Any cloud application has a requirement of using passwords, certificates and keys for providing features of security like authentication. But it’s a challenge to safeguard and manage all these passwords, certificates and keys and use them with ease whenever required.
Generally it takes lot of coding effort for developers to protect these keys and use them in application, so it has been a long time demand of developer’s community for some external solution to store all these keys which will give ease of access as required.
Azure provides a solution to this problem with service Azure Key Vault.
Azure Key Vault
The Azure Key vault is a cryptographic key management service which uses physical computing device that manages digital keys for strong authentication. It is a service to secure keys and passwords used by cloud applications and services. The benefit of using Azure key vault for storing secure keys is, but will never able to see the actual content, rather can just use.
Or in other words, it enables you to manage encrypted keys, certificates and passwords by using keys that are protected by hardware security modules.
The keys which are stored in a vault can be invoked by URI when needed.
The Keys which are stored in key vault are safeguarded by Azure using hardware security modules.
Customers can import their own keys into Azure, and manage them.
Even if clients use multiple Azure services and resources, key vault enables to manage the keys from a single location in Azure.
What Services Azure Key Vault Support?
Once Key Vault is created by key vault owner, you will be able to perform following activities.
1. Create or import a key or secret such as password which gets used in applications, the one who creates becomes the key owner.
2. Delete a key or secret
3. Provide permissions to users or applications to access the key vault, so they can then manage or use its keys and secrets
4. Configure key usage for applications with key URI, generally this operation is performed by application owners.
5. Auditors can monitor key usage logs.
Key owners have full permissions to manage their keys, they can add, update, and delete keys as needed. Similarly Vault owner has full permissions to manage vault.
So based on the activities supported we can conclude that, different type of users perform different activities like managing keys, using keys in applications, review or monitor the usage logs.
Ways to create Azure Key Vault
Azure provides multiple ways to manage key vault including keys and secrets in vault.
1. Azure Portal
3. ARM Template
Health and Parenting Inspiring Stories Technology Microsoft Azure SharePoint O365