What is Azure Key Vault and how to configure it with the dotnet core application

What is Azure Key Vault?

Azure Key Vault is a cloud-based service offered by Microsoft Azure that provides secure storage for keys, secrets, and certificates. It allows users to create and manage cryptographic keys and secrets used by cloud applications and services. Azure Key Vault enables users to store sensitive information such as passwords, connection strings, API keys, and certificates in a secure manner.

Azure Key Vault uses hardware security modules (HSMs) to provide enhanced security for cryptographic keys and secrets. HSMs are physical devices that are designed to securely store and manage cryptographic keys. Azure Key Vault also supports multi-factor authentication and access control policies to ensure that only authorized users and applications can access sensitive information stored in the Key Vault.

Azure Key Vault can be used to store a wide range of keys and secrets, including SSL/TLS certificates, cryptographic keys, passwords, and API keys. It can be accessed through a REST API or using SDKs for various programming languages. Azure Key Vault can also be integrated with other Azure services such as Azure Active Directory, Azure Functions, and Azure DevOps.

Configure Azure Key Vault with .Net Core 6 Application:

Step 1: Create an Azure Key Vault

First, you need to create an Azure Key Vault in your Azure subscription. Here are the steps:

  1. Log in to the Azure Portal and go to the Azure Key Vault page.
  2. Click the “+ Add” button to create a new Key Vault.
  3. Fill in the required information, such as the name, subscription, resource group, and region.
  4. Set the access policies for your Key Vault. This is where you define who has access to your Key Vault and what they can do with it. For example, you might want to allow a specific Azure AD user or group to access your Key Vault.

Step 2: Create a .NET Core 6 application

Next, you need to create a .NET Core 6 application. Here are the steps:

  1. Open Visual Studio 2022 or higher and create a new .NET Core 6 Console Application project.
  2. Install the Azure.Extensions.AspNetCore.Configuration.Secrets package by running the following command in the Package Manager Console:

Install-Package Azure.Extensions.AspNetCore.Configuration.Secrets
  1. Modify the Program.cs file to load configuration settings from the Azure Key Vault:

using Azure.Extensions.AspNetCore.Configuration.Secrets; using Azure.Identity; using Microsoft.Extensions.Configuration; var builder = new ConfigurationBuilder() .AddJsonFile("appsettings.json", optional: true, reloadOnChange: true) .AddUserSecrets<Program>() .AddEnvironmentVariables(); builder.AddAzureKeyVault(new Uri("https://<your-key-vault-name>.vault.azure.net/"), new DefaultAzureCredential()); var configuration = builder.Build(); // Use configuration values here

Note: Replace <your-key-vault-name> with the name of your Azure Key Vault.

Step 3: Grant access to the application

Finally, you need to grant access to the .NET Core 6 application to access the Azure Key Vault. Here are the steps:

  1. Go to the Access policies page of your Azure Key Vault.
  2. Click the “+ Add Access Policy” button to add a new access policy.
  3. Select the principal type. This is the identity that you want to grant access to.
  4. Select the permissions that you want to grant. For example, you might want to grant “Get” and “List” permissions to allow the application to read secrets from the Key Vault.
  5. Click the “Add” button to add the access policy.

That’s it! Your .NET Core 6 application should now be able to read configuration settings from the Azure Key Vault.

Azure Key Vault Troubleshoots:

There could be a few different reasons why your Azure Key Vault connection is randomly failing

  1. Ensure that the Azure Key Vault access policies are correctly configured to allow access from your application. Make sure that the application’s identity (e.g. managed identity or service principal) is included in the access policies with the appropriate permissions.
  2. Check your application’s code to ensure that it is handling authentication and authorization correctly. Make sure that it is using the appropriate credentials to authenticate with Azure AD and obtain a token to access the Key Vault.
  3. Check your network connection to ensure that there are no intermittent issues that could be causing the connection to fail. For example, if you are using a VPN or a firewall, make sure that the appropriate ports are open and that there are no network connectivity issues.
  4. Check the Azure Key Vault logs to see if there are any errors or warnings that could provide more information about the issue. You can use the Azure Portal or the Azure CLI to view the logs.
  5. If the issue persists, consider contacting Microsoft support for further assistance. They can help you troubleshoot the issue and identify the root cause.

special thanks to my Friend


Power of cloud – in just hour setup new datacenter with across region connectivity – Azure

Wallah indeed, cloud technology is changing the definition of the complete data center technology
With the Public cloud, organizations can easily avoid multiple silos and challenges to implementation and manage IT infrastructure. Before we start let’s just first understand the network function in the azure, there are Four main components 1 .AZURE VNET (Azure Virtual Network) 2. Azure Subnet 3. Gateway Subnet 4. Virtual Network Gateway.

A. Azure VNET ( Azure Virtual Network) :-
VNET provide address space. VNet is similar to a traditional network that you’d operate in your own data center, but brings with it additional benefits of Azure’s infrastructure such as scale, availability, and isolation.

B. Azure Subnet
A subnet is a range of IP addresses in the VNet. You can divide a VNet into multiple subnets for organization and security. Each NIC in a VM is connected to one subnet in one VNet. NICs connected to subnets (same or different) within a VNet can communicate with each other without any extra configuration. Azure subnet Divide a VNet into subnets or configure routing tables and Network Security Groups (NSG) to a subnet

C. Subnet Gateway
The best answer is, the gateway service looks like a router service or device that can enable routing transit between on premise and Azure / azure to azure

The Azure gateway subnet is needed by Azure to host the two virtual machines of your Azure gateway.

D. Virtual Network Gateway
A VPN gateway is a specific type of virtual network gateway that is used to send encrypted traffic between an Azure virtual network and an on-premises location over the public Internet. You can also use a VPN gateway to send encrypted traffic between Azure virtual networks over the Microsoft network. Each virtual network can have only one VPN gateway. However, you can create multiple connections to the same VPN gateway. When you create multiple connections to the same VPN gateway, all VPN tunnels share the available gateway bandwidth.

Next blogs with configuration

Azure Virtual Machines Availability Zone and Availability set

Configure and Manage Public cloud with Azure is piece of cake same way configuring high availability for virtual machine is very simple with feature availability zone and availability set. With the availability zone we can manually select the Datacenter option from 1 to 3 in the same building or region. availability set provide a group of two or more vm to ensure that at least one is available during planned or unplanned events. availability option must need to configure while create a virtual machine as it can’t be changed after creation. Availability option expressly tell virtual machine that is identical or related such as webserver behind load balancer

Availability Zone :-

As we can see from below , we have option to select VM placement from Datacenter from 1 to 3  in same building or region.



Availability Set :-

with availability set azure is going to make an attempt to physically separate those machine so that something that would take down one VM won’t take down others and those might be bad power supply or a windows update or some kind of a patch so any unintended or intended downtime is minimized and it only works for two or more virtual machine.

Fault domain

FD is mainly related to physical problem such as power supply, network issues or switch issue, so if you deploy two VM across two FD then a single power supply or single network switch is not going to bring down VM. Fault domain maximum can be increased to 3 and default is 2.



Update Domains :-
there are 20 maximum update domains , so if we have 20 vms we cloud deploy 20 update domains and MS is going to roll out the patches from 1st to all the way up to 20 so vm can rebooted one at a time , default is 5

Visit also :-



Azure File Sync Cloud Tiering

Azure Cloud tiering is most effective feature to provide extra fixability to the azure file share , with the help of cloud tiering unused or unassessed data stored on the local file server endpoint can directly ingest to the cloud with intelligent method. it is kind of data archiving solution. unlike other archiving solution where they replaced actual files in to shortcut same way  fingerprint will left for that particular files .when you need to access file it will download from contain in  azure cloud.

  1. Least used content is cloud tiered
  2. Before removing the files server from the file sync group make sure you pull down all data first otherwise you will loss data.  all data can be pull back with the help of PowerShell
  3. File smaller than 64KB will never be cloud tiered, ,must be more that in size
  4. Cloud tiering file server is server based not the sync group based
  5. works based on the free space available on the file server endpoint


For More information :-



How to Protect Virtual Machine on Azure – Recovery Service Vault

My All-time favorite topic is data protection and I always love to spend my free time learning new data protection method from the different solution provider, here I have tried to configure the virtual machine backup with azure and I must say Microsoft engineer has really made the things very simple

A Recovery Services vault is a storage entity in Azure that houses data. The data is typically copies of data, or configuration information for virtual machines (VMs), workloads, servers, or workstations. we can use Recovery Services vaults to hold backup data for various Azure services such as IaaS VMs (Linux or Windows) and Azure SQL databases. Recovery Services vaults support System Center DPM, Windows Server, Azure Backup Server, and more. Recovery Services vaults make it easy to organize your backup data, while minimizing management overhead.

Within an Azure subscription, we can create up to 500 Recovery Services vaults per subscription per region.

Here are the some simple steps to configure the backup.


  • first we need to create Recovery service vault from the option available from the console


  • From the service vault creation window, it is mandatory to provide the details such as Subscription resource group, vault name, and region,

Virtual machine from the same region of recovery service vault can only be backup, we will not be able to back up if the Recovery service vault region is east Europe and virtual machine running on west Europe both has to be in same region


  • From the next windows we have chance to review applied settings


  • once the Recovery vault is create select go to resources


  • From the following windows, we have the option to select the backup method in my case I am trying to back up from azure virtual machine however we can also backup from azure stack and on-premise


  • Select the backup policy, or else we can also create new policy based on required RPO & RTO


  • select the VMs to backup


  • Select enable backup to active the backup policy


  • Backup jobs can be monitor from job monitor tab


Thanks to visit my Blogs ,