Azure Key Vault – Best Practices
Key Vault – A cloud service to store passwords, certificates, keys etc. Make sure its very secure.
Tips – Use Multiple Vaults to separate your key areas, Backup the vault, set logging and alerts, and use soft delete
How to create a key vault
GUI – Key Vaults > Add
Azure CLI
https://docs.microsoft.com/en-us/azure/key-vault/secrets/quick-create-cli
Create a Resource Group
az group create –name “labstudy2020kv” –location uksouth
Result
Create a Key Vault in the Resource Group
az keyvault create –name “labstudy2020Vault” –resource-group “labstudy2020kv” –location uksouth
Result
Add a secret to your key vault info
az keyvault secret set --vault-name "labstudy2020Vault" --name "ExamplePassword" --value "ReallyComplexPassword"
Next step, create a Role which can access the vault. Microsoft Example Info
Give a service principal access to your key vault
az keyvault set-policy -n labstudy2020Vault –spn <clientId-of-your-service-principal> –secret-permissions list get set delete purge
To remove the resource group example
az group delete –name labstudy2020kv
Additional Reference Meterial
Use Azure Key Vault to pass secure parameter value during deployment
- Grant access to the secrets
- Reference secrets with static ID
- Reference secrets with dynamic ID