{"id":12055,"date":"2019-01-10T06:10:00","date_gmt":"2019-01-10T06:10:00","guid":{"rendered":"https:\/\/viewmyprojects.com\/winwirewp\/?p=12055"},"modified":"2024-03-28T05:12:22","modified_gmt":"2024-03-28T05:12:22","slug":"azure-key-vault","status":"publish","type":"post","link":"https:\/\/viewmyprojects.com\/winwirewp\/blog\/azure-key-vault\/","title":{"rendered":"How to Use Azure Key Vault Secret Management from a Web Application"},"content":{"rendered":"\n<p>Azure Key Vault is a cloud service that provides a secure store for secrets. One can securely store passwords, keys and connection strings. Azure Key Vault can be created and managed using the Azure portal.<\/p>\n\n\n\n<p><strong>Advantages of Azure Key Vault<\/strong>&nbsp;:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Secrets Management<\/strong>\u2013 in a secure manner, one can store and control access to tokens, passwords, certificates, API keys, and other secrets.<\/li>\n\n\n\n<li><strong>Key Management<\/strong>\u2013 As a key management solution, Azure Key Vault simplifies the process of creating and managing encryption keys.<\/li>\n\n\n\n<li><strong>Certificate Management<\/strong>\u2013 It serves as a service to provision, manages, and deploy public and private Secure Sockets Layer\/Transport Layer Security (SSL\/TLS) certificates. These can be used with Azure and other internal connected resources.<\/li>\n\n\n\n<li><strong>Hardware Security Modules&nbsp;<\/strong>\u2013 Secrets and keys can be protected by software, or FIPS 140-2 Level 2 validated HSMs.<\/li>\n<\/ul>\n\n\n\n<p>In this blog, we will learn how to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Create an Azure key vault<\/li>\n\n\n\n<li>Create a secret in the vault and store a value<\/li>\n\n\n\n<li>Retrieve and use the secret value in the web application<\/li>\n<\/ul>\n\n\n\n<p><strong>How to create an Azure key Vault:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Login to Azure portal with your subscription<\/li>\n\n\n\n<li>Search for the \u2018Key Vault\u2019 service in the search box as shown below.<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2023\/11\/AzureKeyVault-1-1024x431-1.webp\" alt=\"\" class=\"wp-image-12056\"\/><\/figure>\n\n\n\n<p>3. Click on the \u2018Key Vault\u2019 from the list.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2023\/11\/AzureKeyVault-2.webp\" alt=\"\" class=\"wp-image-12057\"\/><\/figure>\n\n\n\n<p>4. You will be navigated to the following screen for creating the key<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2023\/11\/AzureKeyVault-3.webp\" alt=\"\" class=\"wp-image-12058\"\/><\/figure>\n\n\n\n<p>5. Provide the required details such as Name, Subscription, Resource Group, Location, Pricing Tier.<\/p>\n\n\n\n<p>6. Choose the access policies as shown below.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Click on \u2018Add new\u2019 under the Access policies<\/li>\n\n\n\n<li>Select the template as \u2018Secret Management\u2019<\/li>\n\n\n\n<li>Select the principal by searching for the application from where the key vault needs to be accessed from.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2023\/11\/AzureKeyVault-4.webp\" alt=\"\" class=\"wp-image-12059\"\/><\/figure>\n\n\n\n<p>7. Once selected, click \u2018Select.\u2019<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2023\/11\/AzureKeyVault-5.webp\" alt=\"\" class=\"wp-image-12060\"\/><\/figure>\n\n\n\n<p>8. Once the principal is selected and clicked on \u2018OK,\u2019 the principal is shown in the list as below. Then click \u2018OK\u2019 and \u2018Create\u2019 for creating the key vault with provided details.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2023\/11\/AzureKeyVault-6.webp\" alt=\"\" class=\"wp-image-12061\"\/><\/figure>\n\n\n\n<p><strong>How to create a secret and store a value<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Open the key vault created with the specified name. Under the settings section, click on \u2018Secrets\u2019 as shown below. This will open a pane on the right to display the list of secrets.<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2023\/11\/AzureKeyVault-7-1024x559-1.webp\" alt=\"\" class=\"wp-image-12062\"\/><\/figure>\n\n\n\n<p>2. Click on \u2018Generate\/Import\u2019 to create a secret. This will navigate to the screen as shown below. Provide all the required information like Name and Value and click on \u2018Create\u2019.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2023\/11\/AzureKeyVault-8.webp\" alt=\"\" class=\"wp-image-12063\"\/><\/figure>\n\n\n\n<p>3. Once the secret is created, it will be listed in the&nbsp;<a href=\"https:\/\/azure.microsoft.com\/en-in\/services\/key-vault\/\" target=\"_blank\" rel=\"noreferrer noopener\">key vault&nbsp;<\/a>as shown below.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2023\/11\/AzureKeyVault-9-1024x507-1.webp\" alt=\"\" class=\"wp-image-12064\"\/><\/figure>\n\n\n\n<p>4. Click on the secret created and open the properties. Copy the \u2018Secret Identifier\u2019 as shown below for accessing the secret from the code. https:\/\/secretmasterkeyvault.vault.azure.net\/secrets\/SecretMasterKey\/c325912c04b14903ba677119342cbb82<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2023\/11\/AzureKeyVault-10-1024x570-1.webp\" alt=\"\" class=\"wp-image-12065\"\/><\/figure>\n\n\n\n<p><strong>Retrieve and use the secret value in the web application<\/strong><\/p>\n\n\n\n<p>In order to use the key vault from the web application you need to have the following:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A URI to a secret in an Azure Key Vault \u2013 This is got from the final step above<\/li>\n\n\n\n<li>Client ID and a Client Secret for the web application registered with&nbsp;<a href=\"https:\/\/www.winwire.net\/azure-ad-connect-sso\/\" target=\"_blank\" rel=\"noreferrer noopener\">Azure Active Directory<\/a>&nbsp;that has access to your Key Vault<\/li>\n<\/ul>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Add the Nuget packages shown in the below screenshot to the web application<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2023\/11\/AzureKeyVault-11.webp\" alt=\"\" class=\"wp-image-12066\"\/><\/figure>\n\n\n\n<p>2. Add the ClientId and ClientSecret of the web application in the web.config<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2023\/11\/AzureKeyVault-12.webp\" alt=\"\" class=\"wp-image-12067\"\/><\/figure>\n\n\n\n<p>3. Add the SecretURI in the web.config file as below.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"938\" height=\"24\" src=\"https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2022\/06\/AzureKeyVault-13.png\" alt=\"\" class=\"wp-image-12068\" srcset=\"https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2022\/06\/AzureKeyVault-13.png 938w, https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2022\/06\/AzureKeyVault-13-300x8.png 300w, https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2022\/06\/AzureKeyVault-13-768x20.png 768w\" sizes=\"auto, (max-width: 938px) 100vw, 938px\" \/><\/figure>\n\n\n\n<p>4. In the code behind (.cs) file, read the secret uri from the configuration.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"608\" height=\"18\" src=\"https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2022\/06\/AzureKeyVault-14.png\" alt=\"\" class=\"wp-image-12069\" srcset=\"https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2022\/06\/AzureKeyVault-14.png 608w, https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2022\/06\/AzureKeyVault-14-300x9.png 300w\" sizes=\"auto, (max-width: 608px) 100vw, 608px\" \/><\/figure>\n\n\n\n<p>5. Below is the code snippet which reads the secret from the key vault by authenticating the vault with the ClientID and client secret of the registered web application.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2023\/11\/AzureKeyVault-15.webp\" alt=\"\" class=\"wp-image-12070\"\/><\/figure>\n\n\n\n<p>Now the value retrieved can be used in the code as required.<\/p>\n\n\n\n<p>This way one can secure the connections strings, keys or passwords in the Azure Key Vault and use them in the web application where applicable.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Azure Key Vault is a cloud service that provides a secure store for secrets. One can securely store passwords, keys and connection strings. Azure Key Vault can be created and managed using the Azure portal. Advantages of Azure Key Vault&nbsp;: In this blog, we will learn how to: How to create an Azure key Vault:&hellip; <a class=\"more-link\" href=\"https:\/\/viewmyprojects.com\/winwirewp\/blog\/azure-key-vault\/\">Continue reading <span class=\"screen-reader-text\">How to Use Azure Key Vault Secret Management from a Web Application<\/span><\/a><\/p>\n","protected":false},"author":31,"featured_media":16684,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_eb_attr":"","_uag_custom_page_level_css":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-12055","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","entry"],"acf":[],"featured_image_src":"https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2023\/11\/How-to-Use-Azure-Key-Vault-Secret-Management-from-a-Web-Application-graphic.webp","author_info":{"display_name":"Sree Navya","author_link":"https:\/\/viewmyprojects.com\/winwirewp\/author\/sreenavya\/"},"views":3565,"uagb_featured_image_src":{"full":["https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2023\/11\/How-to-Use-Azure-Key-Vault-Secret-Management-from-a-Web-Application-graphic.webp",800,440,false],"thumbnail":["https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2023\/11\/How-to-Use-Azure-Key-Vault-Secret-Management-from-a-Web-Application-graphic-150x150.webp",150,150,true],"medium":["https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2023\/11\/How-to-Use-Azure-Key-Vault-Secret-Management-from-a-Web-Application-graphic-300x165.webp",300,165,true],"medium_large":["https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2023\/11\/How-to-Use-Azure-Key-Vault-Secret-Management-from-a-Web-Application-graphic-768x422.webp",750,412,true],"large":["https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2023\/11\/How-to-Use-Azure-Key-Vault-Secret-Management-from-a-Web-Application-graphic.webp",750,413,false],"1536x1536":["https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2023\/11\/How-to-Use-Azure-Key-Vault-Secret-Management-from-a-Web-Application-graphic.webp",800,440,false],"2048x2048":["https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2023\/11\/How-to-Use-Azure-Key-Vault-Secret-Management-from-a-Web-Application-graphic.webp",800,440,false],"post-thumbnail":["https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2023\/11\/How-to-Use-Azure-Key-Vault-Secret-Management-from-a-Web-Application-graphic.webp",800,440,false]},"uagb_author_info":{"display_name":"Sree Navya","author_link":"https:\/\/viewmyprojects.com\/winwirewp\/author\/sreenavya\/"},"uagb_comment_info":0,"uagb_excerpt":"Azure Key Vault is a cloud service that provides a secure store for secrets. One can securely store passwords, keys and connection strings. Azure Key Vault can be created and managed using the Azure portal. Advantages of Azure Key Vault&nbsp;: In this blog, we will learn how to: How to create an Azure key Vault:&hellip;&hellip;","_links":{"self":[{"href":"https:\/\/viewmyprojects.com\/winwirewp\/wp-json\/wp\/v2\/posts\/12055","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/viewmyprojects.com\/winwirewp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/viewmyprojects.com\/winwirewp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/viewmyprojects.com\/winwirewp\/wp-json\/wp\/v2\/users\/31"}],"replies":[{"embeddable":true,"href":"https:\/\/viewmyprojects.com\/winwirewp\/wp-json\/wp\/v2\/comments?post=12055"}],"version-history":[{"count":2,"href":"https:\/\/viewmyprojects.com\/winwirewp\/wp-json\/wp\/v2\/posts\/12055\/revisions"}],"predecessor-version":[{"id":18466,"href":"https:\/\/viewmyprojects.com\/winwirewp\/wp-json\/wp\/v2\/posts\/12055\/revisions\/18466"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/viewmyprojects.com\/winwirewp\/wp-json\/wp\/v2\/media\/16684"}],"wp:attachment":[{"href":"https:\/\/viewmyprojects.com\/winwirewp\/wp-json\/wp\/v2\/media?parent=12055"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/viewmyprojects.com\/winwirewp\/wp-json\/wp\/v2\/categories?post=12055"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/viewmyprojects.com\/winwirewp\/wp-json\/wp\/v2\/tags?post=12055"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}