azure-keyvault

I've been following this guide to use a certificate to authenticate with key vault from azure batch. Every certificate I generate causes errors on import into azure batch, some examples are listed below: code : InvalidPropertyValue message : The value provided for one of the properties in the request body is invalid. PropertyName: data Reason: The specified data and the password do not match or Unable to get property 'tbsCertificate' of undefined or null reference or Unable to decrypt PKCS#8 ShroudedKeyBag, wrong password? Are there any requirements for the certificate that I'm not aware of?

I follow the instruction here to create an Managed Service Identity. So now in my environment variable, I have MSI_ENDPOINT and MSI_SECRET. In my typescript (node.js) project, I imported the following project: import {KeyVaultCredentials, KeyVaultClient} from "azure-keyvault"; import {AuthenticationContext, ErrorResponse, TokenResponse} from "adal-node"; If I wasn't using MSI, I could access my key vault using the following code: let keyVaultCredentials = new KeyVaultCredentials(KeyVault.createAuthenticator(this.clientID, this.clientKey)); let keyVaultClient = new KeyVaultClient

Why or how is Azure Key Vault secure? I need to store key URI and Client Id and Client Secret on the server, so if anyone grants access to the server on which application is hosted, he'll be able to access keys and secrets stored in the Key Vault. Which means it is just as secure to store them on the server, right? You are misunderstanding the Key Vault. Key vault is secure in a sense that nothing gets transmitted over the public internet, all the communications with Key Vault and Azure Resources go through the Azure Backbone, so they are secure by default (well, if you believe Azure is secure

I was wondering if it's possible to initialize the queue trigger or even the blob trigger off a connection string that is read from azure vault. Right now, we have to set these data connection via environment settings via blade properties. However, I wanted to just use the service principal to retrieve the token for the azure key vault to get all these connection strings. I'm trying to figure how to get this working in java. Thanks, Derek This feature is tracked and in progress here: Feature request: retrieve Azure Functions' secrets from Key Vault Add binding to Key Vault EDIT 28/11/2018: It

I'm trying to access KeyVault from an .net Core console application, using a Service Principle (I have the App Id and App Secret ). Here's my code: var client = new KeyVaultClient(GetAccessToken); var secret = client.GetSecretAsync("https://{keyvaultName}.vault.azure.net", "MySecret").Result; Which calls back to this function: private static async Task<string> GetAccessToken(string authority, string resource, string scope) { var context = new AuthenticationContext(authority, TokenCache.DefaultShared); var credential = new ClientCredential(clientId: appId, clientSecret: appSecret); var

This may seem like a very basic question, but I've created a KeyVault in Azure and have added two Secrets to it which are plain text 'hello world' examples secured using ConvertTo-SecureString . Using Get-AzureKeyVaultSecret I can see that the two entries are there, and also see the unique URIs for each one, however I can't seem to work out any way to actually retrieve the 'hello world' text I've added into each secret. Can anyone provide the missing link, as the current documentation on the Microsoft site isn't too expansive at present. Something like this should do it... $key = Add

I can get the secret from azure key vault in rest api if I already know the version number using this endpoint: https://my-key-vault-dev.vault.azure.net/secrets/MyTestSecret/13f8347b8518483f8236670197497c93?api-version=2016-10-01 But what if I don't know what the latest version number is? I guess I could get the latest version number query list first: GET {vaultBaseUrl}/secrets/{secret-name}/versions?api-version=2016-10-01 Is it possible to do it all in one query? For example, something like this would be great: https://my-key-vault-dev.vault.azure.net/secrets/MyTestSecret/?api-version=2016-10

I am having trouble accessing a secret from an Azure key vault. I suspect the problem is that I don't adequately understand the terminology, so the arguments I'm supplying to various API calls are wrong. Here's the basic code I'm using: protected async Task<string> GetCommunityKeyAsync( UserConfiguration user ) { var client = new KeyVaultClient( new KeyVaultClient.AuthenticationCallback( GetAccessTokenAsync ), new HttpClient() ); // user.VaultUrl is the address of my key vault // e.g., https://previously-created-vault.vault.azure.net var secret = await client.GetSecretAsync( user.VaultUrl,

I am attempting to put some output from a service I am running in a Key Vault in Azure. The output of my service will be user credentials which is why I want to use Key Vault for this purpose. So far, I have tried the KeyVaultClient's SetSecretAsync method, but it's not working for me, I am not getting any error messages however I'm also not seeing a new secret created in my targetted KeyVault. I have not been able to find a KeyVaultClient Add Secret method as it does not exist, am I using the right object/method here? The method in question here is AddResult. Here is my code: private static