Menu
I'm new to azure cloud services platform. Today i came across the Key-Vault storage service provided by azure. It has the ability to store application level keys and settings. It is safe and secure with enhanced data protection.
But what i'm not clearly getting is to connect to Key-Vault i need the artifacts of my Key-Vault stored in my application config.
If that is the case when someone eves-drop on the key values will he not connect to my Key-Vault and read all my keys.
If I should encrypt my local Key-Vault settings then I can encrypt the keys which i store in Vault as well right?. What is the purpose of Key-Vault?.
390
Besides being able to authenticate with client certificates which can be stored in secure stores as opposed to plain passwords, the other point is that Keyvault works as a cryptography oracle. It stores your keys and never releases them. When you want to perform cryptographic operations (encrypt, decrypt, etc.) you send your data to Keyvault, as opposed to getting the key from it. This ensures that even if an attacker (or even an admin) has temporary access to your whole infrastructure, he only has access to your data for a limited time and can never get your actual keys. Another benefit is that any access can be properly audited.
142
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
