Subscribe via RSS
Toggle Submenu
  1. Categories
  2. Recent
  3. Tags
View Replies (6)

Resolved Azure Key Vault secret

  1. How-to
0
Votes
Undo
  1. David Peace (Powersoft)
    David Peace (Powersoft)
  2. PowerBuilder
  3. Tuesday, 17 January 2023 09:01 AM UTC

Morning Everyone

Has anyone used PowerBuilder to access an Azure Key Vault secret? In it's simplest form it's a HTTPS Get which is not difficult, but I'm trying to understand the security authentication required. If someone else has cracked this one it would be useful.

Here is a link to various MS code examples: https://learn.microsoft.com/en-us/azure/key-vault/general/client-libraries

 

OK Update on this stuff. We need to be using a Client Site Certificate (I have created one and given that to the Vault Host). They have given me back this info:

Managed Identity App ID:                            9a445d32-8bc3-4e05-bd22-5405d1b5fefd
Tenant ID:                                                           d1273393-c6b6-4abf-b2c7-8b199d33b87b
Vault URI:                                                           https://kv-fhlbt-cams-dev-scu.vault.azure.net/

 

I found another thread with a similar question asking how to use the client certificate. The suggestion was oAuth object. I'm trying to understand the terminology here, oAuth has

clientid & clientsecret

How do these relate tot he IDs given above?

 

Thanks in anticipation

David

  1. PowerBuilder
AD groups for a user
Unable to start IDE - Invalid parameter from the c...
Accepted Answer
David Peace (Powersoft)
David Peace (Powersoft) Accepted Answer Pending Moderation
  1. Tuesday, 31 January 2023 17:05 PM UTC
  2. PowerBuilder
  3. # Permalink

The Client has decided that this route is not viable and has chosen a simpler solution. Thank goodness.

Problem solved.... for now.

Comment
There are no comments made yet.
Responses (6)
mike S
mike S Accepted Answer Pending Moderation
  1. Tuesday, 30 January 2024 20:05 PM UTC
  2. PowerBuilder
  3. # 1

Hi David,

I'm implementing azure key vault for our PB server side apis, as well as some C# rest apis.  I'm using managed identities to access key vault as the servers being used are all azure computes so it won't be certificate based.  However, i believe the general idea is the same.  

I'm also hoping that we can use eventually this for our powerserver database connections as the current setup requires manual updates/work if a database password is changed.

 

you use oauth to get a token, you must specify the client id of the identity as well as the URI of the resource (key vault) you want to access using the token.  that returns the token which you then use to access key vault.

 

 

 

 

Comment
There are no comments made yet.
andy rubey
andy rubey Accepted Answer Pending Moderation
  1. Wednesday, 21 June 2023 16:51 PM UTC
  2. PowerBuilder
  3. # 2

Hi Kevin, was this code ever found?  I'm trying to do a keyvault read and sure would be nice to have some sample code.  Best, Andy ahrubey@gmail.com, andy.rubey@carvana.com

Comment
There are no comments made yet.
Kevin Ridley
Kevin Ridley Accepted Answer Pending Moderation
  1. Friday, 20 January 2023 19:50 PM UTC
  2. PowerBuilder
  3. # 3

Hey David.  Sent you a PPT from my 2018 Elevate presentation on accessing MS Dynamics 365 API from Azure.  Still looking for the code, but I kind of remember it definitely was using OAuthClient, and I want to say the tenant id was the client id on the OAuthClient.  Maybe there's some code in the PPT that will help you.  I'll keep looking for the code.

Comment
There are no comments made yet.
David Peace (Powersoft)
David Peace (Powersoft) Accepted Answer Pending Moderation
  1. Friday, 20 January 2023 15:58 PM UTC
  2. PowerBuilder
  3. # 4

I have updated the initial question with more info, any help welcome.

Thanks

Comment
There are no comments made yet.
mike S
mike S Accepted Answer Pending Moderation
  1. Wednesday, 18 January 2023 18:36 PM UTC
  2. PowerBuilder
  3. # 5

"I'm trying to understand the security authentication required."

I'm not familiar with this azure api at all - and i'm not sure exactly what you mean by the security authentication required.

I know for some of their apis they require a signature based on the header values and current time, it uses hmac and your private key.  If that is what you are talking about, then i do have information on how that works (its rather complicated and pretty much undocumented)

Comment
David Peace (Powersoft)
  1. David Peace (Powersoft)
  2. Thursday, 19 January 2023 10:31 AM UTC
Hi Mike

Thanks for responding, I suppose it a case of "I don't know what I don't know". I'm trying to understand the MS documentation on how to access their Key Vaults and then translate that into some ideas for PB. Any thoughts of suggestions welocome.
  1. Helpful
There are no comments made yet.
  • Page :
  • 1


There are no replies made for this question yet.
However, you are not allowed to reply to this question.