martinsmith1968
commented
3 years ago Hi, The example provided here just shows one way of connecting to Azure KeyVault, using ClientId and ClientSecret. There are other libraries and ways of connecting to KeyVault using other credential mechanisms which are perhaps more secure, but go beyond the purpose of this example. ClientId and ClientSecret should be available from whoever set up your KeyVault instance. Alternatively, there are articles around about accessing KeyVault using MSI which may be more applicable to you if you want to experiment with the sample code. https://stackoverflow.com/questions/36896703/how-do-i-access-azure-key-vault-using-user-credentials
Hi,
I'm using Azure KeyVault that has the HSM generated certificate, I guess the same way this repo uses it. Currently I'm using the DefaultAzureCredentials() and then in the Azure KeyVault I've added the VM to Access Policies as Application. I think this is even more safe than storing a custom ClientId and ClientSecret to some config.
However, I would like to try the SignTool to create a test signature. But the SignTool uses connection string format
Url=https://my.vault.azure.net;KeyName=MyKeyName;ClientId=xxxxx;ClientSecret=yyyyyWhat are these ClientId and ClientSecret, and how would I setup those to the KeyVault?
Currently the SignTool call fails if I don't provide those.