Menu
I have a local asp.net core 3.1 application that I want to set a secret in an Azure Key Vault. The following is the code I used from Microsoft:
string secretName = "xxSecret";
string keyVaultName = Environment.GetEnvironmentVariable("KEY_VAULT_NAME");
var kvUri = "https://" + keyVaultName + ".vault.azure.net";
var secretClient = new SecretClient(new Uri(kvUri), new DefaultAzureCredential());
string secretValue = "test";
secretClient.SetSecret(secretName, secretValue);
KeyVaultSecret secret = secretClient.GetSecret(secretName);
When I try to set a secret, I get the following error in Postman:
Azure.Identity.AuthenticationFailedException: DefaultAzureCredential authentication failed.
---> Azure.Identity.AuthenticationFailedException: SharedTokenCacheCredential authentication failed.
---> Microsoft.Identity.Client.MsalServiceException: AADSTS70002: The client does not exist or is not
enabled for consumers. If you are the application developer, configure a new application through the
App Registrations in the Azure Portal
I don't want to register this app, yet as I want to debug this locally. I'm guessing the issue is that I don't a correct Access Policy set up. How do I grant my local app access?
(Before I run the app locally, I authenticate to my Azure directory using Azure PowerShell. )
427
Retrieve a secret from Key VaultBy clicking "Show Secret Value" button in the right pane, you can see the hidden value. You can also use Azure CLI, or Azure PowerShell to retrieve previously created secret.
Manage keys and secrets From the dashboard, select All resources, select the key vault that you created earlier, and then select the Keys tile. In the Keys pane, select Generate/Import. In the Create a key pane, from the list of Options, choose the method that you want to use to create a key.
How do I grant my local app access?
For local development, AzureServiceTokenProvider fetches tokens using Visual Studio, Azure CLI, or Azure AD Integrated Authentication. Each option is tried sequentially and the library uses the first option that succeeds.
To authenticate by using Visual Studio:
Sign in to Visual Studio and use Tools > Options to open Options.
Select Azure Service Authentication, choose an account for local development, and select OK.
On azure, you need to go to your Azure keyvault. Click Access Policies and add your account which login vs before with Get and Set permission for secret.
Then you could use your code to get the secret value.
Also you could use AzureServiceTokenProvider to get secret without initializing your secret value.
var KeyVaultUrl = "https://xxx.vault.azure.net/secrets/xxx/xxxxxxxxxxxxxx";
AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider();
KeyVaultClient keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
var secret = keyVaultClient.GetSecretAsync(KeyVaultUrl).Result.Value;
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
