Implementing Azure Key Vault using a corporate proxy

Question

The recommended way of implementing Azure Key Vault in .NET Core is with this example

// using Microsoft.Extensions.Configuration;

public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
    WebHost.CreateDefaultBuilder(args)
        .ConfigureAppConfiguration((context, config) =>
        {
            if (context.HostingEnvironment.IsProduction())
            {
                var builtConfig = config.Build();

                config.AddAzureKeyVault(
                    $"https://{builtConfig["KeyVaultName"]}.vault.azure.net/",
                    builtConfig["AzureADApplicationId"],
                    builtConfig["AzureADPassword"]);
            }
        })
        .UseStartup<Startup>();

Is there a way to customize this set up code for this call to Azure using a web proxy? I've found documentation for what to do with Key Vault behind a corporate firewall and what IPs need to be listed, but looking to see if there is a way to be able to use the proxy as well with some kind of HttpHandler in the HttpClient.

score 1 · Accepted Answer · answered Feb 15 '19 at 19:26

After researching this, it does not look like there is currently a way to handle this through a proxy. You have to instead add the IPs to your Firewall. This article explains it further:

https://learn.microsoft.com/en-us/azure/key-vault/key-vault-access-behind-firewall#ip-address-ranges

score 1 · Answer 2 · answered May 17 '21 at 13:19

1

AzureKeyVault client use HttpClient.DefaultProxy for create connection. You can specify proxy in environment variables like HTTPS_PROXY, see HttpClient.DefaultProxy Property

answered May 17 '21 at 13:19

AlexPalla

191
3
4

Implementing Azure Key Vault using a corporate proxy

2 Answers2

Linked