Using Service Principal for Azure Key Vault RBAC for Column Master Key

VD 66 Reputation points
2021-02-13T18:42:25.847+00:00

Hi Team,

I am using Service Principal as database contained user in Azure SQL database. I have a column master key in Azure Key Vault (RBAC) for which I have given the Key Vault Crypto User role to the same service principal as db contained user.
At .net side I am using Entity framework core where AccessToken for db connection is obtained by using ClientSecretCredential (Azure.Identity).
How to get column master key from key vault using this role based access for the service principal? Can I use same token?

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,126 questions
Azure SQL Database
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,566 questions
0 comments
Accepted answer
  1. Siva-kumar-selvaraj 15,551 Reputation points
    2021-02-15T12:59:44.147+00:00

    @VD , Thanks for reaching out.

    An AccessToken must be obtained with appropriate audience as shown below in scope for Key Vault:

    scope : https://vault.azure.net/.default

    68221-image.png

    An easy way to check if the same AccessToken can be used, go to https://jwt.ms/ and decode token which obtained for DB connection and verify token was acquired for vault.azure.net audience as shown below, if not then obtain a new token by using ClientSecretCredential (Azure.Identity).

    68231-image.png

    ------------------------------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest