Before creating a key vault it needs me to create an application Active Directory. Why do we need it? It's not even my actual application (i.e. I have not uploaded my app to Azure but using secrets from the key vault only in my visual studio web application). I still don't understand that part.
0
votes
What requires you to create an app registration in AAD? To access Key Vault, an app is needed to get access tokens, yes. But Visual Studio is capable of that without an extra app. It can access KV as you. However, when running outside Visual Studio (or other such environment that offers this capability) you do need to register an app there. That's the application's identity that is then given access to Key Vault.
- juunas
If I host an app on Azure, can it be given access to vault?
- azure boy
It'll need an identity in Azure AD. You can use a Managed Identity for this (which I recommend), or you can register an app in AAD and use its credentials to authenticate and access Key Vault. Either way, you'd give access to the app by adding an access policy to the Key Vault.
- juunas
Where were you creating the key vault? I think we could create it without an AAD App, for example in the portal.
- Joy Wang-MSFT
OK coming to the first part "Accessing vault from VS without registering app", I tried that but visual studio's AzureKeyVault.json file needs ClientID and ClientSecret which you can only get after registering an app in the AD. So does it mean that we can not access vault from vs without registering app?
- azure boy
