You can configure Azure Key Vault store either with Managed Identity:
IMySettings settings = new ConfigurationBuilder<IMySettings>()
.UseAzureKeyVaultWithManagedIdentity(vaultUri)
.Build();or in more traditional way with a Service Principal:
IMySettings settings = new ConfigurationBuilder<IMySettings>()
UseAzureKeyVaultWithServicePrincipal(
this ConfigurationBuilder(vaultUri, clientId, clientSecret)
.Build();This implementation always uses secrets, and their latest versions to read config settings. The store is read/write.