Menu
These 2 libraries seem to serve a similar purpose: to securely store and control the access to tokens, passwords, API keys, and other secrets.
I have been using Microsoft.Azure.KeyVault with some success, not for configuration secrets, but for keys. Not until recently did I discover Azure.Security.KeyVault.Secrets.
In release notes I found this:
Updated Microsoft.Azure.KeyVault with its successor Azure.Security.KeyVault.Secrets to resolve key vault references.
What are the distinguishing attributes of the 2 libraries, and how to determine the appropriate choice.
Should I interpret the release note to imply Microsoft.Azure.KeyVault is obsolete or will be deprecated?
741
Cryptographic keys: Supports multiple key types and algorithms, and enables the use of software-protected and HSM-protected keys. For more information, see About keys. Secrets: Provides secure storage of secrets, such as passwords and database connection strings. For more information, see About secrets.
Azure Key Vault is a cloud service for securely storing and accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, or cryptographic keys. Key Vault service supports two types of containers: vaults and managed hardware security module(HSM) pools.
Centralizing storage of application secrets in Azure Key Vault allows you to control their distribution. Key Vault greatly reduces the chances that secrets may be accidentally leaked. When using Key Vault, application developers no longer need to store security information in their application.
In order to interact with the Azure Key Vault service, you'll need to create an instance of the SecretClient class. You need a vault url, which you may see as "DNS Name" in the portal, and client secret credentials (client id, client secret, tenant id) to instantiate a client object.
What are the distinguishing attributes of the 2 libraries, and how to determine the appropriate choice.
The package Azure.Security.KeyVault.Secrets is the most up-to-date version of the Key Vault client library, which is recommended to use for any new project. For main differences from the legacy one, see this Major changes from Microsoft.Azure.KeyVault. For usage, please refer to this doc.
The other package Microsoft.Azure.KeyVault is now a legacy one, if you have some old projects which use it, you can keep using it. For usage, please refer to this doc.
You can refer to this article for more details why these new client libraries(including Azure.Security.KeyVault.Secrets) are published.
Should I interpret the release note to imply Microsoft.Azure.KeyVault is obsolete or will be deprecated?
It is hard to say if the old one will be deprecated in the future. At least from the
Release History, it says the new one is not a direct replacement for Microsoft.Azure.KeyVault(like other azure services, for example, azure storage service published a new version package recently, but not officially pronounced the old one is deprecated). But we suggest you should use the new one in any new create project like it says in the doc, a screenshot of this:
Hope it helps.
74
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
