C

C#•4y ago

Anton

❔ Azure Key Vault for local development

I need an oauth secret for development, but since storing secrets in source code is a bad practice, and it's clear to me why, I thought I'd use a service for this. The only free* service that I found is Azure Key Vault. Now I'm wondering how to connect it to the dev aspnet core application.

• I need it to be easily available on other machines, granted I'm logged in;
• It should prompt me to log in if it doesn't have the appropriate permissions to access the keys;
• I should be able to manage whom I entrust the keys, so I should be able to authorize specific users manually, given I have access to the account that created the vault.
  The info I've found so far either throws around various authentication terms, like the RBAC, the active directory, the managed identity, which I haven't worked with and hence I don't know which one I need if any. Most tutorials talk about deploying to Azure, which I don't care about, I only need development access to the vault.

Now how I see the ideal experience, is that on restore of the project a command is run, which prompts authentication if required and copies the secrets into the secret manager storage for the project. https://learn.microsoft.com/en-us/aspnet/core/security/app-secrets?view=aspnetcore-7.0&tabs=windows#how-the-secret-manager-tool-works Then this command could be rerun as needed to sync the keys manually. The app then would just use this config and not care about azure.

* with the student pack

Safe storage of app secrets in development in ASP.NET Core

Learn how to store and retrieve sensitive information during the development of an ASP.NET Core app.