Reputation: 3035
Azure Key-vault Encryption
We would like to make use of Azure Key vault for storing our sensitive key in azure key vault and make use of stored sensitive key for encrypting our string/plain text data before sending to service. Again Service will interact with Azure Key vault, retrieve sensitive key for decrypting encrypted string send by client. can any one throw some light on how to make use of azure key vault for above scenario.
Azure Key vault has built-in encryption method for encrypt the data, does it mean client has to sent data to azure key vault for encryption. Is it correct. If yes, is there roll over for every 30 minutes changes in Key used for encryption. sorry for asking very noob question
Upvotes: 1
Views: 882
Answers (1)
Reputation: 620
Regarding roll over, at this time Key Vault does not do auto-rollover of keys. The key vault owner must explicitly roll keys. You do this via the Add-AzureKeyVaultKey cmdlet or REST API, passing in the same key name as earlier. A new version is added to the key.
(More in-depth on how Azure Key vault works here: http://tomkerkhove.ghost.io/2015/07/22/securing-sensitive-data-with-azure-key-vault/)
Upvotes: 2
Related Questions
- Is Azure Key Vault appropriate to store encryption keys generated on client applications?
- Only allow encryption access for key in Azure Key Vault with Azure RBAC enabled
- Encrypting Client Secret for Azure Key Vault connection in application property file in springboot
- Decrypting and downloading 'encrypted azure blob' using azure key vault in C#
- Store MySQL Enterprise encryption key in Azure Key Vault
- Does Azure's Key Vault support symmetric key encryption?
- Azure Key vault vs Storage encryption
- Azure Key Vault RSA encryption with 2048 key - not supported?
- Azure Key Vault - Obtaining Encryption Passphrase