Azure key vault is used to store sensitive information such as connection string, passwords, API keys, etc.
For more information on Azure key vault click
here.
Here in this blog, we will store a secret in key vault and try to access (Get) it through a .net core console project.
Prerequisite
-
Azure subscription.
-
Basic understanding of C# and Azure key vault.
We cannot access the secret from Azure key vault directly! Then how can we access the secrets in our application?
Steps
Go to portal.azure.com and login to your account. Search for app registration services and click on New registration.
We will be able to see the Register an application tab opened, as shown in the image below. I have named it as TestApp and used the single tenant option.
Register the TestApp application.
Subsequently, we will be able to see the section (below) open in our portal. We will go to the Certificates & secrets section and add a New client secret.
![Fetching Secrets From Key Vault In .NET Console App]()
I have named it as TestClientSecret and checked the expiry date as 1 year. This will add new client secret, so copy the value of client secret and save the information. We will be using this value in our application.
Now moving on to key vault creation. We will search for key vaults, click on add a new vault.
Fill in the details of Key vault. I have named it as testkeyvault-demo and by default pricing tier is standard. Review and create the new vault. In a few seconds your new vault will be ready.
![Fetching Secrets From Key Vault In .NET Console App]()
Go to resource, from within key vault's left pane select Access policies and add a new Access policy.
We will select Secret Management from configure from template drop down menu. We will be using get secret feature only. Click on select principal.
TestApp is the registered application that we have registered in app registration service. We will filter by typing the name TestApp, select the app and add it. Save the vault configuration.
![Fetching Secrets From Key Vault In .NET Console App]()
![Fetching Secrets From Key Vault In .NET Console App]()
Now that our app is registered, I will add one secret in vault by clicking on Generate/Import.
![Fetching Secrets From Key Vault In .NET Console App]()
![Fetching Secrets From Key Vault In .NET Console App]()
Subsequently, we will see the Create a secret page. I have named it as TestSecretKey. There are multiple features available such as activation date, expiration date etc. We won’t be using them here.
![Fetching Secrets From Key Vault In .NET Console App]()
Jumping on to creating a new .net core console application. Add two nuget packages,
- Microsoft.Azure.KeyVault
- Microsoft.IdentityModel.Clients.ActiveDirectory
Moving on to the code part, we need CLIENT_ID, BASE_URI and CLIENT_SECRET.
CLIENT_SECRET: - It’s the secret id that was generated while creating a secret in app registration and I asked you to copy the value and paste it somewhere. If you didn’t do it you won’t be able to get it now, delete the previous one and create a new secret id.
BASE_URI: - It’s the vault url path that can be found under overview section of Azure key vault.
CLIENT_ID: - It’s the Application (client) ID that can be found under app registration.\
In the above code snippet, I have used await client.GetSecretAsync(BASE_URI, "TestSecretKey"); and the TestSecretKey is the secret name that I added in Azure key vault.
After running this solution, you will be able to see the secret id.
![Fetching Secrets From Key Vault In .NET Console App]()
-------------Keep Learning !!!