CODEWITHSUNDEEP
c#.netazureazure-keyvault
linkerro
linkerro

Reputation: 5458

GetSecret from Azure Vault throwing NullReferenceException when trying to connect

I have the following issue:

I'm trying to connect to Azure Vault using a certificate credential.

When trying to read a secret, I get AuthenticationFailedException with an internal NullReferenceException.

For brevity I'm only including the stack trace for the NullReferenceException:

This exception was originally thrown at this call stack:
    Azure.Identity.AadIdentityClient.CreateClientAssertionJWT(string, string, System.Security.Cryptography.X509Certificates.X509Certificate2)
    Azure.Identity.AadIdentityClient.CreateClientCertificateAuthRequest(string, string, System.Security.Cryptography.X509Certificates.X509Certificate2, string[])
    Azure.Identity.AadIdentityClient.Authenticate(string, string, System.Security.Cryptography.X509Certificates.X509Certificate2, string[], System.Threading.CancellationToken)
    Azure.Identity.ClientCertificateCredential.GetToken(Azure.Core.TokenRequestContext, System.Threading.CancellationToken)

The code:

            string keyVaultUrl = "https://somevault.vault.azure.net/";
            var clientId = "<Application (client) ID>";
            var tenantId = "<Directory (tenant) ID>";
            X509Certificate2 clientCertificate = new X509Certificate2(@"someCerFile.cer");
            ClientCertificateCredential certificateCreadential = new ClientCertificateCredential(tenantId, clientId, clientCertificate);
            var client = new SecretClient(new Uri(keyVaultUrl), certificateCreadential);
            var secret = client.GetSecret("Password"); //This line throws the exception

Vault configuration is done according to the steps outlined here:

https://learn.microsoft.com/en-us/azure/key-vault/general/authentication

Any ideas?

Upvotes: 1

Views: 615

Answers (1)

schaabs
schaabs

Reputation: 91

Unfortunately the exception is not very helpful. However, I believe the issue here is you need to give a X509Certificate2 has the private key so the ClientCertificateCredential can sign the client assertion. The .cer file is only the public portion of the certificate. You will need to supply a .pfx file which contains both the certificate and the private key as well.

Upvotes: 3

Related Questions