Generate Azure KeyVault SecretIdentifier (Url) with Version

0
votes

We are creating secrets dynamically in azure key vault and now we want to get Secret Identifier / Uri with version so that secrets can be retrieved ?

Is there any built in method or easy way to generate Secret Identifier ? Mainly I am getting challenge to retrieve secret version.

Sample : https://YourVaultName.vault.azure.net/keys/YourKeyName/01234567890123456789012345678901

We are using keyvaultclient C# class to manage keyVault in our application

Screenshot contains secret identifier & version

1
c#azureazure-keyvault
Not terribly clear what you are asking. There's an operation to list secrets, but if you are generating secrets why aren't you maintaining a separate database connecting them to whatever object needs them and then retrieving them by name? Key-vault isn't a great "database".Ian Mercer
I need the keyvault url including key and secret version. I have added sample in the question.user2463514
I have the name of key/secret to retrieve but I dont have secret version which is part of url. Is secret version is required when we want to retrieve secret value ?user2463514
You can retrieve the latest version without specifying the version. Take a look at the key vault client class.Ian Mercer
Typically you want the most recent version. BUT in a concurrent system another Azure app might be active and using the current version, you don't want to cause it to fail as you rotate the secrets. You can also set when the secret becomes valid or expires, e.g. I want to switch secrets at midnight - so you need two versions.Ian Mercer

1 Answers

1
votes

To get the current version of the secret, you could use GetSecretAsync .

I use Microsoft.Azure.Services.AppAuthentication to create a keyvault client, sample here.

var azureServiceTokenProvider1 = new AzureServiceTokenProvider();
var kv = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider1.KeyVaultTokenCallback));
var secret = kv.GetSecretAsync("https://<keyvault-name>.vault.azure.net/", "<secret-name>").GetAwaiter().GetResult(); 
Console.WriteLine(secret.SecretIdentifier.Version);

If you want to get all the versions of the secret, you could use GetSecretVersionsAsync.

var versions = kv.GetSecretVersionsAsync("https://<keyvault-name>.vault.azure.net/", "<secret-name>").GetAwaiter().GetResult();