9

I've read in most articles that deploying an application in Azure is needed such that an application will be able programmatically access the secrets stored in the Azure Key Vault.

Is there a way to not deploy the application in azure and have it still be able to access the Azure Key Vault to fetch the secrets either by using client id and client secret or certificates?

Alexander Farber
  • 21,519
  • 75
  • 241
  • 416
jeffhaw
  • 91
  • 1
  • 2
  • 1
    By using Azure Key Vault REST API: https://msdn.microsoft.com/en-us/library/azure/dn903609.aspx – Milen Dec 01 '15 at 14:13
  • 1
    This article is also very helpful for setting up a KeyVault and writing a simple C# app that talks to it: https://blogs.msdn.microsoft.com/kaevans/2016/10/31/using-azure-keyvault-to-store-secrets/ – bytedev Nov 16 '17 at 16:01
  • 1
    I've documented the process of configuring an Azure Key Vault and accessing it from a non-Azure application [here](http://www.industrialcuriosity.com/2018/03/azure-key-vault-in-c-for-dummies.html). – therightstuff Mar 29 '18 at 02:01

1 Answers1

8

There's no need to run your application in Azure for you to use Azure KeyVault. Your application can run on your local machine, somewhere on your intranet, in AWS or where-ever you like.

In order to access KeyVault, you need a security token from Azure Active Directory (AAD), so you do need to register your application within an AAD directory.

You can find more information on getting a token to talk to Azure KeyVault in this blog post here.

Alexander Farber
  • 21,519
  • 75
  • 241
  • 416
MvdD
  • 22,082
  • 8
  • 65
  • 93
  • 2
    I don't understand the "*ClientId* and *Secret*" approach. Ok, I'm not exposing in config file my actual secret (let's say for example a service password), but I'm exposing in config file a *ClientId* and a *Secret* that everyone can see and then use to access the key vault and then retrieve my actual secret. So, I am just moving the problem one step further but not solving it, correct? – Giacomo Pirinoli Nov 17 '20 at 15:53