I want to integrate Azure KeyVault service into my solution to store important secret in keyvault.
Can anyone explain how to do this?
Please reply soon.
Thanks in advance.
3 Answer(s)
-
0
@botcoredev, I would also like to do this and found Microsoft's instructions bewlidering when I looked at them. Does anyone have some base instructions on how to do this?
-
1
@bobingham Welcome to azure. You get to bang your head for days because nothing is kept current, half the examples are bad/poorly implemented.
This is some code I found when we were playing with key vaults. But there are other implications here, you need to Auth your application so you can pull the keys. So that requires creating an app in AAD, or if you want to use Managed Identies. We are using Managed Identies for most things, but we do have an app id to push files into azure that uses an app id from AAD.
But I know if you want to access a DB you need to get a token for the DB auth provider, if you want to access Storage you need to auth to the Storage auth provider, there is no, hey Im Me give me 1 token.
Note: This is all old test code so I dont know if it still works, or ever did.
//const string SECRETURI = "https://<KEYVAULTURL>/secrets/<SECRETNAME>"; //KeyVaultClient kvc = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(GetToken)); //Console.WriteLine(kvc.ToString()); //var secret = kvc.GetSecretAsync(SECRETURI); //Console.WriteLine(secret.Result.Value.ToString()); ////await GetSecretAsync(vaultURL, vaultKey);
Auth stuff
static string GetUserOAuthToken() { const string ResourceId = "https://storage.azure.com/"; // You need to change this to be whatever you are trying to get auth too, const string AuthInstance = "https://login.microsoftonline.com/{0}/"; const string TenantId = "YourTenantId"; // Tenant or directory ID // Construct the authority string from the Azure AD OAuth endpoint and the tenant ID. string authority = string.Format(CultureInfo.InvariantCulture, AuthInstance, TenantId); AuthenticationContext authContext = new AuthenticationContext(authority); ClientCredential clientCred = new ClientCredential(CLIENTID, CLIENTSECRET); AuthenticationResult result = authContext.AcquireTokenAsync(ResourceId, clientCred).Result; //// Acquire an access token from Azure AD. //AuthenticationResult result = authContext.AcquireTokenAsync(ResourceId, // "<client-id>", // new Uri(@"<client-redirect-uri>"), // new PlatformParameters(PromptBehavior.Auto)).Result; return result.AccessToken; }
example going to storage account
if (File.Exists(SourceFileName)) { if (Debug) Console.WriteLine("Get Token"); // Get the access token. string accessToken = GetUserOAuthToken(); if (Debug) Console.WriteLine("Get Credentials"); // Use the access token to create the storage credentials. TokenCredential tokenCredential = new TokenCredential(accessToken); StorageCredentials storageCredentials = new StorageCredentials(tokenCredential); URIName = "https://" + StorageName + ".blob.core.windows.net" + ContainerName; if (Debug) { Console.WriteLine("Get Container"); Console.WriteLine(URIName); } CloudBlobContainer BlobContainer = new CloudBlobContainer(new Uri(URIName), storageCredentials); CloudBlockBlob blob = BlobContainer.GetBlockBlobReference(DestinationBlob + FileName); if (Debug) Console.WriteLine("Copy File"); blob.UploadFromFile(SourceFileName); if (StartImport) { string ImportFileName = URIName + DestinationBlob + FileName; ImportFileName = ImportFileName.Replace(@"\", "/"); int retVal; if (Debug) Console.WriteLine(ImportFileName); retVal = LaunchAzureFileImporter(ImportFileName); } }
-
0
@bbakermmc, I just found this in my junk folder, go figure... Thanks for this.