Reputation: 426
How to get a SecureString out of an Azure KeyVault - C#
I have a Azure KeyVault providing a password which I'd like to read into a SecureString.
If I try to read the string as a SecureString from the IConfiguration object, it will return a null:
config.GetValue<SecureString>("AdminPW") == null
I can read the string in as a string and convert to SecureString, but this seems like a dirty hack:
var pass = new SecureString();
foreach (var c in config.GetValue<string>("AdminPW").ToCharArray())
{
pass.AppendChar(c);
}
Is there a way to get a SecureString directly from the IConfiguration?
Upvotes: 1
Views: 2255
Answers (2)
Reputation: 426
For anyone else checking this, it is not possible to directly get a SecureString out of an Azure KeyVault.
Upvotes: 2
Reputation: 20127
As Hans said, it is not security.
If the assemblies you are using don't have native support for
SecureStringserialization, that's exactly where you Key Vault as a service for secrets need to pass them only an encrypted payload which when you do decrypt is kept immediately in a SecureString (CryptoStream byte by byte to SecureString followed by dispose to purge the buffers from memory).
So not suggest you get a SecureString out of an Azure KeyVault.
You could refer to this issue Azure KeyVault client should support SecureStrings.
Upvotes: 0
Related Questions
- How to fetch certificate from keyvault?
- How to get key from Azure KeyVault as a plain text?
- How to get connection string out of Azure KeyVault?
- retrieve secret from azure key vault
- Accessing AzureKeyVault
- Trying to access the object value from Azure key vault in Asp.net core
- Azure KeyVault Secret Get Throws Authentication Error
- C# Can't retrieve secret from Azure Key Vault
- How to read value from azure key vault
- Fetching secrets from keyVault from Azure in c#