How to access Azure Key Vault values in a C# .NET application


In this blog, we will discuss Microsoft’s Azure Key Vault offering, its basic components and best practices. We will also learn how users can access Azure Key Vault values in C# .NET application. 

What is Azure Key Vault?

Azure Key Vault is a service offered by Microsoft as part of its Azure platform. It is a cloud service that enables users to securely store passwords and other configuration elements needed to run applications.

What are the Azure Key Vault Best Practices?

  • Different key vaults for different applications. 
  • Different key vaults for production and development (to ensure that the key vaults do not get compromised). 
  • Limiting access and permissions for the key vault.  
  • Creating policies to determine which application or user has access to these secrets. 

How to Access the Azure Key Vault Values in a C# .NET Application?

To access the key vault values in a C# application we first need to create an application in the Azure Active Directory. 

Go to Azure portal and search for Azure Active Directory.

Infographics show the Azure portal

Then go to the App registrations and click on the new registration button. Give your application a name and then click register. You do not need to provide the redirect URL. Once you complete this step, you will be navigated to the following screen:  

Infographics show the csharp application

Make sure to note down the Client ID, Tenant ID and create a client credential by clicking on the add a certificate or secret button. Make sure to note down the secret as well. Next, we will create a key vault. Go to the portal and search for the key vaults. Click on create to create a new key vault.  

Infographics show the create a key vault

Select the resource group and give your key vault a name. Click Review and then click Create. Once the vault is created, go to the resource, and then go to Secrets. 

Infographics show the once the key Vault is Created go to Secrets

In Secrets, click on Generate/Import 

Infographics show the click on Generate/Import

Now we will add the secret name and value to create a sample secret in the key vault. We will use this sample in our application.  

Next, we will grant our application access to this key vault. 

Infographics show the grant of our application access to this key vault

Then, we will add an access policy, as shown in the screenshot below. 

Infographics show the add an access policy in Azure key vault

We will then select a key secret and add a certificate management. Then we will select the principal. After that, we will search for the Azure Active Directory application we created initially. 

Infographics show the Azure Active Directory application

After all this is done, we will click on save to ensure all our steps are executed. The key vault would be set up now for your use. Now you can use the following code to get the secrets:  

Infographics show the use code to get the secrets in Azure Key Vault

using System; 

using Azure.Identity; 

using Azure.Security.KeyVault.Secrets; 

Use these libraries, System, Identity and Secrets to run the function provided above; 

In the last step, we must set up the environment variables on the machine we are running the application on.  

The values are:  




These values are retrieved from the Azure Active Directory application that we created in the beginning of this blog. 

Further Reading: Streamlining Microsoft Azure Identity and Security for Growth

Infographics show the Azure Active Directory applicationimage019


In conclusion, Azure Key Vault is a safe way to store application secrets for .NET applications. The best practices mentioned above will enable you to use the vault in the most secure way possible. To access secrets in .NET applications you must create an application in the Azure Active Directory and then follow the steps mentioned above to access the secrets securely.

Explore Recent Blog Posts