Reputation: 5075
Azure KeyVault with Key Rotation
Our application doesn't use keyvault until now. We are thinking of using Azure KeyVault to enforce security for keys, secrets and certificates. I read microsoft documentation on this Link. It's not clear that Azure KeyVault works with identity providers other than Azure AD. Because we are not using Azure AD but we are using Azure app service and storage account. we also want to implement key rotation with 1 hour expiry.
My questions are
Should the web app be registered with Azure AD to use KeyVault ?
While creating an
azure keyvaulti didn't see any option about key rotation. Am i looking in the wrong place?Any sample code would be helpful.
Upvotes: 1
Views: 2462
Answers (1)
Reputation: 27578
When you create a key vault in an Azure subscription, it is automatically associated with the subscription's Azure Active Directory tenant. All callers (users and applications) must be registered in this tenant to access this key vault. That means to access the keys and secrets stored inside the key vault, the requesting applications have to be added in Azure active directory and it also needs to have permissions to read keys and secrets in azure key vault.
Related tutorials below are for your reference :
- Get started with Azure Key Vault
- How to set up Key Vault with end to end key rotation and auditing - This walks through how to set up key rotation and auditing with Azure Key Vault.
- Azure Key Vault Developer's Guide
- Use Azure Key Vault from a Web Application
Upvotes: 2
Related Questions
- Azure key vault license
- Azure Key vault basic
- Managing the rotation of Azure storage account keys with Azure Function and Key Vault
- Rotate Secrets using Azure Key VAult
- Azure API Management with Key Rotation
- Azure Managed Storage account keys
- Azure Key Vault Protecting Certificate
- How to handle key rotations in azure key vault
- Azure KeyVault key rotation
- Azure Key-vault Encryption