Awesome video. I was bouncing from one documentation article to another just looking for a clear, clean explanation. This video is exactly what I was looking for. Thank you!
In the end, I'd say it's a success! I'm glad it was helpful. Make sure to subscribe, so that you don't spend other 3 hours searching for stuff you might find here :)
Excellent video, indeed. Thanks! I would like to suggest that it could be beneficial to mention the order in which the secrets are added to the configuration object. Based on my experience using this configuration, it appears that secrets are loaded from KeyVault at the end. Therefore, if there is a configuration key with the same name as a secret in KeyVault within the Azure App Service, the value from KeyVault will be present in the configuration object at the end.
Thank you for watching. I have talked in dept about the order of configuration keys and how this might brake our apps in the video about configurations that I also mentioned in this one: ua-cam.com/video/5TxnLU-SXVg/v-deo.html Also with practical demos to show how things happen.
Thank you very much, this is a great straight forward video. But I have one more question, can I store a serialized Json object inside an Azure key valut?, in your example you saved a string (connection string) so I might assume there would be not problem when saving a serialzed string inside :D !
So if i sign out of Azure from the web on my pc, the key-vault will stop working in the C# code ? What if i host my application on-premise ? should i signin to azure form the server to get it authenticate the key-vault in my C# code ?
Sure, here's the edited version of the UA-cam comment: Great video! I have a question: When you create an enabled identity on the web app and then create the access policy so that the application can access it, do you need to make any code changes? From what I saw in the video, it didn't seem like you had to change any code. So, does the Azure Default Identity work when the application is running in Azure? So no code changes are required?
If you use the system assigned managed identity, then no change should be required in the code. If you use a user assigned managed identity, then you need to provide the Object identifier for that identity either in code or as an environment variable.
the developer will be able to debug the code and inspect the connection string and the secrets after they are returned from azure ? So we're just hiding the secretes from viruses and cyber attacks ?
@@nove1398 Same goes for you. Feel free to share it wherever you think there are people that would find in useful: at work, friends, social media, forums. That would be highly appreciated.
Awesome video @codewrincles, you explain how to use key vault concept very simple way. I gone through lots of documents, but your 16 min video help me to clear my most of the doubts. Thanks. Could you please cover azure function with real time scenario. Like input and output bindings.
I'm glad the video was useful to you. I will for sure cover also Azure Functions, probably in a lot of videos. I'm just getting the Azure series started. That's the 4th video only :)
Great Work, what happens if you deploy to different environments(dev, QA and Prod), your vault will have different secrets, how do you then update you Program.cs to read different secret based on the environment?
First of, you just create the needed secrets for each environment. In your app you than use the secrets based on the environment you are currently in. You'll have to create 3 managed identities for each of the web apps and assign permissions. An alternative here would be to create one user assigned managed identity and use it for all the environments. This would actually be a scenario where a user assigned managed identity would make sense.
@@Codewrinkles I've used a separate keyvault for each environment. that way I only have to change they keyvault url in appsettings. any downsides to that?
I wouldn't say it's a problem or downside, but companies tend to usually have more consolidated key vaults, as they would contain keys, secrets and certificates used throughout all the Azure resources.
What cost exactly? Bot the Azure webapp and the KeyVault reside inside Azure, in the same region. So, I wouldn't be too worried about that in terms of network latency.
Excellent job, thank you. But can you make a video like this with Terraform? I mean, by using Terraform to create the key vault, the secret inside the key vault and then access the secret from the secret vault with Terraform and Azurerm provider. Thank you in advance.
What is the difference between system generated and user generated managed identity? Also could you please cover app configuration with keyvault together for next topic?
Good content. You should also start producing content for Azure service fabric, function and service bus Have u also looked into Azure app configuration?
AddAzureKeyVault is now updated and now requiring different arguments: (string vault, string clientId, string clientSecret) But why do I need to manually give clientId and clientSecret when I already have valid credentials through DefaultAzureCredential(); ?
@@Codewrinkles I found a solution, I was able to do it with this code here: string keyVaultUrl = builder.Configuration.GetSection("KeyVaultUrl").Value!; var azureServiceTokenProvider = new AzureServiceTokenProvider(); var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback)); builder.Configuration.AddAzureKeyVault(keyVaultUrl, keyVaultClient, new DefaultKeyVaultSecretManager());
what about Cache the secrets? the way you did it now you'd have to pay for every read operation on a secret. You need to Cache the secrets and reuse from memory whenever possible right?
Create video, this was very informative! We just implanted this with success, but we also noticed that it takes about 12 seconds to retrieve just one secret. Has anyone noticed this or discovered workaround(s)?
Awesome video. I was bouncing from one documentation article to another just looking for a clear, clean explanation. This video is exactly what I was looking for. Thank you!
You're the man, Dan! This is the best tutorial on the topic I've found.
Three hours to find this videos. !5 minutes to get things to work. Excellent!
In the end, I'd say it's a success! I'm glad it was helpful. Make sure to subscribe, so that you don't spend other 3 hours searching for stuff you might find here :)
exactly. As a fresher, helped a lot. now manager won't shout at me 😉
I can never thank you enough!. Thank you so much for this.
You're so welcome!
Thanks @Codewrinkles. The way you explained is fire. 🔥..you eared a new subscriber.
This is one of the best. Clear and precise. Good job ! Love from Bangladesh
Thanks for watching. Love back from Romania!
Excellent video, indeed. Thanks!
I would like to suggest that it could be beneficial to mention the order in which the secrets are added to the configuration object. Based on my experience using this configuration, it appears that secrets are loaded from KeyVault at the end. Therefore, if there is a configuration key with the same name as a secret in KeyVault within the Azure App Service, the value from KeyVault will be present in the configuration object at the end.
Thank you for watching. I have talked in dept about the order of configuration keys and how this might brake our apps in the video about configurations that I also mentioned in this one: ua-cam.com/video/5TxnLU-SXVg/v-deo.html
Also with practical demos to show how things happen.
Thank you very much, this is a great straight forward video. But I have one more question, can I store a serialized Json object inside an Azure key valut?, in your example you saved a string (connection string) so I might assume there would be not problem when saving a serialzed string inside :D !
Always waiting for your new videos, it's really help me and encourage me to learn and use concept with new way. Thank you very much.
Happy to hear that! Thank you for watching.
Really useful and simple. Can't like it enough
Excellent video. Thanks 🎉
So if i sign out of Azure from the web on my pc, the key-vault will stop working in the C# code ?
What if i host my application on-premise ? should i signin to azure form the server to get it authenticate the key-vault in my C# code ?
Sure, here's the edited version of the UA-cam comment:
Great video! I have a question: When you create an enabled identity on the web app and then create the access policy so that the application can access it, do you need to make any code changes? From what I saw in the video, it didn't seem like you had to change any code. So, does the Azure Default Identity work when the application is running in Azure? So no code changes are required?
If you use the system assigned managed identity, then no change should be required in the code. If you use a user assigned managed identity, then you need to provide the Object identifier for that identity either in code or as an environment variable.
you just got a new subscriber.
And I dont usually subscribe to anyone to keep my yt feed cleaner.
Many thanks .
Thanks for the sub! I really appreciate it. Hope to not disappoint in the future :)
the developer will be able to debug the code and inspect the connection string and the secrets after they are returned from azure ? So we're just hiding the secretes from viruses and cyber attacks ?
A very useful and much needed video. Thank you.
Short, clear and concise. If only this had been uploaded back in December. Nevertheless, I will be using it from now on (:
Glad you liked the video.
This video could be on the Microsoft Learn page by default. Easier and better to understand the KeyVault, than other learning materials.
Thank you for the kind words. Feel then free to share it wherever you can. That would probably help a lot of people.
I feel the same here
@@nove1398 Same goes for you. Feel free to share it wherever you think there are people that would find in useful: at work, friends, social media, forums. That would be highly appreciated.
very helpful. does it work if the app service is container base?
Awesome video @codewrincles, you explain how to use key vault concept very simple way. I gone through lots of documents, but your 16 min video help me to clear my most of the doubts. Thanks.
Could you please cover azure function with real time scenario. Like input and output bindings.
I'm glad the video was useful to you. I will for sure cover also Azure Functions, probably in a lot of videos. I'm just getting the Azure series started. That's the 4th video only :)
Really clean code thanks a lot
Thank you very much, it will try it soon
Simple and Perfect
my man where were you hiding
great content overall thanks
Appreciate it! More to come!
In Azure, how can we link one service-bus topic to another topic?
Thanks for very clear explanation!
You are welcome!
Bro u are fking awesome! Thank you for this. Clear, on spot, nice examples....
Glad you found it useful. Thanks for watching!
Great Work, what happens if you deploy to different environments(dev, QA and Prod), your vault will have different secrets, how do you then update you Program.cs to read different secret based on the environment?
First of, you just create the needed secrets for each environment. In your app you than use the secrets based on the environment you are currently in.
You'll have to create 3 managed identities for each of the web apps and assign permissions. An alternative here would be to create one user assigned managed identity and use it for all the environments. This would actually be a scenario where a user assigned managed identity would make sense.
@@Codewrinkles I've used a separate keyvault for each environment. that way I only have to change they keyvault url in appsettings. any downsides to that?
I wouldn't say it's a problem or downside, but companies tend to usually have more consolidated key vaults, as they would contain keys, secrets and certificates used throughout all the Azure resources.
@@Codewrinkles that makes sense
how is the cost would increase since we retrieve the connection string directly from Azure Key Vault ?
What cost exactly? Bot the Azure webapp and the KeyVault reside inside Azure, in the same region. So, I wouldn't be too worried about that in terms of network latency.
Thanks for the video, What about azure keyvault- azure kubernetes integration?
Excellent job, thank you. But can you make a video like this with Terraform? I mean, by using Terraform to create the key vault, the secret inside the key vault and then access the secret from the secret vault with Terraform and Azurerm provider. Thank you in advance.
Thanks for the idea! I guess infrastructure as code topics is something that I'll cover sooner rather than later.
What is the difference between system generated and user generated managed identity? Also could you please cover app configuration with keyvault together for next topic?
I explained the difference in the video. Maybe you have skipped that part :)
Thank you very much!
Glad you enjoyed it. Thanks for watching.
Good content.
You should also start producing content for Azure service fabric, function and service bus
Have u also looked into Azure app configuration?
I have just started the Azure videos on this channel. I'll get probably in most of the topicsyou mentioned. Thank you for watching and commenting!
AddAzureKeyVault is now updated and now requiring different arguments:
(string vault, string clientId, string clientSecret)
But why do I need to manually give clientId and clientSecret when I already have valid credentials through DefaultAzureCredential(); ?
TBH, I'm not sure about this change. This video is not that old. I will investigate. But it seems very odd to me.
@@Codewrinkles I found a solution, I was able to do it with this code here:
string keyVaultUrl = builder.Configuration.GetSection("KeyVaultUrl").Value!;
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
builder.Configuration.AddAzureKeyVault(keyVaultUrl, keyVaultClient, new DefaultKeyVaultSecretManager());
any updates on this, could you tell from what packages its comes from, i did not find it anywhere
@@Codewrinkles
what about Cache the secrets? the way you did it now you'd have to pay for every read operation on a secret. You need to Cache the secrets and reuse from memory whenever possible right?
That sounds like a valid point and idea.
Simple and helpful!
Glad you enjoyed it.
Create video, this was very informative! We just implanted this with success, but we also noticed that it takes about 12 seconds to retrieve just one secret. Has anyone noticed this or discovered workaround(s)?
I assume there's a networking problem somewhere. Retrieving secrets is and should be very fast.
Thanks
Wonderful
thanks
You're welcome!
14:20 Theres nothing wrong with your face :)
Thanks