Over time, I have used Key Vault several times. I think it’s a great solution and I clearly recommend its use to everyone!
Since every time I talk about it with something, after the enthusiasm I am asked how to use it, I have prepared a simple project that illustrates the basics of its use.
Use this PowerShell commands to create the Vault:
# Using this command you can see all the location available az account list-locations az login # The following command a new resource group. If you already have one you can use it. # Choose your location az group create -n "resource-group-name" -l "North Europe" az provider register -n Microsoft.KeyVault # Create the Key Vault. This call return the URL of the key vault. az keyvault create --name "keyvault-name" --resource-group "resource-group-name" --location "North Europe" # Add some secrets to the vault az keyvault secret set --vault-name "keyvault-name" --name "secret-1" --value "test 1" az keyvault secret set --vault-name "keyvault-name" --name "secret-2" --value "test 2" az keyvault secret set --vault-name "keyvault-name" --name "secret-3" --value "test 3" # List all the secrets in the specified vault az keyvault secret list --vault-name "keyvault-name" # Create an app. this call return the appId and secret to use in the app.config az ad sp create-for-rbac -n "app-name" --skip-assignment # Trust the key vault to be accessed with the app credentials az keyvault set-policy --name "keyvault-name" --spn <use the appId previously created> --secret-permissions get list set
In this example, credentials are used to log in to the vault, I recommend, if you have an application in Azure, to set up an identity to log in to the vault.
Here you can find a .NET example project: