In this blog, we will discuss Microsoft’s Azure Key Vault offering, its basic components and best practices. We will also learn how users can access Azure Key Vault values in C# .NET application.
What is Azure Key Vault?
Azure Key Vault is a service offered by Microsoft as part of its Azure platform. It is a cloud service that enables users to securely store passwords and other configuration elements needed to run applications.
Learn More About Azure Solutions
What are the Azure Key Vault best practices?
- Different key vaults for different applications.
- Different key vaults for production and development (to ensure that the key vaults do not get compromised).
- Limiting access and permissions for the key vault.
- Creating policies to determine which application or user has access to these secrets.
How to access the Azure Key Vault values in a C# .NET application?
To access the key vault values in a C# application we first need to create an application in the Azure Active Directory.
Go to Azure portal and search for Azure Active Directory.
Then go to the App registrations and click on the new registration button. Give your application a name and then click register. You do not need to provide the redirect URL. Once you complete this step, you will be navigated to the following screen:
Make sure to note down the Client ID, Tenant ID and create a client credential by clicking on the add a certificate or secret button. Make sure to note down the secret as well. Next, we will create a key vault. Go to the portal and search for the key vaults. Click on create to create a new key vault.
Select the resource group and give your key vault a name. Click Review and then click Create. Once the vault is created, go to the resource, and then go to Secrets.
In Secrets, click on Generate/Import
Now we will add the secret name and value to create a sample secret in the key vault. We will use this sample in our application.
Next, we will grant our application access to this key vault.
Then, we will add an access policy, as shown in the screenshot below.
We will then select a key secret and add a certificate management. Then we will select the principal. After that, we will search for the Azure Active Directory application we created initially.
After all this is done, we will click on save to ensure all our steps are executed. The key vault would be set up now for your use. Now you can use the following code to get the secrets:
Use these libraries, System, Identity and Secrets to run the function provided above;
In the last step, we must set up the environment variables on the machine we are running the application on.
The values are:
These values are retrieved from the Azure Active Directory application that we created in the beginning of this blog.
In conclusion, Azure Key Vault is a safe way to store application secrets for .NET applications. The best practices mentioned above will enable you to use the vault in the most secure way possible. To access secrets in .NET applications you must create an application in the Azure Active Directory and then follow the steps mentioned above to access the secrets securely.