C# console application get secrets from azure key vault service

Step 1: Create a key vault

image

Step 2: Add something to the vault

image

Step 3: Register an App with Azure

  1. Go to Azure Portal, then go to “Azure Active Directory” Section. In the “App registrations” section, click on “New application registration”

    image

  2. Specify the “Name” and “Sign-on URL”(It does not have to be the real one but required.). For “Application Type” must be “Web app/ API” in order to generate the client secret for the app.

    image

  3. Once its finish, you’ll see the “Application ID”. This will be your Client Id.

    image

  4. Next, click on “Settings” button as shown in the figure below. Go to “Keys” section. Then specify the description and choose the expires and your password in “VALUE” . Finally, click on “Save” button

    image

  5. The secret string will be shown once the saving is complete. This will be the “Client Secret” for the App.

    image

  6. Go to your Azure Key Vault. Then, go to “Access Policies” section. Next, Click on “Add New”.

    image

  7. In the “Configure from template” option choose “Key, Secret, & Certificate Management”. Next, “Select Principal” choose the app that was created in the Active Directory.

    image

Step 4: Client Implementation

1
2
3
4
var context = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(@"https://login.windows.net/Your Tenant");
ClientCredential clientCredential = new ClientCredential("Your Client Id from step 3.3", "Your secret from step 3.5");
var tokenResponse = context.AcquireTokenAsync("https://**vault.azure.net**", clientCredential);
var accessToken = tokenResponse.Result.AccessToken;

HTH. 2020-June-27 by Jacky