For me, I have distributable console app to users. Instead of hard-coding the connection strings in the application, I moved those to Key Vault and created the ClientCredentials.
Interactive-user-login or certificate in AAD are not in my options as I do not have admin privileges to consent the API permissions at this moment.
Question, might look like duplicate, where do I keep the key (ClientCreds) to the lock (KeyVault)? Obviously lock 'n' key in place does not do any good.
Note that, even if I hardcode in the console app, it can be reversed by any decompiler. Please assist here.
You've asked the impossible question, but I believe you've made a mistake. AKV access policies require a token but do not need consent to APIs. You can do interactive login without API consent to get an access token for Key Vault.