14

I need to get access to my Key Vault during development and debugging. Is it possible via using managed service identity? I see that my code can get this credentials when the app is deployed on VM, but what if I need them during development on my local workstation?

Kostya Vyrodov
  • 6,257
  • 5
  • 23
  • 34

4 Answers4

16

As of Visual Studio 2017 15.8.something, the extension which juunas mentioned is built into Visual Studio.

Tools -> Options -> Azure Service Authentication -> Account Selection

Matt Frear
  • 52,283
  • 12
  • 78
  • 86
  • 1
    As a note, if you have also installed az cli and are authenticated, it will use those credentials instead of the ones specified in the UI. – Sam Neirinck Oct 11 '18 at 10:51
  • Sometimes you need to un-set it and re-set it, I was getting auth errors and just remove and reinstated and it all started working. – Murray Foxcroft Apr 07 '20 at 07:59
2

Check out the docs for the DefaultAzureCredential (.NET) which explain how to set this up for both development and Managed Identity.

Below are the links for some of the other supported languages.

Java

JavaScript

Python

Christopher Scott
  • 2,676
  • 2
  • 26
  • 26
0

One way is to install the 2.0 Azure CLI, and log in with az login. Then make sure the right subscription is selected with az account set -s "My Azure Subscription name or id".

Then you will need to make sure the user account you signed in as has access to the Key Vault.

Now restart Visual Studio, and run the app. It should authenticate successfully.

Another way is to use the new Visual Studio extension instead of the CLI.

juunas
  • 54,244
  • 13
  • 113
  • 149
  • 1
    I don't understand which code can get a value from Key Vault? Could you add a short sample? Note: I have different accounts in visual studio and in Azure – Kostya Vyrodov Dec 12 '17 at 15:27
0

Here is a Microsoft sample app (Github project) with fairly detailed instructions on how to get up and running with local dev using MSI and Key Vault in the readme

The key is that when you are debugging locally you're not running as the service principal of the app registered by MSI, but rather as yourself. The Azure CLI az login and az account set commands set the default context for your debugging session. You'll run those commands and then log in to the portal with your Azure identity and give your azure identity access to the key vault.

Josh
  • 4,009
  • 2
  • 31
  • 46