locked
How to keep credentials safe in a non-azure app? RRS feed

  • Question

  • Hi!

    We can't migrate all of our apps to the Azure ecosystem right now but we want to get along with the tools and services provided by the platform.

    We decided starting with the Azure Key Vault, but the problem is that we need to access it from a non-Azure app.

    We can retrieve the keys stored on the vault but we need to keep the Azure credentials on the code to do it, and that is what we are trying to avoid. What's the solution to it or the subject that I should learn about? Using a certificate would affect the current workflow and wouldn't be easy to be done.

    Thanks!

    Tuesday, January 28, 2020 1:45 PM

Answers

  • You can use a service principal to access your key vault by using Azure key vault client library.  You need to register your application in Azure AD and need to use your Client Id and Client Secret of the registered app for accessing Azure Key Vault.  Please refer to the sample console application to achieve the same in .NET.   You can find samples for the same using Python, Java etc. at the same location. 

    Tuesday, January 28, 2020 7:38 PM