Reputation: 345
How to renew a key shared between 2 different applications for encryption/decryption?
So I have 2 applications. Application 1 will encrypt some data and send it to application 2.
The key is stored in a Azure key vault. My question is how roll a new key for example every 6 months or 1 year? I could allow a grace period from application 2 for 2 minutes for example to decrypt using both the older key and the new one.
Note that these 2 applications are cloud services, so they are more than 1 machine, and could be scaled up/down.
Upvotes: 0
Views: 52
Answers (1)
Reputation: 21698
As I understood the question, you need to send encrypted data from one application and decrypt that in another application using same key. And the stored key need to be renewed automatically after a period of time which is stored in Azure vault.
While generating the key you can create a tokem which have expire date using SAML or other technologies and store the same in Vault. Also you need to write a program which have capability of creating token and can replace the token once it expired in vault.
There are many ways you can do it like SAML (https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language)
You can look into my git repo for using SAML for token generation and using. it doest not have token replace logic but you can do that once you will exception saying the token is expired.
https://github.com/aniruddhadas9/docusign-saml-assertion-authentication
Upvotes: 1
Related Questions
- Moving Certificate from Keyvault to another Keyvault in a diffrent subscription
- Token Refresh to Azure KeyVault Access
- Is there a way to regenerate the secret used to access a Key Vault?
- KeyVault certificate renew RSA key pair
- App Service Certificate - how to change key vault?
- Azure Key Vault - How to update the secrets
- How to manage Azure App Service Certificate
- Renewing - Azure App Service SSL Certificate
- Changing Encryption Key for Azure Data Lake Store
- Azure KeyVault key rotation