Good video - and thank you for explaining how the defualt azure creditial works, I didn'y know it trys mutiple identities, now I understand how the same code would work when the application is running in Azure. You just have to configure the key vault to allow the web app to acesss it. - Finally I get it!
Actually for you the DefaultAzureCredential worked only because you have the Owner role. This would not be the case for the majority of developers, I'd say. Most of the times, a service principal would be used.
Yes, the assumption is that they have a Contributor or similar privileged admin role that they use. They could also just use RBAC to be assigned the required permissions. Please note that a managed identity is preferred over a service principal
Hi, thank you for the video. I have tried this and it's working perfectly fine. I have one issue here now, when we login our visual studio with the same azure account then it's working fine, if we login the visual studio with other user account it's not working. How does this work when we deploy our application to Production? In Production we are not going to use the default credentials right? Can you please help me with this?
Hi @Dileep. That behavior is by design. In Production, you would need to enable System Assigned Managed identities and allow the resource (e.g., app service) to access the Key Vault. It's off by default. Managed Identities allow the exact behavior you require, which is to allow Azure services to communicate with one another. Please let me know if you've managed to sort this out. Sample tutorial I made on Managed Identities: ua-cam.com/video/eDYfIrUjm-A/v-deo.html
Hi Maido. You have to install the Az module. You can install it via Powershell so: Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force
Got the issue… actually we have published our web api in other azure account and trying to get key vault from other azure account .So thats why am getting this issue . To avoid these need to maintain both in same account itself
Hi Hassan. Remember, developers should only be granted access to Key Vault secrets from a Development key vault, not a Production key vault. So the information wouldn't be a security hazard. Please let me know if you have further questions
Watch the full entire Azure Key Vault playlist here:
ua-cam.com/video/zQp31BEGTwM/v-deo.html
Thanks Marvijo. much appreciated for clean explanation.
Thanks a lot. I was stuck with similar task in azure functions, your video helped me tackle the challenge :)
Good video - and thank you for explaining how the defualt azure creditial works, I didn'y know it trys mutiple identities, now I understand how the same code would work when the application is running in Azure. You just have to configure the key vault to allow the web app to acesss it. - Finally I get it!
Hi @McDarke. I'm glad you understood it. Please let me know of more topics you'd be interested in
Thank you. It's helped me.
Glad it helped. Remember to subscribe to the channel
Actually for you the DefaultAzureCredential worked only because you have the Owner role. This would not be the case for the majority of developers, I'd say. Most of the times, a service principal would be used.
Yes, the assumption is that they have a Contributor or similar privileged admin role that they use. They could also just use RBAC to be assigned the required permissions. Please note that a managed identity is preferred over a service principal
Does this work the same for .NET Framework applications?
Yes, it should work, though you'd have to use the right nuget packages. Please let me know if you encounter issues when trying it out
I love your tu tu tu tu tu,
Love from India
Wayishaya razo ! props !
Asbonge
Hi, thank you for the video. I have tried this and it's working perfectly fine. I have one issue here now, when we login our visual studio with the same azure account then it's working fine, if we login the visual studio with other user account it's not working. How does this work when we deploy our application to Production? In Production we are not going to use the default credentials right? Can you please help me with this?
Hi @Dileep. That behavior is by design. In Production, you would need to enable System Assigned Managed identities and allow the resource (e.g., app service) to access the Key Vault. It's off by default.
Managed Identities allow the exact behavior you require, which is to allow Azure services to communicate with one another. Please let me know if you've managed to sort this out.
Sample tutorial I made on Managed Identities: ua-cam.com/video/eDYfIrUjm-A/v-deo.html
what is "az" in Powershell? Does that mean I have to download somehow azure in windows powershell?
Hi Maido. You have to install the Az module. You can install it via Powershell so:
Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force
how to do that in winforms C#
Which .NET framework are you using?
Sir am getting
Azure.Identity.CredentialUnavailableException: 'Azure Developer CLI could not be found.'
i have same problem here
Did you use the default Azure Credentials? Also, did you log in using your browser to the portal?
Got the issue… actually we have published our web api in other azure account and trying to get key vault from other azure account .So thats why am getting this issue . To avoid these need to maintain both in same account itself
I'm glad you resolved the issue @balajijangam2163. Remember to subscribe if you haven't already
Did you resolve your issue @yuliyap6827?
How it is secret when a developer can see the value while debugging.
Hi Hassan. Remember, developers should only be granted access to Key Vault secrets from a Development key vault, not a Production key vault. So the information wouldn't be a security hazard. Please let me know if you have further questions