Last active
March 7, 2021 19:15
-
-
Save therightstuff/7a67c2163aa5334e5784da0d3c5efa7b to your computer and use it in GitHub Desktop.
C# Azure Key Vault authentication using a service principal secret
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// SEE http://www.industrialcuriosity.com/2018/03/azure-key-vault-in-c-for-dummies.html FOR FULL EXPLANATION | |
/// <summary> | |
/// Gets the access token | |
/// The parameters will be provided automatically, you don't need to understand them | |
/// </summary> | |
/// <param name="authority"> Authority </param> | |
/// <param name="resource"> Resource </param> | |
/// <param name="scope"> scope </param> | |
/// <returns> token </returns> | |
public static async Task<string> GetAccessToken(string authority, string resource, string scope) | |
{ | |
// NOTE: for the love of god, this is just for clarity - please don't store the credentials in your code | |
// application id from registered app | |
string clientId = "c641ac7b-fb34-469d-b9e2-c7f15f8656dc"; | |
// any of the registered app's valid keys | |
string clientSecret = "P91isDd/RrEvIgrqRRzG5359ubvfLPZIHaYM91qNSQ0="; | |
ClientCredential clientCredential = new ClientCredential(clientId, clientSecret); | |
// create context with default token caching | |
AuthenticationContext context = new AuthenticationContext(authority, TokenCache.DefaultShared); | |
AuthenticationResult result = await context.AcquireTokenAsync(resource, clientCredential).ConfigureAwait(false); | |
return result.AccessToken; | |
} | |
/// <summary> | |
/// Connect, set and read a secret | |
/// </summary> | |
/// <returns> secret </returns> | |
private async Task<string> KeyVaultTest() | |
{ | |
string vaultBaseUrl = "https://YOUR_KEY_VAULT_NAME.vault.azure.net"; | |
string secretName = "KeyVaultTest"; | |
// Connect client | |
KeyVaultClient keyclient; | |
try { | |
keyclient = new KeyVaultClient( | |
new KeyVaultClient.AuthenticationCallback(GetAccessToken) | |
); | |
} catch (Exception keyVaultClientException) { | |
throw new Exception("client construction: " + keyVaultClientException.Message); | |
} | |
// Set secret | |
string secret = "My s3cr3t value!"; | |
try { | |
SecretBundle result = await keyclient.SetSecretAsync(vaultBaseUrl, secretName, secret); | |
} catch (Exception setSecretException) { | |
throw new Exception("set secret: " + setSecretException.Message); | |
} | |
// Read secret | |
try { | |
string secretUrl = $"{vaultBaseUrl}/secrets/{secretName}"; | |
SecretBundle secretWeJustWroteTo = await keyclient.GetSecretAsync(secretUrl); | |
return secretWeJustWroteTo.Value; | |
} catch (Exception getSecretException) { | |
throw new Exception("get secret: " + getSecretException.Message); | |
} | |
} |
Could you share a sample to call it? Thanks!!!
I'm not sure I understand the question, as the contents of KeyVaultTest()
is a collection of sample calls to KeyVaultClient
methods. Ignoring the fact that this was written three years ago and that the interface may have evolved since I last used it, what is it you're trying to do?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Could you share a sample to call it? Thanks!!!