Azure Key Vault – Basic

Over time, I have used Key Vault several times. I think it’s a great solution and I clearly recommend its use to everyone!

Since every time I talk about it with something, after the enthusiasm I am asked how to use it, I have prepared a simple project that illustrates the basics of its use.

Use this PowerShell commands to create the Vault:

# Using this command you can see all the location available
az account list-locations

az login

# The following command a new resource group. If you already have one you can use it. 
# Choose your location
az group create -n "resource-group-name" -l "North Europe"

az provider register -n Microsoft.KeyVault

# Create the Key Vault. This call return the URL of the key vault.
az keyvault create --name "keyvault-name" --resource-group "resource-group-name" --location "North Europe"

# Add some secrets to the vault
az keyvault secret set --vault-name "keyvault-name" --name "secret-1" --value "test 1"
az keyvault secret set --vault-name "keyvault-name" --name "secret-2" --value "test 2"
az keyvault secret set --vault-name "keyvault-name" --name "secret-3" --value "test 3"

# List all the secrets in the specified vault
az keyvault secret list --vault-name "keyvault-name"

# Create an app. this call return the appId and secret to use in the app.config
az ad sp create-for-rbac -n "app-name" --skip-assignment

# Trust the key vault to be accessed with the app credentials
az keyvault set-policy --name "keyvault-name" --spn <use the appId previously created> --secret-permissions get list set

In this example, credentials are used to log in to the vault, I recommend, if you have an application in Azure, to set up an identity to log in to the vault.

Here you can find a .NET example project:

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.