Azure key vault is one of the services in Azure which features to store connection strings, password, keys and any sensitive data securely. This article helps you to configure key Vault, create, access and secure keys in simple steps. In this tutorial, I will explain you how to secure blob storage connection string using Azure Key Vault and how to access the storage blob programmatically.
Login to https://portal.azure.com
Click create a resource, choose “see all” in the marketplace, type “Ky Vault”
Click create and provide Name, choose subscription, Resource group, Location. Leave others default
On settings, click Secrets, then click “Generate/Import” to create new key. Choose upload option as “Manual” and enter name of the secret key. Now, get copy Key 1 connection string value from blob storage. Enter this connection string value to “Value” field in azure key vault create page. Leave other fields as default.
Click create. Now we have created secret key for Azure Blob storage connection string. Next, we will programmatically connect azure blob storage securely.
Create new .NET core project in Visual studio and choose “ASP.NET Core Web Application” from the Application template.
Select “.NET CORE” and “ASP.NET Core 2.1” from the framework selection dropdown. Choose web application project template. Leave Authentication as “No Authentication”
Wait for creating new solution and project. Once done, Install the following NuGet Packages into the solution
Add the following code snippet in your blob lisitng cshtml.cs page
Import the following namespaces
Get connection string from Azure Key vault
public static async Task GetBLOBSecretKey()
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(
new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback) );
secretValue = await keyVaultClient.GetSecretAsync(“<Azure KeyVault Key Identifier>”);
strBlobKey = secretValue.Value.ToString();
catch (KeyVaultErrorException ex)
Call the above method by this statement
Get the Azure Key Vault Key Identifier from “azure key vault” created in previous step by select
Secrects > azmstk > choose current version (GUID) > Key Identifier
Copy the Key Identifier and replace
<Azure KeyVault Key Identifier> placeholder from the above code