All of the data encryption/decryption examples I have seen with Azure key Vault do the encryption locally and decryption within Azure itself by using the keyVaultClient.DecryptAsync()
method.
I understand that this is more secure as the private key never leaves Azure and leaks into your application code, but what if I want to do the decryption locally as well, how do i get the private key out?
I am using keyVaultClient.GetKeyAsync()
but it only seems to contain the public key.
One of the issues I have with the in Azure decryption is that I can't replicate it in development environment without the developer having access to Azure. There does not seem to be an emulator for Azure Key Vault.
It looks like the only way to achieve what I want is by using Azure Key Vault Secret
and storing a PFX certificate containing public/private keys in it?