Reputation: 73
Azure Key Vault - Storage and Access for Connection Strings
I would like to store my Db password in the Azure KeyVault and be able to use it in the connection string in appsettings.json. Is it possible?
Things done
- Application is registered and configured with the Azure Key Vault
- Created a secret value of which is identical with my Db password
I can see that my App Service application is configured with the key vault since there is a relevant configuration entry in launchSettings.json.
This is what I would like to do in appsettings.json :
"myContext": "Server=myServer;Database=myDb;User Id=myUser; Password={KEYVAULTSECRET}"
Is it possible and if so how?
Upvotes: 1
Views: 2253
Answers (1)
Reputation: 159
Yes, you can use Key Vault references for this. The high level instructions are:
Add your secret to Key Vault.
Create a managed identity for the webapp which has access to the key vault.
Create a key vault reference as the value of an application setting. (App settings are just environment variables.)
Finally, in your config file just reference your environment variable (
... ${MY_DB_PASSWORD} ..
The official docs on this are here: Use Key Vault references for App Service and Azure Functions.
I wrote an example of this for Java apps Key Vault References with Spring.
Upvotes: 1
Related Questions
- How to use Azure key vault for storing connection string of SQL Server as secret in Azure Data Factory
- Azure Key vault basic
- Store key and secret in Azure key-vault
- Azure Key Valut connection to Azure SQL
- How to reference a key-vault secret in a part of the connection string in Azure Functions/apps
- How to use Azure KeyVault reference for connectionString in an App
- azure key vault permisions
- Storing SQL Database Connection Strings in Azure Key Vault
- Using Azure Key Vault for storing username and password
- Azure Key-vault Encryption