azure-keyvault

I want to access the Key Vault from my Service Fabric application via Managed Service Identity (MSI). I have enabled MSI on the virtual machine scale set in the Azure Portal and given it access to my Key Vault resource. This works like a charm up in the cloud. However, I am having problems with my local develop environment. As far as I understand, I can grant myself access to the Key Vault and run az login in Azure CLI. Alas, this doesn't work when running the application in a local Service Fabric cluster. I assume it is because a local cluster runs under the NETWORK SERVICE account. How can I

I think Managed Service Identity is a great concept and I love keyvault. However: When I use the script using an incremental resource group deployment: Sample is modified for brevity { "type": "Microsoft.KeyVault/vaults", "name": "[parameters('keyvaultName')]", "apiVersion": "2015-06-01", "properties": { "accessPolicies": [ { "objectId": "[reference(parameters('functionAppName'), '2016-08-01', 'Full').identity.principalId]", "permissions": { "keys": [], "secrets": [ "Get" ] } } ] }, "dependsOn": [ "[resourceId('Microsoft.Web/sites', parameters('functionAppName'))]" ] }, { "apiVersion": "2016

I'm using Microsoft.Azure.keyVault trying to get a secret from a key vault in Azure. I've registered an application as both Native and Web API. Logging on to the AD is successful (can confirm this by getting a valid AccessToken on AuthenticationContext.AcquireTokenAsync ). In Azure AD both applications have been given Access Control (IAM) and Access Policies in the Key Vault. I have confirmed that the Key Vault Base Url and the Secret Name are correct but when making the following call var sec = kv.GetSecretAsync("https://xxxxxxx.vault.azure.net", "xxsecretnamexx").GetAwaiter().GetResult(); I

All of the data encryption/decryption examples I have seen with Azure key Vault do the encryption locally and decryption within Azure itself by using the keyVaultClient.DecryptAsync() method. I understand that this is more secure as the private key never leaves Azure and leaks into your application code, but what if I want to do the decryption locally as well, how do i get the private key out? I am using keyVaultClient.GetKeyAsync() but it only seems to contain the public key. One of the issues I have with the in Azure decryption is that I can't replicate it in development environment without

I'm attempting to create a self signed certificate in KeyVault using the "Self" issuer. $policy = New-AzureKeyVaultCertificatePolicy -SubjectName "CN=$($certificateName)" -IssuerName "Self" -ValidityInMonths 12 $policy.Exportable = $true Add-AzureKeyVaultCertificate -VaultName $vaultName -Name $certificateName -CertificatePolicy $policy However, when getting the certificate back it doesn't appear to have a private key. Creating certificates directly in KeyVault doesn't seem hugely covered online, after digging into the rest API documentation and source code for the powershell cmdlets, I'm

I am trying to run the script GetAppConfigSettings.ps1 from Microsoft docs help setting up a Key Vault The script contains the following # ********************************************************************************************** # Prep the cert credential data # ********************************************************************************************** $certificateName = "$applicationName" + "cert" $myCertThumbprint = (New-SelfSignedCertificate -Type Custom -Subject "$certificateName"-KeyUsage DigitalSignature -KeyAlgorithm RSA -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My"

I'm trying to create an Azure KeyVault secret programmatically using Microsoft. Azure.KeyVault.KeyVaultClient. For my purposes, I am getting my auth token authenticating with a certificate as an Azure AD application. The Azure AD application already has the certificate info in its manifest. My code creates the Azure KeyVault giving "all" permissions to both secrets and keys to the object ID of the Azure AD application. I verify that this happened using Powershell to retrieve the KeyVault and looking at the Access Policies. When I try to create a secret on this KeyVault using KeyVaultClient