Forum Discussion
What to use instead of Individual target application in Secure Store?
Hey - great question!
I havent done anything like it, but I am guessing the answer would be to use an Azure service liek Key Vault (https://azure.microsoft.com/en-us/services/key-vault/) to store the encrypted credentials in.
I have only had the briefest of looks at it, but it does appear to have a REST API that you can call, and requires registering your client application etc in order to authenticate (https://docs.microsoft.com/en-gb/rest/api/index#register-your-client-application-with-azure-ad)
Would be very interested in hearing about what solution you come up with, and the pro's and con's as I am sure I will have to tackle this problem with some of the projects I have coming up
Thanks
Nigel
Thanks for the response!
I have also thought about Azure Key Vault but thought I would ask around first before digging into it.
A few things I have seen with Key Vault that is better handled when using individual target applications in Secure Store is (as far as I can tell right now with my limited experience with Key Vault):
- We get no user mapping for the secrets, i.e. we have to create a secret for each user and handle the mapping ourselves so that our code would get the correct secret for the requesting user.
- We can only store a name value pair. If we then think about the user mapping problem we would store the username in Name and the password in Value but what about when we have a different username in the third-party API. Maybe store a JSON object with the username and password for the API as the Value?
- The Name of the secret can only contain alpha-numerics and dashes so we cannot set this to a standard SharePoint Online username to easily handle our own user mapping. Maybe we could do some encoding to get this in place.
Regards,
Patrik