-1

I am currently trying to develop an API (running on Azure) that can access a DB but I don't want to have the connection string in clear text into my appsetting.json file for obvious security reasons and using Keyvault instead.

So I have already created the ressource group, the DB, the API Management Service, the Keyvault in which I already created my secret that contains the connection string my API requiers. In the Keyvault's access policy I have already added an entry for my API and gave it the permissions to get and list the secrets. Here is a screenshot.

Keyvault permission (sorry for the link, I am not allowed to embed an image yet)

In my app I have all the models and controllers I need.

Now my problem is, how, from my API, am I able to connect to my DB using this secret ?

my Program.CreateHostBuilder class look like this

public static IHostBuilder CreateHostBuilder(string[] args) =>
        Host.CreateDefaultBuilder(args)
        .ConfigureAppConfiguration(async (context, builder) =>
        {
            var client = new SecretClient(
              new Uri("https://example.vault.azure.net/"),
              new DefaultAzureCredential());
            KeyVaultSecret secret = await client.GetSecretAsync("ConnectionString");
            string authenticationKey = secret.Value;
        }
    ).ConfigureWebHostDefaults(webBuilder =>
    {
        webBuilder.UseStartup<Startup>();
    });

What do I have to do from there for my app to connect to the DB ?

Thank you for reading ! :)

HMSWarspite
  • 1
  • The same way you would otherwise. `Configuration` can read from multiple sources, including KeyVault and other settings services. [The docs tutorial](https://learn.microsoft.com/en-us/azure/azure-app-configuration/use-key-vault-references-dotnet-core?tabs=core5x#add-a-key-vault-reference-to-app-configuration) shows how you can read a config setting whose source is Key Vault simply by using its config key: `Configuration["TestApp:Settings:KeyVaultMessage"]` – Panagiotis Kanavos Aug 24 '21 at 10:06
  • @PanagiotisKanavos Thank you for your comment ! The main problem then is how I'd do otherwise, my so-called teacher only made me use the connection string in the appsettings.json file with my crendentials in clear text. I've never heard of this Configuration before. I'm gonna read doc about it. – HMSWarspite Aug 25 '21 at 06:35

1 Answers1

0

For .net Core and already having Azure Key Vault in place. Let's assume your connection string is in your appsettings.json:

{
   "ConnectionStrings": {
      "MyDatabase": "server=127.0.0.1;port=5678;database=mydb;user=name;password=Password "
   } 
}

And you do your setup in Startup.cs:

string connectionString = configuration.GetConnectionString("MyDatabase");

In Azure Key Vault, create a secret:

  • Name: ConnectionStrings--MyDatabase
  • Value: server=127.0.0.1;port=5678;database=mydb;user=name;password=Password

enter image description here

The IConfiguration.GetConnectionString("MyDatabase") now takes the value from the Key Vault.

Note: In your key vault, the name of your secret should match with the name of your connection string.

After getting connection string connect to database and perform the database operation

For more details refer this Thread

ShrutiJoshi-MT
  • 1,622
  • 1
  • 4
  • 9