0

I have configured my Azure App to use key vault references in configuration settings. Everything works fine in general, but there is a problem when I want a setting to have a default value in case it's missing from the key vault.

Here is my simplified code example:

public class MySettings
{
    public bool DoSomethingSpecial { get; set; }

    public string SomeStringSetting { get; set; }
}

Startup:

serviceCollection.Configure<MySettings>(x =>
{
    configuration.Bind("MyApp:MySettings", x);
});

Azure App Configuration setting:

MyApp__MySettings__DoSomethingSpecial
@Microsoft.KeyVault(SecretUri=https://myapp.vault.azure.net/secrets/MyApp--MySettings--DoSomethingSpecial)

If I don't add DoSomethingSpecial = false to the key vault, the app throws an error on startup:

Failed to convert configuration value at 'MyApp:MySettings:DoSomethingSpecial' to type 'System.Boolean'. @Microsoft.KeyVault(SecretUri=https://andromeda-keyvault-dev.vault.azure.net/secrets/MyApp--MySettings--DoSomethingSpecial) is not a valid value for Boolean. String '@Microsoft.KeyVault(SecretUri=https://andromeda-keyvault-dev.vault.azure.net/secrets/MyApp--MySettings--DoSomethingSpecial)' was not recognized as a valid Boolean.

It means Azure treats missing key vault references as raw literal strings.

I don't have that setting mentioned in appsettings.json - it's not needed there.

My Program.cs is pretty basic old-style .NET Core app launcher:

    public class Program
    {
        public static void Main(string[] args)
        {
            CreateWebHostBuilder(args).Build().Run();
        }

        public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
            WebHost.CreateDefaultBuilder(args)
                .ConfigureAppConfiguration((hostingContext, config) =>
                {
                    config.AddEnvironmentVariables();
                })
                .UseStartup<Startup>();

    }

Is there any nice way to have a default false value in case the key vault value is missing?

Currently, the only (ugly) workaround that comes to my mind is to try .. catch around every setting field of MySettings in the serviceCollection.Configure<MySettings>.

JustAMartin
  • 13,165
  • 18
  • 99
  • 183
  • Please share your `appsettings.json` and `Program.cs` file. – Harshitha Feb 20 '23 at 13:31
  • @Harshitha Updated the question. Although those files don't have anything related to this setting - the setting environment variables are just picked from the web app configuration on Azure. – JustAMartin Feb 20 '23 at 14:53

1 Answers1

0

If you set the corresponding setting in your appsettings.json, ASP.NET Core will pick them up if they are not found in AzureKeyVault.

Something like this:

{
  "MyApp" : 
  { 
     "MySettings": 
     {
       "DoSomethingSpecial" :"12345"
     }
   }
}
Tore Nestenius
  • 16,431
  • 5
  • 30
  • 40
  • It works only as long as I don't have the setting in the app configuration. If it's set to a missing value, then the raw string (broken keyvault reference) takes precedence and .NET fails to parse it. – JustAMartin Feb 20 '23 at 15:42
  • Instead of refering to individual secrets using the full URL, just use the name of the secret? @Microsoft.KeyVault(SecretUri=https://myapp.vault.azure.net/secrets/MyApp--MySettings--DoSomethingSpecial) properly done, ASP.NET core will at startup dowload and cache all the secrets from AKV and it should to need to query AKV after that. you can verify that by using a proxy tool like fiddler – Tore Nestenius Feb 20 '23 at 16:00