Questions tagged [azure-keyvault]

Microsoft Azure Key Vault is a cloud-hosted service that allows applications to encrypt/decrypt data using (HSM stored) cryptographic keys and store and retrieve secrets.

Azure Key Vault helps safeguard cryptographic keys and secrets used by cloud applications and services. By using Key Vault, you can encrypt keys and secrets (such as authentication keys, storage account keys, data encryption keys, .PFX files, and passwords) by using keys that are protected by hardware security modules (HSMs). For added assurance, you can import or generate keys in HSMs (keys never leave the HSM boundary). The HSMs are FIPS 140-2 Level 2 validated.

Key Vault streamlines the key management process and enables you to maintain control of keys that access and encrypt your data. Developers can create keys for development and testing in minutes, and then seamlessly migrate them to production keys. Security administrators can grant (and revoke) permission to keys, as needed.

1726 questions

votes

3 answers

What is difference between Keys and Secrets in Azure Key Vault?

It would be great to know what are they, what are they used for why would one prefer one versus the other.

azure azure-keyvault

asked Jul 09 '16 at 00:14

Bohdan

13,719
13
68
66

votes

6 answers

Azure key vault: access denied

I have the following code for obtaining a secret from the Azure key vault: public static async Task GetToken(string authority, string resource, string scope) { var authContext = new AuthenticationContext(authority); …

c# azure azure-keyvault

asked Oct 13 '16 at 15:50

Eutherpy

4,001
3
26
53

votes

4 answers

How to get connection string out of Azure KeyVault?

A hypothetical web-site currently connects using: public SqlConnection CreateConnection() { DbConnection connection = new SqlConnection(); connection.ConnectionString = GetConnectionString(); connection.Open(); return…

c# azure security connection-string azure-keyvault

asked May 01 '17 at 15:50

Ian Boyd

220,884
228
805
1,125

votes

8 answers

KeyVaultErrorException: Operation returned an invalid status code 'Forbidden'

I'm trying to set up my web app, hosted in Azure to read settings from Azure KeyVault. I've been following this guide: https://anthonychu.ca/post/secrets-aspnet-core-key-vault-msi/ The example shows how to access app settings from KeyVault with the…

azure asp.net-core azure-web-app-service azure-keyvault

asked Jul 01 '18 at 15:57

zola25

1,230
3
19
35

votes

2 answers

How to sign code built using Azure Pipelines using a certificate/key in Azure Key Vault?

We're in the process of moving from on-premise build servers to Azure Pipelines. We produce "shrink-wrap" desktop software so clearly we need to sign all our binaries before releasing. Our current build infrastructure does this using a USB hardware…

azure-devops azure-pipelines azure-keyvault

asked Aug 13 '19 at 09:45

Anodyne

1,497
12
26

votes

6 answers

How to access Azure Keyvault from docker container running locally?

I have a docker image containing an ASP.NET Core app that uses Azure Key vault to access things like connection strings. When I run the image locally, I get this error: Unhandled Exception:…

azure docker asp.net-core azure-keyvault azure-cli

asked Mar 19 '19 at 18:42

zola25

1,230
3
19
35

votes

3 answers

Azure Keyvault - "Operation "list" is not allowed by vault policy" but all permissions are checked

I am accessing KeyVault with .NET client with an AAD application. Although all permissions under secrets are enabled for this AAD app (screenshot below) I am getting "The operation "List" is not enabled in this key vault's access policy" if I…

c# .net powershell azure azure-keyvault

asked Mar 20 '17 at 11:13

Pikapops

votes

1 answer

Azure Key Vault - AADSTS70001: Application with identifier "xxx" was not found in the directory "xxx"

I am working on – Using azure key vault in web application. Implemented steps below, but getting error. Steps: Created azure active directory and added application in this directory. (copied - Client id and key) Created azure key vault using power…

azure azure-keyvault

asked Nov 19 '15 at 08:16

Kumar

votes

2 answers

How is a keyvault more secure than standard storage?

I am trying to understand the security benefits that Azure Key Vault would offer (or equally AWS KMS) I understand the benefits of key management, of being able to easily rotate, change, audit key access. What perplexes me a little though is how…

azure security azure-keyvault

asked Sep 30 '15 at 23:18

Michael B

10,997
4
29
65

votes

2 answers

KeyVault generated certificate with exportable private key

I'm attempting to create a self signed certificate in KeyVault using the "Self" issuer. $policy = New-AzureKeyVaultCertificatePolicy -SubjectName "CN=$($certificateName)" -IssuerName "Self" -ValidityInMonths 12 $policy.Exportable =…

powershell x509 private-key azure-powershell azure-keyvault

asked May 07 '17 at 22:27

Alex KeySmith

15,289
6
63
143

votes

1 answer

Azure Key Vault Certificates does not have the Private Key when retrieved via IKeyVaultClient.GetCertificateAsync

I have 2 approaches to do the same thing, but Azure has deprecated the one that works, and the other method doesn't work. The approach that works, but is deprecated: I store my PFX in Azure Key Vault Secrets. (when I create the secret I see a…

c# ssl azure-keyvault x509certificate2 kestrel-http-server

asked Jul 21 '18 at 00:46

Nandun

1,286
2
13
30

votes

5 answers

How to serialize and deserialize a PFX certificate in Azure Key Vault?

I have a bunch of strings and pfx certificates, which I want to store in Azure Key vault, where only allowed users/apps will be able to get them. It is not hard to do store a string as a Secret, but how can I serialize a certificate in such way that…

c# azure certificate x509certificate2 azure-keyvault

asked Nov 16 '15 at 03:48

zdebyman

votes

6 answers

How do I copy over all secrets from one Azure Keyvault to another using Powershell

We recently found ourselves needing to copy over every single secret (name and value) from one Azure KeyVault to a newly created one. I found ways to restore the secrets from a backup, but we didn't have a backup. Is there a Powershell script that…

azure powershell azure-keyvault

asked Apr 10 '19 at 17:08

Tom Warner

2,262
3
12
20

votes

2 answers

VSTS JSON variable substitution with secrets from Azure Key Vault

I'm doing an Azure App Service Deploy (ASP.NET Core 2.0 Web Api) in Visual Studio Team Services and want to replace some values in the appsettings.json so I read…

azure asp.net-core azure-devops azure-pipelines-release-pipeline azure-keyvault

asked Dec 12 '17 at 15:15

Erwin

2,770
22
22

votes

3 answers

In Azure, why is an AuthClientId also called an Application Id?

I am finding Application Registrations in Azure very confusing. In my question here AuthClientId and Application Id turned out to be the same thing, so why are two names being used? What is the logic behind this choice of naming? [Update] From Joy's…

azure oauth-2.0 azure-active-directory azure-keyvault

asked Jun 28 '18 at 06:13

Kirsten Greed

11,170
26
117
234

2 3

…

99 100 Next