Skip to content

[Breaking change]: WithAccessKeyAuthenticaton and WithPasswordAuthentication create a keyvault resource in the app model #2889

New issue
New issue
Closed
Task
#2870
Closed
[Breaking change]: WithAccessKeyAuthenticaton and WithPasswordAuthentication create a keyvault resource in the app model#2889
Task
#2870
Assignees
IEvangelist
Labels
📌 seQUESTeredIdentifies that an issue has been imported into Quest.Pri1High priority, do before Pri2 and Pri3doc-ideaIndicates issues that are suggestions for new topics [org][type][category]in-pr⛓️‍💥 breaking-changeIssues or PRs tracking breaking changes.
Milestone
9.2
@davidfowl

Description

@davidfowl
davidfowl
opened on Mar 25, 2025

Description

Relevant change dotnet/aspire#8171

Resources no longer

Version

.NET Aspire 9.2

Previous behavior

Before azd would automatically create and manage bicep resources and these were invisible to the app model so they could not be managed or customized in C#.

New behavior

In 9.2 we changed calling WithKeyAccessAuthenticaton on CosmosDb and AzureRedis or WithPasswordAuthentication would add an empty keyVaultName parameter as a known parameter in the bicep. Now we directly create the key vault resource (or allow you to pass in a reference to another AzureKeyVault resource where the secret will be stored). The key vault secret names for connection strings are now named connectionstrings--{resourcename} to avoid potential conflicts with other connection strings in existing key vaults.

Type of breaking change

  • Binary incompatible: Existing binaries might encounter a breaking change in behavior, such as failure to load or execute, and if so, require recompilation.
  • Source incompatible: When recompiled using the new SDK or component or to target the new runtime, existing source code might require source changes to compile successfully.
  • Behavioral change: Existing binaries might behave differently at run time.

Reason for change

Moving resources to the app host makes it easier to customize and manage. You can now share a key vault across multiple resources or use an existing key vault to manage connection strings with secrets.

Recommended action

There is currently not work around.

Affected APIs

Associated WorkItem - 416256

Metadata

Metadata

Assignees

Labels

📌 seQUESTeredIdentifies that an issue has been imported into Quest.Pri1High priority, do before Pri2 and Pri3doc-ideaIndicates issues that are suggestions for new topics [org][type][category]in-pr⛓️‍💥 breaking-changeIssues or PRs tracking breaking changes.

Type

Task

Projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions