0

I have a client secret in the form of a private key that I want to store in an Azure key vault. My appsettings file contains the property to be read like so:

"MyConfiguration": {
    "ClientSecret": "<secret>",

The secret looks like this:

{
  "kty": "RSA",
  "kid": "someKID",
  "alg": "PS512",
  "e": "AQAB",
  "n": "lotsoftext",
  "d": "lotsoftext",
  "dp": "lotsoftext",
  "dq": "lotsoftext",
  "p": "lotsoftext",
  "q": "lotsoftext",
  "qi": "lotsoftext"
}

Previously the secret was stored locally in a private.jwk file, but now is being moved to key vault. Locally everything works fine, even when reading from the key vault. The configration value gets set as expected. However in my dev environment in Azure, the API simply fails. The logs say that the application has started, and Swagger is available, but all endpoints return 500 with no additional logs. I have wrapped the section of Startup.cs where the configuration is mapped in a try/catch with logging, but nothing gets logged at all.

My first thought was that something might be wrong with the formatting when uploading it to the key vault, but why would it work locally and not in Azure then, when using the exact same secret?

This secret is used for authentication, but even endpoints that do not require authentication return a 500.

Any ideas what might be wrong?

PalBo
  • 2,203
  • 3
  • 22
  • 43
  • How did you check that the app has started? To me it looks like for some reason the app does not start properly. Did you download the start up log files to look through them? Also, if you are deploying this to an app service - the configuration section in Azure has the ability to connect to KeyVault for you and will tell you if the correct permissions are in place for it to be able to access that KeyVault. Have a look at this: https://intelequia.com/blog/post/2070/storing-azure-app-service-secrets-on-azure-key-vault – Cristian Teodorov Feb 23 '23 at 12:24

1 Answers1

0

I used the below code and able to fetch the secret value from azure.

Thanks to Cristian Teodorov for the process.

  private readonly IConfiguration _configuration;

        public ValuesController(IConfiguration configuration)
        {
            _configuration = configuration;
        }

        [HttpGet]
        public string Get()
        {
            var value = _configuration["rajeshsecret"];
            return "Value for Secret [rajeshsecret] is : " + value;
        }

Appsettings.json

  "KeyVault": {
    "Vault": "Your Vault Name",
    "ClientId": "Your ClientId",
    "ClientSecret": "Your Client Secret"
  },

enter image description here

enter image description here

enter image description here

enter image description here

For further information check the Key Vault Doc.

Rajesh Mopati
  • 1,329
  • 1
  • 2
  • 7