How to access Azure Key Vault values in a C# .NET application

Introduction: 

In this blog, we will discuss Microsoft’s Azure Key Vault offering, its basic components and best practices. We will also learn how users can access Azure Key Vault values in C# .NET application. 

What is Azure Key Vault? 

Azure Key Vault is a service offered by Microsoft as part of its Azure platform. It is a cloud service that enables users to securely store passwords and other configuration elements needed to run applications.

Learn More About Azure Solutions

Learn More


What are the Azure Key Vault best practices? 

  • Different key vaults for different applications. 
  • Different key vaults for production and development (to ensure that the key vaults do not get compromised). 
  • Limiting access and permissions for the key vault.  
  • Creating policies to determine which application or user has access to these secrets. 

How to access the Azure Key Vault values in a C# .NET application? 

To access the key vault values in a C# application we first need to create an application in the Azure Active Directory. 

Go to Azure portal and search for Azure Active Directory.

Go to Azure portal and search for Azure Active Directory

Then go to the App registrations and click on the new registration button. Give your application a name and then click register. You do not need to provide the redirect URL. Once you complete this step, you will be navigated to the following screen:  

Azure Key Vault values - App registrations

Make sure to note down the Client ID, Tenant ID and create a client credential by clicking on the add a certificate or secret button. Make sure to note down the secret as well. Next, we will create a key vault. Go to the portal and search for the key vaults. Click on create to create a new key vault 

create a new key vault

Select the resource group and give your key vault a name. Click Review and then click Create. Once the vault is created, go to the resource, and then go to Secrets. 

Click Review and then click Create

In Secrets, click on Generate/Import 

click on Generate/Import

Now we will add the secret name and value to create a sample secret in the key vault. We will use this sample in our application.  

Next, we will grant our application access to this key vault. 

we will grant our application access to this key vault

Then, we will add an access policy, as shown in the screenshot below. 

we will add an access policy

We will then select a key secret and add a certificate management. Then we will select the principal. After that, we will search for the Azure Active Directory application we created initially. 

Azure Active Directory application

After all this is done, we will click on save to ensure all our steps are executed. The key vault would be set up now for your use. Now you can use the following code to get the secrets:  

image018

using System; 

using Azure.Identity; 

using Azure.Security.KeyVault.Secrets; 

Use these libraries, System, Identity and Secrets to run the function provided above; 

In the last step, we must set up the environment variables on the machine we are running the application on.  

The values are:  

AZURE_CLIENT_ID 

AZURE_CLIENT_SECRET 

AZURE_TENANT_ID 

These values are retrieved from the Azure Active Directory application that we created in the beginning of this blog. 

Azure Active Directory application

Conclusion: 

In conclusion, Azure Key Vault is a safe way to store application secrets for .NET applications. The best practices mentioned above will enable you to use the vault in the most secure way possible. To access secrets in .NET applications you must create an application in the Azure Active Directory and then follow the steps mentioned above to access the secrets securely.