Search code examples
c#azure-keyvaultazure-app-configuration

How can I retrieve the KeyVault URIs from Azure AppConfig in C# without retrieving the Secret Value?

I'm trying to retrieve the Values of an Azure App Config instance which includes KeyVault Reference values.

In my instances, I want to be able to tell which of the values are secured in KeyVault, and which KeyVault secret they are referring to.

As it currently stands, I'm using an IConfiguration object along with the GetChildren method to recursively loop through the sections and retrieve the values.

The child object is an IConfigurationSection object which only appears to have Key, Value and Path properties.

I am finding that the resulting output tells me the Secret value from KeyVault and NOT the Reference URI (which is what I'm after).

Does anyone have any ideas?

Code below:

IConfiguration config = new ConfigurationBuilder()
    .AddAzureAppConfiguration(options =>
    {
        options.Connect(connectionStringToAppConfig);
        options.ConfigureKeyVault(kv => kv.SetCredential(new DefaultAzureCredentials()));
        // other options ...
    })
    .Build();

foreach (var section in config_Source.GetChildren())
{
    if(section.ToString() == "Microsoft.Extensions.Configuration.ConfigurationSection")
    {
        foreach (var sectionChild in section.GetChildren())
        {
            // this is the KeyVault SECRET VALUE
            // What I REALLY want is the KeyVault "Reference URI" ??
            var keyValue = sectionChild.Value;
        }
    }

}

Note - the reason for this is that I'm creating a C# application to copy and migrate Azure App Configurations between Tenants - I don't want to get into the weeds over whether that is the way to do it or not, there are complications involved and this is my only blocker.

Thank you in advance!

Solution

  • For the scenario you described (copy and migrate Azure App Configurations between Tenants), you should use the ConfigurationClient from Azure.Data.AppConfiguration. It gives you access to the raw key-values stored in App Configuration. You can find sample code from here.

    Alternatively, just for your consideration, you can also use the import/export functionality in App Configuration. You can export all data from one store using the KVSet file content type and import the file to another store.