question

sakuraime avatar image
0 Votes"
sakuraime asked KalyanChanumolu-MSFT edited

.net Azure key Vault SecretClient

If I am going to use an Azure use assigned app to authenticate the Azure sql database , and the secret of the App is put in keyvault. the library in the following

public SecretClient (Uri vaultUri, Azure.Core.TokenCredential credential);


build a connection to keyvault, before it can retrieve the secret from the keyvault.

what actually need to input to the above 'TokenCredential'???

so I will need another Azure user assigned app to access to the keyvault?

azure-key-vaultazure-managed-identity
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

KalyanChanumolu-MSFT avatar image
0 Votes"
KalyanChanumolu-MSFT answered KalyanChanumolu-MSFT edited

@sakuraime You should use DefaultAzureCredential().

 string keyVaultUri = "<your_keyvault_uri>";
 string secretName = "<your_secret_name>";
     
 var client = new SecretClient(vaultUri: keyVaultUri, credential: new DefaultAzureCredential()); 
     
 var secret = await client.GetSecretAsync(secretName);

While running the code on your local development machine, it picks the credentials of the user logged into Visual Studio and when deployed to Azure, it picks the credentials of the managed identity.

More on that topic is here

The user running the app and the managed identity will need Key Vault Reader role on Azure KeyVault.

Please let us know if you have any further questions.


If an answer is helpful, please click on 130616-image.png or upvote 130671-image.png which might help other community members reading this thread.



· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

interesting , so why not use managed identity directly to authenticate to Azure sql database ?

0 Votes 0 ·

You should use Managed identity instead of passwords/keys wherever possible.
Please find the list of Azure services that support Managed Identity here.


If an answer is helpful, please click on 130616-image.png or upvote 130671-image.png which might help other community members reading this thread.


0 Votes 0 ·