Share via


Create an Azure Key Vault and Secret

Storing, for example, a database connection string which include server name, user id and password in source code or in a configuration file is what is called ‘password leaking’.  That means that anyone who has access to application source code can search through and get access to the database, because the information required to connect is stored within it.

The same is true for any secret which you use to protect or restrict access to a secure resource.

A nice Azure feature that makes sharing secrets (ex: a database connection string) is by creating a secret within an Azure Key Vault.  A single Azure Key Vault can have many secrets.

image

Start by creating the Azure Key Vault as seen in Figure 1.

image

Figure 1, how to create an Azure Key Vault

After its creation, create a Secret by clicking the Secrets link and then Generate/Import as seen in Figure 2.

image

Figure 2, create an Azure Key Vault Secret

Then create the Secret Name and value, as seen in Figure 3.

image

Figure 3, create an Azure Key Vault Secret Name and Value

There are numerous ways to then access the Secret from code.  I prefer using Access Policies and a Managed Service Identity which I discussed here:

You might also find these articles helpful as well: