Updated July 1, 2023
What is Microsoft Azure Key Vault?
Microsoft Azure Key Vault is a cloud-based service that stores the data or secret securely and can be accessed with that data and secret securely. This secret data can be anything to which the user wants to control access, such as passwords, TLS/SSL certificates or API keys, or cryptographic keys.
- Vaults: It has support to store software as well as HSM-backed keys along with secrets and certificates.
- Managed HSM Pools: This container has support only for HSM-backed keys.
How does Microsoft Azure Key Vault Work?
The below image shows the process of the Azure Key Vault.
- Vault Owner: The vault owner has full access to the Key vault and has control over the vault.
- Vault Consumer: Vault owners can grant access to the vault consumer so that the vault consumer can perform various actions depending on the access granted. Depending on the audit log, vault owners can know what the consumer is doing and are trustworthy.
- Secrets: This value can be a certificate or password. Consumers can read and store the values based on name and permission granted and store this data in HSM as a Key-Value pair.
- Keys: Consumers can use the keys for particular key operations like sign, encrypt, decrypt, verify, etc. Key vault handles all these operations as consumers can not read value. Keys are stored in two format
- Software Keys: These are cheap and less secure. This key uses Azure VMs to handle operations and is used for dev/test scenarios.
- HSM Keys: These are more secure and perform operations directly on HSM. These keys are expensive, and users need to use a Premier-tier vault.
- Authentication: The Azure key vault is highly secure with high-grade authentication and authorization as it integrates Azure Active Directory (AAD).
Each account will have a unique account ID, and Users with Azure subscriptions and Admin privileges can log in to Microsoft Azure to create a vault and store secret data.
How to Use Key Vault in Azure?
- Users should have valid usernames and passwords.
- Users should have Azure Subscription to create Azure Key Vault.
Steps using Azure Portal:
Create an Azure Key-Vault
Step 1: Login into the Azure Portal using the below URL:
Step 2: From the Azure portal home page, select the +Create a resource.
Step 3: In the Search field of Azure Marketplace, search for Key Vault and click on enter to open the Key Vault Create page.
Step 4: From the Key Vault page, select Create.
Step 5: On a Create Key Vault user need to enter the project details.
Step 6: Enter the details of the new bastion as below:
- Subscription: Select your subscribed plan from the drop-down list.
- Resource group: Select the resource group in which you want to create a bastion.
- Key Vault Name: Enter the unique name, and the vault name must be alphanumeric and should not start with a Number.
- Region: Select region/location from the down list.
- Pricing Tier: Select the Pricing tier from the drop-down list.
Step 7: Select Review+Create and click Create from the page to deploy the workspace.
Check the Deployment status on the Page till it moves to complete.
1. Add a Secret:
Step 1: Go to the recently created key vault in the Azure portal.
Step 2: Now select the Secrets from Settings of the left side section.
Step 3: Now Select General/Import from the top of the Secret page.
Step 4: Create a Secret page is opened. Fill out the form by entering Name, Value, and content type with activation and expiration date if required.
Step 5: Now click on the Create button from the bottom of the page.
Step 6: Verify that a new secret is added to the Vault.
2. Show the Secret
Step 1: Select a newly added secret from the Secret list.
Step 2: Select the current version of the Secret from the list.
Step 3: Now, from the page, select Show Secret Value.
Step 4: Verify newly added Secret value is correctly shown in the vault.
Uses of Azure Key Vaults
- It can securely store and provide control access to passwords, certificates, tokens, API keys, or other secrets hence has Secret Management.
- It is easy to create and provide control over encrypted keys used to encrypt data.
- It has support to manage and deploy TLS/SSL layer certificates.
- As it is in Azure Cloud, Key Vault can be easily integrated with other Azure Services like Azure App Service, Azure Disk Encryption, etc.
- It has centralized storage of application secrets, allowing users to control distribution.
In conclusion, users can use Azure Key Vault service to store data and also get benefitted from other Azure services as it is easy to integrate. Once users have created Key Vault, he/she can start using Azure to store keys and their values/secrets.
This is a guide to Azure Key Vault. Here we discuss what is Microsoft Azure key vault, its working, its uses, and steps to use. You can also go through our other related articles to learn more –