Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Access Azure Key Vault stored secret using application not deployed in Azure

I've read in most articles that deploying an application in Azure is needed such that an application will be able programmatically access the secrets stored in the Azure Key Vault.

Is there a way to not deploy the application in azure and have it still be able to access the Azure Key Vault to fetch the secrets either by using client id and client secret or certificates?

like image 888
jeffhaw Avatar asked Dec 01 '15 13:12

jeffhaw


People also ask

How do I access Azure key vault secrets?

Retrieve a secret from Key VaultUse https://<your-unique-keyvault-name>.vault.azure.net/secrets/ExamplePassword to get the current version. Now, you have created a Key Vault, stored a secret, and retrieved it.

What are ways using which applications can access key vault?

Authorize the Web App to access Your Key Vault Select "Access policies" from the "Key Vault" screen. Click "Add Access Policy" Provide the "Get" and "List" permissions. In the “Select a Principal” option, specify the value for the "Object ID" you copied earlier for the Azure Web App.


1 Answers

There's no need to run your application in Azure for you to use Azure KeyVault. Your application can run on your local machine, somewhere on your intranet, in AWS or where-ever you like.

In order to access KeyVault, you need a security token from Azure Active Directory (AAD), so you do need to register your application within an AAD directory.

You can find more information on getting a token to talk to Azure KeyVault in this blog post here.

like image 113
MvdD Avatar answered Oct 05 '22 20:10

MvdD