Accessing Azure Vault from external app like .NET Console app

Introduction

Azure Key Vault is a cloud service for securely storing and accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, or cryptographic keys. Key Vault service supports two types of containers: vaults and managed hardware security module(HSM) pools. Vaults support storing software and HSM-backed keys, secrets, and certificates. Managed HSM pools only support HSM-backed keys.

In other words, Azure Key Vault is a cloud service that provides a secure store for secrets. You can securely store keys, passwords, certificates, and other secrets. Azure key vaults may be created and managed through the Azure portal.

Quickstart: Create a key vault using the Azure portal

If you are new to Azure Key Vault, please follow the link about creating new Azure Key Vault using Azure portal:
https://learn.microsoft.com/en-us/azure/key-vault/general/quick-create-portal

Accessing secrets outside of Azure platform

We need to register our app as client app in Azure app registration to achieve this. Because we need access token of Azure AD to retrieve the Azure Key Vault secrets outside Azure portal. In this article, we are accessing the secrets in our .NET 6 Console App. So, we are registering our console app as a client app in Azure AD via Azure portal. For example:

Keyvault app registration

-> Since we are using this app as console, so please add “http://localhost” in Redirect URIs” section under “Authentication menu.
-> Now generate a client’s secret which will be used while fetching the secret by the client app.
-> Add “Azure Key Value” permission under “API Permissions” menu.

That’s it on the app registration side of Azure portal. Now we need to make sure few settings on Azure Key Vault side also.
-> Create a new access policy for your Key Vault with the permission of our registered app along with other key and secret managements permissions. You can choose your registered application under “Principal” tab while creating new access policy. Please not that it is not available under edit section.
keyvault access policy

Now you are ready to access it via console app. The following sample code can be used to access all available secrets from Azure Key Vault:

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *