Saturday, March 13, 2021

What is Azure Key Vault

Azure Key Vault is a cloud service for securely storing and accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords(secrets) and certificates.

Azure key vault service helps to centralization and protection of

1.       Encryption keys

2.       Application secrets

3.       Certificates

4.       Secrets backed by HSM (Hardware Security Modules)

Copied image from Adam Marczak Website:

How to create azure key vault

We need follow below steps to create Key Vault in azure.  

1.       Go to azure portal

2.       Click on add button and Create Azure Key Vault with djsecrets name inside DJBlogs resource group.


3.       Once basic information filled for key vault then we can set Access Policy to access the Key Vault. This demo I am leaving it as default 


4.       Then click on Networking button for network setting. It gives you to choose and allow network based on your requirement. I am leaving this as default.


5.       Click on Tags and set then same as we do for all azure resources. Tags options come every time you create any new resource in azure. I am leaving tag as blank for now.

You apply tags to your Azure resources, resource groups, and subscriptions to logically organize them into a taxonomy.

6.       Once all setting is configurated for key vault then it will validate all information and create button will be enabled in screen as below. 

7.       When we click in create button it will create Azure Key Vault for us.

8.       Now our Azure Key vault ready for use.

Use azure key vault for connection string

We will add our connection string as Secrets in key vault. Our secret name will be SchoolDB. To add secret, need to follow below steps.

1.       Click on key vault setting section Secrets link


2.       Click on Generate/Import link in top and add our secret SchoolDB as connection string value for Web app.

3.       Click on create button then we will use this in our .net core MVC application.

4.       If we want to change the secret value in future azure key vault create new version for every change.


5.  Once we created  secret then need to give permissions to user or app who will use this secret. I will use this secret in VS 2019 then need to give the user access from Access policies like below


  if you want to learn more about Access policies. please read Managed Identity blog 

6.       I have create new application DJBlogs.Azure.KeyVault .net core application to consume the secret key as connection string.

Download code from GitHub:

Start-up CS Page: Startup.cs


7.      If we run the .net core MVC application it will pull data from database which mentioned in key vault secret. 

Hope it will help you to understand little bit about Azure Key Vault and how you can use them.

Keep sharing keep learning. Cheers

No comments:

Post a Comment