C#•2d ago

Aspire KeyVault - How to configure secrets and map them to IOptions?

I’m using .NET Aspire Azure Key Vault integration with the Azure KeyVault emulator to define secrets for my Aspire app. In production I’ll use a real Key Vault. The problem: Aspire forbids resource names with consecutive hyphens (--), but the Key Vault IConfigurationProvider expects that format to represent nested config keys (e.g. clerk--webhook-secret → Clerk:WebhookSecret). For example:

var keyvault = builder.AddAzureKeyVault("keyvault");
var clerkWebhookSecret = builder.AddParameter("clerk-webhook-secret", secret: true);

// Throws on startup because of `--`
keyvault.AddSecret("clerk--webhook-secret", clerkWebhookSecret);

var keyvault = builder.AddAzureKeyVault("keyvault");
var clerkWebhookSecret = builder.AddParameter("clerk-webhook-secret", secret: true);

// Throws on startup because of `--`
keyvault.AddSecret("clerk--webhook-secret", clerkWebhookSecret);

I want this secret bound through the options pattern (IOptions<ClerkOptions>) alongside other env vars like Clerk:Authority. I can work around it by mapping manually:

var clerkWebhookSecret = builder.AddParameter("ClerkWebhookSecret", secret: true);
keyvault.AddSecret("clerk-webhook-secret", clerkWebhookSecret);

builder.AddProject<Projects.Api>()
  .WithReference(keyvault)
  .WithEnvironment("Clerk__WebhookSecret", keyvault.GetSecret("clerk-webhook-secret"));

var clerkWebhookSecret = builder.AddParameter("ClerkWebhookSecret", secret: true);
keyvault.AddSecret("clerk-webhook-secret", clerkWebhookSecret);

builder.AddProject<Projects.Api>()
  .WithReference(keyvault)
  .WithEnvironment("Clerk__WebhookSecret", keyvault.GetSecret("clerk-webhook-secret"));

…but that feels like it defeats the point of using the KeyVault configuration provider directly. Question: How should I configure secrets in Aspire so that I can still use the options pattern cleanly, without manually remapping everything?

0 Replies

No replies yetBe the first to reply to this messageJoin

Gaming

Programming

Aspire KeyVault - How to configure secrets and map them to IOptions?

Did you find this page helpful?