Q. What is Azure Key Vault?
A. Azure Key Vault is a service in Azure which provides a resource that is backed by Hardware Security Modules (HSMs) which provide the gold-standard in protection and anti-tampering of secure data. Azure Key Vault supports three types of data
- Secrets - These are values that are 25KB or less that are written to and read from. They have individual ACLs enabling registered applications to have access but not the actual developer. A good use would be storing passwords, SQL connect strings, access keys etc
- Keys - These are written to key vault but cannot be exported out. Used as part of encryption, hash generation etc and the key can be configured (HSM-protected) to never leave the HSM even when used and instead the cipher operations required are sent to the key vault service and the result returned. Again full ACL on a per-key level
- Certificates - Stored in the HSM and full lifecycle possible
By using Key Vault you can securely store data and avoid having these sensitive pieces of information stored in source code which may then be compromised.