Is it possible to use Key Vault in static web-applications?

Tom Jenkins 46 Reputation points
2021-03-17T14:53:34.783+00:00

Hello everybody,

i created a static website (without node) - only HTML, CSS and JS to make calls to the custom Vision REST API.

I would like to securely store the API Key in Key Vault.

Is it possible to do that or do i need to create a node app?

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,184 questions
0 comments No comments
{count} vote

Accepted answer
  1. Andriy Bilous 11,176 Reputation points MVP
    2021-03-17T15:42:12.233+00:00

    Hello @Tom Jenkins

    It is not possible and not recommended. It is a security risk, as anyone can see your KeyVault connection details from browser console and access your secrets.

    You should not access secured resources directly from client code.

    https://www.npmjs.com/package/@azure/keyvault-secrets
    https://stackoverflow.com/questions/61741877/angular-azure-key-vault-managing-vault-access-secrets

    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Oscar Garcia @ozkary 1 Reputation point
    2022-08-30T18:33:39.893+00:00

    The best way to do this is to use an API, so the API, hosted on Azure, can access key vault. The recommended approach for your case is to use Azure Static Web Apps. It uses CDN to host the static content and Azure functions for API calls.

    0 comments No comments