Questions tagged [azure-keyvault]

Microsoft Azure Key Vault is a cloud-hosted service that allows applications to encrypt/decrypt data using (HSM stored) cryptographic keys and store and retrieve secrets.

Azure Key Vault helps safeguard cryptographic keys and secrets used by cloud applications and services. By using Key Vault, you can encrypt keys and secrets (such as authentication keys, storage account keys, data encryption keys, .PFX files, and passwords) by using keys that are protected by hardware security modules (HSMs). For added assurance, you can import or generate keys in HSMs (keys never leave the HSM boundary). The HSMs are FIPS 140-2 Level 2 validated.

Key Vault streamlines the key management process and enables you to maintain control of keys that access and encrypt your data. Developers can create keys for development and testing in minutes, and then seamlessly migrate them to production keys. Security administrators can grant (and revoke) permission to keys, as needed.

2719 questions

votes

3 answers

What is difference between Keys and Secrets in Azure Key Vault?

It would be great to know what are they, what are they used for why would one prefer one versus the other.

azure azure-keyvault

asked Jul 09 '16 at 00:14

Bohdan

16,531
16
74
68

votes

11 answers

Azure KeyVault: Azure.Identity.CredentialUnavailableException: DefaultAzureCredential failed to retrieve a token from the included credentials

I am trying to connect my aspnet core application that is targeting .net framework with Azure Keyvault. On a new azure vm that supports identity everything works fine, but this application is hosted on a classic azure vm that does not support…

c# .net azure asp.net-core azure-keyvault

asked Jul 09 '20 at 14:36

Dylan Meivis

votes

3 answers

How to sign code built using Azure Pipelines using a certificate/key in Azure Key Vault?

We're in the process of moving from on-premise build servers to Azure Pipelines. We produce "shrink-wrap" desktop software so clearly we need to sign all our binaries before releasing. Our current build infrastructure does this using a USB hardware…

azure-devops azure-pipelines azure-keyvault

asked Aug 13 '19 at 09:45

Anodyne

1,760
2
15
28

votes

4 answers

How to get connection string out of Azure KeyVault?

A hypothetical web-site currently connects using: public SqlConnection CreateConnection() { DbConnection connection = new SqlConnection(); connection.ConnectionString = GetConnectionString(); connection.Open(); return…

c# azure security connection-string azure-keyvault

asked May 01 '17 at 15:50

Ian Boyd

246,734
253
869
1,219

votes

6 answers

Azure key vault: access denied

I have the following code for obtaining a secret from the Azure key vault: public static async Task GetToken(string authority, string resource, string scope) { var authContext = new AuthenticationContext(authority); …

c# azure azure-keyvault

asked Oct 13 '16 at 15:50

Eutherpy

4,471
7
40
64

votes

9 answers

KeyVaultErrorException: Operation returned an invalid status code 'Forbidden'

I'm trying to set up my web app, hosted in Azure to read settings from Azure KeyVault. I've been following this guide: https://anthonychu.ca/post/secrets-aspnet-core-key-vault-msi/ The example shows how to access app settings from KeyVault with the…

azure asp.net-core azure-web-app-service azure-keyvault

asked Jul 01 '18 at 15:57

zola25

1,774
6
24
44

votes

3 answers

Azure Keyvault - "Operation "list" is not allowed by vault policy" but all permissions are checked

I am accessing KeyVault with .NET client with an AAD application. Although all permissions under secrets are enabled for this AAD app (screenshot below) I am getting "The operation "List" is not enabled in this key vault's access policy" if I…

c# .net powershell azure azure-keyvault

asked Mar 20 '17 at 11:13

Pikapops

votes

5 answers

How to access Azure Keyvault from docker container running locally?

I have a docker image containing an ASP.NET Core app that uses Azure Key vault to access things like connection strings. When I run the image locally, I get this error: Unhandled Exception:…

azure docker asp.net-core azure-keyvault azure-cli

asked Mar 19 '19 at 18:42

zola25

1,774
6
24
44

votes

3 answers

How can I permanently purge an entire azure keyvault that's been created with soft delete enabled?

When you create an azure keyvault with soft delete enabled that keyvault persists even if you delete it and re-create it from scratch. When soft-delete is enabled, resources marked as deleted resources are retained for a specified period (90 days…

azure azure-keyvault azure-cli

asked Sep 08 '20 at 08:20

Liam

27,717
28
128
190

votes

7 answers

How do I copy over all secrets from one Azure Keyvault to another using Powershell

We recently found ourselves needing to copy over every single secret (name and value) from one Azure KeyVault to a newly created one. I found ways to restore the secrets from a backup, but we didn't have a backup. Is there a Powershell script that…

azure powershell azure-keyvault

asked Apr 10 '19 at 17:08

Tom Warner

3,193
3
17
24

votes

2 answers

Unable to create secrets in Azure Key Vault if using Azure role-based access control

I'm really new to Azure but trying to learn - so apologies if this is a daft question. I've started the free trial (which gives me some credit to start with), and I'm trying to create a key vault. If I specify "Vault access policy" under access…

azure permissions azure-keyvault rbac

asked Nov 15 '21 at 08:25

Andy

votes

4 answers

How can I create an X509Certificate2 object from an Azure Key Vault KeyBundle

I am using Azure Key Vault to protect our keys and secrets, but I am unsure how I can use the KeyBundle I retrieve using the .net SDK. How can I create an X509Certificate2 object?

c# .net azure x509 azure-keyvault

asked May 04 '16 at 16:17

Dan O'Leary

2,660
6
24
50

votes

2 answers

How is a keyvault more secure than standard storage?

I am trying to understand the security benefits that Azure Key Vault would offer (or equally AWS KMS) I understand the benefits of key management, of being able to easily rotate, change, audit key access. What perplexes me a little though is how…

azure security azure-keyvault

asked Sep 30 '15 at 23:18

Michael B

11,887
6
38
74

votes

1 answer

The system cannot find the file specified - azure key vault certificate

I have added a pfx certificate in azure key vault. I have one asp.net web api application where through one of the endpoint I am trying to access certificate information from key vault. public class ValuesController : ControllerBase { public…

azure-web-app-service azure-keyvault asp.net-core-3.1 azure-managed-identity

asked Jul 08 '20 at 03:36

user584018

10,186
15
74
160

votes

2 answers

Azure Key Vault Certificates does not have the Private Key when retrieved via IKeyVaultClient.GetCertificateAsync

I have 2 approaches to do the same thing, but Azure has deprecated the one that works, and the other method doesn't work. The approach that works, but is deprecated: I store my PFX in Azure Key Vault Secrets. (when I create the secret I see a…

c# ssl azure-keyvault x509certificate2 kestrel-http-server

asked Jul 21 '18 at 00:46

Nandun

1,802
2
20
35

2 3

…

99 100 Next