I am trying to connect to my azure vault from a console application with using MSI
For this vault i have added my user as the Selected Principle
the code i am using to connect is
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
var secret = await keyVaultClient.GetSecretAsync("https://<vaultname>.vault.azure.net/secrets/<SecretName>").ConfigureAwait(false);
I get the following exception
Microsoft.Azure.Services.AppAuthentication.AzureServiceTokenProviderException: Parameters: Connectionstring: [No connection string specified], Resource: https://vault.azure.net, Authority
class Program
{
// Target C# 7.1+ in your .csproj for async Main
static async Task Main()
{
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(
new KeyVaultClient.AuthenticationCallback(
azureServiceTokenProvider.KeyVaultTokenCallback));
var secret = await keyVaultClient.GetSecretAsync(
"https://VAULT-NAME.vault.azure.net/secrets/SECRET-NAME");
Console.WriteLine(secret.Value);
Console.ReadLine();
}
}
To run locally, create your very own Azure AD application registration (Web App/Web API type to make it a confidential client), add it to Key Vault and use its client_id and client_secret when acquiring the access token —
https://docs.microsoft.com/en-us/azure/key-vault/key-vault-use-from-web-application#gettoken
As Varun mentioned in the comments, there's now a better way to get an access token when running locally without exposing a service principal —