15 Securing information with Azure Key Vault

 

Almost every week, there’s news of a cybersecurity incident with a major company. In the same way that you’ve used various forms of automation to grow or replicate your applications and data, attackers automate their own actions. It’s unlikely that a single person will try manually to compromise the security of your systems. This concept makes it difficult to defend your systems 24 hours a day, 7 days a week, 365 days a year (okay, or 366 days!).

Chapter 14 discussed how to encrypt your data and VMs. This process is a great first step, and we briefly looked at how to create and use encryption keys stored with the Azure Key Vault service. Secure data such as keys, secrets, and certificates is best stored in a digital vault like a key vault, which can centrally manage, issue, and audit the use of your critical credentials and data. As your applications and services need access to different resources, they can automatically request, retrieve, and use these keys, secrets, and credentials. In this chapter, you’ll learn why and how to create a secure key vault, control access, and then store and retrieve secrets and certificates.

15.1 Securing information in the cloud

15.1.1 Software vaults and hardware security modules

15.1.2 Creating a key vault and secret

15.2 Managed identities for Azure resources

15.3 Obtaining a secret from within a VM with managed identity

15.4 Creating and injecting certificates

15.5 Lab: Configuring a secure web server