Azure Key Vault : Privately Access using Azure Private Link

Hey everyone ! As you may know, the Azure Private link is the new security toy, it covers too many Azure Services. I already wrote some articles about it :

In this article, It is the Azure Key Vault! Azure Key Vault is covered with Private Link too and it is on GA. So how can we deliver secrets using the Private IP Address ?

Let’s assume that you are working in an environment where the security matters. In other words, your company has a private network and to add secrets to Azure Key Vault, it has to disable the proxies that go to the internet and reach the Key Vault through a private IP Address resolvable.

Creation of Azure Key Vault and Azure Private Link

First, create a Virtual Network; Then create a Key Vault with a private endpoint :

And your Key Vault has a private IP Address

Set a secret through the Private IP using the REST API

Now that you have a resolvable IP Address of the Key Vault, the script below connects to Azure then it gets the access token using the proxy. After that, since we are using the Private Link, we won’t need the proxy to communicate with the Key Vault since it has a private IP.

Note: Don’t forget to set the DNS !