In today’s article, we will see what Key Vault is, why to use and how to use Key Vault using X++ code.
What is Key Vault
Azure Key Vault is one of several key management solutions in Azure, and helps to solve problems such as secret, key and certificate management.
Why use Azure Key Vault
There are several reasons to use Azure Key Vault. The main reasons are as follows:
- Centralize application secrets.
Centralizing storage of application secrets in Azure Key Vault allows you to control their distribution. Key Vault greatly reduces the chances that secrets may be accidentally leaked.
- Securely store secrets and keys
Access to a key vault requires proper authentication and authorization before a caller (user or application) can get access. Authentication establishes the identity of the caller, while authorization determines the operations that they’re allowed to perform.
- Simplified administration of application secrets
When storing valuable data, you must take several steps. Security information must be secured, it must follow a life cycle, and it must be highly available.
- Integrate with other Azure services.
Key Vault itself can integrate with storage accounts, event hubs, and log analytics.
How to use Key Vault in X++
In Dynamics 365 F&O, we have a class KeyVaultCertificateHelper which handles the digital certificates that are available in Azure Key Vault store.
To get digital certificate from Azure Key Vault, we need to use below code snippet.
X509Certificate2 certificate = KeyVaultCertificateHelper::getDigitalCertificate(_keyVaultCertificateRef);
_keyVaultCertificateRef – The keyVault certificate reference ID.
To get secret value from Azure Key Vault, we need to use below code snippet.
KeyVaultCertificateTable keyVaultCertificateTable = KeyVaultCertificateTable::findByName(_secretName); str secretValue = KeyVaultCertificateHelper::getManualSecretValue(keyVaultCertificateTable.RecId);
If you like this article, feel free to share it with others who might find it helpful! If you have any questions, feel free to reach out to me.
Leave a Reply