Monday, November 21, 2016

Azure Key Vault





Security "bootstrapping" requires a reliable starting point.
When we "hide" one key by another key, the security is shifted to that second key.
Question is how to make the "base" key very secure?

In case of Azure Key Vault this is based on hardware encryption,
and then is leveraging PKI and Azure AD to propagate "secrets" to authorized Apps.

Key Vault Documentation | Microsoft Docs

What is Azure Key Vault? | Microsoft Docs
"Azure Key Vault helps safeguard cryptographic keys and secrets used by cloud applications and services. By using Key Vault, you can encrypt keys and secrets (such as authentication keys, storage account keys, data encryption keys, .PFX files, and passwords) by using keys that are protected by hardware security modules (HSMs). For added assurance, you can import or generate keys in HSMs. If you choose to do this, Microsoft processes your keys in FIPS 140-2 Level 2 validated HSMs (hardware and firmware)."

Azure Podcast: Episode 153 - Key Vault

The Official Azure Key Vault Team Blog – Your official source for all the latest news and tech tips for Microsoft Azure Key Vault and enlightened workloads.

Msdn forums - Azure Key Vault


No comments: