Introduction

.Net Aspire framework is used to develop cloud and production-ready distributed applications. It consists of components to handle cloud-native concerns such as Redis, Postgres etc.

Prerequisites

Objectives

Learn how to create a starter project using .Net Aspire with the Azure Key Vault.

Github Sample: The solution structure is divided into the following projects

Getting Started

Step 1: Install the following NuGet package

Install the following Nuget package into the subsequent project “DotnetAspireChallenge.AppHost

dotnet add package Aspire.Hosting.Azure.KeyVault

In the above project, register the Azure Key Vault

    var secrets = builder.ExecutionContext.IsPublishMode
        ? builder.AddAzureKeyVault("secrets")
        : builder.AddConnectionString("secrets");

Note: A keyVault connection string is required, which means an Azure KeyVault service should be UP and RUNNING on the Azure cloud.

Step 2: Install another NuGet package

Install the following Nuget package into the subsequent project “DotnetAspireChallenge.ApiService

dotnet add package Aspire.Azure.Security.KeyVault

There are two ways to use Azure KeyVault

For Configuration

Register the context of the Program.cs file as follows

    builder.Configuration.AddAzureKeyVaultSecrets("secrets")

then retrieve the secrets using the IConfiguration class as follows

    public class ExampleService(IConfiguration configuration)
    {
        string secretValue = configuration["secretKey"];
        // Use secretValue ...
    }

For SecretClient

Create an extension class and register a minimal API GET method to demonstrate the SecretClient usage in the API Service

    public static class AspireKeyVaultExtension
    {
    
        public static void MapKeyVaultEndpoint(this WebApplication app)
        {
            app.MapGet("/vault", async (SecretClient secretClient) =>
            {
    
                try
                {
                    // Define the secret name and value
                    string secretName = "mySecret";
                    string secretValue = "This is a secret value";
    
                    // Set the secret
                    KeyVaultSecret secret = new KeyVaultSecret(secretName, secretValue);
    
                    await secretClient.SetSecretAsync(secret);
                    return Results.Ok(await secretClient.GetSecretAsync(secretName));
    
                }
                catch (RequestFailedException e)
                {
                    Console.WriteLine("HTTP error code {0}: {1}", e.Status, e.ErrorCode);
                    Console.WriteLine(e.Message);
                    return Results.Problem($"HTTP error code {e.Status}: {e.Message}");
                }
            });
        }
    }

and finally, register in the Program.cs file

    app.MapKeyVaultEndpoint();

Add additional connection string properties using the JSON syntax

    {
      "Aspire": {
        "Azure": {
          "Security": {
            "KeyVault": {
              "VaultUri": "YOUR_VAULT_URI",
              "DisableHealthChecks": false,
              "DisableTracing": true,
              "ClientOptions": {
                "DisableChallengeResourceVerification": true
              }
            }
          }
        }
      }
    }

Congratulations..!! You’ve successfully integrated the Azure KeyVault component into the .Net Aspire project.

Github Project

GitHub - ssukhpinder/DotnetAspireChallenge: 10 Day .Net Aspire Challenge

More Cheatsheets

Cheat Sheets — .Net

C# Programming🚀

Thank you for being a part of the C# community! Before you leave:

Follow us: Youtube | X | LinkedIn | Dev.to Visit our other platforms: GitHub More content at C# Programming