none
key vault in native app without user authentification RRS feed

  • Question

  • I tried using key vault for my native app (winforms) to save connection strings to azure storage and SQL azure. Problem is, that there is no user login for the software (and because it's a technical app it is not needed and refused by the customer). Is saving the connection data to azure key vault in code also as insecure as saving the connection strings to storage in code directly? Is there any recommended way for this scenario?
    Monday, August 26, 2019 8:45 AM

All replies

  • No it is not insecure to save the connection strings in Azure Key Vault and you can check for access Azure Key Vault using application identity which is suitable for the applications running as a daemon service or background jobs and does not require a signed in user.  These applications uses client credentials flow and having a registration with Azure AD with a secret (password or certificate) and this secret gets passed during the call to Azure AD to get a token.  Please refer to document for reference.
    Tuesday, August 27, 2019 6:05 AM
    Moderator
  • Ok, so I need a second apllication to access the key vault? that second app sends the retrieved storage connection string from key vault back to my original winforms application?
    Tuesday, August 27, 2019 9:57 AM
  • No, you do not need another application. You need to create the application identity of your current application and add respective code to access key vault from your application.  Please refer to this blog for reference.

    Please let me know if you find above reply useful. If yes, do click on 'Mark as answer' link in above reply. This will help other community members facing similar query to refer to this solution. Thanks.

    Friday, August 30, 2019 5:17 PM
    Moderator