Access Azure Key Vault from C# explains how to connect to the azure key vault, how to create secrets, keys, or certificates in azure key vault, and how to access those using c#.net.
Azure:
Azure is a cloud platform where we can host our applications. The advantage of Azure is that the types of services its offering includes Infrastructure as a Service(IaaS), Platform as a Service(PaaS) and Software as a Service(SaaS). With the integration of different services, azure offers better scalability, reliability, and high availability of applications.
Key-Vault:
Azure key-vault is a cloud-based service, offering to store keys, secrets, certificates, and passwords etc.in the cloud. By using this key-vault service we can provide secure access to the applications and no need to maintain the security information in the code. The main advantage of key-vault is that all the access related keys are in one place and secured in the cloud.
Steps to store secrets or keys in Azure key-vault:
Step 1:
Open the ‘ portal.azure.com’
Step 2:
Once the home page loaded, in the search area just enter the keyword ‘ keyvault’ and enter
Step 3:
Click on +Add button to create a new key vault
Step 4:
Enter the below-required information:
1. Subscription
2. Resource Group
3. Key Vault Name
4. Region
5. Pricing Tier
6. Retention period days (7-90 days)
Step 5:
Click on Review and Create button
Step 6:
Once key-vault created, navigate to that
Home > key vaults
Step 7:
Select the key vault created from the existing key vaults
Step 8:
Now, you are in new key vault page
In the settings, there are keys, secrets, and certificates links
Step 9:
As we are working on Secrets, click on Secrets link
Step 10:
Click on + Generate/ Import from the top menu
Step 11:
Now, we have to create a secret form
Step 12:
Enter secret name and value ( we can set activation date and expiry dates as well)
Step 13:
Click on Create button
Now ‘secrets‘ is created and ready for use
Step 14:
In the key vault, select the properties from the settings
Step 15:
Copy the key vault Url from DNS name
Format:
https://<key-vault-name>.vault.azure.net/
Access the secrets from C# code:
Step 16:
Open the Visual Studio 2019 or 2017
Step 17:
Create or open the solution, for which you want to access the secrets
Step 18:
Once the solution opened, navigate to solution explorer
Step 19:
Right-click on Project references, select the ‘Manage NuGet Package’ option from the list
Step 20:
Select Browse option from the menu ( by default it's landed in installed, so change it)
Enter the below NuGet package name in the search
Azure.Security.KeyVault.Secrets
Select the proper version and install it
Step 21:
Now enter the below NuGet package in the search
Azure.Identity
Select the proper version and install it
Step 22:
Once installed, import the below two .dlls to page
using Azure. Identity;
using Microsoft.Azure.Security.Secrets;
Step 23:
In the code, just add the below lines:
C#:
SecretClient secretClient = null;
keyvaultUri =” https://<key-vault-name>.vault.azure.net/”;
secretClient = new SecretClient(new Uri(keyvaultUri),new DefaultAzureCredentials());
KeyVaultSecret secret = secretClient.GetSecret(“keyvaultsecretname”); ( here keyvaultsecretname is the name of secrets in the key vault)
var vaultToken = secret.Value.ToString(); ( the secret value stored in vaultToken variable)
Classes used:
The KeyVaultSecret class used to gets the value of the secret.
The SecretClient class provides the methods to manage the Azure key vault. Supports create, retrieve, update, deletes, etc. on key vaults.
Method used:
SecretClient(Uri,TokenCredentials);
Here Uri parameter is the DNS name from the key vault properties.
TokenCredentials parameter used to authenticate access to the key vault. We can use DefaultAzureCredentials.
By using the above few lines of code, we can access the value of secrets from the key vault. Once accessed you can use the value as per the requirement.
No comments:
Post a Comment