This post shows how an Azure Key Vault can be protected inside an Azure virtual network. The deployment is setup so that only applications in the same VNET can access the Key Vault. To implement this, the access to the Key Vault is restricted to the VNET and secondly, the applications accessing the Key Vault requires an access policy. Managed Identities can be used for this. In the deployment, an Azure Function uses the secret from the Key Vault.

Azure Deployment

The application deployment is setup so that the Azure Key is not accessible from the internet. Only applications inside the VNET can used the Key Vault.

#app service #asp.net core #azure #network #security