CODEWITHSUNDEEP
asp.net-mvcazureactive-directoryazure-keyvault
Pikapops
Pikapops

Reputation: 741

List key vaults associated with AD user accounts?

I'm creating a web app in MVC c# where you can login using your AD account and read secrets. The problem is that there are lots of Key Vaults - each with specific permissions. I've managed to do this with one particular vault and list the secrets in the vault using the vault URL using an AD login.

I would like to be able to list the vaults that the user has access too. I understand this is very easy to do in Powershell but I cannot find out how to do this in C#.

Is there a way to do this? Thanks!

Upvotes: 1

Views: 208

Answers (1)

Fei Xue
Fei Xue

Reputation: 14649

As far as I know, there is no such REST we can get all the key vaults across the different subscription at present.

As a workaround, we need to list Key Vault under all the subscriptions and resource group. And check the accessPolicies to see whether the Key Vault is accessible.

For example an accessPolicie likes below, we can check whether users' object match the objectId in accessPolicie.

  {
    "tenantId": "",
    "objectId": "",
    "permissions": {
      "keys": [],
      "secrets": [
        "Get"
      ],
      "certificates": []
    }
  },

To list Key Vault under all the subscriptions and resource group you can refer the REST below:

GET: https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.KeyVault/vaults?api-version=2015-06-01    

authorization: bearer {access_token}

And if you have any idea or feedback about Azure, you can submit them from here.

Upvotes: 1

Related Questions