Loading...
Page 1 of 2
Azure KeyVault is a secure vault storage (cloud service) designed to manage keys, secrets, and certificates.
Types of Keys (Storage)
- Keys: Azure VM disk encryption keys
- Secrets: Application secrets such as database passwords and admin credentials
- Certificates: (Content missing, please review)
Scenario #1
Diagram: Application secrets stored in KeyVault
flowchart LR
DB[Database] --> WEB[Web App]
WEB --> KV[KeyVault]
KV --> WEB
Disadvantages
- Linux X:
Linux X→ Limited Linux support - Key Visibility: Keys can still be visible in the Azure portal
- Version Dependency: Requires specific Azure versions
KeyVault Features
- Firewall
- Azure Active Directory Integration
- Auditing
- Replication & Scaling
Page 2 of 2
Authentication Methods
Authentication to Azure KeyVault can be done via:
- Managed Identities
- Service Principal & Certificate
- Service Principal & Secret
Supported Modes:
- System Managed:
- Windows credentials
- Deployed on Azure:
- Provides its identity to KeyVault access policy
Authorization
Authorization is managed by:
- Access Policies
- (Content missing, please review)
References & Related Topics
- Azure Active Directory Integration
- Key Management Best Practices
- Cloud Security Solutions
- Microsoft Azure Documentation on KeyVault