We are using Azure App Config and Azure Key Vault to store our configuration, secrets and feature flags for our .Net application. We noticed the Api startup locally and pod startup in Kubernetes seemed slow. After investigating, we learned that it was scanning multiple ways to authenticate to Azure to retrieve these values.
After limiting its choices, startup went from 10-15 seconds down to a few seconds. That makes everyone happier 🌞!
/// Program.cs
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureAppConfiguration(config =>
{
var configurationRoot = config.Build();
var configEndpoint = configurationRoot.GetRequiredSection("AppSettings:AppConfigEndpoint").Get<string>();
config.AddAzureAppConfiguration(options =>
{
// we created SetupHelper.DefaultAzureCredentialOptions (see below) to tell DefaultAzureCredential where to look
options.Connect(new Uri(configEndpoint), new DefaultAzureCredential(SetupHelper.DefaultAzureCredentialOptions))
.Select("AppSettings:*")
.ConfigureRefresh(refreshOption =>
{
refreshOption.Register("AppSettings:Sentinel", true)
.SetCacheExpiration(TimeSpan.FromDays(15));
})
.ConfigureKeyVault(kv =>
{
kv.SetCredential(new DefaultAzureCredential(SetupHelper.DefaultAzureCredentialOptions));
});
});
});
public class SetupHelper {
public static DefaultAzureCredentialOptions DefaultAzureCredentialOptions => new DefaultAzureCredentialOptions()
{
ExcludeAzureDeveloperCliCredential = true,
ExcludeEnvironmentCredential = true,
ExcludeAzurePowerShellCredential = true,
ExcludeInteractiveBrowserCredential = true,
ExcludeSharedTokenCacheCredential = true,
#if DEBUG
ExcludeVisualStudioCodeCredential = false,
ExcludeVisualStudioCredential = false,
#else
ExcludeVisualStudioCodeCredential = true,
ExcludeVisualStudioCredential = true,
#endif
ExcludeManagedIdentityCredential = true,
};
}
We mostly authenticate through Visual Studio on Windows, but this will also allow cli auth.
You may need to modify this for your needs.
Please consider using Brave and adding me to your BAT payment ledger. Then you won't have to see ads! (when I get to $100 in Google Ads for a payout, I pledge to turn off ads)
Also check out my Resources Page for referrals that would help me.