On Wednesday, I published a new post – 10 Best Microsoft Azure Features for 2015. I wanted to include a feature I have heard about for some time now, Azure Key Vault, but I couldn’t find any public information to reference. Because of our NDA with Microsoft, I must have reference able public info before I can blog about it. Turns out, Microsoft released it to preview on Wednesday, so I was publishing at the same time they were, kind of funny.
Do you want to build an Azure application that uses keys for signing and encryption? Do you want these keys and secrets to be protected, without having to write the code yourself? Do you want customers to own and manage their keys in your SaaS application? Do you want to ensure that your applications comply with FIPS 140-2 Level 2 HSMs and Common Criteria EAL4+ standards for secure key management? Enter Azure Key Vault!
From the Azure documentation –
Azure Key Vault helps safeguard cryptographic keys and secrets used by cloud applications and services. By using Azure Key Vault, you can encrypt keys and secrets (such as authentication keys, storage account keys, data encryption keys, .PFX files, and passwords) by using keys that are protected by hardware security modules (HSMs). For added assurance, you can import or generate keys in HSMs (keys never leave the HSM boundary). HSMs are certified to FIPS 140-2 level 2 and Common Criteria EAL4+ standards.
Azure Key Vault streamlines the key management process and enables you to maintain control of keys that access and encrypt your data. Developers can create keys for development and testing in minutes, and then seamlessly migrate them to production keys. Security administrators can grant (and revoke) permission to keys, as needed.
Anybody with an Azure subscription can create and use key vaults. Although Azure Key Vault benefits developers and security administrators, it could be implemented and managed by an organization’s administrator who manages other Azure services for an organization. For example, this administrator would sign in with an Azure subscription, create a vault for the organization in which to store keys, and then be responsible for operational tasks, such as:
- Create or import a key or secret
- Revoke or delete a key or secret
- Authorize users or applications to manage or use keys and secrets
- Configure key usage (for example, sign or encrypt)
- Monitor key usage
For more information, check out the Getting Started Tutorial on the Azure website.