Azure key vault
In this article, we will see how can we use one of the services in Azure called Azure Key Vault,
Azure key vault service helps with centralization and protection of,
Secrets are backed by HSM ( Hardware Security Model) A hardware security module (HSM) is a physical computing device that safeguards and manages digital keys for strong authentication and provides crypto processing. These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a computer or network server.
How safe is storing sensitive information in the azure key vault:
Storing the information in the database and HSM is very different. The data doesn’t simply stay in the file on your server. This information is stored in a hardware device that contains features like auditing, tamper-proofing, encryption, etc. Microsoft Azure with the help of azure key vault provides an interface that can access the HSM.
A most common scenario includes storing connection string in the key vault using which we are storing it as the secret key.
Another scenario when you have the same connection string which is used in different services of azure for example if function app, web app, and data factory want to use the same connection string, in that case, we can use centralized secrets to store this information.
Some of its additional features include,
1) Firewall setting enabling for only authorized access through network configuration
2) Auditing of access
3) Integration with Azure active directory is possible
4) Replication of key vault content is possible
We will see an example of creating a secret and retrieving it with the help of logic app below are steps to perform the activity,
Step 1) Create a key vault
Go to Azure portal -> All Services -> Azure key vault -> Create New
You will see below the screen to create a key vault includes resource group selection, key vault name, and other information,
On next screen, you will see information related to accessing policies where you can users whom you want to give access to this key vault additionally some other options are there includes azure VM for deployment, ARM template deployment, Azure disk encryption once any of this option is enabled you can use key vault in that facility.
Step 2: Add some secret in the created vault
Step 3: Create a logic app with an HTTP trigger and add key vault step
Here as you see you need to give key vault name and sign in into your account to verify access.
Once account is verified created secretes will be displayed in the dropdown then you can select any of them and run the created app you will get the value of your secret,
Thank You, See you in the next article !!
You can reach out to me here,