locked
App Service integrated with Azure key vault - configuration inside an array RRS feed

  • Question

  • User-50787436 posted

    I have an API that is installed inside an App Service in Azure, made in .Net Core 3.1. It is integrated properly with Azure key vault, where we store our secrets. But there are some sensitive settings inside our appsettings.json that I'd like to store as secrets inside Key vault, and this is quite easy to achieve by setting the key with the path of the configuration, such as:

    settings-someSetting-key

    But the thing is that my settings are inside an array, something like this:

    {
    "tenantSettings":[{
            "tenantId": 1,
            "repositories": [{
                "name": "repo1",
                "connectionString": "cs"
                },
                {
                "name": "repo2",
                "connectionString": "cs"
                }
            ]
        },
        {
            "tenantId": 2,
            "repositories": [{
                "name": "repo3",
                "connectionString": "cs"
                },
                {
                "name": "repo4",
                "connectionString": "cs"
                }
            ]
        }
    ]
    

    }

    So when I store the path of the configuration in order to match the secret with the setting, this is not working well, and I'm also not sure how I would do it.

    Let's say I want to resolve repo1 connection string, what whould be the path?

    tenantSettings--repositories[0]--connectionString?

    I'm unable to make this work, has anyone ever face the same situation?

    Tuesday, September 1, 2020 8:28 AM

Answers

  • User711641945 posted

    Hi pacojones,

    I'm a bit confused with what you said.What i did is actually search the data with where clause(where tenantid=1 where name=repo1) instead of using the index of array.If you just want to add `tenantSettings:tenantId=1:repositories:name=repo1:connectionString` to search the data,it seems to be impossible.The rule for seaching the key does not support what you want.

    Best Regards,

    Rena

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, September 3, 2020 9:00 AM

All replies

  • User711641945 posted

    Hi pacojones,

    Let's say I want to resolve repo1 connection string, what whould be the path?

    tenantSettings--repositories[0]--connectionString?

    You could get the connection string like below:

    public class HomeController : Controller
    {
        private readonly IConfiguration _config;
        public HomeController( IConfiguration config)
        {
            _config = config;
        }
        public async Task<IActionResult> Index()
        {
            var connectionstring1 = _config.GetSection("tenantSettings:0:repositories:0:connectionString");
            return View();
        }
    }

    Best Regards,

    Rena

    Wednesday, September 2, 2020 7:19 AM
  • User-50787436 posted

    Thank you, this is a good solution and I appreciate your help, but it is based on the index of the array. Is there a way to match the item of the array by some property? I've tried the following unsuccessfuly:

    tenantSettings:tenantId=1:repositories:name=repo1:connectionString

    The purpose was to match items based on the item instead of the index

    Wednesday, September 2, 2020 8:37 AM
  • User711641945 posted

    Hi pacojones,

    Here is a working demo like below:

    var tenantSettings = _config.GetSection("tenantSettings").GetChildren()
                                .Where(a=>a.GetSection("tenantId").Value.Contains("1"))
                                .Select(b=>b.GetSection("repositories").GetChildren()
                                .Where(c=>c.GetSection("name").Value.Contains("repo1"))).First().First();
       
    var data = tenantSettings.GetSection("connectionString").Value;

    Best Regards,

    Rena

    Thursday, September 3, 2020 5:52 AM
  • User-50787436 posted

    Hi Rena, thanks!

    The example you gave is helpful to get the connectionstring to a given repo inside my configuration. 

    What I was actually looking for is at key vault level and not at local config level.

    What I would like to achieve was, instead of this:

    tenantSettings--0--repositories--0--connectionString

    Something like this:

    tenantSettings:tenantId=1:repositories:name=repo1:connectionString

    So, use some sort of ID to match the item on the array instead of its index, but again, at key vault level.

    The purpose is that matching stuff outside of the solution by index is not so solid as matching my some sort of other field, from my experience soon or later something wrong may happen and it might take a while to you to understand it happens if some change on the index on local appsettings.json happened. Let's say for example a new tenant, and for some reason someone puts it at the begin of the array. The whole key vault ends up mismatched with the app service...

    Thursday, September 3, 2020 8:39 AM
  • User711641945 posted

    Hi pacojones,

    I'm a bit confused with what you said.What i did is actually search the data with where clause(where tenantid=1 where name=repo1) instead of using the index of array.If you just want to add `tenantSettings:tenantId=1:repositories:name=repo1:connectionString` to search the data,it seems to be impossible.The rule for seaching the key does not support what you want.

    Best Regards,

    Rena

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, September 3, 2020 9:00 AM
  • User-50787436 posted

    Hi Rena, thank you.

    I'm accessing the configuration in a similar way as you have shown above, so, not using the index of the array, which is ok.

    My question was regarding the match/binding between key vault and settings. On startup I "plug" azure key vault, and secrets on key vault match directly settings on appsettings.json by using the JSON path with double dash sepparator.

    I was trying to achieve this match/binding by avoiding the index of the item but on key vault side.

    Perhaps I've didn't explain it the right way, sorry.

    Thursday, September 3, 2020 9:39 AM