Questions tagged [azure-keyvault]
Microsoft Azure Key Vault is a cloud-hosted service that allows applications to encrypt/decrypt data using (HSM stored) cryptographic keys and store and retrieve secrets.
azure-keyvault
2,866
questions
70
votes
13
answers
136k
views
Azure KeyVault: Azure.Identity.CredentialUnavailableException: DefaultAzureCredential failed to retrieve a token from the included credentials
I am trying to connect my aspnet core application that is targeting .net framework with Azure Keyvault. On a new azure vm that supports identity everything works fine, but this application is hosted ...
- 715
66
votes
3
answers
35k
views
What is difference between Keys and Secrets in Azure Key Vault?
It would be great to know
what are they,
what are they used for
why would one prefer one versus the other.
- 16.9k
52
votes
2
answers
50k
views
Unable to create secrets in Azure Key Vault if using Azure role-based access control
I'm really new to Azure but trying to learn - so apologies if this is a daft question. I've started the free trial (which gives me some credit to start with), and I'm trying to create a key vault. If ...
- 699
47
votes
3
answers
32k
views
How to sign code built using Azure Pipelines using a certificate/key in Azure Key Vault?
We're in the process of moving from on-premise build servers to Azure Pipelines. We produce "shrink-wrap" desktop software so clearly we need to sign all our binaries before releasing. Our current ...
- 1,810
39
votes
4
answers
63k
views
How to get connection string out of Azure KeyVault?
A hypothetical web-site currently connects using:
public SqlConnection CreateConnection()
{
DbConnection connection = new SqlConnection();
connection.ConnectionString = GetConnectionString();
...
- 251k
39
votes
3
answers
62k
views
Azure Keyvault - "Operation "list" is not allowed by vault policy" but all permissions are checked
I am accessing KeyVault with .NET client with an AAD application. Although all permissions under secrets are enabled for this AAD app (screenshot below) I am getting "The operation "List" is not ...
- 711
36
votes
6
answers
77k
views
Azure key vault: access denied
I have the following code for obtaining a secret from the Azure key vault:
public static async Task<string> GetToken(string authority, string resource, string scope)
{
var ...
- 4,541
35
votes
9
answers
88k
views
KeyVaultErrorException: Operation returned an invalid status code 'Forbidden'
I'm trying to set up my web app, hosted in Azure to read settings from Azure KeyVault.
I've been following this guide: https://anthonychu.ca/post/secrets-aspnet-core-key-vault-msi/
The example shows ...
- 1,841
32
votes
3
answers
45k
views
How can I permanently purge an entire azure keyvault that's been created with soft delete enabled?
When you create an azure keyvault with soft delete enabled that keyvault persists even if you delete it and re-create it from scratch.
When soft-delete is enabled, resources marked as deleted ...
- 28.6k
30
votes
7
answers
32k
views
How do I copy over all secrets from one Azure Keyvault to another using Powershell
We recently found ourselves needing to copy over every single secret (name and value) from one Azure KeyVault to a newly created one. I found ways to restore the secrets from a backup, but we didn't ...
- 3,349
29
votes
5
answers
22k
views
How to access Azure Keyvault from docker container running locally?
I have a docker image containing an ASP.NET Core app that uses Azure Key vault to access things like connection strings. When I run the image locally, I get this error:
Unhandled Exception: Microsoft....
- 1,841
24
votes
1
answer
7k
views
The system cannot find the file specified - azure key vault certificate
I have added a pfx certificate in azure key vault.
I have one asp.net web api application where through one of the endpoint I am trying to access certificate information from key vault.
public class ...
- 10.9k
22
votes
2
answers
42k
views
ManagedIdentityCredential authentication unavailable, no managed identity endpoint found
Im trying to allow an app service (python) to get secrets from azure keyvault without the usage of hardcoded client id/secrets, therefore I`m trying to use ManagedIdentity.
I have enabled system &...
- 221
21
votes
4
answers
15k
views
How can I create an X509Certificate2 object from an Azure Key Vault KeyBundle
I am using Azure Key Vault to protect our keys and secrets, but I am unsure how I can use the KeyBundle I retrieve using the .net SDK. How can I create an X509Certificate2 object?
- 2,732
21
votes
2
answers
18k
views
Azure Key Vault Certificates does not have the Private Key when retrieved via IKeyVaultClient.GetCertificateAsync
I have 2 approaches to do the same thing, but Azure has deprecated the one that works, and the other method doesn't work.
The approach that works, but is deprecated:
I store my PFX in Azure Key ...
- 1,952
20
votes
2
answers
7k
views
How is a keyvault more secure than standard storage?
I am trying to understand the security benefits that Azure Key Vault would offer (or equally AWS KMS)
I understand the benefits of key management, of being able to easily rotate, change, audit key ...
- 12.1k
19
votes
2
answers
13k
views
KeyVault generated certificate with exportable private key
I'm attempting to create a self signed certificate in KeyVault using the "Self" issuer.
$policy = New-AzureKeyVaultCertificatePolicy -SubjectName "CN=$($certificateName)" -IssuerName "Self" -...
- 16.8k
19
votes
6
answers
40k
views
Terraform with Azure Key Vault to get secret value
Is there any way to get the value of a secret from Azure Key Vault?
Doesn't look like value gets exposed in the key vault secret object here.
- 888
19
votes
1
answer
36k
views
Azure Key Vault - How to update the secrets
In Azure Portal > Key vaults > Secrets, I have secrets with json values (I did not create it). Something like:
...
"SubscriptionId": "XXXXXXX",
"BaseAuthUri": "https://login....
- 613
17
votes
4
answers
34k
views
"Key vault reference error" in azure web app configuration setting
I have a private certificate that was generated by azure for a web app for linux containers. I want to pass this value to my .net core app via the web app configuration settings in the the azure ...
- 4,270
17
votes
6
answers
13k
views
Net core Key vault configuration using Azure.Security.KeyVault.Secrets
I have found out it is easy to connect to Azure KeyVault using Managed Identity. The documentation shows how to do it :
var azureServiceTokenProvider = new AzureServiceTokenProvider();
...
- 14.3k
17
votes
1
answer
14k
views
Azure Key Vault - AADSTS70001: Application with identifier "xxx" was not found in the directory "xxx"
I am working on – Using azure key vault in web application. Implemented steps below, but getting error.
Steps:
Created azure active directory and added application in this directory. (copied - Client ...
- 265
16
votes
1
answer
13k
views
Terraform - How to get App Service object id for azurerm key vault access policy?
Using Terraform, I am trying to add a keyvault access policy to an application (that is also created in Terraform), which requires an object_it (which is GUID) of that application. In ARM template it ...
- 1,216
16
votes
3
answers
11k
views
Azure Managed Identity from within a docker container running locally
I am running a docker container consisting of a asp.net core 2.2 api. This api needs access to Azure key vault and I have signed in into Visual studio with a user that has the right access policies on ...
- 1,834
15
votes
7
answers
23k
views
How to get all secrets in one call Azure key vault
I am using sample code explain here
https://github.com/Azure-Samples/app-service-msi-keyvault-dotnet
but they only explained how can we get single secrete not list of secrete.
so to get all ...
- 181
15
votes
3
answers
25k
views
az cli: How to retrieve key vault secret value alone, with no double quotes?
Using az cli command of az keyvault secret show --name $SecretName --vault-name $KeyVaultName --query value) returns the secret with double quotes.
This causes my subsequent REST call to fail.
How do ...
- 3,944
15
votes
5
answers
18k
views
How to serialize and deserialize a PFX certificate in Azure Key Vault?
I have a bunch of strings and pfx certificates, which I want to store in Azure Key vault, where only allowed users/apps will be able to get them. It is not hard to do store a string as a Secret, but ...
- 620
15
votes
10
answers
19k
views
Unable to get access to Key Vault using Azure MSI on App Service
I have enabled Managed Service Identities on an App Service. However, my WebJobs seem unable to access the keys.
They report:
Tried the following 3 methods to get an access token, but none of them ...
- 1,729
15
votes
2
answers
19k
views
Is it possible to get the private key out of Azure Key Vault Keys?
All of the data encryption/decryption examples I have seen with Azure key Vault do the encryption locally and decryption within Azure itself by using the keyVaultClient.DecryptAsync() method.
I ...
- 9,063
14
votes
4
answers
7k
views
How to use MSI for development in visual studio?
I need to get access to my Key Vault during development and debugging.
Is it possible via using managed service identity?
I see that my code can get this credentials when the app is deployed on VM, ...
- 6,817
14
votes
2
answers
8k
views
Can you restrict which keys/secrets a user can access in an Azure Key Vault?
I'm provisioning a Key Vault in Azure. I wish to grant a development team permissions to be able to access and create keys and secrets and certs in this vault, but not have access to ALL of the keys, ...
- 1,578
14
votes
2
answers
4k
views
VSTS JSON variable substitution with secrets from Azure Key Vault
I'm doing an Azure App Service Deploy (ASP.NET Core 2.0 Web Api) in Visual Studio Team Services and want to replace some values in the appsettings.json so I read https://learn.microsoft.com/en-us/vsts/...
- 3,090
13
votes
4
answers
11k
views
Can't Access Azure Key Vault from desktop console app
I am having trouble accessing a secret from an Azure key vault. I suspect the problem is that I don't adequately understand the terminology, so the arguments I'm supplying to various API calls are ...
user4266661
13
votes
4
answers
27k
views
List databricks secret scope and find referred keyvault in azure databricks
How can we find existing secret scopes in databricks workspace. And which keyvault is referred by specific SecretScope in Azure Databricks?
- 158
13
votes
2
answers
11k
views
How to store Public Certiticate (.cer file) in Azure Key Vault
How can I upload or store public key (.cer) file in azure keyvault. From the keyvault panel it gives error when I tried to upload any .cer file where It works for .pfx file.
- 1,622
13
votes
2
answers
13k
views
Terraform - How to attach SSL certificate stored in Azure KeyVault to an Application Gateway
I have a Terraform script that create an Azure Key Vault, imports my SSL certificate (3DES .pfx file with a password), and creates an Application Gateway with a HTTP listener. I'm trying to change ...
- 362
13
votes
2
answers
11k
views
Configuration Error Azure Key Vault as a Visual Studio Connected Service ConfigurationBuilder
I am trying to wire up Azure Key Vault in my ASP.NET (.Net Framework) MVC Web App using Visual Studio 2017 Community 15.7.5 Connected Service targeting .Net 4.7.2.
It adds a configBuilder with the ...
- 887
13
votes
2
answers
3k
views
In Azure, why is an AuthClientId also called an Application Id?
I am finding Application Registrations in Azure very confusing.
In my question here AuthClientId and Application Id turned out to be the same thing, so why are two names being used?
What is the logic ...
- 16.8k
13
votes
1
answer
3k
views
Bind Key Vault settings to class
In ASP.NET Core, if reading configuration from a JSON app.settings file I can bind a section to an object like this:
services.Configure<MyPocoConfig>(Configuration.GetSection("Section")...
- 1,841
12
votes
2
answers
7k
views
Either this secret is disabled or you do not have the "Get" secret permission
On browsing disabled secret version, getting error "Either this secret is disabled or you do not have the "Get" secret permission". I have full permissions on secret (checked thru Access Policies). ...
12
votes
1
answer
13k
views
ASP.NET Core: IConfigurationBuilder Does Not Contain Definition For AddAzureKeyVault
I am upgrading my ASP.NET Core web app to .NET Core 2.1, but am getting the following error:
IConfigurationBuilder Does Not Contain Definition For AddAzureKeyVault
This code works in .NET Core 2.0....
- 14.4k
12
votes
2
answers
14k
views
how to get the latest secret version value from azure key vault in one rest api call
I can get the secret from azure key vault in rest api if I already know the version number using this endpoint:
https://my-key-vault-dev.vault.azure.net/secrets/MyTestSecret/...
- 7,492
12
votes
2
answers
11k
views
How can I retrieve the PFX Password of a generated Azure Key Vault certificate?
Azure Key Vault allows you to generate certificates right in the GUI. After, you can download these certificates as a pfx file.
Are these pfx files password protected? I am trying to use this ...
- 1,096
12
votes
2
answers
5k
views
Using Adal for accessing the Azure KeyVault on behalf of a user
The following is in a console application and ClientID, RedirectUri is from the created native app in azure active directory.
var authContext = new AuthenticationContext(string.Format("https://login....
- 17.3k
11
votes
5
answers
13k
views
Cannot acces keyvault secrets through service endpoint in a VSTS release
We're trying to download secrets with the download key vault secrets release task in VSTS.
The service principal is add in the key vault's access policies, all rights are checked, including get, ...
- 151
11
votes
3
answers
4k
views
Azure key vault - add access policy for deployment slot
I have an app with 2 slots. I have stored connection strings in the key vault. I have enabled MSI on the app and 2 slots. Also, within the vault's access policy, I have added the app (production slot)....
- 441
11
votes
5
answers
8k
views
Azure KeyVault - Sign JWT Token
I began using Azure Keyvault to store private keys for my application.
I have a use case where I need to sign a JWT token with an RSA private key.
When I had the private key in my application ...
- 1,009
11
votes
5
answers
14k
views
Azure key vault creation error: VaultAlreadyExists - I can't find the existing vault
I'm trying to create a key vault in Azure using this CLI command...
az keyvault create --location $location --name $keyVaultName --resource-group $resourceGroupMainName --output none
But this returns ...
- 7,666
11
votes
2
answers
7k
views
Azure Function Key Vault reference for certificates?
I'm trying to use Key Vault references in my Azure Function (v1) as described here. It works fine for secrets, but not for certificates.
The docs don't mention certs at all, so maybe they are simply ...
- 3,935
11
votes
2
answers
22k
views
Creating a Secret Scope in Databricks backed by Azure Key Vault fails
You can create scopes in Databricks backed by Azure Keyvault instead of using the Databricks CLI. However, when you try to create a Scope, an obscure error message (with a spelling mistake!) is shown. ...
- 5,507