In the end, I'd say it's a success! I'm glad it was helpful. Make sure to subscribe, so that you don't spend other 3 hours searching for stuff you might find here :)
So if i sign out of Azure from the web on my pc, the key-vault will stop working in the C# code ? What if i host my application on-premise ? should i signin to azure form the server to get it authenticate the key-vault in my C# code ?
Excellent video, indeed. Thanks! I would like to suggest that it could be beneficial to mention the order in which the secrets are added to the configuration object. Based on my experience using this configuration, it appears that secrets are loaded from KeyVault at the end. Therefore, if there is a configuration key with the same name as a secret in KeyVault within the Azure App Service, the value from KeyVault will be present in the configuration object at the end.
Thank you for watching. I have talked in dept about the order of configuration keys and how this might brake our apps in the video about configurations that I also mentioned in this one: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-5TxnLU-SXVg.html Also with practical demos to show how things happen.
@@nove1398 Same goes for you. Feel free to share it wherever you think there are people that would find in useful: at work, friends, social media, forums. That would be highly appreciated.
the developer will be able to debug the code and inspect the connection string and the secrets after they are returned from azure ? So we're just hiding the secretes from viruses and cyber attacks ?
Sure, here's the edited version of the RU-vid comment: Great video! I have a question: When you create an enabled identity on the web app and then create the access policy so that the application can access it, do you need to make any code changes? From what I saw in the video, it didn't seem like you had to change any code. So, does the Azure Default Identity work when the application is running in Azure? So no code changes are required?
If you use the system assigned managed identity, then no change should be required in the code. If you use a user assigned managed identity, then you need to provide the Object identifier for that identity either in code or as an environment variable.
What cost exactly? Bot the Azure webapp and the KeyVault reside inside Azure, in the same region. So, I wouldn't be too worried about that in terms of network latency.
Awesome video @codewrincles, you explain how to use key vault concept very simple way. I gone through lots of documents, but your 16 min video help me to clear my most of the doubts. Thanks. Could you please cover azure function with real time scenario. Like input and output bindings.
I'm glad the video was useful to you. I will for sure cover also Azure Functions, probably in a lot of videos. I'm just getting the Azure series started. That's the 4th video only :)
AddAzureKeyVault is now updated and now requiring different arguments: (string vault, string clientId, string clientSecret) But why do I need to manually give clientId and clientSecret when I already have valid credentials through DefaultAzureCredential(); ?
@@Codewrinkles I found a solution, I was able to do it with this code here: string keyVaultUrl = builder.Configuration.GetSection("KeyVaultUrl").Value!; var azureServiceTokenProvider = new AzureServiceTokenProvider(); var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback)); builder.Configuration.AddAzureKeyVault(keyVaultUrl, keyVaultClient, new DefaultKeyVaultSecretManager());
what about Cache the secrets? the way you did it now you'd have to pay for every read operation on a secret. You need to Cache the secrets and reuse from memory whenever possible right?
Create video, this was very informative! We just implanted this with success, but we also noticed that it takes about 12 seconds to retrieve just one secret. Has anyone noticed this or discovered workaround(s)?
Excellent job, thank you. But can you make a video like this with Terraform? I mean, by using Terraform to create the key vault, the secret inside the key vault and then access the secret from the secret vault with Terraform and Azurerm provider. Thank you in advance.
Great Work, what happens if you deploy to different environments(dev, QA and Prod), your vault will have different secrets, how do you then update you Program.cs to read different secret based on the environment?
First of, you just create the needed secrets for each environment. In your app you than use the secrets based on the environment you are currently in. You'll have to create 3 managed identities for each of the web apps and assign permissions. An alternative here would be to create one user assigned managed identity and use it for all the environments. This would actually be a scenario where a user assigned managed identity would make sense.
@@Codewrinkles I've used a separate keyvault for each environment. that way I only have to change they keyvault url in appsettings. any downsides to that?
I wouldn't say it's a problem or downside, but companies tend to usually have more consolidated key vaults, as they would contain keys, secrets and certificates used throughout all the Azure resources.
What is the difference between system generated and user generated managed identity? Also could you please cover app configuration with keyvault together for next topic?
Good content. You should also start producing content for Azure service fabric, function and service bus Have u also looked into Azure app configuration?
