According to Azure Key Vault pricing, it is charged per transaction (or operation). At the time of writing this question, the pricing for secrets is: $0.03/10,000 transactions.
It is mentioned that
Every successfully authenticated REST API call counts as one operation.
and
Examples of operations for secrets—create/update, get, list.
This is all clear. But I'm having difficulty in understanding what is meant by "Transaction" or "Operation" in context of dotnet6 web application, where we use Azure Key Vault as configuration provider as following:
builder.Configuration.AddAzureKeyVault(vaultUri,credentials,
new AzureKeyVaultConfigurationOptions
{
//...
});
And then inside a controller, we can simply access any secret like following:
var mySecret1 = _configuration["MySecret1"];
var mySecret2 = _configuration["MySecret2"];
I want to understand, which of the following is true:
list operation. And hence all subsequent calls to _configuration["MySecret1"] will not be counted as operation/transaction that is charged? i.e, only one operation.OR
_configuration["MySecret1"] will be charged?I have contacted the support in this regard, but they are not able to answer this in context of dotnet application. We are planning to use this service in a large web application, which is still growing. Hence it is important to understand at this point how we'll be charged.
Any help would be appreciated.
The provider will load all secrets on startup using one list operation + N operations to get the secret values. The list operation does not return values, so an additional request is required per secret to get the value. After that the values are stored in memory, so you accessing IConfiguration does not cause any additional requests.
The number of requests is of course multiplied if you run the app on multiple servers. Also if the app restarts, it will reload configuration as well.
There is also a feature in the Azure.Extensions.AspNetCore.Configuration.Secrets library to poll for changes in Key Vault, but this is disabled by default.
If you do need this, you can set the ReloadInterval in AzureKeyVaultConfigurationOptions.