key-vault-auth.cs

var keyVaultName = builder.Configuration["KeyVaultName"];
var azureADDirectoryId = builder.Configuration["AzureADDirectoryId"];
var azureADApplicationId = builder.Configuration["AzureADApplicationId"];
var azureADCertThumbprint = builder.Configuration["AzureADCertThumbprint"];


builder.Host.ConfigureAppConfiguration((hostingContext, config) =>
{
    using (var x509Store = new X509Store(StoreLocation.CurrentUser))
    {
        x509Store.Open(OpenFlags.ReadOnly);

        // Retrieve a collection of X.509 certificates from an X.509 certificate store
        var x509Certificate = x509Store.Certificates
            .Find(
                X509FindType.FindByThumbprint,
                azureADCertThumbprint,
                validOnly: false)
            .OfType<X509Certificate2>()
            .Single();

        var clientCertificateCredential = new ClientCertificateCredential(
            azureADDirectoryId,
            azureADApplicationId,
            x509Certificate);

        config.AddAzureKeyVault(
            $"https://{keyVaultName}.vault.azure.net/"
);
    }
});

var app = builder.Build();