Managing and Storing Secrets:Azure Vault.🙆

Hiding:The Secrets

Featured image

As we deploy our production to the cloud, we need to be very consious about the sensitive informations eg:- passwords,encryption keys and certificates, which needs to be available to function. Apart from authorised use case, one should take care for unauthorised access.

Hence, comes the Azure Key Vault

What is Azure key vault?

Azure Key Vault is a centrilized cloud service for securely storing and accessing secrets.Hold on what does Secret means? it could be anythings that one want to tightly control access to eg- API keys, passwords, certificates.

Key value services supports 2 types of containers:-

  1. Vaults : Support storing software and HSM-backed keys,secrets and certificates.
  2. Managed Hardware Security Modules (HSM) pool : Only supports HSM-backed keys.

Features of Azure Vault :-

  1. Manage Secrets

    Azure Vault is used to store and tightly control access to tokens, passwords, certificates, API keys etc.

  2. Manage Encryption Key :-

    It can be used as a key management solution, key vault makes it easier to create and control the encryption keys that are used to encrypt your data.

  3. Manage SSL/TLS certificates :-

    Key vault enables you to provide,manage and deploy your public and private Secure Sockets layer/Transport Layer Security (SSL/TLS) certificates for both our Azure resources and your internal resources.

  4. Store secrets backed by hardware security modules (HSMs) :-

    These secrets and keys can be protected either by software or by FIPS 140-2 level 2 validated HSMs.

Benifits of Azure Key Vault :-

  1. Centralized application secrets

  2. Securely stored secrets and keys

  3. Access monitoring and Access control

  4. Simplified administration of Application secrets

  5. Integration with other Azure services

Hands on

Let’s learn how to add password to Azure Key Vault. Password falls under the category of sesitive information

Ways to add secrets to and read secrets from Key Vault.

  1. Using Azure Portal
  2. Azure CLI
  3. Azure Powershell

Azure CLI is a way to work with Azure resources from the command line or from scripts.

Cloud Shell is a browser-based shell experience to manage and develop Azure resources.An interactive shell that runs in the cloud.

Creating a Key Vault :-

Steps :-

Azure Portal

Azure Resource

Search Key vault

Settings Value
Project Details
Subscription Concierge Subscription
Resource group [sandbox resource group name]
Instance details
Key vault name my-keyvault-NNN where NNN is a unique identifier

details Key vault

details key vault

key vault

details

details

details

here, will appear some details about your key vault eg, Vault URI field shows the URI that your application can use to access your vault from the REST API.

details

Adding a password to the key vault

Secrets

Secrets Secrets

Fill these details accordingly :-

Settings Value
Upload Options Manual
Name MyPassword
Value hVFkk96

Accept the remaining settings at their default values.Notice that you can specify properties such as the activation date and the expiration date.You can also disable access to the secret.

Showing the Password

There are the 2 ways to access password from the Key Vault i.e

  1. from Azure portal
  2. Azure CLI

Being a linux distro user and Die hard fan of CLI, here I am gonna use Azure CLI to fetch password from Azure vault.

**** replace this with your here for eg my case it's _my-keyvault-0402_

password

Output :-

hVFkk96

JSON View

Resource JSON

Cleaning Up

The sandbox automatically cleans up your resources when you’re finished with this module.

When you’re working in your own subscription, it’s a good idea at the end of a project to identify whether you still need the resources you created. Resources left running can cost you money. You can delete resources individually or delete the resource group to delete the entire set of resources.