The Azure KeyVault Service is where you store certificate keys, passwords and more instead of having them stored within your application.
Reducing the chance that application secrets can be leaked is always a good thing, don’t store things like access key’s and usernames and passwords in your application config files etc. – Azure Key Vault is where you will want to store these types of secrets.
Here is a quick list of things you can use Azure Key Vault for:-
- Certificate Management
- Secret Management
- Key Management
A good example of ways to improve existing code is say you have a connection string to SQL Server and you have hardcoded this connection string to use the username and password of an account to gain access to the data held within your SQL Database (back in the day this was fairly common), even encrypting the connection string isn’t as secure as it could be. Changing the code to store the connection string inside Azure Key Vault is one idea (there are a few available), this way you can lock down who can see the connection string, so that people wont be able to get access to the database unless they have the rights to read the connection string from Azure Key Vault (this is just a very simple example).
Other useful things you can use Azure Key Vault for is to create and therefor control encryption keys, instead of doing this manually you can leverage Azure Key Vault functionality to do this on your behalf, and you can also provision and manage SSL Certificates which is extremely useful.
With Azure Key Vault you can control access to the Vault using policies. This means you decide who can do things like read, write, edit secrets and keys stored within the KeyVault.
Azure Key Vault can be integrated with a number of services including: –
- Sql Server
- Azure Functions
- Azure Web Apps and many more
To read more about Azure Key Vault here is a link to the official documentation.