DEV Community

Cover image for Key Vault | Azure
Ibrahim S
Ibrahim S

Posted on

1 1

Key Vault | Azure

#ibbus #keyvault #azurekeyvault #encryptsecret

๐Ÿ”น ๐—”๐˜‡๐˜‚๐—ฟ๐—ฒ ๐—ž๐—ฒ๐˜† ๐—ฉ๐—ฎ๐˜‚๐—น๐˜ is a cloud-based service that securely stores and manages cryptographic keys, certificates, and secrets. You can use it to protect and access sensitive data from your applications.

๐—ฆ๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ฒ๐—น๐˜† ๐˜€๐˜๐—ผ๐—ฟ๐—ฒ ๐—ฎ๐—ป๐—ฑ ๐—บ๐—ฎ๐—ป๐—ฎ๐—ด๐—ฒ ๐˜€๐—ฒ๐—ป๐˜€๐—ถ๐˜๐—ถ๐˜ƒ๐—ฒ ๐—ถ๐—ป๐—ณ๐—ผ๐—ฟ๐—บ๐—ฎ๐˜๐—ถ๐—ผ๐—ป ๐˜€๐˜‚๐—ฐ๐—ต ๐—ฎ๐˜€ ๐—ธ๐—ฒ๐˜†๐˜€, ๐—ฝ๐—ฎ๐˜€๐˜€๐˜„๐—ผ๐—ฟ๐—ฑ๐˜€, ๐—ฐ๐—ฒ๐—ฟ๐˜๐—ถ๐—ณ๐—ถ๐—ฐ๐—ฎ๐˜๐—ฒ๐˜€, ๐—ฒ๐˜๐—ฐ...

๐Ÿ”น Azure Key Vault also offers a free tier that includes a limited number of monthly requests and storage. This free tier lets organizations try Azure Key Vault before committing to a paid subscription.

โœ… ๐—ฆ๐—ฒ๐—ฐ๐—ฟ๐—ฒ๐˜ ๐—บ๐—ฎ๐—ป๐—ฎ๐—ด๐—ฒ๐—บ๐—ฒ๐—ป๐˜: Securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets.

โœ… ๐—ž๐—ฒ๐˜† ๐—บ๐—ฎ๐—ป๐—ฎ๐—ด๐—ฒ๐—บ๐—ฒ๐—ป๐˜: Create and control encryption keys that encrypt your data.

โœ… ๐—–๐—ฒ๐—ฟ๐˜๐—ถ๐—ณ๐—ถ๐—ฐ๐—ฎ๐˜๐—ฒ ๐—บ๐—ฎ๐—ป๐—ฎ๐—ด๐—ฒ๐—บ๐—ฒ๐—ป๐˜: Provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with Azure and your internal connected resources.

๐Ÿ”น Enable storing and managing key and password data for applications without directly giving them access to key data.

๐Ÿ”น Provides key storage and management platform for both on-premises and cloud-based apps and services.

๐Ÿ”น Hardware security modules are ๐—ฝ๐—ต๐˜†๐˜€๐—ถ๐—ฐ๐—ฎ๐—น ๐—ฑ๐—ฒ๐˜ƒ๐—ถ๐—ฐ๐—ฒ๐˜€ ๐˜๐—ต๐—ฎ๐˜ ๐—ฎ๐—ฟ๐—ฒ ๐˜‚๐˜€๐—ฒ๐—ฑ for protecting and managing keys.

There are two different levels of management
1๏ธโƒฃ Managing the Key Vault itself.
2๏ธโƒฃ Access to the data contained in the KeyVault.

โœ… Authentication โžก This is needed to identify the caller for operations.
โœ… Authorisation โžก Once a caller is identified, authorization is used to determine what operations the caller can perform.

๐Ÿ”น Azure Active Directory is used to ๐—ฎ๐˜‚๐˜๐—ต๐—ฒ๐—ป๐˜๐—ถ๐—ฐ๐—ฎ๐˜๐—ฒ ๐˜‚๐˜€๐—ฒ๐—ฟ๐˜€ ๐—ฎ๐—ป๐—ฑ ๐—ฎ๐—ฝ๐—ฝ๐—น๐—ถ๐—ฐ๐—ฎ๐˜๐—ถ๐—ผ๐—ป๐˜€ which try to access the vault. This authentication is performed by the AAD tenant that the Key Vault is a part of.

๐Ÿ”น Management operations are ๐—ฐ๐—ผ๐—ป๐˜๐—ฟ๐—ผ๐—น๐—น๐—ฒ๐—ฑ ๐—ฏ๐˜† ๐—ฅ๐—•๐—”๐—–. Creation and management are all controlled by RBAC roles. The storing and retrieving of secrets is managed via access policies.

๐Ÿ”น These access policies are assigned at certain scopes. You can assign an ๐—ฎ๐—ฐ๐—ฐ๐—ฒ๐˜€๐˜€ ๐—ฝ๐—ผ๐—น๐—ถ๐—ฐ๐˜† where a user can, e.g., ๐—ด๐—ฒ๐˜, ๐—น๐—ถ๐˜€๐˜, ๐—ฐ๐—ฟ๐—ฒ๐—ฎ๐˜๐—ฒ, ๐˜‚๐—ฝ๐—ฑ๐—ฎ๐˜๐—ฒ, ๐—ฎ๐—ป๐—ฑ ๐—ฑ๐—ฒ๐—ฐ๐—ฟ๐˜†๐—ฝ๐˜ ๐—ธ๐—ฒ๐˜†๐˜€. Similarly, there are specific copes for managing secrets and certificates.

More Azure Key Vault HandsOn || Key Vault Integration with AKS โ€” Azure ||

Implemented the Azure Key Vault integration with AKS ๐Ÿ‘†๐Ÿ‘†๐Ÿ‘†

profile
Sentry
 Promoted

Sentry image

See why 4M developers consider Sentry, โ€œnot bad.โ€

Fixing code doesnโ€™t have to be the worst part of your day. Learn how Sentry can help.

Learn more

Top comments (0)

profile
Sentry
 Promoted

Sentry image

See why 4M developers consider Sentry, โ€œnot bad.โ€

Fixing code doesnโ€™t have to be the worst part of your day. Learn how Sentry can help.

Learn more

Read next

caerlower profile image

ROFL: Unlocking Secure Off-Chain Computation with Oasis Network

Manav -

kaviya_1929 profile image

LEARNING HTML-3

Kaviya R -

deepikajagdeesh profile image

Data Science vs Machine Learning vs AI

Deepika Jagdeesh -

okerew profile image

Implemented a proper embedding system into the neural web architecture with the custom vocabulary support

Okerew -