I needed to migrate from having all my configuration and secrets (yeah, don’t put your secrets in source control, but it’s an older project that we are updating) in .Net appsettings.json files to using Azure App Config and Azure Key Vault. In the Azure Portal this is done by clicking add, filling in keys and values or by first adding the Azure Key Vault key and value, then adding a key reference in Azure App Config. It’s a lot of work, especially when I have 2 environments (dev and prod), maybe 3 with staging.
We use Terraform to create the App Config, Key Vault, and Managed Identity based access.
My first thought was to have a readme with all the az cli commands to add, with the secrets not included in source. Then I thought about making it generic with a .sh script to pass in a list of values. That seemed doable, but then I realized I’m learning F# and could use that!
I asked Microsoft CoPilot for some F# code to run cli commands through F# and away we went.
Note: This isn’t perfect, but it is working pretty well. So I recommended running a few commands at a time, then commenting out the others
If you know how to get the Key Vault commands to work inside of the script, please let me know.
I also put this code in a Github Gist which is embedded below.
#if DEBUG
// we have a helper class see my post at http://localhost:1313/blog/2024/faster-startup-azure-appconfig/
var credential = new DefaultAzureCredential(AzureCredSetup.DefaultAzureCredentialOptions);
#else
var credential = new DefaultAzureCredential(new DefaultAzureCredentialOptions { ManagedIdentityClientId = config.ManagedIdentityClientId });
#endif
// add to appsettings.development/production.json
var configEndpoint = builder.Configuration["AppConfigEndpoint"];
if(string.IsNullOrWhiteSpace(configEndpoint)) throw new Exception("Missing configuration!");
builder.Configuration.AddAzureAppConfiguration(options =>
{
options.Connect(new Uri(configEndpoint), credential)
.Select("ApplicationInsights:*")
.Select("AppSettings:*")
.Select(".appconfig.featureflag/*")
.ConfigureKeyVault(kv =>
{
kv.SetCredential(credential);
})
.UseFeatureFlags(featureFlagOptions =>
{
featureFlagOptions
.CacheExpirationInterval = TimeSpan.FromMinutes(5);
});
});
#if DEBUG
// WebApplication.CreateBuilder does this but they get overwritten from AddAzureAppConfiguration
// if in development, override from user-secrets, see the readme.md
builder.Configuration.AddUserSecrets<Program>();
#endif
var appSettings = builder.Configuration.GetRequiredSection("AppSettings").Get<AppSettings>();
Please consider using Brave and adding me to your BAT payment ledger. Then you won't have to see ads! (when I get to $100 in Google Ads for a payout (I'm at $95.73!), I pledge to turn off ads)
Also check out my Resources Page for referrals that would help me.