Connect .Net Core to Azure Key Vault in Ten Minutes

Рет қаралды 54,295

4 жыл бұрын

Hey friends, In this video let's look at how to access secrets in an Azure Key Vault from a .Net Core web application. Azure Key Vault is a cloud-hosted service for managing cryptographic keys and secrets like connection strings, API keys, and similar sensitive information. Key Vault provides centralized storage for application secrets.
In this demo, we will add an API endpoint to drop a message into an Azure Storage Queue. We will store the connection string required to connect to the storage account in Key Vault and access it from there. We will also how to handle key rolling/rotation scenarios and gracefully update the application to use the new secret from Key Vault.
Getting Started with Azure Key Vault - • Getting Started With A...
Azure SDK DefaultAzureCredential - • Azure SDK DefaultAzure...
Azure Managed Identity and Local Development - • Azure Managed Identity...

Пікірлер: 78

@VinayKumar-qu1eg 3 жыл бұрын

You have covered at least 16 hrs of billable effort in under 11 minutes. Great pace and more importantly quality content & thanks. I'm here after Scott Hanselman's tweet.

@RahulNath 3 жыл бұрын

Glad you liked it!

@nitinmistry6280 2 жыл бұрын

I love the pace. It's short and to the point. Exactly what I needed to share with my team. Thank you Rahul!!

@RahulNath 2 жыл бұрын

Great to know that Nitin. You and team will like the full series here bit.ly/asp-net-core-series

@banam3540 2 жыл бұрын

Excellent, Very straight forward and easy to understand

@RahulNath 2 жыл бұрын

Glad you like it! Do check out the full ASP NET Series here bit.ly/asp-net-core-series

@adaamit Жыл бұрын

Thank you Rahul, You are just producing what is needed for a developer, crisp, precise and to the point, saving many hours of R&D and efforts, God bless you.

@RahulNath Жыл бұрын

Thank you Amit! Glad the videos are helpful.

@velomaayo9424 2 жыл бұрын

Simply Awesome bro....Love from India.......

@RahulNath Жыл бұрын

Thanks a ton Velo. Hope you are enjoying the ASP Series bit.ly/asp-net-core-series

@anowereng 2 жыл бұрын

you are always top of my search query . thanks rahul .

@RahulNath 2 жыл бұрын

Glad to hear that Anower!!

@mystiqkc 3 жыл бұрын

Excellent video! Thanks

@RahulNath 3 жыл бұрын

Glad you liked it!

@rishukumar7586 2 жыл бұрын

i don't know how i should thank you for uploading such a quality content ..lots of love from my side ..

@RahulNath 2 жыл бұрын

Thank you Rishu for this lovely comment. You've made my day. Glad you liked the video, do check out the full ASP Series bit.ly/asp-net-core-series And don't forget to leave such encouraging comments if you like them 🤩

@venky76v 2 жыл бұрын

Brilliant Rahul, you have explained it all so nicely. thanks really appreciate it

@RahulNath 2 жыл бұрын

Thank you Venky! Do check out the full series here bit.ly/asp-net-core-series I am sure you will like it. Do let me know in case you get to watch it. 😀

@venky76v 2 жыл бұрын

@@RahulNath Sure, it is on my list. Like the way you explain concepts so nicely and the videos are paced correctly. Really appreciate all the effort and time you spend to produce such wonderful content

@RahulNath 2 жыл бұрын

@@venky76v Happy to hear that 😀

@HimanshuMishra1189 Жыл бұрын

Nice Rahul, Thanks for posting on AKV. keep the good work and posting of these tricky videos.

@RahulNath Жыл бұрын

Thank you, I will. You can check my popular series here bio.link/rahulpnath

@11504104067 3 жыл бұрын

It helped me to understand my environment :)

@RahulNath 3 жыл бұрын

Thanks Rakesh for letting know!

@TomaHawk00HouseMusic 2 жыл бұрын

Cheers my man! One big love 4u

@RahulNath 2 жыл бұрын

Thank you 😍 Do check out the full series here. I am sure you will like them kzfaq.info/sun/PL59L9XrzUa-nqfCHIKazYMFRKapPNI4sP

@manishksohni 3 жыл бұрын

Excellent Video.

@RahulNath 3 жыл бұрын

Thank you very much, Manish!

@vikasviswan2892 3 жыл бұрын

Happy to see your videos, The series on Azure Vault looks really impressive. I am exploring more of your videos. Could you please give an overall picture in the beginning like some diagram or explain in words the approach that we are going to have.

@RahulNath 3 жыл бұрын

Happy that you like the videos and finding it useful. Awesome feedback! - I will try and incorporate it in my future videos, to give a more structured introduction!

@mesh475 3 жыл бұрын

Great vid bruv

@RahulNath 3 жыл бұрын

Thank you 😀

@holivieri Жыл бұрын

Great video, what's the best option to work with different environment? Let's say we have a connection string for Testing, another one for UAT and another one for Production.

@RahulNath Жыл бұрын

Thank you! here are different ways you could manage the configuration www.rahulpnath.com/blog/handling-application-configuration/ Let me know if that answers your question or if you need more info.

@dotnet8925 5 ай бұрын

can you write a unit test case for keyvault?

@iambhanu7 3 жыл бұрын

Won't using Polly this way cause the key-vault configuration to be reloaded from keyvault EVERY time there is a failure in sending message to queue ? I understand this may be set up like this just for illustration purpose, but I wonder what are the best practices for dealing with such issues.

@RahulNath 3 жыл бұрын

Thank you for the comment Bhanu. It will retry to Key Vault only when there is an error with the key already fetched. Isn't that what we want in our applications? What problem do you see? It will refresh from key vault only when it finds an unauthorized exception.

@deepakbasruru1215 4 жыл бұрын

Can you please make more videos on .Net core web API like Authentication and Authorization (Token based authentication and provide access to web API method basis on token) Middleware Dependency injection etc.. It helps lot.

@RahulNath 4 жыл бұрын

Thanks for the ideas and suggestions Deepak. There are a few videos around Roles and Auth. Here are the links in case you missed it kzfaq.info/get/bejne/fryiqKWI2rHSias.html kzfaq.info/get/bejne/fLqgdMqErczZaKM.html I have planned out a few videos around Authentication and Authorization. Was there anything in particular that you wanted to be covered? Will also look into the other areas that you have mentioned. Thanks again for thesuggestions and keep them coming!

@deepakbasruru1215 4 жыл бұрын

@@RahulNath Thanks Rahul.. Above mentioned videos are much useful. And regarding authentication and authorization, I have a scenario, say I have a web app(lets assume it is angular app) in which user will login with his credential, Once he enters the credential we need to check authentication and get token from Azure AD side ( In angular we adal service). Once we get Token we are using this token to get data from web API, where authorization need to implement on api methods based on token roles or policy. Please can you please explain this with very starting basic things like registering user, assigning roles.. etc? Thank you..

@RahulNath 4 жыл бұрын

@@deepakbasruru1215 Thank you for the detailed comment. Sure will make a video on these scenarios sometime soon!

@dandoescode 3 жыл бұрын

I've you were using managed identities to access the storage account, couldn't you get remove the dependency on Key Vault altogether?

@RahulNath 3 жыл бұрын

Ah yes if you were using Managed Identities yes for storage account you can remove. This was more an example to show Key Vault and it's integration, but well pointed out!

@skannan74 2 жыл бұрын

Hi Rahul, I have my aspnet core application that pulls the connection string from KeyVault using Manage Identity. Currently the application is running in Azure App Service. Now i want to move this application to AKS. Will the application still works? Or i have to explore pod identity ?

@RahulNath 2 жыл бұрын

Unfortunately I haven't used this from AKS so can't help you there much. Hope you found a solution !

@rukminiverlekar761 3 жыл бұрын

Polly is Open Source. Any alternative for handling this?

@RahulNath 3 жыл бұрын

Sorry, what is the problem with Polly and it being Open Source? There is an official extension package as well from Microsoft - docs.microsoft.com/en-us/dotnet/architecture/microservices/implement-resilient-applications/implement-http-call-retries-exponential-backoff-polly And.NET is also open-source - dotnet.microsoft.com/platform/open-source

@androidsavior 3 ай бұрын

please share the code. I did not understand how Azure authorized your app for the key-vault itself and gave you access to the keys ?!!

@androidsavior 3 ай бұрын

is that done by just using the valut domain ?! -- should i give the vault a GUID name for better security ?

@YadavTechs 2 жыл бұрын

I followed the same steps that you mentioned but I am getting the error to get the token : DefaultAzureCredential failed to retrieve a token from the included credentials. - EnvironmentCredential authentication unavailable. Environment variables are not fully configured. - ManagedIdentityCredential authentication unavailable. No Managed Identity endpoint found.

@RahulNath 2 жыл бұрын

Is this on your local machine or on deployed app? Here are a few follow up posts to understand this better www.rahulpnath.com/blog/defaultazurecredential-from-azure-sdk/ www.rahulpnath.com/blog/azure-managed-service-identity-and-local-development/ Suggest going through the video again and make sure you have got all the settings correct

@YadavTechs 2 жыл бұрын

@@RahulNath actually that error was on my local system but luckily I got the solution of the problem but it's not a proper solution so I have to explore it more closely. Temp solution - I had login into my IDE VS with my azure account so now it has authenticated to access keyvault and run Successfully but when I deploy it on app services it gets failed. I hope you understand the problem.

@RahulNath 2 жыл бұрын

@@YadavTechs For local environments it is expected to log into Visual Studio to authenticate (or use other local mechanisms) as I specify in the post www.rahulpnath.com/blog/azure-managed-service-identity-and-local-development/ Once deployed to Azure, you need to enable managed identity and assign the connection. Hope you are doing these steps as I show in the video? You might have to restart the app

@rukminiverlekar761 3 жыл бұрын

I am getting AKV10032 invalid issuer. Keyvaault exception here ☹️

@RahulNath 3 жыл бұрын

Is it a cross tenant issue? Is the key vault and the ad on the same tenant? github.com/Azure/azure-cli/issues/11871

@rukminiverlekar761 3 жыл бұрын

@@RahulNath they are not on same tenant

@RahulNath 3 жыл бұрын

@@rukminiverlekar761 So likely you are running into the issue in the link above

@jayakumar2927 6 ай бұрын

Which is link ?

@RahulNath 6 ай бұрын

Sorry didn't understand the question?

@annupriya0304 2 жыл бұрын

trying the same solution getting build errors

@RahulNath 2 жыл бұрын

What errors are you getting ? I’ll try and check the source if some packages have updated . Also check out the associated blog post in case it helps www.rahulpnath.com/blog/connect-net-core-to-azure-key-vault-in-ten-minutes/

@annupriya0304 2 жыл бұрын

@@RahulNath Could u share the git repo for the same

@annupriya0304 2 жыл бұрын

@@RahulNath By d way code worked after refering the blog. thanks :)

@RahulNath 2 жыл бұрын

@@annupriya0304 Cool great to hear that . What was the problem ?

@allmhuran 2 жыл бұрын

This is a great video. Unfortunately microsoft has some kind of mental illness which causes them to keep changing even the most basic elements of application development, like the correct way to set up configuration and logging. And of course this means in newer .net the whole "CreateHostBuilder" dependency injection monster has been modified YET AGAIN, making this excellent video practically obsolete. Thanks again, microsoft.

@RahulNath 2 жыл бұрын

I am not sure if much has changed with the new way. I guess the registrations have moved places a bit, but over all it still holds. I will check and see if I can do an updated video! Thank you for pointing it out here.

@DenzilNBrown 3 жыл бұрын

I think this is a good video but if you're new to this it's hard to follow as the video flips by so fast with no time to digest what's being said and what's being shown. If you already have some background I think you might find it ok so I guess the audience for this video is more advanced or knowledgeable users with some prior knowledge looking for more clarity.

@RahulNath 3 жыл бұрын

Thank you Denzil for your feedback. Yes looking back I guess this video is a bit fast paced. Were there any areas that you found it hard to follow or needs more clarification. I have an associated blog post for this here if that helps www.rahulpnath.com/blog/azure-sql-server-managed-identity/

@alekseiprokopov1716 Жыл бұрын

So you need a SECRET KEY to get SECRET KEY :)

@RahulNath Жыл бұрын

That’s why it’s best to use this along with Managed Identity - www.rahulpnath.com/blog/defaultazurecredential-from-azure-sdk/

@clashclan4739 2 жыл бұрын

too fast bro, is it because to complete in 10 mins. pls don't do that take as much time needed. usually your videos give in-depth that is more valuable

@RahulNath 2 жыл бұрын

I just pointed you here in the other comment 🙂Any specific areas you want me to clarify? What specific use case are you trying to solve for? I can do a more detailed video on this. Also check out these related videos/blog www.rahulpnath.com/blog/handling-application-configuration/ kzfaq.info/get/bejne/rbqDqJWSqNW2Z40.html kzfaq.info/get/bejne/jKuajLpimb2vgoE.html kzfaq.info/get/bejne/p9qgbJN6vrO2mGw.html Let me know in case you have additional questions and thank you for your valuable feedback!