|
1 | 1 | using System.CommandLine; |
2 | 2 | using System.Text.Json; |
| 3 | +using Azure.Identity; |
3 | 4 | using EssentialCSharp.Chat.Common.Extensions; |
4 | 5 | using EssentialCSharp.Chat.Common.Services; |
5 | 6 | using Microsoft.Extensions.Configuration; |
@@ -358,16 +359,61 @@ void WriteChunkingResult(FileChunkingResult result, TextWriter writer) |
358 | 359 |
|
359 | 360 | /// <summary> |
360 | 361 | /// Creates and configures the IConfiguration used by multiple commands. |
361 | | - /// This method centralizes the common configuration setup to reduce code duplication. |
| 362 | + /// Supports Azure Key Vault integration for secure secret management. |
362 | 363 | /// </summary> |
363 | 364 | /// <returns>The configured IConfigurationRoot</returns> |
| 365 | + /// <remarks> |
| 366 | + /// Configuration precedence (highest to lowest): |
| 367 | + /// 1. Environment Variables |
| 368 | + /// 2. Azure Key Vault (if configured) |
| 369 | + /// 3. User Secrets (development only) |
| 370 | + /// 4. appsettings.json |
| 371 | + /// |
| 372 | + /// To enable Key Vault, set the "KeyVaultName" configuration value in appsettings.json or user secrets: |
| 373 | + /// { |
| 374 | + /// "KeyVaultName": "your-keyvault-name" |
| 375 | + /// } |
| 376 | + /// |
| 377 | + /// The application will use DefaultAzureCredential for authentication, which supports: |
| 378 | + /// - Managed Identity (in Azure) |
| 379 | + /// - Azure CLI (local development) |
| 380 | + /// - Visual Studio (local development) |
| 381 | + /// - Environment variables (AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_TENANT_ID) |
| 382 | + /// </remarks> |
364 | 383 | private static IConfigurationRoot CreateConfiguration() |
365 | 384 | { |
366 | | - return new ConfigurationBuilder() |
| 385 | + var configBuilder = new ConfigurationBuilder() |
367 | 386 | .SetBasePath(IntelliTect.Multitool.RepositoryPaths.GetDefaultRepoRoot()) |
368 | | - .AddJsonFile("EssentialCSharp.Web/appsettings.json") |
369 | | - .AddUserSecrets<Program>() |
370 | | - .AddEnvironmentVariables() |
371 | | - .Build(); |
| 387 | + .AddJsonFile("EssentialCSharp.Web/appsettings.json", optional: false, reloadOnChange: true) |
| 388 | + .AddJsonFile($"EssentialCSharp.Web/appsettings.{Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT") ?? "Production"}.json", optional: true, reloadOnChange: true) |
| 389 | + .AddUserSecrets<Program>(optional: true) |
| 390 | + .AddEnvironmentVariables(); |
| 391 | + |
| 392 | + // Build a temporary configuration to check for Key Vault settings |
| 393 | + var tempConfig = configBuilder.Build(); |
| 394 | + var keyVaultName = tempConfig["KeyVaultName"]; |
| 395 | + |
| 396 | + // If Key Vault is configured, add it to the configuration pipeline |
| 397 | + if (!string.IsNullOrEmpty(keyVaultName)) |
| 398 | + { |
| 399 | + try |
| 400 | + { |
| 401 | + var keyVaultUri = new Uri($"https://{keyVaultName}.vault.azure.net/"); |
| 402 | + |
| 403 | + // Use DefaultAzureCredential which works both locally and in Azure |
| 404 | + var credential = new DefaultAzureCredential(); |
| 405 | + |
| 406 | + configBuilder.AddAzureKeyVault(keyVaultUri, credential); |
| 407 | + |
| 408 | + Console.WriteLine($"✅ Connected to Azure Key Vault: {keyVaultName}"); |
| 409 | + } |
| 410 | + catch (Exception ex) |
| 411 | + { |
| 412 | + Console.WriteLine($"⚠️ Warning: Could not connect to Azure Key Vault '{keyVaultName}': {ex.Message}"); |
| 413 | + Console.WriteLine(" Continuing with other configuration sources..."); |
| 414 | + } |
| 415 | + } |
| 416 | + |
| 417 | + return configBuilder.Build(); |
372 | 418 | } |
373 | 419 | } |
0 commit comments