Azure Key Vault libraries for .NET

Overview

Azure Key Vault helps safeguard cryptographic keys and secrets used by cloud applications and services.

Read more about What is Key Vault? then Get started with Azure Key Vault or learn how to Use Key Vault from a web app.

Client library

Use the client library to manage keys and related assets such as certificates and secrets.

Install the NuGet package directly from the Visual Studio Package Manager console or with the .NET Core CLI.

Visual Studio Package Manager

Install-Package Microsoft.Azure.KeyVault
dotnet add package Microsoft.Azure.KeyVault

Example

The following example retrieves the secret for a specific key that is identified in the application settings.

KeyVaultClient kv = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(securityToken));

SecretBundle sec = await kv.GetSecretAsync(WebConfigurationManager.AppSettings["SecretUri"]);

// sec.Value holds the secret

Management library

Use the management library to create, delete, and query key vaults.

Install the NuGet package directly from the Visual Studio Package Manager console or with the .NET Core CLI.

Visual Studio Package Manager

Install-Package Microsoft.Azure.Management.KeyVault.Fluent
dotnet add package Microsoft.Azure.Management.KeyVault.Fluent

Example

The following example demonstrates how to create a new key vault for a given resource group and location.

using (KeyVaultManagementClient client = new KeyVaultManagementClient(
    new TokenCloudCredentials(subscriptionId, accessToken)))
{
    client.Vaults.CreateOrUpdate(resourceGroupName, "myKeyVault", new VaultCreateOrUpdateParameters
    {
        Properties = new VaultProperties
        {
            EnabledForDeployment = true,
            EnabledForDiskEncryption = true,
            EnabledForTemplateDeployment = true,
            Location = resourceGroupLocation,
            // SKU level, access policies, tenants, etc.
        }
    });
}

Samples

Explore more sample .NET code you can use in your apps.