Azure Key Vault Code Integration

As a move to increase security in our applications we are moving access id's and keys into Azure Key vault.

Standard Library

To access the vault we have built a standard library for inclusion in projects.

The library can be retrieved by adding a Nuget package source pointing to:

https://nuget.bdsmktg.com/nuget

Once you access the source you will find a package called FalloutSafe.

Once this package is installed there will be a new namespace added called FalloutSafe and a new class will be available called VaultTec.

VaultTec needs to instantiated and passed the environment. this environment variable is an enum that allows the class to point to the Dev, QA and Production Azure Keyvaults respectively.

Best practice is to have this switch defined in a config file or other environment variable that can be altered upon deployment in one central location for the application.

Once instantiated VaultTec will return a secret, key or certificate once supplied with the name of the object the application needs.

Code example

using FalloutSafe;

namespace SafeTest
{
    class Program
    {
        static void Main(string[] args)
        {
            VaultTec vt = new VaultTec(ICEnvironments.Dev);
            Console.WriteLine("Environ:" + vt.CurrentEnvironment());
            string bestBuyCode;
            bestBuyCode = vt.UnlockSecret("TestBestBuyClientID");
            Console.WriteLine("TestBestBuyClientID:" + bestBuyCode);

            Microsoft.Azure.KeyVault.Models.KeyBundle kb = new
Microsoft.Azure.KeyVault.Models.KeyBundle();
            kb = vt.UnlockKey("TargetAuthenticationAPIPrivate");
            Console.WriteLine("TargetAuthenticationAPIPrivate:" + kb.Key.ToString());

Microsoft.Azure.KeyVault.Models.CertificateBundle cb = new
Microsoft.Azure.KeyVault.Models.CertificateBundle();

cb = vt.UnlockCertificate("HawkTest");
Console.WriteLine("HawkTest:" + cb.CertificateIdentifier.ToString());

Console.ReadKey();

}