Microsoft Azure Key Vault is a cloud-hosted management service that allows users to encrypt keys and small secrets by using keys that are protected by hardware security modules (HSMs).
Vault: you can have multiple vaults in multiple geographic areas. Each vault consists of a collection of cryptographic keys and cryptographically protected data. You can think of them as folders in the file system. These folders contain sensitive information and group together logical entities. All keys and secrets relevant to a specific application are bundled together
Keys: these are cryptographic keys. Azure Key Vault currently only supports asymmetric keys (RSA 2048). The keys can be either standard (Software Protected) or Hardware Security Module(HSM) protected. Software-protected keys also benefit from HSM protection when stored and, in effect, offer the same assurances such as isolation
Secrets: Small secrets are data less than 10 KB like passwords and .PFX files. An HSM is a secure, tamper-resistant piece of hardware that stores cryptographic keys. Keys can also be imported or generated in HSMs that have been certified to FIPS 140-2 level 2 standards
There’s a set of operations that can be performed on key objects:
- List versions
Getting Started with Azure Key Vault
Log in to Azure
If you don’t have Azure CLI please install from this location Install Azure CLI
# To list locations: az account list-locations –output table
az group create –name “YourResourceGroupName” –location “West US”
az group create –name AadicsDemo1 –location eastasia
Note : To list locations: az account list-locations –output table
az keyvault create –name “<YourKeyVaultName>” –resource-group “<YourResourceGroupName>” –location “West US”
az keyvault create –name AadicsKeyValue –resource-group AadicsDemo1 –location eastasia
Add a secret to the key vault
az keyvault secret set –vault-name “<YourKeyVaultName>” –name “AppSecret” –value “MySecret”
az keyvault secret set –vault-name AadicsKeyValue –name DemoAppSecret –value “MySecret1000”
To view the value that’s contained in the secret as plain text
az keyvault secret show –name “AppSecret” –vault-name “<YourKeyVaultName>”
az keyvault secret show –name DemoAppSecret –vault-name AadicsKeyValue
To Open in interactive mode –az interactive
Some of the important commands
- az group create –> Create a new resource group.
- az group delete –> Delete a resource group.
- az group deployment –> Manage Azure Resource Manager deployments.
- az group deployment create –> Start a deployment.
- az group deployment delete –> Deletes a deployment from the deployment history.
- az group deployment export –> Export the template used for a deployment.
- az group deployment list –> Get all the deployments for a resource group.
- az group deployment operation –> Manage deployment operations.
- az group deployment operation list –> Gets all deployments operations for a deployment.
- az group deployment operation show –> Get a deployments operation.
- az group deployment show –> Gets a deployment.
- az group deployment validate –> Validate whether a template is syntactically correct.
- az group deployment wait –> Place the CLI in a waiting state until a deployment condition is met.
- az group exists –> Check if a resource group exists.
- az group export –> Captures a resource group as a template.
- az group list –> List resource groups.
- az group lock –> Manage Azure resource group locks.
- az group lock create –> Create a resource group lock.
- az group lock delete –> Delete a resource group lock.
- az group lock list –> List lock information in the resource-group.
- az group lock show –> Show the details of a resource group lock.
- az group lock update –> Update a resource group lock.
- az group show –> Gets a resource group.
- az group update –> Update a resource group.
- az group wait –> Place the CLI in a waiting state until a condition of the resource group is met.