1

I have generated .pfx, .pvk and .cer certification files.

In Azure:

  • I created a new Vault, let's call it MyVault
  • In MyVault, I created a Secret called SubscriptionKey
  • MyVault has a Certificates section to which I've uploaded MyCertificate.cer file.

Confusingly enough, Azure also has a "Azure Active Directory" section where I can also upload Certificates. This is what I understood from researching, to be the place where to upload the certificate, and get the associated clientId and tenantId needed for the ClientCertificateCredential constructor.

Goal: Retrieve the secret value from MyVault using a Certificate and the code:

public static string GetSecretFromAzureKeyVault(string secretName)
        {
            string vaultUrl = "https://MyVault.vault.azure.net/";
            string cerPath = "C:\\Personal\\MyCertificate.cer";

            ClientCertificateCredential credential = new(
                    "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
                    "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
                    cerPath
                );

            SecretClient client = new(new Uri(vaultUrl), credential);
            KeyVaultSecret secret = client.GetSecret(secretName);

            return secret.Value;
        }

When running the code I'm still getting null for the line:

KeyVaultSecret secret = client.GetSecret(secretName);

Any suggestions on what I've done wrong in this flow or regarding the resources?

EDIT:

Error screenshot: image_A

Yafim Simanovsky
  • 531
  • 7
  • 26

1 Answers1

2

I have followed the below steps and got the secret value

  1. Create an app from AAD and register the app using APP registrations.

enter image description here

  1. Create a keyVault and secret. And use the secret name in the code.

enter image description here

  1. Use the ClientId and TenantId from the App registrations and use it in the code.

enter image description here

  1. Download the .pfx format file and use the certificate in the code.

enter image description here

  1. Use .pfx downloaded path in code

enter image description here

public static string GetSecretFromAzureKeyVault(string secretName)
            {
                string vaultUrl = "https://keyvault.vault.azure.net/";
                string cerPath = "C:\\Tools\\keyvault-keycertificate-20230109.pfx";
    
                ClientCertificateCredential credential = 
                    new ClientCertificateCredential("TenantId", "ClientId", cerPath);
    
                SecretClient client = new SecretClient(new Uri(vaultUrl), credential);
                KeyVaultSecret secret = client.GetSecret(secretName);
    
                return secret.Value;
            }

You can find the secret value in the below highlighted screen.

enter image description here

Rajesh Mopati
  • 1,329
  • 1
  • 2
  • 7
  • Hi, thanks for the detailed response :) unfortunately, this doesn't work for me. I'm in a .NET Framework Class Library, perhaps that isn't what you are using? I believe a lot of errors come from this but sadly I have to use this Class Library for my project. – Yafim Simanovsky Jan 09 '23 at 16:35
  • Yes, for me it is working in Console application of `.Net Framework 4.8.1`. And from class library also it will work. you need to install the NuGets, I installed the `Azure.Security.KeyVault.Secrets` and `Azure.Identity`. Please let me know if you still need any help. – Rajesh Mopati Jan 10 '23 at 04:50
  • Yes, I have those and tried exactly as you explain, but sadly still a Null reference error... Why do we need the registered app? it seems unrelated to the KeyVault since you have both the Secret and the Certificate in the Vault, not in the app..? Maybe I'm missing something? – Yafim Simanovsky Jan 10 '23 at 08:51
  • As we need pass the ClientId in the below method, hence the registered app is regquired for clientId. ClientCertificateCredential credential = new ClientCertificateCredential("TenantId", "ClientId", cerPath); – Rajesh Mopati Jan 10 '23 at 09:13
  • Yep, the Directory ID of the Vault is the same as the Tenant ID of the registered App, but I tried exactly as you say and it doesn't work. I will add a more verbose error in the body of the post in an Edit. – Yafim Simanovsky Jan 10 '23 at 13:10
  • 1
    Could you please share the error message in text. – Rajesh Mopati Jan 10 '23 at 14:08
  • ```Method not found: 'Boolean System.Diagnostics.DiagnosticListener.IsEnabled()'. at Azure.Core.Pipeline.DiagnosticScope..ctor(String ns, String scopeName, DiagnosticListener source, ActivityKind kind) at Azure.Core.Pipeline.DiagnosticScopeFactory.CreateScope(String name, ActivityKind kind) at Azure.Security.KeyVault.Secrets.SecretClient.GetSecret(String name, String version, CancellationToken cancellationToken) at ... ``` – Yafim Simanovsky Jan 10 '23 at 18:44
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/251016/discussion-between-yafim-simanovsky-and-rajeshm). – Yafim Simanovsky Jan 10 '23 at 21:05
  • @YafimSimanovsky, Could you please check dll version? A method not found indicates dll version mismatch i.e IsEnabled method not found during execution. – sujayadkar Jan 12 '23 at 18:44
  • @sujayadkar all the relevant azure nuget packages are the latest. What do you mean dll version..? – Yafim Simanovsky Jan 13 '23 at 14:38
  • 1
    @YafimSimanovsky, As You are deploying this as a plugin in Autodesk. Can you check System.Diagnostics.dll version in the deployment directory? It may happen there is a different version of dll present where the IsEnabled() method is not present. – sujayadkar Jan 13 '23 at 14:59
  • Thanks @sujayadkar as far as I can see the version is 7.0.22.51805, do you know if this is relevant and if so how to fix/modify? – Yafim Simanovsky Jan 13 '23 at 19:19
  • @YafimSimanovsky, You can refer dependencies of Azure.Core NuGet package here https://www.nuget.org/packages/Azure.Core#dependencies-body-tab. Azure Core internally using System.Diagnostics.DiagnosticSource. As per the page System.Diagnostics.DiagnosticSource version must be >= 4.6.0 for dotnet framework. – sujayadkar Jan 14 '23 at 17:46
  • @sujayadkar so yeah I have ver 7.0.22 that is >= 4.6.0 and .net framwork 4.8 so do you think the diagnostic .dll is not the issue..? – Yafim Simanovsky Jan 14 '23 at 20:09
  • @YafimSimanovsky, DLL version 7.0.22 you meant to say 4.7.0.22 because all dotnet 4.X dlls start with 4.X.X. – sujayadkar Jan 15 '23 at 05:47
  • I used powershell to check the version with `(Get-Item 'C:\...\System.Diagnostics.DiagnosticSource.dll').VersionInfo | Select-Object FileVersion` and got 7.0.22.51805 which means the dll is ok in terms of version right? if it's 4.7... or is there another way to check the version? – Yafim Simanovsky Jan 15 '23 at 14:39