Skip to content
Aspire
Docs Try Aspire
Docs Try

Install Aspire CLI

macOS

curl -sSL https://aspire.dev/install.sh | bash

Linux

curl -sSL https://aspire.dev/install.sh | bash

Windows

irm https://aspire.dev/install.ps1 | iex
More installation options

AzureKeyVaultResourceExtensions Methods

Class Methods 9 members
Provides extension methods for adding the Azure Key Vault resources to the application model.
AddAzureKeyVault(IDistributedApplicationBuilder, string) Section titled AddAzureKeyVault(IDistributedApplicationBuilder, string) extension IResourceBuilder<AzureKeyVaultResource>
Adds an Azure Key Vault resource to the application model. 
public static class AzureKeyVaultResourceExtensions
{
    public static IResourceBuilder<AzureKeyVaultResource> AddAzureKeyVault(
        this IDistributedApplicationBuilder builder,
        string name)
    {
        // ...
    }
}
AzureKeyVaultResourceExtensions.cs#L61-L126
Parameters
builder IDistributedApplicationBuilder The Hosting.IDistributedApplicationBuilder.
name string The name of the resource. This name will be used as the connection string name when referenced in a dependency.
Returns
IResourceBuilder<AzureKeyVaultResource> A reference to the ApplicationModel.IResourceBuilder`1.
Remarks

By default references to the Azure Key Vault resource will be assigned the following roles:

- KeyVaultBuiltInRole.KeyVaultAdministrator

These can be replaced by calling AzureKeyVaultResourceExtensions.WithRoleAssignments.

Managing Secrets:

Use the AzureKeyVaultResourceExtensions.AddSecret methods to add secrets to the Key Vault: 

var builder = DistributedApplication.CreateBuilder(args);


var vault = builder.AddAzureKeyVault("vault");


// Add a secret from a parameter
var secret = builder.AddParameter("secretParam", secret: true);
vault.AddSecret("my-secret", secret);


// Add a secret from a reference expression
var connectionString = ReferenceExpression.Create(
    $"Server={server};Database={db}");
vault.AddSecret("connection-string", connectionString);


// Get a reference to an existing secret
var existingSecret = vault.GetSecret("existing-secret");
AddSecret(IResourceBuilder<AzureKeyVaultResource>, string, IResourceBuilder<ParameterResource>) Section titled AddSecret(IResourceBuilder<AzureKeyVaultResource>, string, IResourceBuilder<ParameterResource>) extension IResourceBuilder<AzureKeyVaultSecretResource>
Adds a secret to the Azure Key Vault resource with the value from a parameter resource. 
public static class AzureKeyVaultResourceExtensions
{
    public static IResourceBuilder<AzureKeyVaultSecretResource> AddSecret(
        this IResourceBuilder<AzureKeyVaultResource> builder,
        string name,
        IResourceBuilder<ParameterResource> parameterResource)
    {
        // ...
    }
}
AzureKeyVaultResourceExtensions.cs
Parameters
builder IResourceBuilder<AzureKeyVaultResource> The Azure Key Vault resource builder.
name string The name of the secret. Must follow Azure Key Vault naming rules.
parameterResource IResourceBuilder<ParameterResource> The parameter resource containing the secret value.
Returns
IResourceBuilder<AzureKeyVaultSecretResource> A reference to the ApplicationModel.IResourceBuilder`1.
AddSecret(IResourceBuilder<AzureKeyVaultResource>, string, ParameterResource) Section titled AddSecret(IResourceBuilder<AzureKeyVaultResource>, string, ParameterResource) extension IResourceBuilder<AzureKeyVaultSecretResource>
Adds a secret to the Azure Key Vault resource with the value from a parameter resource. 
public static class AzureKeyVaultResourceExtensions
{
    public static IResourceBuilder<AzureKeyVaultSecretResource> AddSecret(
        this IResourceBuilder<AzureKeyVaultResource> builder,
        string name,
        ParameterResource parameterResource)
    {
        // ...
    }
}
AzureKeyVaultResourceExtensions.cs
Parameters
builder IResourceBuilder<AzureKeyVaultResource> The Azure Key Vault resource builder.
name string The name of the secret. Must follow Azure Key Vault naming rules.
parameterResource ParameterResource The parameter resource containing the secret value.
Returns
IResourceBuilder<AzureKeyVaultSecretResource> A reference to the ApplicationModel.IResourceBuilder`1.
AddSecret(IResourceBuilder<AzureKeyVaultResource>, string, ReferenceExpression) Section titled AddSecret(IResourceBuilder<AzureKeyVaultResource>, string, ReferenceExpression) extension IResourceBuilder<AzureKeyVaultSecretResource>
Adds a secret to the Azure Key Vault resource with the value from a reference expression. 
public static class AzureKeyVaultResourceExtensions
{
    public static IResourceBuilder<AzureKeyVaultSecretResource> AddSecret(
        this IResourceBuilder<AzureKeyVaultResource> builder,
        string name,
        ReferenceExpression value)
    {
        // ...
    }
}
AzureKeyVaultResourceExtensions.cs#L217-L225
Parameters
builder IResourceBuilder<AzureKeyVaultResource> The Azure Key Vault resource builder.
name string The name of the secret. Must follow Azure Key Vault naming rules.
value ReferenceExpression The reference expression containing the secret value.
Returns
IResourceBuilder<AzureKeyVaultSecretResource> A reference to the ApplicationModel.IResourceBuilder`1.
AddSecret(IResourceBuilder<AzureKeyVaultResource>, string, string, IResourceBuilder<ParameterResource>) Section titled AddSecret(IResourceBuilder<AzureKeyVaultResource>, string, string, IResourceBuilder<ParameterResource>) extension IResourceBuilder<AzureKeyVaultSecretResource>
Adds a secret to the Azure Key Vault resource with the value from a parameter resource. 
public static class AzureKeyVaultResourceExtensions
{
    public static IResourceBuilder<AzureKeyVaultSecretResource> AddSecret(
        this IResourceBuilder<AzureKeyVaultResource> builder,
        string name,
        string secretName,
        IResourceBuilder<ParameterResource> parameterResource)
    {
        // ...
    }
}
AzureKeyVaultResourceExtensions.cs
Parameters
builder IResourceBuilder<AzureKeyVaultResource> The Azure Key Vault resource builder.
name string The name of the secret resource.
secretName string The name of the secret. Must follow Azure Key Vault naming rules.
parameterResource IResourceBuilder<ParameterResource> The parameter resource containing the secret value.
Returns
IResourceBuilder<AzureKeyVaultSecretResource> A reference to the ApplicationModel.IResourceBuilder`1.
AddSecret(IResourceBuilder<AzureKeyVaultResource>, string, string, ParameterResource) Section titled AddSecret(IResourceBuilder<AzureKeyVaultResource>, string, string, ParameterResource) extension IResourceBuilder<AzureKeyVaultSecretResource>
Adds a secret to the Azure Key Vault resource with the value from a parameter resource. 
public static class AzureKeyVaultResourceExtensions
{
    public static IResourceBuilder<AzureKeyVaultSecretResource> AddSecret(
        this IResourceBuilder<AzureKeyVaultResource> builder,
        string name,
        string secretName,
        ParameterResource parameterResource)
    {
        // ...
    }
}
AzureKeyVaultResourceExtensions.cs
Parameters
builder IResourceBuilder<AzureKeyVaultResource> The Azure Key Vault resource builder.
name string The name of the secret resource.
secretName string The name of the secret. Must follow Azure Key Vault naming rules.
parameterResource ParameterResource The parameter resource containing the secret value.
Returns
IResourceBuilder<AzureKeyVaultSecretResource> A reference to the ApplicationModel.IResourceBuilder`1.
AddSecret(IResourceBuilder<AzureKeyVaultResource>, string, string, ReferenceExpression) Section titled AddSecret(IResourceBuilder<AzureKeyVaultResource>, string, string, ReferenceExpression) extension IResourceBuilder<AzureKeyVaultSecretResource>
Adds a secret to the Azure Key Vault resource with the value from a reference expression. 
public static class AzureKeyVaultResourceExtensions
{
    public static IResourceBuilder<AzureKeyVaultSecretResource> AddSecret(
        this IResourceBuilder<AzureKeyVaultResource> builder,
        string name,
        string secretName,
        ReferenceExpression value)
    {
        // ...
    }
}
AzureKeyVaultResourceExtensions.cs#L275-L283
Parameters
builder IResourceBuilder<AzureKeyVaultResource> The Azure Key Vault resource builder.
name string The name of the secret resource.
secretName string The name of the secret. Must follow Azure Key Vault naming rules.
value ReferenceExpression The reference expression containing the secret value.
Returns
IResourceBuilder<AzureKeyVaultSecretResource> A reference to the ApplicationModel.IResourceBuilder`1.
GetSecret(IResourceBuilder<AzureKeyVaultResource>, string) Section titled GetSecret(IResourceBuilder<AzureKeyVaultResource>, string) extension IAzureKeyVaultSecretReference
Gets a secret reference for the specified secret name from the Azure Key Vault resource. 
public static class AzureKeyVaultResourceExtensions
{
    public static IAzureKeyVaultSecretReference GetSecret(
        this IResourceBuilder<AzureKeyVaultResource> builder,
        string secretName)
    {
        // ...
    }
}
AzureKeyVaultResourceExtensions.cs#L168-L170
Parameters
builder IResourceBuilder<AzureKeyVaultResource> The Azure Key Vault resource builder.
secretName string The name of the secret.
Returns
IAzureKeyVaultSecretReference A reference to the secret.
WithRoleAssignments(IResourceBuilder<T>, IResourceBuilder<AzureKeyVaultResource>, KeyVaultBuiltInRole[]) Section titled WithRoleAssignments(IResourceBuilder<T>, IResourceBuilder<AzureKeyVaultResource>, KeyVaultBuiltInRole[]) extension IResourceBuilder<T>
Assigns the specified roles to the given resource, granting it the necessary permissions on the target Azure Key Vault resource. This replaces the default role assignments for the resource. 
public static class AzureKeyVaultResourceExtensions
{
    public static IResourceBuilder<T> WithRoleAssignments<T>(
        this IResourceBuilder<T> builder,
        IResourceBuilder<AzureKeyVaultResource> target,
        params KeyVaultBuiltInRole[] roles)
    {
        // ...
    }
}
AzureKeyVaultResourceExtensions.cs#L157
Parameters
builder IResourceBuilder<T> The resource to which the specified roles will be assigned.
target IResourceBuilder<AzureKeyVaultResource> The target Azure Key Vault resource.
roles KeyVaultBuiltInRole[] The built-in Key Vault roles to be assigned.
Returns
IResourceBuilder<T> The updated ApplicationModel.IResourceBuilder`1 with the applied role assignments.
Remarks
Assigns the KeyVaultReader role to the 'Projects.Api' project. 
var builder = DistributedApplication.CreateBuilder(args);


var vault = builder.AddAzureKeyVault("vault");


var api = builder.AddProject<Projects.Api>("api")
  .WithRoleAssignments(vault, KeyVaultBuiltInRole.KeyVaultReader)
  .WithReference(vault);
Connect with us

Community

SHA — 037d613 © Microsoft