Search code examples
c#azureweb-configazure-keyvaultapplication-settings

pull value from Key Vault to use in local dev web.config

I want to store a secret in Azure Key vault, pull into the application settings in an app service (which is working) and when I run the app I can retrieve the data.

Now I want to obtain this value in my local development using visual studio

Thanks to help from this video: https://www.youtube.com/watch?v=vEaCnhvggz0

If you skip to the 9 min mark I was able to

  • link the KV to the app service using managed identity
  • store a value in my KV
  • pull the value from KV and use as an app setting (on the app service) - which is then displayed as a Key Vault Reference in the source

enter image description here

Using the value for this as:

@Microsoft.KeyVault(SecretUri=https://keyVaultName/secrets/SecretName/1121283182091283/)

enter image description here

Then reference Secret_Value in code using:

in my web.config:

<add key="Secret_Value" value="localDev" />

C#

var Secret = ConfigurationManager.AppSettings["Secret_Value"];

which when I run the app locally on VS this returns 'localDev' but correctly when I run on app service this returns the value from the KV

How do I grab the value on my local dev? because obv I cant do this:

<add key="Secret_Value" value="@Microsoft.KeyVault(SecretUri=https://keyVaultName/secrets/SecretName/1121283182091283/)" />

Is this possible? I know I can add KeyVault as Nuget package and obtian with something like:

   var client = new SecretClient(new Uri(keyVaultURL), new DefaultAzureCredential());
        var secret = client.GetSecret(CRM_Secret_KeyVaultName);

but I dont want this.

I want to pull the value from the local webconfig directly from the KV, is this possible? Without writing any extra code? thanks for any replies

Solution

  • so is there anyway to do it from local without writing code?

    • We cannot directly bind the Key Vault reference in the local configuration file.

    • I have tried to set and retrieve the secret with reference in local.

    You can see it is not working.

    enter image description here

    • When you configure Key Vault from Connected Service locally, by default it installs the related NuGet Packages to access the Key Vault (by default it is the only option available locally).

    enter image description here

    In this case you can separate the local and production configurations.

    • You can store the secret value directly in the local configuration file (Web.config).

    enter image description here

    OR

    You can set the secret values in secrets.xml.

    enter image description here

    • And can continue with the key vault reference in the deployed App Service Application settings (which you have already done) without any code.

    AFAIK, you can retrieve the Azure Key Vault secrets either with code or with Key Vault Reference in the deployed Azure App Service only.

    Thanks @RyanHill-MSFT for the comment.

    Key Vault is a hosted service and therefore can't be used in local development. It is recommended that development secrets be used.

    You can also refer the GitHub link which explains the same.