Azure Key Vault in .NET Core


Key Vault
Safeguard cryptographic keys and other secrets used by cloud apps and services
About Azure Key Vault
Microsoft identity platform and OAuth 2.0 On-Behalf-Of flow
How to fix “The policy requires the caller ‘…’ to use on-behalf-of (OBO) flow” when accessing Key Vault from App Service?

Azure Key Vault helps solve the following problems:

  • Secrets Management – Azure Key Vault can be used to Securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets
  • Key Management – Azure Key Vault can be used as a Key Management solution. Azure Key Vault makes it easy to create and control the encryption keys used to encrypt your data.
  • Certificate Management – Azure Key Vault lets you easily provision, manage, and deploy public and private Transport Layer Security/Secure Sockets Layer (TLS/SSL) certificates for use with Azure and your internal connected resources.
How to securely store and load secrets using Azure Key Vault in .NET Core (using a certificate)

public class Program
    static async Task Main()
        string tenantId = "...";
        string clientId = "...";
        string clientSecret = "...";
        ClientSecretCredential clientSecretCredential = new ClientSecretCredential(tenantId, clientId, clientSecret);
        string vaultUrl = "";
        var client = new SecretClient(vaultUri: new Uri(vaultUrl), credential: clientSecretCredential);
        Response<KeyVaultSecret> response = await client.GetSecretAsync("AppSettings-CoinbaseProClient-ApiKey");

How can we get tenant id, client id and client secret for Azure Function App?

App registrations

Leave a Reply

%d bloggers like this: