MarkRobles · June 21, 2022 14:29
diff --git a/gistfile1.txt b/gistfile1.txt
 1-Create azure key vault (Use AzurePortal or azure CLI and so on)
 2-Create a secret (Use AzurePortal or azure CLI and so on)
 3- Register your app with Azure Active Directory 
 	3.1- Our app gets an identity
 	3.2- Now we can assign vault permissions to our app
 	3.3- App and users requires a token and a secret or certificate to authenticate to keyVault
 	3.4- This seems to be the default flow but with this you also need to keep the user/app secret to authenticate
 	      with key vault somewhere. So to avoid this use Managed identities for azure resources
 4-  Enable Managed Identities (Use Azure portal or CLI) -> Go to your app, select identity tab, select on in the system assigned

 5- Add the following nuget packages to your app:

 dotnet add package Azure.Identity
 dotnet add package Azure.Extensions.AspNetCore.Configuration.Secrets
 dotnet restore

 6. Agrega el siguiente codigo en la clase program:
  public class Program
    {
        public static void Main(string[] args)
        {
            CreateHostBuilder(args).Build().Run();
        }

        public static IHostBuilder CreateHostBuilder(string[] args) =>
            Host.CreateDefaultBuilder(args)
                .ConfigureWebHostDefaults(webBuilder =>
                {
                    webBuilder.UseStartup<Startup>();
                })
              .ConfigureAppConfiguration((context, config) =>
              {
                  // Build the current set of configuration to load values from
                  // JSON files and environment variables, including VaultName.
                  var builtConfig = config.Build();

                  // Use VaultName from the configuration to create the full vault URI.
                  var vaultName = builtConfig["dl-kv-motorpagos"];
                  Uri vaultUri = new Uri("https://dl-kv-motorpagos.vault.azure.net/"); //new Uri($"https://{vaultName}.vault.azure.net/");

                  // Load all secrets from the vault into configuration. This will automatically
                  // authenticate to the vault using a managed identity. If a managed identity
                  // is not available, it will check if Visual Studio and/or the Azure CLI are
                  // installed locally and see if they are configured with credentials that can
                  // access the vault.
                  config.AddAzureKeyVault(vaultUri, new DefaultAzureCredential());
              });
            
    }
 	
  
  7.- Ahora en la clase startup obten tu secret de key vault por su nombre :  
   services.AddDbContext<TratoContext>(options =>
            {
                options.UseSqlServer( Configuration["DefaultConnectionString"]);
            });	
 				//Ese DefaultConnectionString es el nombre con el que lo guardaste en azure key vault
 				
 				
 				
 				
 				References:
 				https://docs.microsoft.com/en-us/learn/modules/manage-secrets-with-azure-key-vault/
 				https://docs.microsoft.com/en-us/aspnet/core/security/key-vault-configuration?tabs=aspnetcore2x&view=aspnetcore-6.0&preserve-view=true&viewFallbackFrom=aspnetcore-2.1
 				https://docs.microsoft.com/en-us/azure/key-vault/
	1-Create azure key vault (Use AzurePortal or azure CLI and so on)
	2-Create a secret (Use AzurePortal or azure CLI and so on)
	3- Register your app with Azure Active Directory
	3.1- Our app gets an identity
	3.2- Now we can assign vault permissions to our app
	3.3- App and users requires a token and a secret or certificate to authenticate to keyVault
	3.4- This seems to be the default flow but with this you also need to keep the user/app secret to authenticate
	with key vault somewhere. So to avoid this use Managed identities for azure resources
	4- Enable Managed Identities (Use Azure portal or CLI) -> Go to your app, select identity tab, select on in the system assigned

	5- Add the following nuget packages to your app:

	dotnet add package Azure.Identity
	dotnet add package Azure.Extensions.AspNetCore.Configuration.Secrets
	dotnet restore

	6. Agrega el siguiente codigo en la clase program:
	public class Program
	{
	public static void Main(string[] args)
	{
	CreateHostBuilder(args).Build().Run();
	}

	public static IHostBuilder CreateHostBuilder(string[] args) =>
	Host.CreateDefaultBuilder(args)
	.ConfigureWebHostDefaults(webBuilder =>
	{
	webBuilder.UseStartup<Startup>();
	})
	.ConfigureAppConfiguration((context, config) =>
	{
	// Build the current set of configuration to load values from
	// JSON files and environment variables, including VaultName.
	var builtConfig = config.Build();

	// Use VaultName from the configuration to create the full vault URI.
	var vaultName = builtConfig["dl-kv-motorpagos"];
	Uri vaultUri = new Uri("https://dl-kv-motorpagos.vault.azure.net/"); //new Uri($"https://{vaultName}.vault.azure.net/");

	// Load all secrets from the vault into configuration. This will automatically
	// authenticate to the vault using a managed identity. If a managed identity
	// is not available, it will check if Visual Studio and/or the Azure CLI are
	// installed locally and see if they are configured with credentials that can
	// access the vault.
	config.AddAzureKeyVault(vaultUri, new DefaultAzureCredential());
	});

	}


	7.- Ahora en la clase startup obten tu secret de key vault por su nombre :
	services.AddDbContext<TratoContext>(options =>
	{
	options.UseSqlServer( Configuration["DefaultConnectionString"]);
	});
	//Ese DefaultConnectionString es el nombre con el que lo guardaste en azure key vault




	References:
	https://docs.microsoft.com/en-us/learn/modules/manage-secrets-with-azure-key-vault/
	https://docs.microsoft.com/en-us/aspnet/core/security/key-vault-configuration?tabs=aspnetcore2x&view=aspnetcore-6.0&preserve-view=true&viewFallbackFrom=aspnetcore-2.1
	https://docs.microsoft.com/en-us/azure/key-vault/