Reputation: 3
Not able read Azure Key Vault's secret key through windows application
We are trying to read Azure Key vault’s secret through a windows application (not any azure application/resource. Here is what we are trying to achieve –
1. Created key vault
2. Added secret
3. Added user (Azure AD User) to access policies and given required permissions.
4. Running a windows application (not azure) to get those keys and getting error. (User who is running this application has already been added to access policies of key vault)
Below is error
at Microsoft.Azure.Services.AppAuthentication.AzureServiceTokenProvider.d__14.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Azure.KeyVault.KeyVaultCredential.d__11.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Azure.KeyVault.KeyVaultCredential.d__13.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task) at Microsoft.Azure.KeyVault.KeyVaultClient.d__65.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Azure.KeyVault.KeyVaultClientExtensions.d__13.MoveNext()
Upvotes: 0
Views: 781
Answers (2)
Reputation: 116
Make sure following 3 dlls are present in your solution. If not get these from nuget
Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll
Microsoft.Azure.KeyVault
Microsoft.Azure.Services.AppAuthentication
Upvotes: 1
Reputation: 89
The windows application needs to have an Azure Active directory ID associated with it. If you read the basic concepts of Key Vault there are 2 recommended ways to access Key Vault. 1) Using Managed Identities where the application that's trying to interact/authenticate with Key Vault needs to have an identity that's managed by Azure. 2) Use a service principal and certificate to authenticate to Key Vault.
In this case, if it's a locally running windows application it needs to authenticate to key vault using a service principal and a certificate.
Upvotes: 0
Related Questions
- Access azure key vault secret with application client secret
- How to access key vault from azure app service
- Accessing Key vault in Azure active directory App registration
- Can't Access Azure Key Vault from desktop console app
- retrieve secret from azure key vault
- Access Azure Key Vault stored secret using application not deployed in Azure
- Accessing the Azure Key Vault from a .Net Application - getting DefaultAzureCredential authentication failed
- Azure KeyVault Secret Get Throws Authentication Error
- Azure key vault: access denied
- C# Can't retrieve secret from Azure Key Vault