What is Azure Key Vault?
Azure Key Vault helps safeguard cryptographic keys and secrets used by cloud applications and services. By using Key Vault, you can encrypt keys and secrets (such as authentication keys, storage account keys, data encryption keys, .PFX files, and passwords) by using keys that are protected by hardware security modules (HSMs). For added assurance, you can import or generate keys in HSMs. If you choose to do this, Microsoft processes your keys in FIPS 140-2 Level 2 validated HSMs (hardware and firmware).
Key Vault streamlines the key management process and enables you to maintain control of keys that access and encrypt your data. Developers can create keys for development and testing in minutes, and then seamlessly migrate them to production keys. Security administrators can grant (and revoke) permission to keys, as needed.
Let’s see how to deploy and use it.
- Go to Marketplace >Security + Identity> Click on Key Vault
2. Give it a vault Name.
- Select the Subscription.
- Create a new resource group.
- Select the location.
- Select the Pricing tier option. (We are selecting the P1 Premium here)
You have two option here, either A1 Standard/P1 Premium. Both have geo availability feature but the premium is supported with HSM (Hardware Security Module) backed key support.
5. On the “Access policies” you have an option to create a policy from existing templates or you can create a custom policy by combining Key, Secret and Certificate permissions. Once it’s defined it can be tagged to principal.
6. Once the access policies are configured, the Advanced access policy become active and once you click on it you are allowed to enable direct access to the vault for Virtual machines, Resource manager and Azure disk encryption. Enabling this option will help you while you are automating the deployment as it can read from the Key Vault and get the credentials and encrypted keys.
7. Once selected the required options you can click on “Create” to deploy the key vault.
8. Now go to Key vaults resources from the left side blade. Then click on the vault that you created “RenKeyVault“. Then click on the Secrets tile to store a new key.
9. Click on Add on the Secrets page then add a new key by selecting the upload option as Manual.
That’s all for the Azure Key Vault.
Courtesy : Microsoft.com