How to Securely Share Secrets with Azure Key Vault and Azure Key Vault Explorer

We often need to share database connection strings, system account passwords and whatnot with our team members. People typically put the secret in a DRM’d email, but that’s not secure enough and you can’t copy and paste them. There’s a better way with Azure Key Vault and Azure Key Vault Explorer.

Here’s how to get it all setup.

Create Azure Key Vault

Go to the Azure Portal and create an Azure Key Vault

Add Team Members to Azure Key Vault

I tried adding a security group here, but it appears that this only works if you add each user individually.

1. Go to the newly created vault and select “Access Control (IAM)” and then click the Add button.

2. Select “Key Vault Contributor” role

3. Add a User and click OK

Repeat that for every team member you want to have access to your secrets.

Download Azure Key Vault Explorer

You could manage your secrets via the portal, but I’ve found that the Azure Key Vault Explorer requires less clicks to get to the secrets. I’m a fan of less clicks.

Download the Azure Key Vault Explorer. You can read more about it here.

Connect Vault Explorer to Azure Subscription

In Vault Explorer, select “Pick vault from Subscription”

Select the Key Vault

Sign in, select your subscription and select your vault and click OK.

Add Secret to Azure Key Vault

1. Click on Add -> Secret

2. Enter your secret info and click OK

View the Secrets

You, and all the people you gave permissions to, will now be able to view the secret.