2

We have around thirty .Net Framework and .Net Core Task Scheduler Jobs on om-prem VM. I am planning to store the secrets (Connection string, API keys, etc) in Azure Key vaults. so I have implemented a common library(.Net Standard 2.0) where all the .Net Jobs can refer to it as below.

using Azure.Identity;
using Azure.Security.KeyVault.Secrets;

        private readonly SecretClient client;

        public AzureKeyVaultSecret()
        {
            string tenantId = "Azure tenantIdXXX";
            string clientId = "Azure AD APP ClientID";
            string clientSecret = "Azure AD APP clientSecret ";
            var credential = new ClientSecretCredential(tenantId, clientId, clientSecret);
            client = new SecretClient(new Uri(BaseUrl), credential);
        }

        public string GetSecret(string secretName)
        {
            string mkey = "https://{vaultName}.vault.azure.net/" + "_" + secretName;
            KeyVaultSecret secretBundle = client.GetSecretAsync(secretName).GetAwaiter().GetResult();
            return secretBundle.Value;
        }

Using the above library method in sample component as below:

        static void Main(string[] args)
        {
            AzureKeyVaultSecret azureSecret = new AzureKeyVaultSecret();
            var keyValue= azureSecret.GetSecret("{KeyName}");
        }

But is it a right way of using Azure Key vault to store the secrets for on-prem Scheduler Jobs or do we have any better approach.

Please help! Thank you in advance.

JackFrost
  • 200
  • 1
  • 2
  • 16

1 Answers1

1

It kind of depends how secure you want to be.

I'am not that deep into azure secrets but a person with access to your VM can decompile your code and see the secrets.

You can either use some obfuscation: take a look here How can I obfuscate my c# code, so it can't be deobfuscated so easily?

or you can store your credentials in a encrypted file or database.

Maybe there are other functions provided by azure to connect that use a different approach (token or Ip based connection etc..)

Dlyx
  • 97
  • 10