What Is Key Vault?
Okay now, what is the key vault?
First off, it is indeed a vault, a vault that you contain keys and secrets inside of, and it’s in the cloud, and then it is reachable from all your virtual machines.It can use a hardware security module, or an HSM. That means that in the cloud side of this everything is protected via hardware, a very hardened system.
Let’s go in what we mean about keys and secrets. Let’s start off with keys. You have encryption keys in here that can be contained, key encryption keys, certificate files. And then our secrets, there are quite a few of these. We can store our passwords inside of here. We can have secrets for applications. So one of the uses of the key vault is securing applications and authenticating one application to another. An encryption key secret is not the encryption key itself; it’s a secret to unlock the encryption key. Now, what is required to use the key vault? Well, we need the Azure Active Directory.
Let me show you this graphic right here. This is going to be the basic model for our key vault. Now, notice over here we have an application. Let me explain what that application does. This application has to be registered in the Active Directory and given permissions to the key vault itself. And the permissions are stuff like encrypt, decrypt, sign, verify, the actual key tasks or the tasks that the key does themselves. We don’t have a person doing it; we have an application doing it.
First off, it is indeed a vault, a vault that you contain keys and secrets inside of, and it’s in the cloud, and then it is reachable from all your virtual machines.It can use a hardware security module, or an HSM. That means that in the cloud side of this everything is protected via hardware, a very hardened system.
Let’s go in what we mean about keys and secrets. Let’s start off with keys. You have encryption keys in here that can be contained, key encryption keys, certificate files. And then our secrets, there are quite a few of these. We can store our passwords inside of here. We can have secrets for applications. So one of the uses of the key vault is securing applications and authenticating one application to another. An encryption key secret is not the encryption key itself; it’s a secret to unlock the encryption key. Now, what is required to use the key vault? Well, we need the Azure Active Directory.
Let me show you this graphic right here. This is going to be the basic model for our key vault. Now, notice over here we have an application. Let me explain what that application does. This application has to be registered in the Active Directory and given permissions to the key vault itself. And the permissions are stuff like encrypt, decrypt, sign, verify, the actual key tasks or the tasks that the key does themselves. We don’t have a person doing it; we have an application doing it.
The Benefits of Key Vault
First off, it’s accessible, it’s available, and it’s distributed. So, if you have an entity in the clouds, if you have something in Microsoft Azure, namely virtual machines, you can get to this from those virtual machines.
Secondly, segmented security rules. What this means is we have a lot of compliance with this because we separate the use of the keys, the creation of the keys, and the maintenance of the keys to different roles so we don’t have one administrator with keys to every door in the shop.
The virtual machine is in Azure if somebody steals that VHD somehow, someway, they can’t get to it because because it’s encrypted. It’s encrypted even though they got that VHD.
No comments:
Post a Comment