What is Microsoft Azure Key Vault?
A cloud-based service called Microsoft Azure Key Vault stores confidential information securely and allows for secure access to it. Passwords, TLS/SSL certificates, API keys, cryptographic keys, and other items to which the user wishes to restrict access can all be part of this secret data.
- Vaults: It offers the ability to store software, HSM-backed keys, secrets, and certificates.
- Managed HSM Pools: Only HSM-backed keys are supported by this container.
How does Microsoft Azure Key Vault Work?
- Vault Owner: The vault owner is in complete control of the vault and has access to the Key vault.
- Vault Consumer: Depending on the access granted, vault owners can give the vault consumer access to perform a variety of tasks. Vault owners can be trusted because they have access to the audit log and can see what the consumer is doing.
- Secrets: This value may be either a password or a certificate. Based on the name and permissions granted, consumers can read and store the values, and this information is stored in HSM as a Key-Value pair.
- Keys: Consumers can use the keys for specific key operations such as signing, encrypting, decrypting, verifying, etc. Because consumers cannot read value, Key Vault handles all these operations. Two formats are used to store keys.
- Software keys: Software keys are less secure and less expensive. This key is used for development and testing scenarios and is handled by Azure VMs.
- HSM Keys: These operate directly on the HSM and are more secure.
- Note: The user must use a Premier-tier vault because these keys are expensive.
- Authentication: Because Azure Active Directory (AAD) is integrated, the Azure key vault has high-grade authentication and authorization.
Note. Users with Azure subscriptions and administrative rights can sign into Microsoft Azure to create vaults and store confidential information. Each account will have a distinct account ID.