In addition, Azure Key Vaults allow you to segregate application secrets. Automating certain tasks on certificates that you purchase from Public CAs, such as enrollment and renewal.Providing standard Azure administration options via the portal, Azure CLI and PowerShell.Data replication ensures high availability and takes away the need of any action from the administrator to trigger the failover. Replicating the contents of your Key Vault within a region and to a secondary region.Scaling up on short notice to meet your organization's usage spikes.Removing the need for in-house knowledge of Hardware Security Modules.Azure Key Vault simplifies the process of meeting these requirements by: Security information must be secured, it must follow a life cycle, and it must be highly available. When storing valuable data, you must take several steps. Simplified administration of application secrets You have control over your logs and you may secure them by restricting access and you may also delete logs that you no longer need. You can monitor activity by enabling logging for your vaults. Once you have created a couple of Key Vaults, you will want to monitor how and when your keys and secrets are being accessed. You can use nCipher tools to move a key from your HSM to Azure Key Vault.įinally, Azure Key Vault is designed so that Microsoft does not see or extract your data. Azure Key Vault uses nCipher HSMs, which are Federal Information Processing Standards (FIPS) 140-2 Level 2 validated. For situations where you require added assurance, you can import or generate keys in HSMs that never leave the HSM boundary.
Software-protected keys, secrets, and certificates are safeguarded by Azure, using industry-standard algorithms and key lengths. Azure RBAC can be used for both management of the vaults and access data stored in a vault, while key vault access policy can only be used when attempting to access data stored in a vault.Īzure Key Vaults may be either software-protected or, with the Azure Key Vault Premium tier, hardware-protected by hardware security modules (HSMs). Authorization may be done via Azure role-based access control (Azure RBAC) or Key Vault access policy. Authentication establishes the identity of the caller, while authorization determines the operations that they are allowed to perform.Īuthentication is done via Azure Active Directory. Securely store secrets and keysĪccess to a key vault requires proper authentication and authorization before a caller (user or application) can get access.
There is no need to write custom code to protect any of the secret information stored in Key Vault. These URIs allow the applications to retrieve specific versions of a secret. Your applications can securely access the information they need by using URIs.
Instead of storing the connection string in the app's code, you can store it securely in Key Vault. For example, an application may need to connect to a database. Not having to store security information in applications eliminates the need to make this information part of the code. When using Key Vault, application developers no longer need to store security information in their application. Key Vault greatly reduces the chances that secrets may be accidentally leaked. Why use Azure Key Vault? Centralize application secretsĬentralizing storage of application secrets in Azure Key Vault allows you to control their distribution. To see a comparison between the Standard and Premium tiers, see the Azure Key Vault pricing page.
Certificate Management - Azure Key Vault lets you easily provision, manage, and deploy public and private Transport Layer Security/Secure Sockets Layer (TLS/SSL) certificates for use with Azure and your internal connected resources.Īzure Key Vault has two service tiers: Standard, which encrypts with a software key, and a Premium tier, which includes hardware security module(HSM)-protected keys.Azure Key Vault makes it easy to create and control the encryption keys used to encrypt your data. Key Management - Azure Key Vault can be used as a Key Management solution.Secrets Management - Azure Key Vault can be used to Securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets.
Azure Key Vault helps solve the following problems: