A walkthrough for how to create a basic .NET Core 8 app for App Service w/ Key Vault & Application Insights

creating-an-app-service-with-key-vault-and-application-insights.md

Creating an App Service w/ Key Vault & Application Insights

1. Create your App Service, Key Vault, and Application Insights

   1. Copy the Key Vault's "Vault URI" for later
   2. Copy the Application Insights' "Connection String" for later

2. In the App Service's "Identity", turn the "System assigned" "Status" to "On"

3. In the App Service's "Configuration", create a "New application setting" with value "KeyVaultURI", and value of the "Vault URI" you copied in step 1

4. In the Key Vault's "Access control (IAM)", "Add > Add role assignment", add two things:

   1. Under "Job function roles", find "Key Vault Administrator"; under "Members", find yourself
   2. Under "Job function roles", find "Key Vault Secrets User" ; under "Members" find the "Managed identity" that is your App Service

5. In the Key Vault's "Secrets", add a secret with name "ApplicationInsights--ConnectionString" and value of the Application Insights' "Connection String" you copied in step 1

6. In your .NET Core application, add the following to Program.cs:

   // for prod, expected to be set in App Service's environment variables:
   if (builder.Configuration["KeyVaultURI"] is { } keyVaultURI)
   {
       builder.Configuration.AddAzureKeyVault(
           new Uri(keyVaultURI),
           new DefaultAzureCredential(),
           new DoubleDashSecretManager()
       );
   }
   
   builder.Services.AddApplicationInsightsTelemetry();

7. Create the DoubleDashSecretManager class as follows:

   public class DoubleDashSecretManager: KeyVaultSecretManager
   {
       public override string GetKey(KeyVaultSecret secret)
           => secret.Name.Replace("--", ConfigurationPath.KeyDelimiter);
   }

8. Ya done!