Can't Access Azure Key Vault from desktop console app
Mark's blog was extremely helpful, from that blog I learnt how to do it and below are the steps and code as of 6-Nov-2018.
Summary of the steps:
- Register App
- Create Key inside this newly registered App
- Create Key Vault and Assign permission to the app
- Create Secret inside the vault
Access them thru code
using Microsoft.Azure.KeyVault;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net.Http;
using System.Text;
using System.Threading.Tasks;
namespace Experiments.AzureKeyValut
{
internal class AzureKeyValueDemo
{
private static async Task Main(string[] args)
{
await GetSecretAsync("https://YOURVAULTNAME.vault.azure.net/", "YourSecretKey");
}
private static async Task<string> GetSecretAsync(string vaultUrl, string vaultKey)
{
var client = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(GetAccessTokenAsync), new HttpClient());
var secret = await client.GetSecretAsync(vaultUrl, vaultKey);
return secret.Value;
}
private static async Task<string> GetAccessTokenAsync(string authority, string resource, string scope)
{
//DEMO ONLY
//Storing ApplicationId and Key in code is bad idea :)
var appCredentials = new ClientCredential("YourApplicationId", "YourApplicationKey");
var context = new AuthenticationContext(authority, TokenCache.DefaultShared);
var result = await context.AcquireTokenAsync(resource, appCredentials);
return result.AccessToken;
}
}
}
How to register your app:
How to create Azure App's password and get your App's Id
How to create Azure Key Vault and Assign Permissions
How to create Azure secrets
How to access it thru code
In addition to what Tom provided, after I finally figured out how to get things to work I documented what I learned over at https://jumpforjoysoftware.com/2017/12/azure-key-vaults/. Hopefully this will all save people some serious frustration.
Help, or a reference to a really good example accessing key vaults from a console desktop app would be appreciated.
After we registry the Azure Directory App then we need to assign role to application. if we want to operate Azure Key Vault, we also need to give permission to operate Key Vault. The resource for key vault is https://vault.azure.net. You also could get more detail info from another SO thread.
Demo code:
static string appId = "application Id";
static string tenantId = "tenant id";
static string uri = "http://localhost:13526"; //redirect uri
static void Main(string[] args)
{
var kv = new KeyVaultClient(GetAccessToken);
var scret = kv.GetSecretAsync("https://xxxx.vault.azure.net", "xxxx").GetAwaiter().GetResult();
}
public static async Task<string> GetAccessToken(string azureTenantId,string clientId,string redirectUri)
{
var context = new AuthenticationContext("https://login.windows.net/" + tenantId);
var tokenResult = await context.AcquireTokenAsync("https://vault.azure.net", appId, new Uri(uri), new PlatformParameters(PromptBehavior.SelectAccount));
return tokenResult.AccessToken;
}