user145610
user145610

Reputation: 3035

Azure Key-vault Encryption

We would like to make use of Azure Key vault for storing our sensitive key in azure key vault and make use of stored sensitive key for encrypting our string/plain text data before sending to service. Again Service will interact with Azure Key vault, retrieve sensitive key for decrypting encrypted string send by client. can any one throw some light on how to make use of azure key vault for above scenario.

Azure Key vault has built-in encryption method for encrypt the data, does it mean client has to sent data to azure key vault for encryption. Is it correct. If yes, is there roll over for every 30 minutes changes in Key used for encryption. sorry for asking very noob question

Upvotes: 1

Views: 882

Answers (1)

Indigo8
Indigo8

Reputation: 620

Regarding roll over, at this time Key Vault does not do auto-rollover of keys. The key vault owner must explicitly roll keys. You do this via the Add-AzureKeyVaultKey cmdlet or REST API, passing in the same key name as earlier. A new version is added to the key.

(More in-depth on how Azure Key vault works here: http://tomkerkhove.ghost.io/2015/07/22/securing-sensitive-data-with-azure-key-vault/)

Upvotes: 2

Related Questions