Azure SDK for C++ - Key Vault Documentation

Getting Started with Key Vault in C++

This guide will walk you through setting up and using the Azure Key Vault client library for C++. Key Vault helps you protect cryptographic keys and secrets, like passwords and connection strings.

Prerequisites

An Azure account with an active subscription.
Azure CLI installed and configured (optional, but recommended for easy resource management).
A C++ development environment (e.g., Visual Studio, GCC, Clang).
CMake (version 3.8 or higher) for building the project.

Installation

The Azure SDK for C++ is typically managed using CMake. You can add the Key Vault package to your project's CMakeLists.txt file.


# Find and include the Azure Key Vault package
find_package(azure-keyvault-secrets CONFIG REQUIRED)
target_link_libraries( PRIVATE azure.keyvault.secrets::azure-keyvault-secrets)

# If you need Key Vault Certificates or Keys:
# find_package(azure-keyvault-certificates CONFIG REQUIRED)
# target_link_libraries( PRIVATE azure.keyvault.certificates::azure-keyvault-certificates)
#
# find_package(azure-keyvault-keys CONFIG REQUIRED)
# target_link_libraries( PRIVATE azure.keyvault.keys::azure-keyvault-keys)

Authentication

You can authenticate to Azure Key Vault using various methods, including connection strings, managed identities, or service principals.

Using a Connection String:


# Include necessary headers
# #include <azure/identity/identity.hpp>
# #include <azure/keyvault/secrets/secret_client.hpp>

// Use DefaultAzureCredential for seamless authentication
Azure::Core::Credentials::TokenCredential credential = Azure::Identity::DefaultAzureCredential();

// Key Vault endpoint
std::string vaultUrl = "https://your-key-vault-name.vault.azure.net";

// Create a SecretClient
Azure::Security::KeyVault::Secrets::SecretClient client(vaultUrl, credential);

Key Operations

The Key Vault client library provides methods for interacting with secrets, keys, and certificates.

Managing Secrets

Here's how to get a secret from your Key Vault:


try
{
    Azure::Security::KeyVault::Secrets::GetSecretOptions options;
    options.Name = "YourSecretName"; // Replace with your secret name

    auto response = client.GetSecret(options);

    std::cout << "Secret Name: " << response.Value.Name << std::endl;
    std::cout << "Secret Value: " << response.Value.Value << std::endl;
}
catch (const Azure::Core::AzureException& e)
{
    std::cerr << "Error retrieving secret: " << e.what() << std::endl;
}

API Reference - Secrets

The SecretClient class provides access to Key Vault secret operations.

`SecretClient`

Constructor:

SecretClient(std::string const& vaultUrl, Azure::Core::Credentials::TokenCredential const& credential, Azure::Core::ClientOptions const& clientOptions = {});

Key Methods

Get Secret: Retrieves a secret from the vault.
- GetSecret(GetSecretOptions const& options, ...)
Set Secret: Creates or updates a secret.
- SetSecret(SetSecretOptions const& options, ...)
Delete Secret: Deletes a secret.
- DeleteSecret(DeleteSecretOptions const& options, ...)
List Secrets: Lists secrets in the vault.
- ListSecrets(ListSecretsOptions const& options, ...)

`GetSecretOptions`

Parameter	Type	Description
`Name`	`std::string`	The name of the secret to retrieve.
`Version`	`std::string`	Optional: The version of the secret. If omitted, the latest version is retrieved.

Response Objects

Operations return response objects containing the retrieved data or status information. For example, GetSecretResponse contains a SecretProperties object.


struct SecretProperties
{
    std::string Name;
    std::string Value;
    std::string Id;
    // ... other properties like content_type, enabled, created, expires, etc.
};

More Samples

Explore the official samples repository for comprehensive examples covering:

Creating and managing secrets.
Working with Key Vault Keys (creation, signing, verification).
Managing Key Vault Certificates (importing, issuing).
Using different authentication methods.
Handling Paged Responses for listing operations.