0

I have a typescript application from which I need to connect to Azure blob storage. I have placed the blob connection string details in Azure key vault service. But to call the key vault URL to access those keys and secrets, I need to include Client ID, Client Secrets in my Typescript page. But as its a front end page anyone can see those secrets from browser console. How we can we get rid of this situation. any one solution to below may solve my problem. Kindly let us know.

1.Is there any way to hide these secrets from browser console window. So it will not visible in browser.

2.Is there any way to use other authentication to Azure key vault from typescipt page without providing client id and client secrets.

Pardha
  • 103
  • 2
  • 7

1 Answers1

1

1.Is there any way to hide these secrets from browser console window. So it will not visible in browser.

No. If your app can see it, so can the user.

2.Is there any way to use other authentication to Azure key vault from typescipt page without providing client id and client secrets.

Yes, though I think this would be a bad idea. Accessing Key Vault on behalf of the signed in user would work without a secret but the connection string is still visible and would allow a user continued access to Blob Storage.

A better option here could be to access Blob Storage as the user.

  1. Assign Blob Data Reader role to user on the Storage account/blob container you want them to be able to access
  2. Register an app in Azure AD, requiring the user_impersonation permission on Azure Storage from API permissions tab
  3. Authenticate the user using MSAL
  4. Acquire access token for Azure Storage with scope: https://storage.azure.com/user_impersonation
  5. Call Storage APIs with token

No access key is needed, there are no secrets given to user. It is all based on the user's access, not the app's. Since we can't authenticate a front-end app, this is what we can do in a front-end.

The other alternative would be to make the requests from a back-end application.

juunas
  • 54,244
  • 13
  • 113
  • 149