0
votes

i have one website which i have posted on azure webapp and that website is connected with SQL database so we are try to setup that database connection string password directly attach with azure key vault so we don't have any idea how can we add that function any one please help me on this.

Follow my Connection string with DB login code

{
  "Logging": {
    "LoginLevel": {
      "Default": "Warning"
    }
  },
  "AllowedHosts": "test",
  "connectionStrings": {
    "demoDBConnection": "Data Source = test-QA-sqldemo.public.demo.database.windows.net,3342; Initial Catalog = demo;persist security info=False; user id=sql-demo;password=test;timeout=30"
  }
}

so how can i retrieve the password in this connection string using azure-key vault so we can remove this sql password and setup keyvault method...

2

2 Answers

0
votes

we are try to setup that database connection string passwordd directly catch with azure key vault

You can store whole database connection string into azure key vault instead of only password. Refer to the steps as below:

1.Create a azure key vault and add demoDBConnection with its value as secret in key vault.

2.Enable Managed Identity for your azure webapp.

3.Go to you key vault and click Access policies and add the webapp's service principle with Secret's Get permission.

4.Then in azure webapp, use the following code to get the connection string in key vault.

var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
var secret = await keyVaultClient.GetSecretAsync("KeyVaultUrl", secretName).ConfigureAwait(false);
var secretValue = secret.Value;

For more details, you could refer to this article.

Also, you could use Key Vault references for App Service like below:

@Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/mysecret/ec96f02080254f109c51a1f14cdb1931)