How to retrieve secret from Azure Key Vault from console application
I want to execute a console application on a remote machine with a service account that retrieves a secret from Azure Key Vault, so I do not have to put this secret in the source code or any kind of config file.
I was able to create the secret and permit the user read access.
I fail to authenticate to Key Vault in code.
Here are the two lines of code:
var client = new SecretClient(new Uri($"https://kv-xxx.vault.azure.net"), new DefaultAzureCredential());
var secret = client.GetSecret("xxx-api-key");
I get a list of exceptions starting with Azure.Identity.CredentialUnavailableException.
All attempts from DefaultAzureCredential fail.
I cannot use the recommended 'managed identity for applications'. The application runs on a server in the context of a service account.
I was under the impression all the authentication details would be passed along fully transparently, as this is the case for other resources.
I verified via Azure portal that the account has proper permissions to read the secret.
I feel the stack trace and additional arbitrary information on hand do not contribute to finding a solution.
To retrieve the secret value, create an Azure AD/Microsoft Entra ID application:
To get the secret value, the application must have Key Vault Secrets User role :
Go to your Key vault -> Access control (IAM) -> Add -> Add role assignment -> Select Key Vault Secrets User -> Select members -> Select your application -> Review + assign
Now use the below code and the secret value will be retrieved successfully:
using Azure.Identity;
using Azure.Security.KeyVault.Secrets;
var clientId = "ClientIDofApp";
var clientSecret = "ClientSecretofApp";
var vaultUri = new Uri("https://rukkvs.vault.azure.net/");
var tenantId = "TenantID";
var secretname = "testsecret";
var credential = new ClientSecretCredential(tenantId, clientId, clientSecret);
var client = new SecretClient(vaultUri, credential);
var secret = client.GetSecret(secretname);
Console.WriteLine($"secret value for the secret {secretname} is {secret.Value.Value}");
- If your key vault is configured as "Azure role-based access control", then assign Key Vault Secrets User role to the application.
- If your key vault is configured as "Vault access policy", then you have to create access policy selecting Secret permissions and assigning it to application.
- Keycloak - how to allow linking accounts without registration
- How to do client certificate authentication with Apache
- How to build RUNAS /NETONLY functionality into a (C#/.NET/WinForms) program?
- Paho MQTT C++ connection user and password
- Using LDAP (AD) for MySQL authentication
- Facebook SSO emails verified or unverified
- Why should I use session id in cookie instead of storing login and (hashed) password in cookie?
- MAUI Blazor Hybrid - Unauthorized after closing a Modal
- Fetching private API after login with token stored in cookies using authentication middleware
- Why is lexik-jwt bundle returning an empty token with correct credentials?
- How to retrieve secret from Azure Key Vault from console application
- ASP.NET Core - getting a message back from AuthenticationHandler
- Implement authentication with MagicCode
- What is a Pythonic way for Dependency Injection?
- How to login and authenticate to Postgresql after a fresh install?
- Using TidIMAP4 component to retrieve email, need to switch to using Modern Authentication
- IDEA plugin 'github copilot' can't login in github
- What's the most reliable way to detect if the user is logging in from a different device than usual?
- SQL Server Logins and Users
- How do I login in to phpMyAdmin?
- How to provide temporary download url in Flask?
- Custom plugin routes are not accessible using API tokens
- Extra authentication criteria
- Use authentication with cookies instead of losing login on page refresh
- How do I add basic authentication on certain API calls in an ASP.NET Core website using Identity
- PasswordSignInAsync returns null when attempting to Login
- Blazor Server: forceLoad: true causes "IAuthenticationService" error on page navigation
- Automatically logon user when another user logs out using PowerShell
- .Net Core ReportExecutionServiceSoapClient set credentials
- How to stop IIS asking authentication for default website on localhost