Skip to content
/ wl-extensions-configuration-secrets Public

Allows storing configuration values in Azure Key Vault Secrets, using the right Azure credentials based on the current environment.

License

Apache-2.0 license
3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

workleap/wl-extensions-configuration-secrets

BranchesTags

Repository files navigation

Workleap.Extensions.Configuration.Secrets

nuget build

This package allows storing configuration values in Azure Key Vault Secrets, using the right Azure credentials based on the current environment.

It can also be used to register ITokenCredentialProvider and ISecretClientProvider in IServiceCollection in order to access Azure credentials or a SecretClient instance.

Getting started

dotnet add package Workleap.Extensions.Configuration.Secrets

Example with an ASP.NET Core minimal API:

var builder = WebApplication.CreateBuilder();

// There are three ways to load configuration values from Azure Key Vault:
builder.Configuration.AddKeyVaultSecrets(builder.Environment);
builder.Configuration.AddKeyVaultSecrets(builder.Environment, new Uri("<my-key-vault-url>"));
builder.Configuration.AddKeyVaultSecrets(builder.Environment, "<my-configuration-key>");

// Register ITokenCredentialProvider and ISecretClientProvider services (optional)
builder.Services.AddKeyVaultSecrets();

Using the registered services

ITokenCredentialProvider and its public implementation TokenCredentialProvider provides an instance of TokenCredential based on the current environment:

  • DefaultAzureCredential on a non-development environment or on a Build Agent
  • Chained credentials of AzureCliCredential and DefaultAzureCredential on a development environment
  • CachedInteractiveBrowserCredential on a development environment only when Fiddler is opened (Fiddler interferes with az login authentication).
var azureCredential = new TokenCredentialProvider(environment).GetTokenCredential(); // or
var azureCredential = services.GetRequiredService<ITokenCredentialProvider>().GetTokenCredential();

ISecretClientProvider and its public implementation SecretClientProvider provides an instance of SecretClient based on the current environment:

var secretClientProvider = new SecretClientProvider(configurationBuilder, environment); // or
var secretClientProvider = new SecretClientProvider(configuration, environment); // or
var secretClientProvider = services.GetRequiredService<ISecretClientProvider>();
var secretClient = secretClientProvider.GetSecretClient(keyVaultKind); // or
var secretClient = secretClientProvider.GetSecretClient(keyVaultUri); // or
var secretClient = secretClientProvider.GetSecretClient(configurationKey);

License

Copyright © 2025, Workleap. This code is licensed under the Apache License, Version 2.0. You may obtain a copy of this license at https://github.com/workleap/gsoft-license/blob/master/LICENSE.

About

Allows storing configuration values in Azure Key Vault Secrets, using the right Azure credentials based on the current environment.

Resources

Readme

License

Apache-2.0 license

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

3 stars

Watchers

25 watching

Forks

0 forks
Report repository

Releases 37

1.1.12 Latest
Nov 2, 2025
+ 36 releases

Contributors 16
+ 2 contributors

Languages