Fig Azure Client Secret Provider
Experimental
This integration has not been well tested and may contain bugs. Please report any bugs to the GitHub repo
This package provides an Azure Key Vault implementation of the IClientSecretProvider interface for Fig configuration management.
Features
- Thread-Safe: Uses semaphore-based locking to prevent race conditions when multiple instances try to create the same secret
- Race Condition Protection: Implements "check-then-act" pattern with proper synchronization
- Retry Logic: Handles transient failures with exponential backoff
- Conflict Resolution: Gracefully handles concurrent secret creation attempts
- Managed Identity Support: Uses
DefaultAzureCredentialfor seamless authentication in Azure environments - Automatic Secret Creation: Secrets are only auto-created if the environment variable
ASPNETCORE_ENVIRONMENTorDOTNET_ENVIRONMENTis set toDevelopment. In all other environments, secrets must already exist or aSecretNotFoundExceptionwill be thrown.
Usage
builder.Configuration.SetBasePath(GetBasePath())
.AddJsonFile("appsettings.json", optional: true, reloadOnChange: true)
.AddFig<Settings>(options =>
{
options.ClientName = "AspNetApi";
options.LoggerFactory = loggerFactory;
options.CommandLineArgs = args;
options.ClientSecretProviders = [new AzureSecretProvider("https://your-keyvault.vault.azure.net/")]
});
Auto-Creation Behavior
Secrets are only auto-created if the environment variable ASPNETCORE_ENVIRONMENT or DOTNET_ENVIRONMENT is set to Development. In all other environments, secrets must already exist or a SecretNotFoundException will be thrown.