Integrating Azure Key Vault in .NET MAUI Application

Question

I want to integrate Azure Key Vault into my .NET MAUI application to store secrets. Can you suggest the best way to do this.?
Additionally, we are also utilizing REST APIs in the app. Please guide me on how to securely integrate Key Vault and manage secrets in this context.

FYI - We are using MSAL authentication in the application?. Update

---

I want to retrieve the secrets that are stored in the Key Vault in the MAUI Application.

Answer 1

you can not safely use Azure Key Vault directly from a Maui app (as you can not include the keys with distribution). Your REST API should access the key vault on the behalf of the Maui user. while the REST API can return the access secret and the app could store, the RST api might as well return the secrets directly.

note: the mobile O/S have local encryption services used to store secrets the user generates or fetches.

https://learn.microsoft.com/en-us/dotnet/maui/platform-integration/storage/secure-storage?view=net-maui-9.0&tabs=android

Answer 2

Do you want to store secrets or do you want to retrieve them? If later, you should rely on environment variables as described here (https://12factor.net/config).

If you want to save secrets from your .NET backend to Azure Key Vault, you should use the Azure Key Vault client library for .NET. Here is an example.