Azure Key Vault is a service provided by Microsoft to securely manage the secrets, keys, and certificates of an application so that they are neither in the configuration values nor in the source code controller. Thus, it makes it possible to store passwords, chains of connections, sensitive data in complete safety.
In this article we will see how to configure Azure KeyVault in Azure and store there for example a connection string and configure an ASP.NET Web API.
Before starting any configuration, you must first have created an application in the “App registration” section.
It must indeed allow the latter to access Azure Keyvault, we will see this a little further.
I already described in a previous article the creation of an application, this article is here:
Once the tutorial followed, just grab the clientId and clientSecret if the latter was not created, then create it. (see screenshot below).
This key pair will be used to consume AzureKeyVault in our ASP.NET Core Web Application.
Creating and configuring an Azure KeyVault
We now have an application authorized to access KeyVault and we have its clientId and clientSecret.
So we can configure our Azure KeyVault
Go to Azure KeyVault section and click on “Add” button :
Enter the name, the subscription, the resource group and the location and click on “Create button” :
The KeyVault should be created:
Click on the name of the newly created KeyVault and go to “access policies” section then click on “Add new”. We will add the application previously created in “App registrations” in Azure AD. This action will allow any .NET application that uses the clientId / clientSecret of this application to consume this Azure KeyVault.
The section “Select principal is the place to add our application. Its name is “Demo Open Id Connect” in my case. Then select “Get” everywhere if your .NET application is just consuming Azure KeyVault.
Once your done click on “Save”
Now it’s time to create an item that we want to store in Azure KeyVault instead of the appsettings of our .NET application. To do this go to section “Secrets” of your newly created Azure KeyVault :
Let’s add a connection string for example, we need to set options to “manual”, the name and obviously the value. We won’t use activation dates (begin and start) we will just activate it until we deactivate it :
Once done the secret value will appear in the list of secrets (only the name) :