- Introduction into managing Application Secrets in Azure App Configuration Service with .NET Core (current post)
- Managing Application Secrets in Azure App Configuration Service with .NET Core Code Walkthrough (next)
Whether you are writing an ASP.NET Core website or a new .NET Core based application that will be run somewhere in the cloud you are almost always confronted with the question of where to reliably and securely store the application secrets.
With the introduction of Microsoft.Extensions.Configuration Microsoft has introduced an extensible configuration model that can be extended by different configuration providers. Those configuration providers by default allow to load application specific settings like appsettings.json
appsettings.{Environment}.json
Generally, the
For local
For storing and testing Azure test and production secrets Microsoft recommendation was to use the Azure Key Vault configuration provider. With the key vault provider sensitive information is stored in the highly secure Azure Key Vault service. The approach allows you to combine it with Managed identities for Azure resources to authenticate the app to Azure Key Vault with Azure AD authentication without credentials stored in the application code. KeyVault though does not provide higher level functionality like
- Managing and distributing of hierarchical configuration data for different environments and geographies
- Dynamic configuration changes without redeploying or restarting an application
- Feature management
If such functionality was desired it had to be built with custom infrastructure on top of KeyVault. With the recently introduced App Configuration Service in Azure (currently in preview) these days are over! The service offers the following benefits:
- A fully managed service that can be set up in minutes.
- Flexible key representations and mappings.
- Tagging with labels.
Point-in-time replay of settings.- Comparison of two sets of configurations on custom-defined dimensions.
- Enhanced security through Azure-managed identities.
- Complete data encryptions, at rest or in transit.
- Native integration with popular frameworks.
The .NET App.config
In the next installment I will walk through a .NET Core application using the Generic Host leveraging the App Configuration service to manage and dynamically reload secrets.
(1) You don’t have to search to far to find an example. A pull request that contains code reading Environment variables within a unit test automatically executed by a build environment might already be enough.
[…] Introduction into managing Application Secrets in Azure AppConfiguration Service with .NET Core (Daniel Marbach) […]
[…] Introduction into managing Application Secrets in Azure AppConfiguration Service with .NET Core – Daniel Marbach […]
[…] Introduction into managing Application Secrets in Azure App Configuration Service with .NET Core (pr… […]
Great article!
I am Using featureamanager config in app configuration in my asp.netcore webapi project.
All works fine injecting IFeatureManager in controller but in local environment I am not able to read configuration from app config store service. If I put the same settings in app.settings it works. But that’s what we need to get rid of. Even after deployment also it doesn’t work.
Could you please help.
Hi Praveen
Do you have the code somewhere available so that I could have a look at it?
Regards
Daniel