Azure Key Vault – Basic

Over time, I have used Key Vault several times. I think it’s a great solution and I clearly recommend its use to everyone!

Since every time I talk about it with something, after the enthusiasm I am asked how to use it, I have prepared a simple project that illustrates the basics of its use.

Use this PowerShell commands to create the Vault:

# Using this command you can see all the location available
az account list-locations

az login

# The following command a new resource group. If you already have one you can use it. 
# Choose your location
az group create -n "resource-group-name" -l "North Europe"

az provider register -n Microsoft.KeyVault

# Create the Key Vault. This call return the URL of the key vault.
az keyvault create --name "keyvault-name" --resource-group "resource-group-name" --location "North Europe"

# Add some secrets to the vault
az keyvault secret set --vault-name "keyvault-name" --name "secret-1" --value "test 1"
az keyvault secret set --vault-name "keyvault-name" --name "secret-2" --value "test 2"
az keyvault secret set --vault-name "keyvault-name" --name "secret-3" --value "test 3"

# List all the secrets in the specified vault
az keyvault secret list --vault-name "keyvault-name"

# Create an app. this call return the appId and secret to use in the app.config
az ad sp create-for-rbac -n "app-name" --skip-assignment

# Trust the key vault to be accessed with the app credentials
az keyvault set-policy --name "keyvault-name" --spn <use the appId previously created> --secret-permissions get list set

In this example, credentials are used to log in to the vault, I recommend, if you have an application in Azure, to set up an identity to log in to the vault.

Here you can find a .NET example project:
https://github.com/ecarlesi/azure-keyvault-sampleclient

First post :)

After so long it seems that I have found the time to open this blog!

I’m not sure what to do with it, at best I will use it to share thoughts and images.

For those who do not know me, let me introduce myself: my name is Emiliano Carlesi and I live in Rome. I work in computer science (one of my greatest passions, it is not “just” work), I have a 13 year old son and a fantastic partner. I also have two dogs (Olivia and Ambra).

In addition to information technology, my hobbies are mountain biking, archery and (although I haven’t been practicing it for several years) the off road RC.
For those interested, here are some more info about me:

Yuo can also write me at <my firstname>.<my lastname>@gmail.com