Why do you have it?
Azure Key Vault is a service that enables central management of secret data, including keys, secrets, and certificates. Within the key vault, they can be stored, managed and generated or imported.
- Enhanced security: Sensitive data are stored as secrets in the key vault, rather than being hardcoding in the application code. Further, with the key vault, secret management tasks are simplified and automated.
- Controlled access: Users and Applications can be authorized to access the key vault, which allow them to manage or use their own keys and secrets. Applications never have direct access to keys. See here to see details about the authorization flow.
By using Azure Key Vault, you can enhance the security of your applications and data. It simplifies secret management, and you are able to maintain better control over access to sensitive information within your infrastructure.
How to use it?
The Vault will be deployed by True Engineers. True will manage the vault instance itself. This means we can change settings and permissions on the resource level. Upon request, we could add/create an initial secret/certificate, together with one of your technicians, so you get familiar with the process. Although Secret management with Key vault is out of our services scope, True engineers are ready to help you out and advise on usage of the Vault.
Access rights can be granted to Users with read and write permissions or Applications through managed identities. Keep in mind that secrets and certificates are one of your main defense mechanisms and sharing them makes your application and data potentially vulnerable. Therefore, we highly advise you to gain knowledge on how to use this vault and how to manage secrets and certificates by yourself.
User access in the Azure Portal
- Navigate to your key vault in the Azure portal
- On the Key Vault settings pages, select Secrets.
- Choose the desired secret and its version.
- Select ‘Show Secret Value’, as shown below
See this instruction for more information.
Access in applications
Access secrets securely from your applications using Azure Key Vault SDKs or libraries available for your programming language. These SDKs enable authentication and retrieval of secrets. See here for a in-depth instruction.