Azure Key Vault simplifies a lot of things when it comes to secrets, passwords, certificate management. There are a lot of different ways of using it for different apps or services. In this post I'm going to cover below scenario:
- we have a service, running in the background, which connects to SharePoint API and performs some operations. As a good example, it might be a SharePoint PnP provisioning process running as a daemon through azure functions or azure web job
- the provisioning process uses Application permissions to access SharePoint API, thus uses certificate-based authentication through Azure AD auth
- all authentication secrets (certificate in our case) are stored in Azure Key Vault
- we do not store any secrets anywhere except Azure Key Vault (not locally in code and not in the azure function or job configuration)
- we use a brand new PnP Framework!
Interesting? Then please read further below. More...