Provide custom secret resolver (SetSecretResolver) with additional resolution context

[maskati]

The library does not currently make it easy to support access to secrets where resolution is based on configuration metadata (for example label or tags). The SetSecretResolver configuration takes a delegate that provides as context only KeyVaultSecretIdentifier.SourceId (URI to the Key Vault secret).

Currently GetSecretValue also receives as context the associated AAC configuration ConfigurationSetting.Key, which could be provided to the custom resolver.

The upstream ProcessKeyValue also receives the full ConfigurationSetting including the key, label, (key vault reference) value, and tags.

Consider an overload of SetSecretResolver that allows injecting additional resolution context, ideally providing the full ConfigurationSetting.

[avanigupta]

Hello @maskati, we are working on a new API that gives users access to the full ConfigurationSetting retrieved from AppConfig. You'd be able to make any modifications to the ConfigurationSetting object before we run ProcessKeyValue on it. Would this address your issue: #157

[maskati]

The new API may resolve the issue, but only if the mapping function can be run before built-in adapters (before Key Vault references are resolved to secret values), otherwise the custom mapper would not have necessary Key Vault reference context to perform custom secret resolution. It is not clear if mapping order can be configured in the upcoming API #157 (comment):

No need to over engineer from the start with ordering complexity, etc. Let's provide simple solution, calling after the internal adapters ran. The user code has the last saying what goes into the config.

[avanigupta]

We ended up designing the mapping function to run before our built-in adapters. So you'll have access to the original Key Vault reference in your custom mapper.

[maskati]

@avanigupta that sounds great, thanks for the confirmation!