Accessing Secrets in Azure Key Vault

I'm trying to access a secret in my Azure Key Vault. My app is built with Blazor Server and I'm using Azure AD B2C for auth. My app is registered with my B2C tenant and I have no issues using it for logins, user management, etc. I am hosting the app in Azure via App Services.

My problem is I don't know how to access secrets in the key vault programmatically. Most of the docs I've been able to find do not use B2C as their identity provider.

After a bit of research I believe I found a potential path:

SecretClient client = new SecretClient(new Uri(_config.GetValue<string>("keyVaultUrl")), new ClientSecretCredential( _config.GetValue<string>("AzureAdB2C:TenantId"), _config.GetValue<string>("AzureAdB2C:ClientId"), clientSecret));*/ KeyVaultSecret airTableSecret = client.GetSecret("ApiKeySecret"); 

I have not been able to try this because I'm a bit unsure of the clientSecret parameter. I do know where it comes from - I generated it in my B2C application. However, I have two questions:

  1. I generated the secret a long time ago when I was setting up the tenant for identity and do not remember it. I believe this value can't be viewed again? If so, can I just add a new secret and use that for accessing the key vault?
  2. Am I supposed to use this value in code? I'd add it to my appsettings.json file and access it like I'm accessing TenantID and ClientID above. I'm a bit concerned that that is not secure. What's the best practice with this value?

Finally, if there's a better way to access secrets in my Azure Key Vault I'd love to hear about it!

submitted by /u/DecayingExponential
[link] [comments]

Read more here: https://www.reddit.com/r/AZURE/comments/lq7qxu/accessing_secrets_in_azure_key_vault/

Content Attribution

This content was originally published by /u/DecayingExponential at Microsoft Azure, and is syndicated here via their RSS feed. You can read the original post over there.

%d bloggers like this: