0

I am setting up a .Net Standard app to get secrets from an Azure secret vault. This is running on my local machine, so any Environment reference is to the local environment on my machine.

public string GetSecret()
        {
            var credential = new DefaultAzureCredential(new DefaultAzureCredentialOptions { ExcludeAzureCliCredential = true, ExcludeAzurePowerShellCredential = true, ExcludeInteractiveBrowserCredential = true, ExcludeManagedIdentityCredential = true, ExcludeSharedTokenCacheCredential = true, ExcludeVisualStudioCodeCredential = true, ExcludeVisualStudioCredential = true });
            secretClient = new SecretClient(new Uri(BASESECRETURI),credential);
            KeyVaultSecret secret = secretClient.GetSecret(_secretRequest.SecretName);
            return secret.Value;
        }

I have set up my environment variables, both user and system: User Environment Variables

System Environment Variables

Yet when I run it, it pulls the environment values from...I don't know where. Credentials set on run

If I programmatically set the values on run (Environment.SetEnvironmentVariable("AZURE_TENANT_ID","89aa..."), etc.), before it get the DefaultAzureCredential, it is set correctly!

Does anyone know where it is getting the values, or how I can set the environment variables correctly so they are fetched by DefaultAzureCredential()?

Mike
  • 629
  • 5
  • 18
  • 1
    Are you using a custom `ConfigurationBuilder` setup? – Pieterjan Feb 09 '23 at 20:08
  • Not to the best of my knowledge. Where would that be? – Mike Feb 09 '23 at 20:32
  • [Here's a sample](https://learn.microsoft.com/en-us/aspnet/core/security/key-vault-configuration#:~:text=environment%20for%20Azure%20resources) – Pieterjan Feb 09 '23 at 20:34
  • This is not a WebApplication, it is a class library – Mike Feb 09 '23 at 20:52
  • You can see the environment variables Azure will pull down in your App Service (or whatever product you are using)'s Configuration blade. They are listed as "Application Settings" but are accessed in code via environment variables, for convenience. – AngryToddlers Feb 09 '23 at 21:01
  • I'm not sure exactly what you are saying. The AZURE_TENANT_ID is the Tenant ID of our organization, the AZURE_CLIENT_ID is the Client ID of the App registration which has access to the KeyVault, and the AZURE_CLIENT_SECRET is the secret for the app registration. These are all obtained from Azure, and all work when the environment fetches them. We do not touch Azure before making the SecretClient call, when it has fetched the wrong attributes from the local environment in which it is running. – Mike Feb 09 '23 at 22:02
  • 2
    you are debugging that locally? chances are Visual Studio injects those env variables, try compiling your solution and running it not from within Visual Studio – 4c74356b41 Feb 10 '23 at 06:07
  • @4c74356b41- this was it! Thank you! A - please submit this as an answer so I can give you credit. B - do you know if there's anyway to override this (other than adding if debug code)? – Mike Feb 10 '23 at 14:16
  • @Mike - Were you able to figure out how to read these from environment variables? – Shiva Naru Mar 24 '23 at 00:25
  • @ShivaNaru - Yes. The environment variables worked if I wasn't running in Debug. In Debug I needed to set them in Visual Studio debug settings (aka propertie/launchsettings.json in the test project). – Mike Mar 24 '23 at 13:03
  • 1
    @Mike - Got it. The launchSettings.json would work for .Net core application. Mine's .Net framework and there are no launchsettings.json. Thanks for your response though! – Shiva Naru Mar 25 '23 at 18:13
  • @ShivaNaru - did you try checking the properties under Debug? I believe you can set local debug environment properties even for .Net Framework https://stackoverflow.com/questions/100543/how-do-i-set-specific-environment-variables-when-debugging-in-visual-studio – Mike Mar 28 '23 at 19:59

0 Answers0