I was converting a test console app to use Azure Key Vault by copying a code from another application and I was surprised to see the console app was able to get the secret without any configuration in the Azure Portal. I had assumed I would need to link the console app to the secrets so the code had permission to pull the secrets. Is the console app using my login credentials to authenticate? This isn't about the code but here's a quick sample.
string _dbString = "";
_dbString = GetSecrets(ConfigurationManager.AppSettings["DatabaseSecretUrl"]).Result.Value;
private static async Task<SecretBundle> GetSecrets(string Url)
{
AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider();
KeyVaultClient keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
return await keyVaultClient.GetSecretAsync(Url).ConfigureAwait(false);
}
AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider();
this line does indeed do attempt to use an existing logon session to your Azure account. If you did for instance an az login before, it will be able to use that. Also, if your computer is AzureAD joined, it might be able to use those credentials as well.