Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace deprecated package Microsoft.Azure.KeyVault #557

Open
4 of 10 tasks
acn-sbuad opened this issue Sep 21, 2021 · 3 comments
Open
4 of 10 tasks

Replace deprecated package Microsoft.Azure.KeyVault #557

acn-sbuad opened this issue Sep 21, 2021 · 3 comments
Labels
kind/user-story Used for issues that describes functionality for our users.

Comments

@acn-sbuad
Copy link
Contributor

acn-sbuad commented Sep 21, 2021
edited by SandGrainOne
Loading

Description

Microsoft has released a completely new set of NuGet packages with client implementation for Azure KeyVault. Altinn 3 is currently using latest version of the original client library and should consider switching to the new client libraries.

Several of our projects reference Microsoft.Azure.KeyVault which is now deprecated.
Package should be replaced by alternate package Azure.Security.KeyVault.Secrets.

More information:
https://www.nuget.org/packages/Microsoft.Azure.KeyVault/

Considerations

Altinn 3 currently has multiple implementations using the client library. We should look into creating a common implementation. Storage might be the only component that access a Key Vault to find a secret outside of the Program class. The question will be if we can register a KeyVaultClientWrapper as a service and then use that in the Program class during "startup" to obtain the Instrumentation Key.

Update Microsoft.Extensions.Configuration.AzureKeyVault at the same time.

Acceptance criteria

  • No references to the deprecated package left in the repository.

Tasks
@acn-sbuad acn-sbuad added the kind/user-story Used for issues that describes functionality for our users. label Sep 21, 2021
@acn-sbuad acn-sbuad mentioned this issue Mar 15, 2022
Closed
7 tasks
@RonnyB71
Copy link
Member

RonnyB71 commented Jan 2, 2023

Another consideration for this issue is to not depend on the KeyVault as such, but rather have one or more interfaces providing secrets and certificates eg. ISecretProvidcer, ICertificateProvider. This would give us one less dependency on Microsoft Azure as such and make running locally and on-prem easier.

@SandGrainOne
Copy link
Member

SandGrainOne commented Jan 4, 2023
edited
Loading

@RonnyB71 I agree fully. We discussed this a month or two back while you were trying to use the MaskinportenClient package in an app. We ended up with having key vault secrets automatically being read into Configuration because that was where the MakinsportenClient expected to find it. Doing this through interfaces would require changes in many packages, but it might be worth it.

"Secrets aren't settings."

@nkylstad
Copy link
Member

nkylstad commented Apr 5, 2024

@RonnyB71 transferring this issue to app-lib repo, close it if it's no longer relevant 😊

@nkylstad nkylstad transferred this issue from Altinn/altinn-studio Apr 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/user-story Used for issues that describes functionality for our users.
Projects
Team Apps
Status: No status
Team Studio
Status: No status
Milestone
No milestone
Development

No branches or pull requests
4 participants
@nkylstad @SandGrainOne @RonnyB71 @acn-sbuad