Azure Key Vault

Azure key vault is one of the services in Azure which features to store connection strings, password, keys and any sensitive data securely. This article helps you to configure key Vault, create, access and secure keys in simple steps. In this tutorial, I will explain you how to secure blob storage connection string using Azure Key Vault and how to access the storage blob programmatically.

Login to
Click create a resource, choose “see all” in the marketplace, type “Ky Vault”

Click create and provide Name, choose subscription, Resource group, Location. Leave others default

On settings, click Secrets, then click “Generate/Import” to create new key. Choose upload option as “Manual” and enter name of the secret key. Now, get copy Key 1 connection string value from blob storage. Enter this connection string value to “Value” field in azure key vault create page. Leave other fields as default.

Click create. Now we have created secret key for Azure Blob storage connection string. Next, we will programmatically connect azure blob storage securely.
Create new .NET core project in Visual studio and choose “ASP.NET Core Web Application” from the Application template.

Select “.NET CORE” and “ASP.NET Core 2.1” from the framework selection dropdown. Choose web application project template. Leave Authentication as “No Authentication”

Wait for creating new solution and project. Once done, Install the following NuGet Packages into the solution

  • Microsoft.Azure.Services.AppAuthentication
  • WindowsAzure.Storage
  • Microsoft.Azure.KeyVault

Add the following code snippet in your blob lisitng cshtml.cs page

Import the following namespaces

using Microsoft.WindowsAzure.Storage;
using Microsoft.WindowsAzure.Storage.Blob;
using Microsoft.Azure.KeyVault;
using Microsoft.Azure.KeyVault.Models;

Get connection string from Azure Key vault

public static async Task GetBLOBSecretKey()
     var azureServiceTokenProvider = new AzureServiceTokenProvider();
     var keyVaultClient = new KeyVaultClient(
     new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback) );
 SecretBundle secretValue;
  try {
secretValue = await keyVaultClient.GetSecretAsync(“<Azure KeyVault Key Identifier>”);
strBlobKey = secretValue.Value.ToString();
catch (KeyVaultErrorException ex)
throw ex;

Call the above method by this statement

Get the Azure Key Vault Key Identifier from “azure key vault” created in previous step by select

Secrects > azmstk > choose current version (GUID) > Key Identifier

Copy the Key Identifier and replace
<Azure KeyVault Key Identifier> placeholder from the above code

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Leave a Reply