CODEWITHSUNDEEP
azureasp.net-coreazure-keyvault
Mike_G
Mike_G

Reputation: 16512

net core app fails to access azure key vault

I am trying to use Azure key vault to store some secrets. Following this tutorial: https://learn.microsoft.com/en-us/azure/key-vault/vs-secure-secret-appsettings

works while debugging, but when I publish the app to Azure, it fails by returning null for my key.

I then tried this tutorial: https://medium.com/@patoncrispy/securing-settings-in-dot-net-core-apps-using-azure-key-vault-d4ec82de00b8

this also works during debugging, but when I publish to Azure, it also fails by returning null for my key.

any help in where I should look on how to resolve this would be great. Why would I get null in production, but not debugging when the same credentials are supplied?

Upvotes: 1

Views: 1117

Answers (2)

Swati
Swati

Reputation: 296

// Create a new secret client using the default credential from Azure.Identity using environment variables previously set,
// including AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, and AZURE_TENANT_ID.
var client = new SecretClient(vaultUri: new Uri(keyVaultUrl), credential: new DefaultAzureCredential());

// Create a new secret using the secret client.
KeyVaultSecret secret = client.SetSecret("secret-name", "secret-value");

// Retrieve a secret using the secret client.
secret = client.GetSecret("secret-name");

Upvotes: 0

juunas
juunas

Reputation: 58863

In order for the app to be able to access the Key Vault in Azure using the AppAuthentication library, it should have Managed Service Identity enabled.

In addition the automatically created service principal needs to be given access to the secrets in Key Vault.

Specifying the KeyVault endpoint URL in Azure can be done using an app setting with the key KEYVAULT_ENDPOINT in the first example.

Upvotes: 1

Related Questions