Reputation: 628
How to create a Symmetric Key object with "Azuere.Security.KeyVaults.Keys" package .net 4.7 application?
I am upgrading azure packages of my existing .net 4.7 application. Earlier it used "Microsoft.Azure.KeyVault" which is deprecated now, So I updated the package to "Azure.Security.KeyVault".
My azure blob data is encrypted and the encryption key is stored in one of the secrets in the keyvault.
Using the Older package we created a Symmetric Key:
var blobencryptionkey = Some value from Key Vault Secret "aaaaaa";
SymmetricKey symmetricKey = new SymmetricKey("aaaaaa", Convert.FromBase64String(blobencryptionkey));
and then the same Symmetric key was used to create the BlobRequestOptions:
BlobEncryptionPolicy policy = new BlobEncryptionPolicy(symmetricKey, null);
BlobRequestOptions myBlobRequestOptions = new BlobRequestOptions { EncryptionPolicy = policy };
// Then later the blob data was downloaded in the below format:
CloudBlockBlob blob.DownloadToStreamAsync(stream, null, myBlobRequestOptions, null).Wait();
The same functionality I want to achieve using the latest package, I figured out we can do this using CryptographyClient, so the implementaion I did for the same is (But this option uses Azure Key Vault key and for me I have to use Azure Key Vault Secret):
CryptographyClient cryptoClient = new CryptographyClient(new Uri($@"https://xxxxxxxx.vault.azure.net/secrets/aaaaaa"), new DefaultAzureCredential());
//aaaaaa -> Secret ID name
KeyResolver keyResolver = new KeyResolver(new DefaultAzureCredential());
ClientSideEncryptionOptions encryptionOptions = new ClientSideEncryptionOptions(ClientSideEncryptionVersion.V2_0)
{
KeyEncryptionKey = cryptoClient,
KeyResolver = keyResolver,
KeyWrapAlgorithm = "RSA-OAEP"
};
BlobClientOptions options = new SpecializedBlobClientOptions() { ClientSideEncryption = encryptionOptions };
BlobServiceClient ServiceClient = new BlobServiceClient(AzFac.ConnectionString, options);
foreach (BlobItem b in ServiceClient.GetBlobsAsync(prefix: DirectoryPath))
{
BlobClient blob = ServiceClient.ContainerClient.GetBlobClient(b.Name);
await blob.DownloadToAsync(DownloadPath);
}
But when I execute this code I get the following error:
Invalid URI: The format of the URI could not be determined.
at System.Uri.CreateThis(String uri, Boolean dontEscape, UriKind uriKind)
at System.Uri..ctor(String uriString)
at Azure.Security.KeyVault.Keys.Cryptography.KeyResolver.d__9.MoveNext()
Upvotes: 0
Views: 496
Answers (1)
Reputation: 61
Cryptography client is for crypto, asymmetric keys. You should use SecretClient for storing symmetric keys.
Upvotes: 0
Related Questions
- CryptographyClient Decrypt throws 'Key does not exist' exception
- How can I create an X509Certificate2 object from an Azure Key Vault KeyBundle
- Asp.Net MVC 5 - how to Implement Azure.Security.KeyVault.Secrets code
- Exception raised while accessing keyvault in Azure through C#
- Accessing AzureKeyVault
- Azure Key Vault - programmatic creation
- Create new keys and secrets in Azure Key Vault
- Problem with configuring Azure KeyVault in ASP.net app
- Fetching secrets from keyVault from Azure in c#
- Programatically adding Secrets to Key Vault in C#