I'm trying to access a secret in my Azure Key Vault. My app is built with Blazor Server and I'm using Azure AD B2C for auth. My app is registered with my B2C tenant and I have no issues using it for logins, user management, etc. I am hosting the app in Azure via App Services.
My problem is I don't know how to access secrets in the key vault programmatically. Most of the docs I've been able to find do not use B2C as their identity provider.
After a bit of research I believe I found a potential path:
SecretClient client = new SecretClient(new Uri(_config.GetValue<string>("keyVaultUrl")), new ClientSecretCredential( _config.GetValue<string>("AzureAdB2C:TenantId"), _config.GetValue<string>("AzureAdB2C:ClientId"), clientSecret));*/ KeyVaultSecret airTableSecret = client.GetSecret("ApiKeySecret");
I have not been able to try this because I'm a bit unsure of the
clientSecret parameter. I do know where it comes from - I generated it in my B2C application. However, I have two questions:
- I generated the secret a long time ago when I was setting up the tenant for identity and do not remember it. I believe this value can't be viewed again? If so, can I just add a new secret and use that for accessing the key vault?
- Am I supposed to use this value in code? I'd add it to my appsettings.json file and access it like I'm accessing
ClientIDabove. I'm a bit concerned that that is not secure. What's the best practice with this value?
Finally, if there's a better way to access secrets in my Azure Key Vault I'd love to hear about it!