource builder. - `name` (`string`) The name of the secret. Must follow Azure Key Vault naming rules. - `parameterResource` (`IResourceBuilder`) The parameter resource containing the secret value. ## Returns `IResourceBuilder` -- A reference to the `ApplicationModel.IResourceBuilder`1`. ## ATS metadata ### Ignored by ATS - Excluded from automatic Polyglot export. ## AddSecret(IResourceBuilder, string, ParameterResource) - Name: `AddSecret(IResourceBuilder, string, ParameterResource)` - Modifiers: `extension` - Returns: `IResourceBuilder` - Source: [GitHub](https://github.com/microsoft/aspire/blob/cbc352350f1a9bafbaff10d14a2c8de4ac186a48/src/Aspire.Hosting.Azure.KeyVault/AzureKeyVaultResourceExtensions.cs) Adds a secret to the Azure Key Vault resource with the value from a parameter resource. ```csharp public static class AzureKeyVaultResourceExtensions { public static IResourceBuilder AddSecret( this IResourceBuilder builder, string name, ParameterResource parameterResource) { // ... } } ``` ## Parameters - `builder` (`IResourceBuilder`) The Azure Key Vault resource builder. - `name` (`string`) The name of the secret. Must follow Azure Key Vault naming rules. - `parameterResource` (`ParameterResource`) The parameter resource containing the secret value. ## Returns `IResourceBuilder` -- A reference to the `ApplicationModel.IResourceBuilder`1`. ## ATS metadata ### Ignored by ATS - Excluded from automatic Polyglot export. ## AddSecret(IResourceBuilder, string, ReferenceExpression) - Name: `AddSecret(IResourceBuilder, string, ReferenceExpression)` - Modifiers: `extension` - Returns: `IResourceBuilder` - Source: [GitHub](https://github.com/microsoft/aspire/blob/cbc352350f1a9bafbaff10d14a2c8de4ac186a48/src/Aspire.Hosting.Azure.KeyVault/AzureKeyVaultResourceExtensions.cs#L313-L321) Adds a secret to the Azure Key Vault resource with the value from a reference expression. ```csharp public static class AzureKeyVaultResourceExtensions { public static IResourceBuilder AddSecret( this IResourceBuilder builder, string name, ReferenceExpression value) { // ... } } ``` ## Parameters - `builder` (`IResourceBuilder`) The Azure Key Vault resource builder. - `name` (`string`) The name of the secret. Must follow Azure Key Vault naming rules. - `value` (`ReferenceExpression`) The reference expression containing the secret value. ## Returns `IResourceBuilder` -- A reference to the `ApplicationModel.IResourceBuilder`1`. ## ATS metadata ### Ignored by ATS - Excluded from automatic Polyglot export. ## AddSecret(IResourceBuilder, string, string, IResourceBuilder) - Name: `AddSecret(IResourceBuilder, string, string, IResourceBuilder)` - Modifiers: `extension` - Returns: `IResourceBuilder` - Source: [GitHub](https://github.com/microsoft/aspire/blob/cbc352350f1a9bafbaff10d14a2c8de4ac186a48/src/Aspire.Hosting.Azure.KeyVault/AzureKeyVaultResourceExtensions.cs) Adds a secret to the Azure Key Vault resource with the value from a parameter resource. ```csharp public static class AzureKeyVaultResourceExtensions { public static IResourceBuilder AddSecret( this IResourceBuilder builder, string name, string secretName, IResourceBuilder parameterResource) { // ... } } ``` ## Parameters - `builder` (`IResourceBuilder`) The Azure Key Vault resource builder. - `name` (`string`) The name of the secret resource. - `secretName` (`string`) The name of the secret. Must follow Azure Key Vault naming rules. - `parameterResource` (`IResourceBuilder`) The parameter resource containing the secret value. ## Returns `IResourceBuilder` -- A reference to the `ApplicationModel.IResourceBuilder`1`. ## ATS metadata ### Ignored by ATS - Excluded from automatic Polyglot export. ## AddSecret(IResourceBuilder, string, string, ParameterResource) - Name: `AddSecret(IResourceBuilder, string, string, ParameterResource)` - Modifiers: `extension` - Returns: `IResourceBuilder` - Source: [GitHub](https://github.com/microsoft/aspire/blob/cbc352350f1a9bafbaff10d14a2c8de4ac186a48/src/Aspire.Hosting.Azure.KeyVault/AzureKeyVaultResourceExtensions.cs) Adds a secret to the Azure Key Vault resource with the value from a parameter resource. ```csharp public static class AzureKeyVaultResourceExtensions { public static IResourceBuilder AddSecret( this IResourceBuilder builder, string name, string secretName, ParameterResource parameterResource) { // ... } } ``` ## Parameters - `builder` (`IResourceBuilder`) The Azure Key Vault resource builder. - `name` (`string`) The name of the secret resource. - `secretName` (`string`) The name of the secret. Must follow Azure Key Vault naming rules. - `parameterResource` (`ParameterResource`) The parameter resource containing the secret value. ## Returns `IResourceBuilder` -- A reference to the `ApplicationModel.IResourceBuilder`1`. ## ATS metadata ### Ignored by ATS - Excluded from automatic Polyglot export. ## AddSecret(IResourceBuilder, string, string, ReferenceExpression) - Name: `AddSecret(IResourceBuilder, string, string, ReferenceExpression)` - Modifiers: `extension` - Returns: `IResourceBuilder` - Source: [GitHub](https://github.com/microsoft/aspire/blob/cbc352350f1a9bafbaff10d14a2c8de4ac186a48/src/Aspire.Hosting.Azure.KeyVault/AzureKeyVaultResourceExtensions.cs#L374-L382) Adds a secret to the Azure Key Vault resource with the value from a reference expression. ```csharp public static class AzureKeyVaultResourceExtensions { public static IResourceBuilder AddSecret( this IResourceBuilder builder, string name, string secretName, ReferenceExpression value) { // ... } } ``` ## Parameters - `builder` (`IResourceBuilder`) The Azure Key Vault resource builder. - `name` (`string`) The name of the secret resource. - `secretName` (`string`) The name of the secret. Must follow Azure Key Vault naming rules. - `value` (`ReferenceExpression`) The reference expression containing the secret value. ## Returns `IResourceBuilder` -- A reference to the `ApplicationModel.IResourceBuilder`1`. ## ATS metadata ### Ignored by ATS - Excluded from automatic Polyglot export. ## GetSecret(IResourceBuilder, string) - Name: `GetSecret(IResourceBuilder, string)` - Modifiers: `extension` - Returns: `IAzureKeyVaultSecretReference` - Source: [GitHub](https://github.com/microsoft/aspire/blob/cbc352350f1a9bafbaff10d14a2c8de4ac186a48/src/Aspire.Hosting.Azure.KeyVault/AzureKeyVaultResourceExtensions.cs#L238-L240) Gets a secret reference for the specified secret name from the Azure Key Vault resource. ```csharp public static class AzureKeyVaultResourceExtensions { public static IAzureKeyVaultSecretReference GetSecret( this IResourceBuilder builder, string secretName) { // ... } } ``` ## Parameters - `builder` (`IResourceBuilder`) The Azure Key Vault resource builder. - `secretName` (`string`) The name of the secret. ## Returns `IAzureKeyVaultSecretReference` -- A reference to the secret. ## ATS metadata ### ATS export - Available to Polyglot AppHosts through the Aspire Type System. ## WithRoleAssignments(IResourceBuilder, IResourceBuilder, KeyVaultBuiltInRole[]) - Name: `WithRoleAssignments(IResourceBuilder, IResourceBuilder, KeyVaultBuiltInRole[])` - Modifiers: `extension` - Returns: `IResourceBuilder` - Source: [GitHub](https://github.com/microsoft/aspire/blob/cbc352350f1a9bafbaff10d14a2c8de4ac186a48/src/Aspire.Hosting.Azure.KeyVault/AzureKeyVaultResourceExtensions.cs) Assigns the specified roles to the given resource, granting it the necessary permissions on the target Azure Key Vault resource. This replaces the default role assignments for the resource. ```csharp public static class AzureKeyVaultResourceExtensions { public static IResourceBuilder WithRoleAssignments( this IResourceBuilder builder, IResourceBuilder target, params KeyVaultBuiltInRole[] roles) { // ... } } ``` ## Parameters - `builder` (`IResourceBuilder`) The resource to which the specified roles will be assigned. - `target` (`IResourceBuilder`) The target Azure Key Vault resource. - `roles` (`KeyVaultBuiltInRole[]`) The built-in Key Vault roles to be assigned. ## Returns `IResourceBuilder` -- The updated `ApplicationModel.IResourceBuilder`1` with the applied role assignments. ## Remarks Assigns the KeyVaultReader role to the 'Projects.Api' project. ```csharp var builder = DistributedApplication.CreateBuilder(args); var vault = builder.AddAzureKeyVault("vault"); var api = builder.AddProject("api") .WithRoleAssignments(vault, KeyVaultBuiltInRole.KeyVaultReader) .WithReference(vault); ``` ## ATS metadata ### Ignored by ATS - Excluded from automatic Polyglot export.