ARTICLE AD BOX
Your personal credentials succeed only via the Visual Studio because that's the first method in the chain (EnvironmentCredential → ManagedIdentityCredential → VisualStudioCredential → AzureCliCredential, etc.) that resolves to you. This is expected your Azure AD identity needs to be in the vault's access policy with the right permissions. chain of credential providers
while excluding Visual studio you are supposed to use something else (e.g. Azure CLI)
az loginthen ensure AzureCliCredential is enabled in the chain, or use it directly.
var client = new CertificateClient(new Uri("..."), new AzureCliCredential());I would normally be explicit about which credentials to use per environment instead of relying on the full DefaultAzureCredential chain
public X509Certificate2 GetCertFromKeyVault() { var isProduction = Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT") != "Development"; TokenCredential credential = isProduction ? new ManagedIdentityCredential() // App Service uses system-assigned MI : new VisualStudioCredential(); // Local dev uses your VS credentials var client = new CertificateClient( new Uri("https://keyvaultname.vault.azure.net/"), credential); return client.DownloadCertificate("certname").Value; }
1,7693 gold badges20 silver badges32 bronze badges
Explore related questions
See similar questions with these tags.
