Securely Retrieve Secrets from Azure Key Vault in .NET Core Web API using ClientId & Secret | LSC

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
foreign the ultimate destination for mastering Cutting Edge Tech skills from front-end framework to the backend system our video covers it all with real-time demos and in-depth tutorials we will teach you how to code like a pro subscribe now and start your journey to becoming a smart coder are you looking to securely retrieve secrets from the Azure key walls in your.net core application in this comprehensive tutorial I'll guide you through the entire process from setting up the key Vault and registering your application to access the secrets using the client ID and secret and get ready to enhance your application security and steal my new secret management I have opened the portal and these are the list of resources that I have so basically you need to go and click on the cables if it is available if not search for the keyboard this is the keyword landing page right now there is no cables we're going to create two cables so let's click on the first one and select the appropriate Resource Group give a key Vault name I'm going to give LLC Dev key KV so basically this keyword is mainly mean for their purpose okay so I'm gonna give a name and let's have the final name as lscsu Dev keyword and then I'm gonna leave everything else to be the default one if you go to the next one here alone answer of the role based Access Control click on the Vault based access policy so we will come to the access policy in the later stage and give some permission through some applications which I will show you but but for now let's keep moving and let's go and click on the final one called create and with the latest on the default settings everything is choose the deployment is in progress the deployment is done so let's quickly go and create another key Vault while the deployment is in in the progress so I'm going to choose the same Resource Group I'm gonna name this as a production because for the demo purpose we need two key vaults so that you understand how to access it from the local and how to access it from the production and how this is how the organization usually sets up right so this is also it's going to be the same what access policy don't worry about access policy I will show you how to do it but let's keep everything else as default click on review create everything is good validation success click on Create and this is also getting deployed now there are two key walls we initiated the first one is ready and the second one once you refresh it it will come yes it came so both came walls already now let's go to the first one the day one go to the secrets under the objects and then let's put some two Secrets which is specific element for their purpose okay so I'm going to name it in such a way that when we retrieve the uh the name and the secret value uh you will be understanding that this is definitely coming from a Dev keyboard rather than keeping the names common so we get confused search for them or purpose I'm gonna name everything as Dev for the dev and Broad for the product okay don't worry about the circuit value it's all about retiring these information from the application so let's create two Secrets put some value created and then let's wait to see how it works see now there are two Secrets added now let's go to the production do the same thing but right now instead of having the dev I'm going to name it as prod so the name is all same except the prefix and value is going to be definitely different uh which is okay so let's create two more here first is done second one is the key to let's give some value click on create okay so two secrets in both the key balls okay now let's go to the first key Vault and uh here we need to show I mean we need to give permissions to the application so in order to First create an application click on the active directory which is azure active directory so if you're on your directory that will be a default active directory under the default actually directory there's something called app registration so click on the new registration here name a meaningful name so you identify what application it is this is just demo purpose I'm gonna give this as Dev app okay um maybe yeah just leave it as the web okay and then you have to choose the first one within the organization because your application is going to be within your application right so we're not gonna give them access to anyone outside it so keep that in mind and in the redirect URI for now just give a valid redirect URI choose as web it doesn't really matter for now for this purpose now this is done so here you see something called client ID copy that tenant ID copy that these two will be required when we do a configuration the application and let's open up the application let's stop this which is already running let's go to the development.json okay so I already have a set of uh you know the configuration it just doesn't have the value so here we're going to replace the client ID uh client ID from the client ID and talent ID from the tenant ID so let's keep the client ID here and then let's go to the tenant get an Talent ID copy that keep it here and one more thing planning is the client secret so in order to client the client secret click on the certificate in secret click on new client secret give some description and then you can choose whenever this want to be expired the recommended is 180 days I'm gonna leave it as default now remember copy this value immediately once you're done without come outside this value will be disabled you cannot copy it and if you forget to do so it's okay delete that secret and create a new secret okay so now let's go to the keyword it's time to configure this application to the keyboard so basically what we are trying to do is India sure we are telling hey this application has access to the keyword okay now we need to add the key Vault page URL which we copied from the robot view okay so now if we try to run this application okay I have a preset of coding uh basic coding that is done I will show you shortly but let's do the configuration first so access policy click on the access policy to the left side and here you choose what permission is required so the whole purpose of this demos about the secret function right so basically we can do a read permission on key secret certificate or because it's only secret so let's remove the permission for the key and certificate so the application which is going to be configured for this one will have access only to this the secrets now here under the principle try to search with the name that we developed that we created in the uh you know the application so just choose it and then done you're done with that so now we basically say the application that we registered has access to the secret of this keyword and it just has a read in the list function now what you have to do is come to this application you have to install couple of packages I'm going to give you the entire code but just remember these are the packages that I'm highlighting are installed so I'll show security key Vault identity another Azure keyword these three packages once you install we will have the necessary um things uh to configure it and then apart from that this basic settings in the development settings now let's come to the keyword controller so in the keyword controller I have a service called keyword Secret Service this is just a basic service that you will have in in general right and that has a method called get secrets and get circuits mother if you see we are going to fetch this base URL for Android secret Talent ready all these things okay so all these four people search from the configuration and then we are going to put the value read the value and put it into our mode model called wall secret okay so these are the important values remember these should be very correct from the portal so it will retry all these things with this four variable and then if you see line number one zero three we will create a new instance of circuit client we pass the URL and we pass the secret credential client secret credential this flow is client secret credential you might have seen my video in earlier that is all managed identity this is different that is different this is client credential okay so now with that the the client is given access and then it will read every single secret it'll write if it's the value of each secret put it into our model and finally returns the model now the application is running I'm gonna hit on execute you see this the application had access to that particular keyboard and then it was able to retrieve the data okay so similarly for production we need to have another application right for each environment in your organization they will have different different application registered okay so I'm going to simulate what in a real corporate uh organization they're doing so you will have a different application registered now if you remember we have different keywords right for each environment every process is the same copy the client ID copy the tenant ID create the secrets using the certificate in secret and let's copy all these things and put it into the production configuration okay this is only for the testing purpose I will show you how in general they will do to to secure this they will not put all these configuration in the in the production settings rather they will put it in a different place which I will show you after uh after this demo so now let's keep every single data into the production config let's go to the keyword go to the production keyboard same thing under the access policy okay we're going to configure something so now you copied all the four values now this the production keyword doesn't have any access policies we're gonna set up access policy click on create do the same thing it just need access to get and the list this time choose the application meant for the production so product app the product we we did it it came we selected it now this is all saved right so each client I mean each application that is registered for meant for a different keyword this the first one doesn't have access the second keyword vice versa the second one doesn't have access to the first one okay now this is production so let's run this and see how do you run this take this production word a word called production go to the salon setting set your asp.net environment test production which means it will pick up the production environment app settings that's how you change the environment okay so ASP net core environment will determine what is your environment by default it will be development you can change it to production and there are two things which is the the Castrol and the iOS Express based on what you use now you can choose the the values but in my case I just did for both the case you know irrespective of what you run it's gonna run it to the production side so all set let's run this application the application is running click on the keyboard let's see what happens now ideally we should access the production keyword and get those secrets from the production see you received all the letters here so now we know for sure these values are perfectly working now how do you secure them so what you're about to see is we are going to first publish this to the production and see whether that runs in the production okay so we were able to test it from the local and let's deploy these configuration and run it in the production like basically when I say production it's a deployed application okay so perfect this works in the deployed application also now it's time to know how to secure this I removed all these values from the production.json now if I publish there is no details that is available and I can show you for sure that this is not going to run so you should know that what I'm showing is correct right so we deployed nothing runs we just got it 200 because we have try catch it basically blow up now come to this deployed uh web app under the configuration okay so under the configuration you need to put all these value application uh settings so the one that you saw from the application setting is coming and sitting right so you can configure those things here so let's go here what what generally the company will do is they will come here they will put the secret value share because not everyone will have access to these uh environment okay so in order to do this let's see if you look at this keyword under keyword there is something called base URL so any any time that you have such thing it will go with the colon so keyword colon and then the base URL value is something that the value that we already know okay which means somebody from the organization from the devops name is going to do that you will not have access to do this now this is one way of doing you can also click on Advanced edit and come down and you can just add how much ever settings you have it I already have three settings like totally there are four settings one setting we just added I'm gonna copy paste the three more settings just right below this okay or I can come down all the way down and I can place it and this is what a short client ID client secret and daddy like I said I'm repeating no one will know this the devops or the Azure engineer will do it and then you will configure it for the application and that's it now let's rerun this okay so we're going to restart this application run it now you know we deployed without any configuration in the production setting but we configured in the application itself so it was able to retrieve those values and connect to the keyword and show you the details of the circuits all right let's summarize so we created the cables we created the application and we registered the application and then we configure the application and the access policy of the key walls then we configure those cables details in the in the web application we ran it we were able to access the key Vault and we also saw how to do this in the production application by configuring the secrets and we were able to configure all the application settings in the azure app service that's it for this video I hope you enjoyed this thank you thanks for watching if you found this video helpful please give it a thumbs up and subscribe to our channel for more Tech tutorials and don't forget to hit the Bell icon to get notified when we post new videos if you have any questions or suggestions leave them in the comments below happy coding
Info
Channel: Learn Smart Coding
Views: 2,756
Rating: undefined out of 5
Keywords: Azure Key Vault, Secret Management, Secure Secrets Retrieval, .NET Core Web API, ClientId, Secret, Azure Key Vault Integration, Application Security, Secret Storage, Azure Active Directory, Secure Application Development
Id: yeFFpjQwcdQ
Channel Id: undefined
Length: 14min 34sec (874 seconds)
Published: Mon May 22 2023
Related Videos
Effortless Key Vault Integration Store Secrets in NET Core Web API's InMemory Configuration | LSC
Learn Smart Coding
305
Stop Putting Your Asp.Net Core Secrets at Risk - Use Azure Key Vault!
Codewrinkles
8K
01. Azure using Python SDK : Retrieve your secrets from Azure Key Vault
TechyTacos
10K
Setting Up Azure Application Insights | Configuring in .NET Core Web API | Step-by-Step Guide | LSC
Learn Smart Coding
5.7K
JWT AUTHENTICATION In ASP NET Core with Azure AD | Getting Started With ASP.NET Core Series
Rahul Nath
92K
How to use Azure Key Vault + .NET Core easily | Secrets, Keys and Certificates - English
Jose Async
49K
Azure Function | Application settings | User Secrets | Azure Key Vault | Options Pattern
Sri Gunnala - Tech Talks
979
AZ-204 Key Vault Masterclass: Secrets, Security, and Best Practices Explained
Learn Smart Coding
177
Azure Key Vault Tutorial | Secure secrets, keys and certificates easily
Adam Marczak - Azure for Everyone
173K
Use Azure Managed Identities and Azure Key Vault to Protect Your .NET API Secrets!
Israel Quiroz
3.2K
Tutorial: Build Secure Azure SQL & Azure Web API with Azure Key Vault and App Builder
Infragistics
3K
What is Azure Key Vault? | How to Deploy an Azure Key Vault
ITPro
12K
ENVIRONMENT SPECIFIC APP CONFIGURATION - 5 Ways To Manage For ASP NET on AZURE | ASP.NET Core Series
Rahul Nath
28K
Brutally honest advice for new .NET Web Developers
Ted's Tech
40K
Connect .Net Core to Azure Key Vault in Ten Minutes
Rahul Nath
53K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.