Menu
All of the data encryption/decryption examples I have seen with Azure key Vault do the encryption locally and decryption within Azure itself by using the keyVaultClient.DecryptAsync() method.
I understand that this is more secure as the private key never leaves Azure and leaks into your application code, but what if I want to do the decryption locally as well, how do i get the private key out?
I am using keyVaultClient.GetKeyAsync() but it only seems to contain the public key.
One of the issues I have with the in Azure decryption is that I can't replicate it in development environment without the developer having access to Azure. There does not seem to be an emulator for Azure Key Vault.
It looks like the only way to achieve what I want is by using Azure Key Vault Secret and storing a PFX certificate containing public/private keys in it?
605
You can now reference this key that you added to Azure Key Vault by using its URI. Use https://<your-unique-keyvault-name>.vault.azure.net/keys/ExampleKey to get the current version. Now, you have created a Key Vault, stored a key, and retrieved it.
secrets. aio import SecretClient credential = DefaultAzureCredential() # call close when the client and credential are no longer needed client = SecretClient(vault_url="https://my-key-vault.vault.azure.net/", credential=credential) ... await client. close() await credential.
Sorry, no.
Azure Key Vault does not support EXPORT operations: once a key is provisioned in the system it cannot be extracted or its key material modified.
You can do BACKUP, but all that's good for is a restore to Azure. You can't use it anywhere else.
76
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
