Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Azure key vault

Talk given at Alt.Net Sydney https://www.meetup.com/Sydney-Alt-Net/events/236864792/

  • Login to see the comments

Azure key vault

  1. 1. Getting Started with Rahul P Nath Azure Key Vault
  2. 2. Azure Key Vault Cloud hosted, HSM(Hardware Security Modules)- backed service for managing cryptographic keys and other secrets
  3. 3. Azure Key Vault • Container of Objects • Cost is per Object operations $0.03 / 10,000 operations http://bit.ly/keyvaultpricing
  4. 4. Objects • Keys, Secrets and Certificates • Identifier https://{keyvault-name}.vault.azure.net/{object-type}/{object-name}/{object-version}
  5. 5. Keys • RSA Keys (asymmetric public-private key cryptosystem) https://mytestvault.vault.azure.net/keys/mytestkey/cfedea84815e4ca8bc19cf8eb943ee13
  6. 6. Secrets • Octet sequences with no semantics • Connection Strings, Passwords etc. https://mytestvault.vault.azure.net/secrets/mytestsecret/dcerea54614e4ca7ge14cf2eb943dd45
  7. 7. Certificates • Import Existing Certificates, Self-signed or Enrol from Public Certificate Authority (DigiCert, GlobalSign and WoSign) https://mytestvault.vault.azure.net/certificates/mycertificate/cfedea84815e4ca8bc19cf8eb943ee13
  8. 8. Typical Application Scenario • Web Application, connects to a Database • Connection String is in configuration file
  9. 9. Problems • Security • Maintenance
  10. 10. How Key Vault Fits in? • Cloud Hosted • Accessible over Web API
  11. 11. Demo • Create Key Vault and Secret
  12. 12. Key Vault Authentication • Azure Active Directory (AD) Application • Access Policies • Authenticate using Certificate or Secret
  13. 13. Demo • Create Key Vault and Secret • Create Azure AD Application • Consuming Secret
  14. 14. Key Vault and Development Cycle • Externalize into configuration Vault Url https://{keyvault-name}.vault.azure.net Value /{object-type}/{object-name}/{object-version} • Sensitive information is managed separately
  15. 15. Thank You @rahulpnath http://www.rahulpnath.com

×