In this tutorial, we are going to discuss Azure Key Vault secrets using Asp.Net Core 3.1 web application. Azure Key Vault is a tool where we can store and access secrets. The purpose of Key Vault is to store sensitive information like API keys, Authenticated Token Keys, Database Connection strings and etc. This is the best cloud-based solution for Azure web Apps.
Note: – If you want to know how to add user-secrets in asp.net core 3.1 application during development then click here.
What will you learn in this tutorial?
We will learn these below points in this tutorial.
- App Registration in Azure Active Directory and Create Client Secret
- How to create Azure Key Vault?
- How to create Secret Values?
- How to add Access Policy?
- How to retrieve Key Vault Secrets?
Azure Key Vault Secrets with Asp.Net Core 3.1
Let see how to create key vault secrets in Azure and access in Asp.Net Core 3.1 application.
Step # 1: App registration in Azure Active directory and Create Client Secrets.
In this step, we will see how to register an App in Azure and then we will see how to create client secrets. So, go to Azure portal and then go to Azure Active Directory and then click on the App Registration as you do see below in the screenshot.
Now, you will see a new tab with the name of “New registration”, click on the “New registration” tab and then it will open a new window with the name of “Register an Application”.
Now, enter the valid name and then choose supported account type and then click on the Register button as you do see below in the screenshot.
After registration, you will see some IDs of our registered app. So, copy the Application (client) ID and we will use it later.
Now, we will create client secrets of our registered KeyvaultApp. So, go to KeyvaultApp and then click on the Certificates & secrets and then click on the “+ New client secret” button as you do see below in the screenshot.
Now, you will see a new screen with the name of “Add a client secret”. So, enter any description and then set expiry and then click on the Add button as you do see below in the screenshot.
After clicking on the Add button, you will see the client secret is created as you do see below in the screenshot.
Note: – Copy the secret value and paste it in your secure place. We will use it later.
So, the App Registration in Azure directory and Create the client secret part is completed.
Step # 2: How to create Azure Key Vault?
Now, in this step, we will see how to create Azure key vault. So, click on the “Create a new resource” and then search for Key Vaults and then click on the Create key vault button. Then you will see a new screen with the name of “Create Key Vault”. Now, enter the information as you do see below in the screenshot.
Note: – You can create a new resource group by clicking on the Create new link.
Now, after clicking on the Review + create button, then you will see a new screen with Validation passed status.
Now, click on the Create button and then your key vault will be deployed successfully as you do see below in the screenshot.
Step # 3: How to create secret values?
Now, click on the Go to resource button and then you will see the overview of Keyvault-dd as you do see below in the screenshot.
Now, click on the Secrets and then you will see a new window and then click on the Generate/Import.
Now, you will see a new screen with the name of Create a secret. So, enter the information and then click on the Create button as you do see below in the screenshot.
After clicking on the Create button, you will see the secret is created successfully as you do see below in the screenshot.
Step # 4: How to add access policy?
In this step, we will see how to add access policy in the key vault. So, key vault and then click on the Access policies and then click on the “+ Add Access Policy”.
Now, select the secret permissions as you do see below in the screenshot.
Now, select principal and then search for KeyvaultApp, which we have created above, and then click on the Select button.
After clicking on the Select button, you will see the selected app with secret permissions. So, now click on the Save.
Now the Azure Key vault and Secret key creation part is completed successfully.
Step # 5: How to retrieve Key Vault Secrets?
Now, in this part, we will see how to retrieve the Key Vault Secrets in Asp.Net Core 3.1 application. So, we will add some changes in our Asp.Net Core 3.1 application to retrieve Key Vault secrets.
Install Nuget Packages:
So, first-of-all, install these below nuget packages.
- Microsoft.Azure.Services.AppAuthentication
- Microsoft.Azure.KeyVault
- Microsoft.Extensions.Configuration.AzureKeyVault
Update Appsettings.json file:
Now, we will add some changes in the program.cs file as you do see below in the file.
Line 15 & 16: these are ids, which we have saved above.
Update Program.cs file:
Now, we will add some changes in CreateHostBuilder method within the program.cs file as you do see below in the file.
Line # 3 to 16: here in this block, we are configuring our app with Azure Keyvault.
Accessing Key Vault Secret:
Now, in this step, we will access Key vault secret using IConfiguration as you do see below in the file’s line # 1.
Note: – we are accessing it in the startup file to set a security key.
Congratulation! we have successfully created Azure key vault secrets and then retrieve it in Asp.Net Core 3.1 web API. I hope you find this article informative and useful. Thank you for reading. Please keep visiting and sharing within your community.
Leave a Reply