Aspire.Azure.Security.KeyVault 9.0.0-preview.1.24113.3

The ID prefix of this package has been reserved for one of the owners of this package by Prefix Reserved
This is a prerelease version of Aspire.Azure.Security.KeyVault.
dotnet add package Aspire.Azure.Security.KeyVault --version 9.0.0-preview.1.24113.3
NuGet\Install-Package Aspire.Azure.Security.KeyVault -Version 9.0.0-preview.1.24113.3
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Aspire.Azure.Security.KeyVault" Version="9.0.0-preview.1.24113.3" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add Aspire.Azure.Security.KeyVault --version 9.0.0-preview.1.24113.3
#r "nuget: Aspire.Azure.Security.KeyVault, 9.0.0-preview.1.24113.3"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install Aspire.Azure.Security.KeyVault as a Cake Addin
#addin nuget:?package=Aspire.Azure.Security.KeyVault&version=9.0.0-preview.1.24113.3&prerelease

// Install Aspire.Azure.Security.KeyVault as a Cake Tool
#tool nuget:?package=Aspire.Azure.Security.KeyVault&version=9.0.0-preview.1.24113.3&prerelease


Retrieves secrets from Azure Key Vault to use in your application. Registers a SecretClient in the DI container for connecting to Azure Key Vault. Enables corresponding health checks, logging and telemetry.

Getting started


Install the package

Install the .NET Aspire Azure Key Vault library with NuGet:

dotnet add package Aspire.Azure.Security.KeyVault

Usage examples

Add secrets to configuration

In the Program.cs file of your project, call the builder.Configuration.AddKeyVaultSecrets extension method to add the secrets in the Azure Key Vault to the application's Configuration. The method takes a connection name parameter.


You can then retrieve a secret through normal IConfiguration APIs. For example, to retrieve a secret from a Web API controller:

public ProductsController(IConfiguration configuration)
    string secretValue = configuration["secretKey"];

Use SecretClient

Alternatively, you can use a SecretClient to retrieve the secrets on demand. In the Program.cs file of your project, call the AddAzureKeyVaultSecrets extension method to register a SecretClient for use via the dependency injection container. The method takes a connection name parameter.


You can then retrieve the SecretClient instance using dependency injection. For example, to retrieve the client from a Web API controller:

private readonly SecretClient _client;

public ProductsController(SecretClient client)
    _client = client;

See the Azure.Security.KeyVault.Secrets documentation for examples on using the SecretClient.


The .NET Aspire Azure Key Vault library provides multiple options to configure the Azure Key Vault connection based on the requirements and conventions of your project. Note that the VaultUri is required to be supplied.

Use a connection string

When using a connection string from the ConnectionStrings configuration section, you can provide the name of the connection string when calling builder.AddAzureKeyVaultSecrets():


And then the vault URI will be retrieved from the ConnectionStrings configuration section. The vault URI which works with the AzureSecurityKeyVaultSettings.Credential property to establish a connection. If no credential is configured, the DefaultAzureCredential is used.

  "ConnectionStrings": {
    "secretConnectionName": "https://{account_name}"

Use configuration providers

The .NET Aspire Azure Key Vault library supports Microsoft.Extensions.Configuration. It loads the AzureSecurityKeyVaultSettings and SecretClientOptions from configuration by using the Aspire:Azure:Security:KeyVault key. Example appsettings.json that configures some of the options:

  "Aspire": {
    "Azure": {
      "Security": {
        "KeyVault": {
          "HealthChecks": false,
          "Tracing": true,
          "ClientOptions": {
            "Diagnostics": {
              "ApplicationId": "myapp"

Use inline delegates

You can also pass the Action<AzureSecurityKeyVaultSettings> configureSettings delegate to set up some or all the options inline, for example to disable health checks from code:

    builder.AddAzureKeyVaultSecrets("secrets", settings => settings.HealthChecks = false);

You can also setup the SecretClientOptions using the optional Action<IAzureClientBuilder<SecretClient, SecretClientOptions>> configureClientBuilder parameter of the AddAzureKeyVaultSecrets method. For example, to set the first part of "User-Agent" headers for all requests issues by this client:

    builder.AddAzureKeyVaultSecrets("secrets", configureClientBuilder: clientBuilder => clientBuilder.ConfigureOptions(options => options.Diagnostics.ApplicationId = "myapp"));

AppHost extensions

In your AppHost project, install the Aspire Azure Hosting library with NuGet:

dotnet add package Aspire.Hosting.Azure

Then, in the Program.cs file of AppHost, add a Key Vault connection and consume the connection using the following methods:

var keyVault = builder.AddAzureKeyVault("secrets");

var myService = builder.AddProject<Projects.MyService>()

The AddAzureKeyVault method will read connection information from the AppHost's configuration (for example, from "user secrets") under the ConnectionStrings:secrets config key. The WithReference method passes that connection information into a connection string named secrets in the MyService project. In the Program.cs file of MyService, the connection can be consumed using:


Additional documentation

Feedback & contributing

Product Compatible and additional computed target framework versions.
.NET net9.0 is compatible. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
9.0.0-preview.1.24113.3 85 2/13/2024
8.0.0-preview.3.24105.21 859 2/13/2024
8.0.0-preview.2.23619.3 764 12/20/2023
8.0.0-preview.1.23557.2 365 11/14/2023