ABDULAZIZ BIRHANU
Reputation: 75
Accessing Secrets on Azure Key Vault from Service Fabric
I build service fabric application and I want to secure secrets in Azure Key vault, I implement the same steps I do for app service but it doesn't work, appreciating your replay.
For App Service: 1. Configure Key Vault on Main Method 2. Enable assigned managed identity on App Service, applied on Scale set for SF. 3. Add access policy on the key vault.
Upvotes: 3
Views: 1109
Answers (1)
Nicklaus Brain
Reputation: 929
1) Azure configuration (VM Scale set + Key vault):
Login-AzureRmAccount # Login into Azure account
$targetRg = "testfabric-rg" # Target resource group name
$targetVmss = "jxewcyinq" # Target virtual machine scale set name
$targetKeyVault = "az-ure-two20190115153549" # Target Key Vault name
# 1. Enable Managed Identity for target Virtual Machine Scale Set
Update-AzureRmVmss `
-ResourceGroupName $targetRg `
-VMScaleSetName $targetVmss `
-IdentityType SystemAssigned
# 2. Retrieve virtual machine scale set
$vmss = Get-AzureRmVmss `
-ResourceGroupName $targetRg `
-Name $targetVmss
# 3. Create new Key vault access policy allowing Virtual Machine Scale Set to read secrets by their IDs
Set-AzureRmKeyVaultAccessPolicy `
-VaultName $targetKeyVault `
-ObjectId $vmss.Identity.PrincipalId `
-PermissionsToSecrets Get # set only necessary permissions!
2) Get key vault secret when using C#:
// https://www.nuget.org/packages/Microsoft.Azure.KeyVault/
using Microsoft.Azure.KeyVault;
// https://www.nuget.org/packages/Microsoft.Azure.Services.AppAuthentication
using Microsoft.Azure.Services.AppAuthentication;
public async Task<string> GetSecretById(string id)
{
// URL of the target Key Vault
var keyVaultUrl = "https://az-ure-two20190115153549.vault.azure.net";
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(
new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
var secret = await keyVaultClient.GetSecretAsync($"{keyVaultUrl}/secrets/{id}");
return secret.Value;
}
Upvotes: 4
Related Questions
- Provision Secrets from Azure Key Vault to Azure App Service as environment variables
- How to access key vault from azure app service
- Access Key Vault from local Service Fabric cluster with User Assigned Manged Identity(MSI)
- Accessing Azure Key Vault from ASP.NET Core application hosted in Azure Service Fabric
- Access Key Vault from local Service Fabric cluster with MSI
- Azure Key Vault get Secret from VMSS Instances
- Unable to retrieve Key Vault Secret from Docker App Service in .NET Core
- Access Azure Key Vault secret in Azure Function
- Access Key Vault for a Service Fabric application using Azure Active Directory
- Access Azure Key Vault using Service-to-Service Access Token via REST