Problem Retrieving Secret From Azure KeyVault

Carolyn Schroeder 191 Reputation points
2021-08-03T21:58:25.547+00:00

I have a Web Hosted Blazor client site application. I am using Twitter or Google to authenticate. I am storing the authentication options for the Startup in Azure Key Vault. I am getting errors trying to retrieve them.

Here is the C# code I am using in the Startup:
var key = ((KeyVaultSecret)client.GetSecret("KeyName")).Value;

I am using a system assigned identity to access the KeyVault for the application. Here are the CLI inputs/outputs that I used to assign it:
az webapp identity assign --name "datalucent-dev" --resource-group "ASP-DataLucent-dev"
--resource-group "ASP-Datalucent-dev"
{
"principalId": "2ac33678-1aa3-4693-86db-f9b5be3963b6",
"tenantId": "b3d529c6-210a-4647-82d0-8c0746220a43",
"type": "SystemAssigned",
"userAssignedIdentities": null
}

az keyvault set-policy --name "DataLucent" --object-id "2ac33678-1aa3-4693-86db-f9b5be3963b6" --secret-permissions get list

{
"id": "/subscriptions/1eb2e2a4-2761-4339-9f4e-fcd37260a852/resourceGroups/ASP-DataLucent-dev/providers/Microsoft.KeyVault/vaults/Datalucent",
"location": "eastus",
"name": "Datalucent",
"properties": {
"accessPolicies": [
{
"applicationId": null,
"objectId": "fd5f49ef-618e-4e09-800f-d68e6023751e",
"permissions": {
"certificates": [],
"keys": [],
"secrets": [
"Get",
"List",
"Set",
"Delete",
"Recover",
"Backup",
"Restore"
],
"storage": null
},
"tenantId": "b3d529c6-210a-4647-82d0-8c0746220a43"
},
{
"applicationId": null,
"objectId": "69c13bd8-9110-4c33-a5cc-80734eceedc3",
"permissions": {
"certificates": [],
"keys": [],
"secrets": [
"Get",
"List",
"Restore",
"Backup",
"Recover",
"Delete",
"Set"
],
"storage": null
},
"tenantId": "b3d529c6-210a-4647-82d0-8c0746220a43"
},
{
"applicationId": null,
"objectId": "816ba1b8-5204-413a-a788-e08199b24422",
"permissions": {
"certificates": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"ManageContacts",
"ManageIssuers",
"GetIssuers",
"ListIssuers",
"SetIssuers",
"DeleteIssuers"
],
"keys": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"Decrypt",
"Encrypt",
"UnwrapKey",
"WrapKey",
"Verify",
"Sign"
],
"secrets": [
"Get",
"List",
"Set",
"Delete",
"Recover",
"Backup",
"Restore"
],
"storage": null
},
"tenantId": "b3d529c6-210a-4647-82d0-8c0746220a43"
},
{
"applicationId": null,
"objectId": "bbba36a7-e155-4970-984a-745ab358c3e3",
"permissions": {
"certificates": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"ManageContacts",
"ManageIssuers",
"GetIssuers",
"ListIssuers",
"SetIssuers",
"DeleteIssuers"
],
"keys": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore"
],
"secrets": [
"Get",
"List",
"Set",
"Delete",
"Recover",
"Backup",
"Restore"
],
"storage": null
},
"tenantId": "b3d529c6-210a-4647-82d0-8c0746220a43"
},
{
"applicationId": null,
"objectId": "6b3aa4ee-4904-432e-8f02-c800ce013a98",
"permissions": {
"certificates": [],
"keys": [],
"secrets": [
"Get",
"Set",
"Delete"
],
"storage": null
},
"tenantId": "b3d529c6-210a-4647-82d0-8c0746220a43"
},
{
"applicationId": null,
"objectId": "fd3e137b-83d5-42c1-bb7e-750a0459bbc3",
"permissions": {
"certificates": [],
"keys": [],
"secrets": [
"Get"
],
"storage": null
},
"tenantId": "b3d529c6-210a-4647-82d0-8c0746220a43"
},
{
"applicationId": null,
"objectId": "c27bf47c-bb93-4cdf-88c4-6a35f0389f90",
"permissions": {
"certificates": [],
"keys": [],
"secrets": [
"Get",
"List"
],
"storage": null
},
"tenantId": "b3d529c6-210a-4647-82d0-8c0746220a43"
},
{
"applicationId": null,
"objectId": "3f1c0cd8-4256-48f8-a2a9-207afdf21ff4",
"permissions": {
"certificates": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"ManageContacts",
"ManageIssuers",
"GetIssuers",
"ListIssuers",
"SetIssuers",
"DeleteIssuers"
],
"keys": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore"
],
"secrets": [
"Get",
"List",
"Set",
"Delete",
"Recover",
"Backup",
"Restore"
],
"storage": null
},
"tenantId": "b3d529c6-210a-4647-82d0-8c0746220a43"
},
{
"applicationId": null,
"objectId": "6f45902d-1f0a-4f88-b1a2-21053455827c",
"permissions": {
"certificates": [],
"keys": [],
"secrets": [
"get",
"list"
],
"storage": null
},
"tenantId": "b3d529c6-210a-4647-82d0-8c0746220a43"
},
{
"applicationId": null,
"objectId": "e9f36c3e-cfbe-4562-a69a-0135aa47f594",
"permissions": {
"certificates": [],
"keys": [],
"secrets": [
"Get",
"List"
],
"storage": null
},
"tenantId": "b3d529c6-210a-4647-82d0-8c0746220a43"
},
{
"applicationId": null,
"objectId": "2ac33678-1aa3-4693-86db-f9b5be3963b6",
"permissions": {
"certificates": null,
"keys": null,
"secrets": [
"list",
"get"
],
"storage": null
},
"tenantId": "b3d529c6-210a-4647-82d0-8c0746220a43"
}
],
"createMode": null,
"enablePurgeProtection": null,
"enableRbacAuthorization": false,
"enableSoftDelete": null,
"enabledForDeployment": false,
"enabledForDiskEncryption": false,
"enabledForTemplateDeployment": true,
"networkAcls": null,
"privateEndpointConnections": null,
"provisioningState": "Succeeded",
"sku": {
"family": "A",
"name": "Standard"
},
"softDeleteRetentionInDays": null,
"tenantId": "b3d529c6-210a-4647-82d0-8c0746220a43",
"vaultUri": "https://datalucent.vault.azure.net/"
},
"resourceGroup": "ASP-DataLucent-dev",
"systemData": {
"createdAt": null,
"createdBy": null,
"createdByType": null,
"lastModifiedAt": "1970-01-19T20:13:46.793000+00:00",
"lastModifiedBy": "carolynlschroeder@Karima ben .com",
"lastModifiedByType": "User"
},
"tags": {},
"type": "Microsoft.KeyVault/vaults"
}

Any ideas?

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,449 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Carolyn Schroeder 191 Reputation points
    2021-08-22T19:54:23.02+00:00

    The error is just that key value I need has not been provided.

    I used the articles you referenced in writing my code. Is there a problem with the C# code I wrote?

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.