Faster Startup for Azure App Config

June 7, 2024    Development .Net Azure

Faster Startup for Azure App Config

We are using Azure App Config and Azure Key Vault to store our configuration, secrets and feature flags for our .Net application. We noticed the Api startup locally and pod startup in Kubernetes seemed slow. After investigating, we learned that it was scanning multiple ways to authenticate to Azure to retrieve these values.

After limiting its choices, startup went from 10-15 seconds down to a few seconds. That makes everyone happier 🌞!

/// Program.cs
public static IHostBuilder CreateHostBuilder(string[] args) =>
    Host.CreateDefaultBuilder(args)
        .ConfigureAppConfiguration(config =>
        {
            var configurationRoot = config.Build();
            var configEndpoint = configurationRoot.GetRequiredSection("AppSettings:AppConfigEndpoint").Get<string>();
            config.AddAzureAppConfiguration(options =>
            {
                // we created SetupHelper.DefaultAzureCredentialOptions (see below) to tell DefaultAzureCredential where to look
                options.Connect(new Uri(configEndpoint), new DefaultAzureCredential(SetupHelper.DefaultAzureCredentialOptions))
                    .Select("AppSettings:*")
                    .ConfigureRefresh(refreshOption =>
                    {
                        refreshOption.Register("AppSettings:Sentinel", true)
                            .SetCacheExpiration(TimeSpan.FromDays(15));
                    })
                    .ConfigureKeyVault(kv =>
                    {
                        kv.SetCredential(new DefaultAzureCredential(SetupHelper.DefaultAzureCredentialOptions));
                    });
            });
        });

public class SetupHelper {
    public static DefaultAzureCredentialOptions DefaultAzureCredentialOptions => new DefaultAzureCredentialOptions()
    {
        ExcludeAzureDeveloperCliCredential = true,
        ExcludeEnvironmentCredential = true,
        ExcludeAzurePowerShellCredential = true,
        ExcludeInteractiveBrowserCredential = true,
        ExcludeSharedTokenCacheCredential = true,
#if DEBUG
        ExcludeVisualStudioCodeCredential = false,
        ExcludeVisualStudioCredential = false,
#else
        ExcludeVisualStudioCodeCredential = true,
        ExcludeVisualStudioCredential = true,
#endif
        ExcludeManagedIdentityCredential = true,
    };    
}

We mostly authenticate through Visual Studio on Windows, but this will also allow cli auth.

You may need to modify this for your needs.



Watch the Story for Good News
I gladly accept BTC Lightning Network tips at [email protected]

Please consider using Brave and adding me to your BAT payment ledger. Then you won't have to see ads! (when I get to $100 in Google Ads for a payout, I pledge to turn off ads)

Use Brave

Also check out my Resources Page for referrals that would help me.


Swan logo
Use Swan Bitcoin to onramp with low fees and automatic daily cost averaging and get $10 in BTC when you sign up.