Scenario: Use Azure Key vault to store secrets
Solution:
Per Azure docs:
Azure Key Vault is a cloud service for securely storing and accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, or cryptographic keys.
- Azure -> Azure Active Directory -> App registrations [left pane]->New registration
- Name = keyvault-myapp
- Who can use this application or access this API? = Accounts in this organizational directory only (Default Directory only - Single tenant)
- Register
- On Success, Application ID (Client ID) would be displayed. Copy this for further use.
- Certificates & secrets -> New Client Secret
- Description = client secret
- Value = Copy this for further use.
- New resource -> Key Vault
- Resource group = Your resource group
- Key vault name = mykeyvault
- Region = region
- Review and Create
- Secrets [left pane]
- Create a secret
- name = keyname
- value = secret value
- Create
- Access policies -> Add Access Policy -> Secret permissions -> Select all -> principal -> search app registration name -> Save
- In ASP.NET Core -> App Settings
"Keyvault": {
"Vault": "keyvault-myapp",
"ClientId": "#2",
"ClientSecret": "#4.1"
}
"Keyvault": {
"Vault": "keyvault-myapp",
"ClientId": "#2",
"ClientSecret": "#4.1"
} 9. Program.cs
namespace Web
{
public class Program
{
public static void Main(string[] args)
{
CreateHostBuilder(args).Build().Run();
}
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureAppConfiguration((context, config) =>
{
var root = config.Build();
config.AddAzureKeyVault($"https://{root["KeyVault:Vault"]}.vault.azure.net/", root["KeyVault:ClientId"], root["KeyVault:ClientSecret"]);
})
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup<Startup>();
});
}
}
namespace Web
{
public class Program
{
public static void Main(string[] args)
{
CreateHostBuilder(args).Build().Run();
}
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureAppConfiguration((context, config) =>
{
var root = config.Build();
config.AddAzureKeyVault($"https://{root["KeyVault:Vault"]}.vault.azure.net/", root["KeyVault:ClientId"], root["KeyVault:ClientSecret"]);
})
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup<Startup>();
});
}
} public class MyController : Controller
{
private readonly IConfiguration _configuration;
public ValuesController(IConfiguration configuration)
{
_configuration = configuration;
}
[HttpGet]
public string Get()
{
var value = _configuration["keyname"];
}
}
public class MyController : Controller
{
private readonly IConfiguration _configuration;
public ValuesController(IConfiguration configuration)
{
_configuration = configuration;
}
[HttpGet]
public string Get()
{
var value = _configuration["keyname"];
}
} 
No comments:
Post a Comment