DEV Community

Shivappa
Shivappa

Posted on

Azure Key vault authentication

In the previous part we have learnt how to add Azure Key Vault resource. Now we will learn how to add the authentication to the Key vault to access it.
Let's create a access-policy(principal) to access the store.
To add the access-policy we have to make the Authentication with the Active Directory.
Let's see how we can authenticate.
Go to resources and search for ADB2C.
Read more about ADB2C here.
https://dev-to-uploads.s3.amazonaws.com/uploads/articles/om6l4l3ss1c9e16flbaf.png

Register new application in ADB2C to get the CLIENT_ID, CLIENT_SECRET and TENANT_ID.
Go to App registrations and click on "New registration*.
https://dev-to-uploads.s3.amazonaws.com/uploads/articles/8o76g7cae38show8bffl.png

Name this application and select Single tenant option.
Click on Register to register this application.
https://dev-to-uploads.s3.amazonaws.com/uploads/articles/ttpxwfuutosi1kt5unxe.png

Go to the new app created and note down the Client ID and Tenant ID which we require in our web application.
https://dev-to-uploads.s3.amazonaws.com/uploads/articles/hiat3w9sorfjth99vabw.png

In addition, we need to add the secrets and use them.
create new secrets and note that also for later use.
https://dev-to-uploads.s3.amazonaws.com/uploads/articles/yquyta1aku15sg7qld79.png

Now we have successfully created the identity which can be used in Azure Key Vault for access.

Go to the created Azure Key Vault resource and click on
Access policies and select Add Access Policy.
https://dev-to-uploads.s3.amazonaws.com/uploads/articles/lo8tcao0mxcsy0xzffwl.png

  • Select the template from the drop-down. Key, Secret, and Certificate Management. If you want to select only secret you can do so.
  • Select Key Permissions which can be allowed for this access if Key Management has opted.
  • Select Secret Permissions which can be allowed for this access if Key Management has opted.
  • Select Certificate Permissions which can be allowed for this access if Key Management has opted.
  • select Select Principal and search for the application which we created in ADB2C in the above steps.

https://dev-to-uploads.s3.amazonaws.com/uploads/articles/ac3kjzkwonf4p9du5r7t.png

We have authenticated our key vault by whom it can be used.
Let's write a simple flask app to fetch the secrets from the key vault in the next part of this series.

Top comments (0)