1

I have the following code, which retrieves the Secrets from KeyVault.

var kv = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(GetToken));
var sec = await kv.GetSecretAsync(ConfigurationManager.AppSettings["SomeURI"]);
secretValue = sec.Value ;

GetToken method :

async Task<string> GetToken(string authority, string resource, string scope)
{
    var authContext = new AuthenticationContext(authority);
    ClientCredential clientCred = new ClientCredential(ConfigurationManager.AppSettings["ClientId"],ConfigurationManager.AppSettings["ClientSecret"]);
    AuthenticationResult result = await authContext.AcquireTokenAsync(resource, clientCred);    
    if (result == null)
        throw new InvalidOperationException("Failed to obtain the token");    
    return result.AccessToken;
}

In GetToken method, I'm fetching the ClientId and ClientSecret from Appconfig.

I feel that it is not safe to keep these values in Appconfig and use them. Is there a way I can remove from config file and fetch from anywhere else. Or is there any possible good solution to my problem.

Any response is highly appreciated!

PS: Mine is a windows service developed in c#

Improve this question

1 Answer 1

Reset to default
1

Is there a way I can remove from config file and fetch from anywhere else. Or is there any possible good solution to my problem.

Based on my understanding, you could store the related information into the database. And you could use the windows Authentication to access the database to get the related information.

Another way to work with a managed identity is through the Microsoft.Azure.Services.AppAuthentication.

var azureServiceTokenProvider = new AzureServiceTokenProvider();
var kv = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(
azureServiceTokenProvider.KeyVaultTokenCallback));

In this way you no need to store the related information, but you need to use azure cli to login to azure first before run the service. The AzureServiceTokenProvider class caches the token in memory. For more detail information please refer to authenticate to custom services.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.