Over time, I have used Key Vault several times. I think it’s a great solution and I clearly recommend its use to everyone!
Since every time I talk about it with something, after the enthusiasm I am asked how to use it, I have prepared a simple project that illustrates the basics of its use.
Use this PowerShell commands to create the Vault:
# Using this command you can see all the location available
az account list-locations
az login
# The following command a new resource group. If you already have one you can use it.
# Choose your location
az group create -n "resource-group-name" -l "North Europe"
az provider register -n Microsoft.KeyVault
# Create the Key Vault. This call return the URL of the key vault.
az keyvault create --name "keyvault-name" --resource-group "resource-group-name" --location "North Europe"
# Add some secrets to the vault
az keyvault secret set --vault-name "keyvault-name" --name "secret-1" --value "test 1"
az keyvault secret set --vault-name "keyvault-name" --name "secret-2" --value "test 2"
az keyvault secret set --vault-name "keyvault-name" --name "secret-3" --value "test 3"
# List all the secrets in the specified vault
az keyvault secret list --vault-name "keyvault-name"
# Create an app. this call return the appId and secret to use in the app.config
az ad sp create-for-rbac -n "app-name" --skip-assignment
# Trust the key vault to be accessed with the app credentials
az keyvault set-policy --name "keyvault-name" --spn <use the appId previously created> --secret-permissions get list setIn this example, credentials are used to log in to the vault, I recommend, if you have an application in Azure, to set up an identity to log in to the vault.
Here you can find a .NET example project:
https://github.com/ecarlesi/azure-keyvault-sampleclient
eca's blog 