We often need to share database connection strings, system account passwords and whatnot with our team members. People typically put the secret in a DRM’d email, but that’s not secure enough and you can’t copy and paste them. There’s a better way with Azure Key Vault and Azure Key Vault Explorer.
Here’s how to get it all setup.
Create Azure Key Vault
Go to the Azure Portal and create an Azure Key Vault
Add Team Members to Azure Key Vault
I tried adding a security group here, but it appears that this only works if you add each user individually.
1. Go to the newly created vault and select “Access Control (IAM)” and then click the Add button.
2. Select “Key Vault Contributor” role
3. Add a User and click OK
Repeat that for every team member you want to have access to your secrets.
Download Azure Key Vault Explorer
You could manage your secrets via the portal, but I’ve found that the Azure Key Vault Explorer requires less clicks to get to the secrets. I’m a fan of less clicks.
Download the Azure Key Vault Explorer. You can read more about it here.
Connect Vault Explorer to Azure Subscription
In Vault Explorer, select “Pick vault from Subscription”
Select the Key Vault
Sign in, select your subscription and select your vault and click OK.
Add Secret to Azure Key Vault
1. Click on Add -> Secret
2. Enter your secret info and click OK
View the Secrets
You, and all the people you gave permissions to, will now be able to view the secret.