Key Vault | DevZero Docs (2024)

You are connecting to an Azure Key Vault from your DevBox.

Architecture Diagram

Here, you will connect to a Key Vault from your DevBox. This would be done by setting up a bastion host that advertises the private routes to your DevZero network so that you can access the private service through network tunneling.

Prerequisites

  1. Before you begin, follow the Connecting to Azure guide to set up the Bastion Host to access your private Azure services.

  2. Following the above criteria, follow the Setting up DNS Private Resolver guide to access the DNS Private Zones.

Existing Key Vault

To connect to an existing Key Vault, ensure it is within the same Resource Group that houses the Bastion Host.

Step 1: Configuring IAM Role and Secrets in Key Vault

To make the connection, you need to set up the IAM role and install dependencies in your DevBox.

  1. Go to Home > Key Vaults and click on the key vault you want to access.

  2. Then go to Access Control (IAM) and click on Add role assignment.

  3. Click on the Key Vault Reader role and click on next.

  4. Click on Select Members and select the users you want to give access to the Key Vault. Click on Select.

  5. Then click on Next and then click on Review + Assign to assign the role.

  6. Now, you can read the Secrets in the key vault without error.

  7. We are assuming the Key Vault is private, and in this case, you will not be able to see the value of the secret. For some reason, if you want to see the value of the secrets, then turn the access to Public in the Settings > Networking section. After viewing the value of the secret, Disable the Public Access again.

Step 2: Setting up Service Principals

Now, to retrieve the value from the secrets using the API, you need to set Service Principals on the Azure Portal using the below steps:

  1. Go to Microsoft Entra ID and click on App registrations.

  2. Click on New registration, enter the app name as you like, and click on Register.

  3. Copy the Client ID and Tenant ID and add it to the DevBox environmental variables.

export AZURE_CLIENT_ID=<client-id>export AZURE_TENANT_ID=<tenant-id>
  1. Click on Client credentials and click on New client secret.

  2. Enter the description if you want to, and click on Add.

  3. Copy the Value of the client secret you just created and add it to the environmental variables of your DevBox by using the following command.

export AZURE_CLIENT_SECRET=<client-secret>
  1. Now, go to Home > Key Vaults and click on the key vault you want to access.

  2. Then go to Access Control (IAM) and click on Add role assignment.

  3. Click on the Key Vault Reader role and click on next.

  4. Click on Select Members and select the App Name you just registered in Microsoft Entra ID. Click on Select.

  5. Then click on Next and then click on Review + Assign to assign the role.

Step 3: Setting up dependencies in DevBox

Here we are using Python to show the key vault usage, you can choose other programming stack as well. Now, you need to install the necessary packages in Python to write the script by following the below steps:

  1. Install the required packages using the following command:

pip install azure-identitypip install azure-keyvault-secrets
  1. Write the following Python script to retrieve the secret:

from azure.identity import ClientSecretCredentialfrom azure.keyvault.secrets import SecretClientimport osclient_id = os.environ['CLIENT_ID']tenant_id = os.environ['TENANT_ID']client_secret = os.environ['CLIENT_SECRET']vault_url = f"https://test-vault-devzero.vault.azure.net/"secret_name = "Devzero-key"credentials = ClientSecretCredential( client_id = client_id, client_secret= client_secret, tenant_id= tenant_id)secret_client = SecretClient(vault_url= vault_url, credential= credentials)secret = secret_client.get_secret(secret_name)print("The secret value is :" + secret.value)

New Azure Key Vault

If you need to make a new Key Vault and access it through DevBox, then follow the below steps:

Step 1: Creating a new Key Vault

  1. Go to Home > Key vaults and click on Create.

  2. In the Basics section, select the Resource group which houses your Bastion Host.

  3. Then input your Key Vault name, Region and the desired Pricing Tier.

  4. You can set the Days to retain deleted vaults duration as you like.

  5. Go to the Networking page and disable the Enable public access and enable the Private Endpoint section.

  6. Click on Create a private endpoint and enter the Resource group, Location, Name, and Target sub-resource type of the endpoint.

  7. In the Networking section, select the virtual network (VNET) you used to set up the DNS resolver and Bastion Host.

  8. Choose a compatible subnet or create a new one, and a new private DNS zone will be created for you.

  9. Click on Ok, then click on Review + Create.

  10. Click on Create to initialize the deployment for the key vault.

Step 2: Configuring IAM Role and Secrets in Key Vault

To make the connection, you need to set up the IAM Role and install dependencies in your DevBox.

  1. Go to Home > Key Vaults and click on the key vault you just created.

  2. Then go to Access Control (IAM) and click on Add role assignment.

  3. Click on the Key Vault Reader role and click on next.

  4. Click on Select Members and select the users you want to give access to the Key Vault. Click on Select.

  5. Then click on Next and then click on Review + Assign to assign the role.

  6. Now go to Obejcts > Secrets and click on Generate/Import.

  7. Enter the Name and Secret Value and click on Create.

  8. In this case, the Key Vault is private, and you will not be able to see the value of the secret. For some reason, if you want to see the value of the secrets, then turn the access to Public in the Settings > Networking section. After viewing the value of the secret, Disable the Public Access again.

Step 3: Setting up Service Principals

Now, to retrieve the value from the secrets using the API, you need to set Service Principals on the Azure Portal using the below steps:

  1. Go to Microsoft Entra ID and click on App registrations.

  2. Click on New registration, enter the app name as you like, and click on Register.

  3. Go to All applications and click on the app you just created.

  4. Copy the Client ID and Tenant ID and add it to the DevBox environmental variables.

export AZURE_CLIENT_ID=<client-id>export AZURE_TENANT_ID=<tenant-id>
  1. Click on Client credentials and click on New client secret.

  2. Enter the description if you want to, and click on Add.

  3. Copy the Value of the client secret you just created and add it to the environmental variables of your DevBox by using the following command.

export AZURE_CLIENT_SECRET=<client-secret>
  1. Now, go to Home > Key Vaults and click on the key vault you want to access.

  2. Then go to Access Control (IAM) and click on Add role assignment.

  3. Click on the Key Vault Reader role and click on next.

  4. Click on Select Members and select the App Name you just registered in Microsoft Entra ID. Click on Select.

  5. Then click on Next and then click on Review + Assign to assign the role.

Step 4: Setting up dependencies in DevBox

Here we are using Python to show the key vault usage, you can choose other programming stack as well. Now, you need to install the necessary packages in Python to write the script by following the below steps:

  1. Install the required packages using the following command:

pip install azure-identitypip install azure-key vault-secrets
  1. Write the following Python script to retrieve the secret:

from azure.identity import ClientSecretCredentialfrom azure.keyvault.secrets import SecretClientimport osclient_id = os.environ['CLIENT_ID']tenant_id = os.environ['TENANT_ID']client_secret = os.environ['CLIENT_SECRET']vault_url = f"https://test-vault-devzero.vault.azure.net/"secret_name = "devzero-key"credentials = ClientSecretCredential( client_id = client_id, client_secret= client_secret, tenant_id= tenant_id)secret_client = SecretClient(vault_url= vault_url, credential= credentials)secret = secret_client.get_secret(secret_name)print("The secret value is :" + secret.value)
Key Vault | DevZero Docs (2024)
Top Articles
What Jelly Roll, Ashley McBryde hosting CMA Fest 2024 says about its next 50 years
US and allies warn China is intensifying its efforts to recruit Western military pilots | CNN Politics
Mw2 Other Apps Vram
Grand Rental Station Vinton Va
Equinox Summit Class Schedule
Boston Terrier Puppies For Sale Without Papers
80 For Brady Showtimes Near Cinemark At Harlingen
Fire And Ice Festival Dc
Craigslist Richmond Ba
Ropro Cloud Play
8 Garden Sprayers That Work Hard So You Don't Have To
Babylon Alligator
Best Stb 556 Mw2
Nyu Paralegal Program
Weather Radar Los Angeles Noaa
Craigslist North Platte Nebraska
Sheetz Unlimited Drinks Ending
Adams County 911 Live Incident
102Km To Mph
C.J. Stroud und Bryce Young: Zwei völlig unterschiedliche Geschichten
Jennifer Beals Bikini
What Does Exp Wed Mean On Hulu
Black Adam Showtimes Near Linden Boulevard Multiplex Cinemas
My Les Paul Forum
Milwaukee Nickname Crossword Clue
Matrix Skilled Nursing Login
Claw Machine Random Name Picker
Aeries Brea
T&J Agnes Theaters
Sport & Fitness in Hainbuch: Zubehör & Ausrüstung günstig kaufen
Low Tide In Twilight Mangabuddy
Iggy Azalea Talks Dancing Off Into the Sunset on Her Own Terms With ‘The End of an Era’
What Is a Homily? | Best Bible Commentaries
Star Wars Galaxy Of Heroes Forums
Paul Mauro Bio
Best Truck Lease Deals $0 Down
8662183887
Daftpo
Tuw Academic Calendar
Cardholder.bhnincentives.com
Used Go Karts For Sale Near Me Craigslist
Kristine Leahy Spouse
Registrar Utd
424-385-0597 phone is mostly reported for Text Message!
Circuit Court Peoria Il
[PDF] (Indices und Systematiken) - Free Download PDF
University of Nevada, Las Vegas
How to Set Up Dual Carburetor Linkage (with Images)
Inside Dave Grohl's past love life and cheating scandals
Workspace.emory.og
manhattan cars & trucks - by owner - craigslist
8X10 Meters To Square Meters
Latest Posts
Article information

Author: Barbera Armstrong

Last Updated:

Views: 5847

Rating: 4.9 / 5 (79 voted)

Reviews: 86% of readers found this page helpful

Author information

Name: Barbera Armstrong

Birthday: 1992-09-12

Address: Suite 993 99852 Daugherty Causeway, Ritchiehaven, VT 49630

Phone: +5026838435397

Job: National Engineer

Hobby: Listening to music, Board games, Photography, Ice skating, LARPing, Kite flying, Rugby

Introduction: My name is Barbera Armstrong, I am a lovely, delightful, cooperative, funny, enchanting, vivacious, tender person who loves writing and wants to share my knowledge and understanding with you.