Key Vault
Safeguard cryptographic keys and other secrets used by cloud apps and services
About Azure Key Vault
Microsoft identity platform and OAuth 2.0 On-Behalf-Of flow
How to fix “The policy requires the caller ‘…’ to use on-behalf-of (OBO) flow” when accessing Key Vault from App Service?

Azure Key Vault helps solve the following problems:

  • Secrets Management – Azure Key Vault can be used to Securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets
  • Key Management – Azure Key Vault can be used as a Key Management solution. Azure Key Vault makes it easy to create and control the encryption keys used to encrypt your data.
  • Certificate Management – Azure Key Vault lets you easily provision, manage, and deploy public and private Transport Layer Security/Secure Sockets Layer (TLS/SSL) certificates for use with Azure and your internal connected resources.
How to securely store and load secrets using Azure Key Vault in .NET Core (using a certificate)

public class Program
    static async Task Main()
        string tenantId = "...";
        string clientId = "...";
        string clientSecret = "...";
        ClientSecretCredential clientSecretCredential = new ClientSecretCredential(tenantId, clientId, clientSecret);
        string vaultUrl = "";
        var client = new SecretClient(vaultUri: new Uri(vaultUrl), credential: clientSecretCredential);
        Response<KeyVaultSecret> response = await client.GetSecretAsync("AppSettings-CoinbaseProClient-ApiKey");

How can we get tenant id, client id and client secret for Azure Function App?

App registrations